title: Detect Activity to Known Malicious Indicator - malicious-example.com id: auto-0c021e2cae67c1a6a6efc9d1d57f809691466352e7d6b1b0cd7d0ffa12413df0 status: experimental description: Detects traffic or activity related to malicious-example.com which is a known malicious domain. logsource: category: dns detection: selection: query: - '*malicious-example.com*' condition: selection level: high tags: - attack.t1566 - source.OTX --- title: Detect Activity to Known Malicious Indicator - 192.168.1.100 id: auto-2a39f1eedcd9f986327b5e4da842426f4f05b8f16f0ef385639dbec0db70eaae status: experimental description: Detects traffic or activity related to 192.168.1.100 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*192.168.1.100*' condition: selection level: high tags: - attack.t1595 - source.OTX --- title: Detect Activity to Known Malicious Indicator - 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 id: auto-113459eb7bb31bddee85ade5230d6ad5d8b2fb52879e00a84ff6ae1067a210d3 status: experimental description: Detects traffic or activity related to 5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 which is a known malicious hash. logsource: category: process_creation detection: selection: hashes: - '*5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8*' condition: selection level: high tags: - attack.t1486 - source.MalwareBazaar --- title: Detect Activity to Known Malicious Indicator - 162.243.103.246 id: auto-ef7f4e9e6551d56eecd382e99ca7a10a59b0389235d54062ed2af68c9e69cff6 status: experimental description: Detects traffic or activity related to 162.243.103.246 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*162.243.103.246*' condition: selection level: high tags: - attack.T1071 - source.FeodoTracker --- title: Detect Activity to Known Malicious Indicator - 167.86.75.145 id: auto-fb259990d67fff4d50eeb555e6f7de9714f82d642d377fa2a35a6d33ba26fd23 status: experimental description: Detects traffic or activity related to 167.86.75.145 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*167.86.75.145*' condition: selection level: high tags: - attack.T1071 - source.FeodoTracker --- title: Detect Activity to Known Malicious Indicator - 137.184.9.29 id: auto-c1a5590e361bb9109398529fc5c6b38477f0d2c243c333d6e63b7c4a9671aad6 status: experimental description: Detects traffic or activity related to 137.184.9.29 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*137.184.9.29*' condition: selection level: high tags: - attack.T1071 - source.FeodoTracker --- title: Detect Activity to Known Malicious Indicator - 50.16.16.211 id: auto-4653f5ef5d5ec04590dbcefa642beab87152553e18af2ab21e49e81c59b3bef1 status: experimental description: Detects traffic or activity related to 50.16.16.211 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*50.16.16.211*' condition: selection level: high tags: - attack.T1071 - source.FeodoTracker --- title: Detect Activity to Known Malicious Indicator - 34.204.119.63 id: auto-aea702d719e6427b2ca12d5dc4f6588183cd16649e190cf12a8f4ab24b03f308 status: experimental description: Detects traffic or activity related to 34.204.119.63 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*34.204.119.63*' condition: selection level: high tags: - attack.T1071 - source.FeodoTracker --- title: Detect Activity to Known Malicious Indicator - 172.232.59.14 id: auto-4f14de2c7190570f62f2604c74455a2c37c897d922c676eb9cc02e6cb08d9a16 status: experimental description: Detects traffic or activity related to 172.232.59.14 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*172.232.59.14*' condition: selection level: high tags: - attack.T1071 - source.FeodoTracker --- title: Detect Activity to Known Malicious Indicator - http://123.188.83.156:52279/bin.sh id: auto-b273905944690f84686bee473dd99391dd9dbc23fce0b3a4f47a33e59df6f1f8 status: experimental description: Detects traffic or activity related to http://123.188.83.156:52279/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.83.156:52279/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.56.220:58540/i id: auto-60745ac20986cb21da042b361af9fd0cbb2a0be74b12f68bd01aaf3249a84bf4 status: experimental description: Detects traffic or activity related to http://110.37.56.220:58540/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.56.220:58540/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.4.43:44274/i id: auto-c1d0143a97c259722ae227554098b50c199e78f5d732f03cabaa649eac4935c1 status: experimental description: Detects traffic or activity related to http://115.61.4.43:44274/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.4.43:44274/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.178.139:43539/Mozi.m id: auto-39601e5ee823e2e872dc53ac28ac08f50962993c189b048f6df86a0af43fd20f status: experimental description: Detects traffic or activity related to http://112.198.178.139:43539/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.178.139:43539/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.66.145:39432/i id: auto-961982c31cbc51cf7fda78cf8aea44970800f865cedb799cf24de8566542485f status: experimental description: Detects traffic or activity related to http://117.206.66.145:39432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.66.145:39432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.228.189.190:60347/i id: auto-cbf01b5f2f12dcff8a5a6a9e0d66b6630a10b1a660265714b38496e88e7927d3 status: experimental description: Detects traffic or activity related to http://114.228.189.190:60347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.228.189.190:60347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.139.72:37742/bin.sh id: auto-bf25f94966b36a9eb85e0299987f60407f20dc41722e404ad4d4499c59d48789 status: experimental description: Detects traffic or activity related to http://60.23.139.72:37742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.139.72:37742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.254.225:49438/bin.sh id: auto-ab99b310f6d2ba84f7bae18f767b8dad81c97b016ae62003666a3cb7a800ddd8 status: experimental description: Detects traffic or activity related to http://125.41.254.225:49438/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.254.225:49438/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.2.172:48241/bin.sh id: auto-fb24c1490d9d3bfef6b13bdbe06dcce6f27f63c145c54d0a074a31e20cf31a16 status: experimental description: Detects traffic or activity related to http://182.119.2.172:48241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.2.172:48241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.56.220:58540/bin.sh id: auto-86f90d0ffbaac82865d7beca5cff8c58f8edb71473b3e069860d1026437a4d8e status: experimental description: Detects traffic or activity related to http://110.37.56.220:58540/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.56.220:58540/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.4.43:44274/bin.sh id: auto-fae92386e235ae7b51e53314946ed6a1f97b3e9b1940fa6facb55dd8df397cf1 status: experimental description: Detects traffic or activity related to http://115.61.4.43:44274/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.4.43:44274/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.66.145:39432/bin.sh id: auto-d44e210ca68ca7416f7965ac401e492d6a3f85d57cceaecdadfd4e932564b6fa status: experimental description: Detects traffic or activity related to http://117.206.66.145:39432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.66.145:39432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.83.156:52279/i id: auto-687d16377cf361328ec834c99c0ebe6080d26a15355db2ff5380520cde718cd5 status: experimental description: Detects traffic or activity related to http://123.188.83.156:52279/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.83.156:52279/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.228.189.190:60347/bin.sh id: auto-fd0d32ff8ffe9c1100ce2f71f037a39bdb1f136e3b68697a770513065a217259 status: experimental description: Detects traffic or activity related to http://114.228.189.190:60347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.228.189.190:60347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.79.11:50279/bin.sh id: auto-8a003b676b9a0592c3638d26422bcb9d9ed9bdd6d924085a7dcd8a92053269cd status: experimental description: Detects traffic or activity related to http://42.224.79.11:50279/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.79.11:50279/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.1.234:40874/bin.sh id: auto-ee7127f1cf5e137d97264809c428bc55217ce61b03087d0f77e3dc542a99f576 status: experimental description: Detects traffic or activity related to http://125.41.1.234:40874/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.1.234:40874/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.192.226.109:47450/bin.sh id: auto-fa4f6e497d81d08ad53d24f62a06c36ea74e02e16b7e966f0eacc70364dafe22 status: experimental description: Detects traffic or activity related to http://220.192.226.109:47450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.192.226.109:47450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.148.17:58568/bin.sh id: auto-e72b74a13a5ebfbe627118836d7e84267c916d16614cd102a00bce8463bf009d status: experimental description: Detects traffic or activity related to http://39.90.148.17:58568/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.148.17:58568/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.81.131:41310/i id: auto-5c2cabb777ca11c69093b2dd7e100120ec4428fa6b280e95342d06306d1dbde9 status: experimental description: Detects traffic or activity related to http://42.178.81.131:41310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.81.131:41310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.12.9:51272/i id: auto-c20bdf8e0ce92d14b463d17b22255979979c038874a4b56b3f888333c1737876 status: experimental description: Detects traffic or activity related to http://112.248.12.9:51272/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.12.9:51272/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/m68k id: auto-81183b50d896970e9bc31bcd82d7232514e8d0c8283cf0a3581416e9f0763679 status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/sh4 id: auto-530e2846c10f71b26fef58b9c643c059b0dad9044a6379f3de5646d17bede5b1 status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/x86 id: auto-15ff6ed352e1f7a6078b41ef04ea10d340d3a79f26c01f3eeb30534d9b3a9a6d status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/arm7 id: auto-21115d39e05afb1f928a2b1f5cecdf038c1b2af56d88bf19f693687a40ba32f7 status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/mips id: auto-04e469c9e1cc759da0a50f897a5ddd2d71f476ed33f442e3bc1d7451d3f324b9 status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/arm5 id: auto-6581cfd0a4d4bc4570bae2aacb4052fb42a7a6046fc43ec55761fa17950853e4 status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/ppc id: auto-9b49a8c40f167574e82c9d09f2f566ca056091f512b17995ca00ef8c5d8872fd status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.154.98.177/bins/arm6 id: auto-ef983c47c4960613bb331f97f2233df26e9ec2bf498f7b2499450d58644724ae status: experimental description: Detects traffic or activity related to http://45.154.98.177/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.154.98.177/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.81.131:41310/bin.sh id: auto-f41fe2c4b9f6baf19cdab974763bf1250a077430a164b142f1dbcbca1d55fa98 status: experimental description: Detects traffic or activity related to http://42.178.81.131:41310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.81.131:41310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.12.9:51272/bin.sh id: auto-66101f5db4136e990b9d1534033d5385b06eae4f6d17cf9665265b1f52a74f00 status: experimental description: Detects traffic or activity related to http://112.248.12.9:51272/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.12.9:51272/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.92.243.40:8080/02.08.2022.exe id: auto-66e76c47b0409b3ba852df9ba6715354c06f56bb2f41c21342c776fe5e08f1ce status: experimental description: Detects traffic or activity related to http://111.92.243.40:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.92.243.40:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.133.18.61:7000/02.08.2022.exe id: auto-db7388e9242b23cb77ed6be7a85ba58282c016ff2949b57e025602b12f2541b1 status: experimental description: Detects traffic or activity related to http://8.133.18.61:7000/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.133.18.61:7000/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.55.75.154/02.08.2022.exe id: auto-6e8f978f9cb89e688b9c7c7d2d23874d1fc5d24714e5a9b67a22a300b7ff34b8 status: experimental description: Detects traffic or activity related to http://120.55.75.154/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.55.75.154/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.204.27.39/02.08.2022.exe id: auto-245eb500d44475d74358698a720283ba5cacea1bd1939a7172798a9574f74fff status: experimental description: Detects traffic or activity related to http://129.204.27.39/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.204.27.39/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.178.57.244:1980/02.08.2022.exe id: auto-efa00d4fb3fa22732e9385fe2ec29c19056658bf973c03fe98e994b4f6abe658 status: experimental description: Detects traffic or activity related to http://103.178.57.244:1980/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.178.57.244:1980/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.28.180.30:26257/i id: auto-2ac95b9f4d5bede7d3ffa51d41dc9cc8a2b3969f770f01f3b4e8aa63504aa100 status: experimental description: Detects traffic or activity related to http://189.28.180.30:26257/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.28.180.30:26257/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.162.75:53983/i id: auto-87e526f48949cab897fb7f0018f37517b9f36307e5803e73e9245bb24670afd7 status: experimental description: Detects traffic or activity related to http://113.237.162.75:53983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.162.75:53983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.x86_64 id: auto-6ddcc2ce6b39d35d4d5adcfd26aaf1531e5aef2007f54820cad2f8ad7c947299 status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.mipsel id: auto-50f2e49562391e0f3935d70c5c66e738802066a6e638786375c85f9718a27417 status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.x86 id: auto-a1345e9f65307a2ed502c0f517cf05c3f6bdf3d53d31d5632adce328d61fff20 status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.arm5 id: auto-ee8f8bb6b67ee86807a0f7149346d0940dbd70358efdeb181a027d0bd8d0a5b2 status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.arm id: auto-887d9ef7d44ffa3a913a1c7be0e2401370e347936d2a3a01315e8ed251e3e2eb status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.204.235:20546/i id: auto-9678857c1b47d3edccf7cdbd5e47e848c1dc360ceb2427e85b2b1f1c4516ce8d status: experimental description: Detects traffic or activity related to http://117.208.204.235:20546/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.204.235:20546/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.arm6 id: auto-ca4f5f2b46a4b1eaaddab9fcc1153219943b832a13a37ea2061a48e0b2ce24b6 status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/cat.mips id: auto-5adb90ef4bfa2bf4f7ce9f7015219bb3b9879b9c0fcbce135768a66c76cdcefc status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/cat.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/cat.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.200.14.44:8080/sshd id: auto-b869d0a7f998ebfd78008e42794d669eb71767309b90c28b4867bdde46489795 status: experimental description: Detects traffic or activity related to http://181.200.14.44:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.200.14.44:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.33.32:85/sshd id: auto-5ef3e3ca3590b8d8bce125063eb07d299bccea4eda49733c031a11b69f425d53 status: experimental description: Detects traffic or activity related to http://120.157.33.32:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.33.32:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.113.44.29:33348/i id: auto-53b9e1b6912442418faff4ebef0a81ba877edba5f0c5e0fc0f0f2f590ec48dfb status: experimental description: Detects traffic or activity related to http://85.113.44.29:33348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.113.44.29:33348/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.1.206:8084/sshd id: auto-6ff33d5dfd90467d98387d70c2af55c1423ebe275634169a0f09d38554659e91 status: experimental description: Detects traffic or activity related to http://41.146.1.206:8084/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.1.206:8084/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.235.220.96/sshd id: auto-d50b2e72d20c1ad2ea82d004b5f585254d91a3523436faf26f118c03292d5bf1 status: experimental description: Detects traffic or activity related to http://171.235.220.96/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.235.220.96/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.185.208.178:65345/i id: auto-8a8355a8c556553c87b413c2de5ab14fb26e7cd360f3411729c793484657ac86 status: experimental description: Detects traffic or activity related to http://177.185.208.178:65345/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.185.208.178:65345/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.14.116:2323/i id: auto-ba10d2dbd9021b1462181f333707cfe29249b46cb55c9d144fedc7f69b28d7ea status: experimental description: Detects traffic or activity related to http://113.221.14.116:2323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.14.116:2323/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.155.167/sshd id: auto-3810e3ed132b9dae501c823ec725fecb267cbc181db677bd3ed91b2cc2642f92 status: experimental description: Detects traffic or activity related to http://91.80.155.167/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.155.167/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.89.38.131:8034/sshd id: auto-da68138ce4cf884dfc59e75d985e36e5cb5574abfe791901c295f3cef0c189a3 status: experimental description: Detects traffic or activity related to http://197.89.38.131:8034/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.89.38.131:8034/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.131.50:9301/sshd id: auto-3358aeedaac23d67012c8383703282bf878cc3481f72deb546db9f66b7f74fbe status: experimental description: Detects traffic or activity related to http://178.50.131.50:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.131.50:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.206.82:86/sshd id: auto-6e489ead3f6db39d47b663a3dfba22a9ff43848dcddd8d993b71c4d8fb372209 status: experimental description: Detects traffic or activity related to http://123.209.206.82:86/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.206.82:86/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.215/filecheck id: auto-2cd3ff9154f8d2716597a5f9cbc226ae69f61e2509306c8baf54e31832de7947 status: experimental description: Detects traffic or activity related to http://195.177.94.215/filecheck which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.215/filecheck*' condition: selection level: high tags: - attack.t1059.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.215/root1 id: auto-84d7a548b08d362651dbdaa802ca9a57db34d42c3b63db6f69f81cc61ababb05 status: experimental description: Detects traffic or activity related to http://195.177.94.215/root1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.215/root1*' condition: selection level: high tags: - attack.t1059.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.215/hur2 id: auto-8966ce23e6216289609f5b6e4b5e7ffb2aef2604722c1d8c9f33ae0593a5b793 status: experimental description: Detects traffic or activity related to http://195.177.94.215/hur2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.215/hur2*' condition: selection level: high tags: - attack.t1059.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.252:45893/hoof/aisuru.arm7 id: auto-64a9fad8181931836b19d19122f6dd6967e2da6650af507656d4fe3adc3c42f7 status: experimental description: Detects traffic or activity related to http://45.153.34.252:45893/hoof/aisuru.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.252:45893/hoof/aisuru.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.28.63.30:41469/i id: auto-ae92bb6c5818edd35e7c8f8cba3c469c1bc06787ac6b80e8eb04eba89949401d status: experimental description: Detects traffic or activity related to http://218.28.63.30:41469/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.28.63.30:41469/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.28.63.30:41469/bin.sh id: auto-1f4220143274765aae76c35b41589673581040b33e9d33d4bba1dd0dfe2d937c status: experimental description: Detects traffic or activity related to http://218.28.63.30:41469/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.28.63.30:41469/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.100.100:57212/bin.sh id: auto-92e8f4786b4085330e4b50c0fb7681219044b6da6d6a14e5a3e6390290ebbc32 status: experimental description: Detects traffic or activity related to http://117.254.100.100:57212/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.100.100:57212/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.33.59:38370/i id: auto-1695f45190de7c86b43727d32ee421e813bea57f582a5b69e6b32628900c4e8a status: experimental description: Detects traffic or activity related to http://110.37.33.59:38370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.33.59:38370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drive.usercontent.google.com/download?id=1la8rTYSg98otfXPdFKXmW6C2dZfQffBo&export=download id: auto-3a8e44e1813d7a414617b7d25a2bc187d24a7e53d3efea93218ad92161768e51 status: experimental description: Detects traffic or activity related to https://drive.usercontent.google.com/download?id=1la8rTYSg98otfXPdFKXmW6C2dZfQffBo&export=download which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drive.usercontent.google.com/download?id=1la8rTYSg98otfXPdFKXmW6C2dZfQffBo&export=download*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://blackmore.twilightparadox.com/IriozbDZ/image.jpg id: auto-dbb17f4a150aa909d5498bdb90476f6bc697a27d09f6ee27e81207b6d3a954a4 status: experimental description: Detects traffic or activity related to http://blackmore.twilightparadox.com/IriozbDZ/image.jpg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://blackmore.twilightparadox.com/IriozbDZ/image.jpg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mine.repeatcar.com/AP/ddcFrgk.txt id: auto-69490c05c18cad31abbbf0d516b993e9b2256d677253c9e330a28a2c0786faba status: experimental description: Detects traffic or activity related to https://mine.repeatcar.com/AP/ddcFrgk.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mine.repeatcar.com/AP/ddcFrgk.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.237.179:46168/i id: auto-33e3bd481a14b5592cf07601f116d99f3d765547de97411623ffc8d8a5832404 status: experimental description: Detects traffic or activity related to http://119.179.237.179:46168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.237.179:46168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.170.187:47507/i id: auto-192bdd3a9f6b499743b58112400162d53b16a03d01c80591ca38cdacc8760cb1 status: experimental description: Detects traffic or activity related to http://42.238.170.187:47507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.170.187:47507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.60.149:60403/i id: auto-532f49b8549b9d3e74ba2c9a629f99c1220157f0cac43ff1314ba3482e6a4479 status: experimental description: Detects traffic or activity related to http://115.59.60.149:60403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.60.149:60403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.48.119:51590/i id: auto-e4dbef672e590f4bb3bb89770ebe9d13d1dec0ba18ccc9adea866f2088f8f5dd status: experimental description: Detects traffic or activity related to http://42.232.48.119:51590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.48.119:51590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.149.92:60315/i id: auto-3be0ac4386c2a7de76bfd106ed7a5e77afb8945eef71210e2002bea17f81fee0 status: experimental description: Detects traffic or activity related to http://42.235.149.92:60315/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.149.92:60315/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.60.149:60403/bin.sh id: auto-4f2c3d761c718fc0e9df1a909a5fe64400d4f9c904318da79ac5ee6b5947366f status: experimental description: Detects traffic or activity related to http://115.59.60.149:60403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.60.149:60403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.237.179:46168/bin.sh id: auto-6db461c8b16403c944393595a4fd99b966402e6c673ede61757694334dde8a50 status: experimental description: Detects traffic or activity related to http://119.179.237.179:46168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.237.179:46168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.141.17:40324/i id: auto-3b289579d28f16899bb4adac02a7f43b3646f1b7614778018f21a9b309d372ad status: experimental description: Detects traffic or activity related to http://42.224.141.17:40324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.141.17:40324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.148:40367/bin.sh id: auto-dbe58cccdf5b580b35161fe4f9d34c9d40ee3dc3e6c27a2189d2a42c08aae3c0 status: experimental description: Detects traffic or activity related to http://110.37.59.148:40367/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.148:40367/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.149.92:60315/bin.sh id: auto-6a1be61239391a4887a865dcbd8ec99b9a64da0ff993fc43135b9dc39faabb3c status: experimental description: Detects traffic or activity related to http://42.235.149.92:60315/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.149.92:60315/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.209:46162/i id: auto-7587e014b311cb97288e6b90c3d4dfa02e2140fb621ca3445e716e1940d03485 status: experimental description: Detects traffic or activity related to http://117.209.84.209:46162/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.209:46162/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7719064868/WZKjrdW.exe id: auto-502a30552522892f8e914f2c89918626ba8f2ed28aea12a6491023682542c59a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7719064868/WZKjrdW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7719064868/WZKjrdW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.73.68:58803/i id: auto-4c7fae2f95b38411eb6db707c45fcc118e60ada3c802ffaa7d16df6cf69aea32 status: experimental description: Detects traffic or activity related to http://125.43.73.68:58803/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.73.68:58803/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.221.4:37637/i id: auto-f0f4556f5611259e752da3e950622ea3fc00685283d4468b757613a70b533adf status: experimental description: Detects traffic or activity related to http://60.19.221.4:37637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.221.4:37637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.20.138:60301/bin.sh id: auto-9ec7294d8bb6ec0d41d279320ec7e2cef7dc945db1f28009f18959022da2b212 status: experimental description: Detects traffic or activity related to http://175.150.20.138:60301/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.20.138:60301/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.141.17:40324/bin.sh id: auto-1100fd25765ce9706069ab14536717896a7b0a6cc379c54858a53222e3d0b0db status: experimental description: Detects traffic or activity related to http://42.224.141.17:40324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.141.17:40324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.73.68:58803/bin.sh id: auto-c85cff42b47a2bf7fbd9dab5f3bbce3e474e703d0cbd1005590b7982389c65e8 status: experimental description: Detects traffic or activity related to http://125.43.73.68:58803/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.73.68:58803/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://modaaura.store/image.jpg id: auto-608e494015950eecba57b032fabba977f6749f567929fb9dc7e9d60f8942d015 status: experimental description: Detects traffic or activity related to https://modaaura.store/image.jpg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://modaaura.store/image.jpg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.209:46162/bin.sh id: auto-b20112e1791ce4b5b0212d8fc9d4f71a2cb4952e8623df2fbc0a47922f07574a status: experimental description: Detects traffic or activity related to http://117.209.84.209:46162/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.209:46162/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.52.211:47039/i id: auto-ed906277d874075980093e441f337148a168259c17579fd54ec257553aed31a5 status: experimental description: Detects traffic or activity related to http://182.116.52.211:47039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.52.211:47039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.231.249:47722/i id: auto-a6a00ec7ab6b22081e980809b31ff6e2a1c8423f70ba53fa365a4cb61c5da024 status: experimental description: Detects traffic or activity related to http://110.39.231.249:47722/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.231.249:47722/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.176:34637/bin.sh id: auto-3439b305e8a19d7e261d50bc2036c103f3e83334294507741fbf01e8bbcdb158 status: experimental description: Detects traffic or activity related to http://110.37.38.176:34637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.176:34637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.176:34637/i id: auto-ad13bbdcd479c71b61150c04b27d8d4fc1b7e36c02f3756d75b2149b3a549b10 status: experimental description: Detects traffic or activity related to http://110.37.38.176:34637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.176:34637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.126.203:40285/i id: auto-0556b0b9fe3c3f216c0c6146668157aa29ef30e8914afc06c15525582c7b6b32 status: experimental description: Detects traffic or activity related to http://123.5.126.203:40285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.126.203:40285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.94.112:36843/i id: auto-cb14fe2ed467ddb7ba875d75530a0d975f159ad49e107911a424e1e7ae8d3174 status: experimental description: Detects traffic or activity related to http://42.235.94.112:36843/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.94.112:36843/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.116.217:42888/i id: auto-abd09309420ded4bde65d30a307ae9ff323393915cc8b12352864ca8f8936d2a status: experimental description: Detects traffic or activity related to http://115.61.116.217:42888/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.116.217:42888/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.42.90.50:56735/i id: auto-9c05509476dcedc2408ef075fb7ff781a8312c78ddab6a3caa4271ad7cbb8679 status: experimental description: Detects traffic or activity related to http://59.42.90.50:56735/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.42.90.50:56735/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.148.17:58568/i id: auto-035186b02e287306c709c6d7c8a57597de3681a1c544b9c6b670c05c4bd9e973 status: experimental description: Detects traffic or activity related to http://39.90.148.17:58568/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.148.17:58568/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.109.180:52546/i id: auto-d8bfd9d1e012f17053f93c93cc3af57cc8af60bc206f3daff9bdb10dc7ff1eb2 status: experimental description: Detects traffic or activity related to http://42.54.109.180:52546/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.109.180:52546/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:35073/i id: auto-0cb3d75d2dc0cae7fc640e081158d0f58d85f1c0fe80ec5d1d5d9bc71b78fce0 status: experimental description: Detects traffic or activity related to http://110.37.73.233:35073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:35073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.113:54623/i id: auto-f62e14faad49a0c9f954be852717fce6407cbd38d74011547711327a39a0b042 status: experimental description: Detects traffic or activity related to http://110.37.18.113:54623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.113:54623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.39.202:49438/i id: auto-bd1f46594af4b534d9015d91636950f2935ff6fb0f1812892706d27ba6dd76ae status: experimental description: Detects traffic or activity related to http://123.14.39.202:49438/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.39.202:49438/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.72.16:43733/i id: auto-5e14705939f0148430af9787007ef870ddb3e46c45b6a835360b2932f69443f8 status: experimental description: Detects traffic or activity related to http://61.53.72.16:43733/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.72.16:43733/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.231.122:33072/i id: auto-2fb8ee7235e3eac3fda1a649e676d34a7000f75554458efc3cd2a918596c3fb7 status: experimental description: Detects traffic or activity related to http://125.41.231.122:33072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.231.122:33072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.113:54623/bin.sh id: auto-350679059fea861a6c7d843e2d463d646573160bad0f36b65ec7c3a002bf3c51 status: experimental description: Detects traffic or activity related to http://110.37.18.113:54623/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.113:54623/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.119.110:44414/i id: auto-963bb3727b9fec1fd27c00dcbe277989e73706ddb8c7c31f3762b47211b5f165 status: experimental description: Detects traffic or activity related to http://222.138.119.110:44414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.119.110:44414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.99.104:49407/i id: auto-ba40eeb89960cfac7e4f324b58bb096eabb4d606a2831a79ce02e782724d76af status: experimental description: Detects traffic or activity related to http://125.45.99.104:49407/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.99.104:49407/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.221.4:37637/bin.sh id: auto-6e47ff7e4e939fc6c8739dda3186d27e4765c025353f9d19f514e875f2fd90c2 status: experimental description: Detects traffic or activity related to http://60.19.221.4:37637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.221.4:37637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.132.83:56969/bin.sh id: auto-403a2353842bfca8d58f16d17a25ac1ce17e9cb5c6f7dbabad4ac8d1a25e4a0c status: experimental description: Detects traffic or activity related to http://115.62.132.83:56969/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.132.83:56969/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.13.121:40702/i id: auto-c96a521d0678e90dd57c5660fc1437ee58c8d0da6e95ff9c10525cfbfaab4058 status: experimental description: Detects traffic or activity related to http://222.141.13.121:40702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.13.121:40702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.25.199:44175/i id: auto-923fcfb09fd934e35e3a009482fb72166c13a5fb2c2318e2d66ee700da071698 status: experimental description: Detects traffic or activity related to http://27.37.25.199:44175/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.25.199:44175/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.98.190:38324/i id: auto-e83be1e9979fbffa1e172fade5c3bf95a9e6cade88dcb274dda46d867827cddd status: experimental description: Detects traffic or activity related to http://113.236.98.190:38324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.98.190:38324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.119.110:44414/bin.sh id: auto-433602fb47123b31052b3bdc8b2e184399009b109f2fc165bb8134c515f731e4 status: experimental description: Detects traffic or activity related to http://222.138.119.110:44414/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.119.110:44414/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6281589603/Q0BtI5D.exe id: auto-46833f922ba65d8e4c6be597a0aa58b82b16c142471c0f3b12ae361ded840406 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6281589603/Q0BtI5D.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6281589603/Q0BtI5D.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.244.193:53381/i id: auto-37a50393e6c9ac70cd182407ba1bf0d76c9ad4d52149bb341446831f144fbf30 status: experimental description: Detects traffic or activity related to http://123.12.244.193:53381/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.244.193:53381/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.116.249:49666/i id: auto-ddb13cebf446c0541dc096a031bfd08c0a8cdbba1f61c5b7e7ce8fcbf5f24fc7 status: experimental description: Detects traffic or activity related to http://110.37.116.249:49666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.116.249:49666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.33.51:41601/i id: auto-c26f7faf87e09050c851635e424d14d4509c7cec14b984d89280d89d41f662b7 status: experimental description: Detects traffic or activity related to http://222.136.33.51:41601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.33.51:41601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.8:49976/i id: auto-0907b25f6c98d06b56c1b365e38e87010752df3725de5f9c4c0c6b43c8871db7 status: experimental description: Detects traffic or activity related to http://221.15.4.8:49976/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.8:49976/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.13.121:40702/bin.sh id: auto-a133d380ffd35ed926d11ae1e2a6c5a17c4f4b150ce4c815ec083d7940905bbc status: experimental description: Detects traffic or activity related to http://222.141.13.121:40702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.13.121:40702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.244.193:53381/bin.sh id: auto-cb963811e329b55dbe71019849f0bbb0271f837ca1b4b9c55e3f905830fbbbd1 status: experimental description: Detects traffic or activity related to http://123.12.244.193:53381/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.244.193:53381/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.128:40497/i id: auto-9ad2423fa62a1d95060b85366e2afbd7850cbf975b59d82107dc17b52b7390b8 status: experimental description: Detects traffic or activity related to http://110.37.97.128:40497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.128:40497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.54.34:55590/bin.sh id: auto-9d03f7a5acc3762f70441e9620253a9cde7787b8846f795f5b3e241894bb045c status: experimental description: Detects traffic or activity related to http://219.157.54.34:55590/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.54.34:55590/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.232.129:38974/i id: auto-d8dd59ba2c3f830353fe7a192885933edfa34d9c99f2474ffb109a390b92a77b status: experimental description: Detects traffic or activity related to http://59.98.232.129:38974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.232.129:38974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.98.190:38324/bin.sh id: auto-6b90e8c4caac8984f29a3d6908880954ff30608e5f0c557b4a7667f91f5557d1 status: experimental description: Detects traffic or activity related to http://113.236.98.190:38324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.98.190:38324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.116.249:49666/bin.sh id: auto-571741c96b635ddfa3f866a8ea30750faf19c1aa7cd8d4703bc5c8ce317e74e0 status: experimental description: Detects traffic or activity related to http://110.37.116.249:49666/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.116.249:49666/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.12.93:48634/i id: auto-74317fdfff3ef9d5b2cf3106fca1de7f10c37261cd62737b8de327dab695cc11 status: experimental description: Detects traffic or activity related to http://219.155.12.93:48634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.12.93:48634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.191.205:42398/i id: auto-e7f2ac9271807c962a8f25c92c252f278f7c00d7e64f365250b0c96789218dce status: experimental description: Detects traffic or activity related to http://221.15.191.205:42398/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.191.205:42398/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.159:46986/i id: auto-024e8bcaf4b28a95e2f3c3e5ff4cc9f6eaeeeca18aace6269befe5ade7162693 status: experimental description: Detects traffic or activity related to http://60.23.236.159:46986/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.159:46986/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.133.12:46408/i id: auto-88a9863fe8b3cb0995286fc69af9b16db30808088627e4f71013ea3b48355bf5 status: experimental description: Detects traffic or activity related to http://219.155.133.12:46408/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.133.12:46408/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.8:49976/bin.sh id: auto-e939b48f7007cd30b9e2e2aaf36b765dc2bb3692510d920ee0a4f66b6b8aece1 status: experimental description: Detects traffic or activity related to http://221.15.4.8:49976/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.8:49976/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.252.176:38538/i id: auto-ca5b2d487ed1a2c3f011f6c3b471b59484ee97eb07639c524b2feaaed8331c79 status: experimental description: Detects traffic or activity related to http://221.15.252.176:38538/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.252.176:38538/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.118.160:37082/bin.sh id: auto-796447e242983a7a56b485d8aed6a5b1d127680303b3980d6206c5fd503faa5f status: experimental description: Detects traffic or activity related to http://112.248.118.160:37082/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.118.160:37082/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.179.37:33367/bin.sh id: auto-6ad39b55a8e5b0281763291bad82c8f9dfb0633183162d1ef155dd53710c7475 status: experimental description: Detects traffic or activity related to http://119.115.179.37:33367/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.179.37:33367/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.128:40497/bin.sh id: auto-7baf26191256a5249f5aff4ab1ef730b50524180bbdb5f6b9dd500b9f802bb66 status: experimental description: Detects traffic or activity related to http://110.37.97.128:40497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.128:40497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl/22-api-cloud id: auto-bddb077b565530d9dd856e18339bb0beeaf236cf1c5065ed42a6808e919c3ce5 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl/22-api-cloud which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl/22-api-cloud*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.232.129:38974/bin.sh id: auto-dd71b7be9a05216a1b15d12be9b1513c43ed96158b0605b0cc2b5833d2a5d1f5 status: experimental description: Detects traffic or activity related to http://59.98.232.129:38974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.232.129:38974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.152.35.196:38601/i id: auto-855cc46332b5fd33c7869676e4af7bdff9736b717362b6efa2c538622ff71d85 status: experimental description: Detects traffic or activity related to http://193.152.35.196:38601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.152.35.196:38601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.191.205:42398/bin.sh id: auto-41a019521863de662de25237be3eb8db557cf61cd1c3b8aaa8ff26948ed0633f status: experimental description: Detects traffic or activity related to http://221.15.191.205:42398/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.191.205:42398/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.12.93:48634/bin.sh id: auto-017e986a28048a04dd189b90da211324347aed3cb859ca9a4427eb45e06bb841 status: experimental description: Detects traffic or activity related to http://219.155.12.93:48634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.12.93:48634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.214.110:50583/i id: auto-742fe97f5454a4d1567b4e985d9993725ddb25c99787e23fd84eda59c773f9ae status: experimental description: Detects traffic or activity related to http://219.157.214.110:50583/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.214.110:50583/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/grading-chatter-dock73/crispy-directory/boost id: auto-b7b9da8d192ba2f767d4073a3ac2dc06e2a4fb8966f79fb4887de645fe2cc5ad status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/grading-chatter-dock73/crispy-directory/boost which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/grading-chatter-dock73/crispy-directory/boost*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.191.138:39862/i id: auto-1bd3b33bce99a90551b31e86e9fd1985d022930bd5fe88d77bb90571cd258813 status: experimental description: Detects traffic or activity related to http://115.55.191.138:39862/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.191.138:39862/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8079234796/87BwvaQ.exe id: auto-fdf8a66bb4fa845fc8853d081814b49a64602d59e7bfc0855da8b9e6a5587ea5 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8079234796/87BwvaQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8079234796/87BwvaQ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.163.24:49034/bin.sh id: auto-c6fec635a6d4c316926f9cb5511d0fd72a642a1544a09312c2641c2f63a47fe2 status: experimental description: Detects traffic or activity related to http://222.134.163.24:49034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.163.24:49034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8079234796/87BwvaQ.msi id: auto-f4b6b8af474cfbed8cd130236295c6e4ed7054e84c8943d0b02e436dc3c5f659 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8079234796/87BwvaQ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8079234796/87BwvaQ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/grading-chatter-dock73/file-4-share/sand id: auto-7fb9c2a8faf631ac2a006ba18d37817d1531944a5ef1cd5fae7fee3096df3bf4 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/grading-chatter-dock73/file-4-share/sand which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/grading-chatter-dock73/file-4-share/sand*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://51.15.203.72/IMG/distant/csl/1.0.5.tar.gz id: auto-6e88acb909c9ea4a097c595c6e9c5827063078e2a91e518f78cefa2cef9ea90d status: experimental description: Detects traffic or activity related to https://51.15.203.72/IMG/distant/csl/1.0.5.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://51.15.203.72/IMG/distant/csl/1.0.5.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://51.15.203.72/IMG/distant/csl/pnscan-1.14.1.tar.gz id: auto-6e0174e09bb9d914f33e88cc1a0e637d2c82eaf6bdd2a30b2ecfcba14c73e518 status: experimental description: Detects traffic or activity related to https://51.15.203.72/IMG/distant/csl/pnscan-1.14.1.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://51.15.203.72/IMG/distant/csl/pnscan-1.14.1.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://51.15.203.72/IMG/distant/csl/cr.sh id: auto-8785d0390e325fccc0c049cbcea9111c9c74e423a839a9bc4751cdaccc103bdd status: experimental description: Detects traffic or activity related to https://51.15.203.72/IMG/distant/csl/cr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://51.15.203.72/IMG/distant/csl/cr.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:39322/i id: auto-d567ee427883708386cbac41dfd8ec502d3ab912f77ff5184aa0638331eae874 status: experimental description: Detects traffic or activity related to http://74.214.56.173:39322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:39322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images/cr.sh id: auto-b7ad2bff0c16df214d45a58b7428caf92a84e398ae576c8dcad11231de5be2a5 status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images/cr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images/cr.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images/pnscan-1.14.1.tar.gz id: auto-06505360978197e15734709389d1b082ed54e82229dd885cc39ca5d995a569b7 status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images/pnscan-1.14.1.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images/pnscan-1.14.1.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images2/pnscan-1.14.1.tar.gz id: auto-324508f6993ed0c7df38525f07c6159a29eeb443243ce903108434d404cb64d6 status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images2/pnscan-1.14.1.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images2/pnscan-1.14.1.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images/1.0.5.tar.gz id: auto-baca1967dabc6095258e6d6cff4b40cd88c284f92f956853b3ef3718a006c581 status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images/1.0.5.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images/1.0.5.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images/cb.txt id: auto-62d7d7b59104ad5a7981c9832b9d34635211e534ca85d6a858c5b1a7faf37f5a status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images/cb.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images/cb.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://51.15.203.72/IMG/distant/csl/cc.txt id: auto-7abb9fdf319ef3cb32dd50678539d669bbf15f31af3ed480ac558972466e46a4 status: experimental description: Detects traffic or activity related to https://51.15.203.72/IMG/distant/csl/cc.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://51.15.203.72/IMG/distant/csl/cc.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images/x.rar id: auto-9d5e8f19bd0dafa5f2bc685b6ac08949b44d2d83745864017b24f2e1ba48d203 status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images/x.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images/x.rar*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://51.15.203.72/IMG/distant/csl/x.rar id: auto-8501348c3b80045063b68cb3fe1cb7bf2e05cdc159eaa4ebee74947663f504c5 status: experimental description: Detects traffic or activity related to https://51.15.203.72/IMG/distant/csl/x.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://51.15.203.72/IMG/distant/csl/x.rar*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5100472172/zObglZq.msi id: auto-7d31801fe16621f790daecfc241f76b957570a9d59b5600401c034412377ad40 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5100472172/zObglZq.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5100472172/zObglZq.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.191.138:39862/bin.sh id: auto-ecc529c2b07e5abf39e9a1dfb962c5fae364334e5a380da83f0da7f5b48fd0eb status: experimental description: Detects traffic or activity related to http://115.55.191.138:39862/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.191.138:39862/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.152.236:43771/bin.sh id: auto-c067f854efc83c6babaf8845cad61feaf4b930fb99717da8b49ee4758b550d17 status: experimental description: Detects traffic or activity related to http://219.157.152.236:43771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.152.236:43771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7665230745/PWhwmLT.exe id: auto-767e538da6ef26755533d847a188893e15bbb2dbb512ba9570780ff0f906becd status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7665230745/PWhwmLT.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7665230745/PWhwmLT.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.90/web/STEINEW.ps1 id: auto-ba5533235216c7e1e12fbf595d666f69637de3ef152a010f8fd84683f75ca559 status: experimental description: Detects traffic or activity related to http://45.153.34.90/web/STEINEW.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.90/web/STEINEW.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.90/web/rod.ps1 id: auto-f7d659da3a1f59bd900bbcfa287f621be063f8b3abd32ecc05e4da2e137fa2df status: experimental description: Detects traffic or activity related to http://45.153.34.90/web/rod.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.90/web/rod.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.152.35.196:38601/bin.sh id: auto-cb7a0129d4b42b1d7cef702939ff39be8e62df835ad41320ecc24163ea8a0f37 status: experimental description: Detects traffic or activity related to http://193.152.35.196:38601/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.152.35.196:38601/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:39322/bin.sh id: auto-032da3998962ba0b904c9cb5afef865f3c388e78a4088bb680ee6b3377599ee4 status: experimental description: Detects traffic or activity related to http://74.214.56.173:39322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:39322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.109.180:52546/bin.sh id: auto-64e0266af9baafa86efcd5b36d9633dd823022949cf3ba312257147d7e4f5254 status: experimental description: Detects traffic or activity related to http://42.54.109.180:52546/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.109.180:52546/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.183.251:40007/i id: auto-327be00595d96309d6b636b5ce42acd219f634aaf66ac54fbae8684b5c6dfc10 status: experimental description: Detects traffic or activity related to http://42.85.183.251:40007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.183.251:40007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.160.44:49437/i id: auto-29cd307e72870daab9ce5d8a9d39cd83dad3bf24f325caac88996596d5832e01 status: experimental description: Detects traffic or activity related to http://175.146.160.44:49437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.160.44:49437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.56.112:56285/bin.sh id: auto-9d14ba0b8514c3b333ae42c45b2d3abd828ff5374eae421270229c6b8dd530bf status: experimental description: Detects traffic or activity related to http://125.47.56.112:56285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.56.112:56285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.228.93:40007/i id: auto-a38dd4cc7d031a786158d68785906c74c70c3b390f405c704dc6b9def558dfde status: experimental description: Detects traffic or activity related to http://42.239.228.93:40007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.228.93:40007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.183.251:40007/bin.sh id: auto-58025b656f3994bc8f297a79e1154f4183a64278d530a2a1eaf992cb6f02f77a status: experimental description: Detects traffic or activity related to http://42.85.183.251:40007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.183.251:40007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.72.183:52461/bin.sh id: auto-dad1795b7dc0690670dcbd442cbac7761bba7ecbdec626fce141d38f7cdf93fa status: experimental description: Detects traffic or activity related to http://120.61.72.183:52461/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.72.183:52461/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/grading-chatter-dock73/file-4-share/ver1 id: auto-3f057f982c498f10bef7dfc643181e1f1c53e5fd54bcd502aa86fb1b03c2efb5 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/grading-chatter-dock73/file-4-share/ver1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/grading-chatter-dock73/file-4-share/ver1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.228.93:40007/bin.sh id: auto-c20a36bf75a26e93e50419d1f4e50888da80f888038787ba65a5e65b2f191931 status: experimental description: Detects traffic or activity related to http://42.239.228.93:40007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.228.93:40007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.47:54569/i id: auto-1657ff9d928af5addf92e7ce2f44614d3e614fc74744d3af0f8d219033aa2e1d status: experimental description: Detects traffic or activity related to http://125.41.6.47:54569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.47:54569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.121.87.41:53913/i id: auto-e8b1dec05086c56950d3efeabd9a64735f64d289ad0a688134bb8d28f254c02c status: experimental description: Detects traffic or activity related to http://27.121.87.41:53913/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.121.87.41:53913/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.75.214:57020/i id: auto-ed49d3d5137c01d01e39bf4b94185e4c238ba51bb531a8ca4d7c16f3898ed938 status: experimental description: Detects traffic or activity related to http://113.238.75.214:57020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.75.214:57020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.31.174:59385/i id: auto-9daf31e1afc8af5b280e11da7fa5d60c8370993f79ff1c583da82684dd7888a7 status: experimental description: Detects traffic or activity related to http://110.37.31.174:59385/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.31.174:59385/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.47:54569/bin.sh id: auto-34af7637921431698641c352a6b96981df615f7f598138ec4ffe73394d648213 status: experimental description: Detects traffic or activity related to http://125.41.6.47:54569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.47:54569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.188.145:38636/i id: auto-b149601a99a55e6988c6bcd8abdff87b98e0a7389d6ae3c5682d95d325567f48 status: experimental description: Detects traffic or activity related to http://42.239.188.145:38636/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.188.145:38636/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.121.87.41:53913/bin.sh id: auto-46df3c25855d8b5111b4f4a61281df113ecdb8941f35e1d247c7376c00a2f88d status: experimental description: Detects traffic or activity related to http://27.121.87.41:53913/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.121.87.41:53913/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.63.96:45424/i id: auto-c3ac09e691f69f5179d59ddd8f5fdc720d4898383a7a251eb2efe81c63867335 status: experimental description: Detects traffic or activity related to http://182.119.63.96:45424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.63.96:45424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.31.174:59385/bin.sh id: auto-11e53bbb4817a2445ab596127de52963d22476a77581daa53abaac8bf2e0f905 status: experimental description: Detects traffic or activity related to http://110.37.31.174:59385/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.31.174:59385/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.0.101.219:41640/bin.sh id: auto-a170365170391b60880d14173abaca890ba2c0393f52f26f02f784a4e8bbfe17 status: experimental description: Detects traffic or activity related to http://61.0.101.219:41640/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.0.101.219:41640/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.24.211:54814/i id: auto-2dfb75ddf4ee9940b9b3ea4631c04cdaebcc85712771c9c31a85a521bcc2ffa8 status: experimental description: Detects traffic or activity related to http://222.137.24.211:54814/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.24.211:54814/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.75.214:57020/bin.sh id: auto-168335b153973b4684c5a546e0bb093db147ea2c890b193805e8a095a59b5f07 status: experimental description: Detects traffic or activity related to http://113.238.75.214:57020/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.75.214:57020/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.73.94:58141/i id: auto-eafb9238e1a1f720a22df89140e388efe3a9c7b3bd214b5c38ede9f5a11f86cf status: experimental description: Detects traffic or activity related to http://42.234.73.94:58141/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.73.94:58141/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.60.173:35219/i id: auto-8551e63e7afdb11dd3490fb7b6e6952aac7f6f59af9c0428ddcc06c2ab843c31 status: experimental description: Detects traffic or activity related to http://42.86.60.173:35219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.60.173:35219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.252.79:49993/i id: auto-4fbc43b7ab74b1b9f858e074c7bbe98db2452322aef64a91a5c8c93c7933658d status: experimental description: Detects traffic or activity related to http://125.44.252.79:49993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.252.79:49993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.73.94:58141/bin.sh id: auto-16f3d4040ae53b53664cf16f157f2a2b0e487180b9db6a186eabfd8e17946d59 status: experimental description: Detects traffic or activity related to http://42.234.73.94:58141/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.73.94:58141/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.152.236:43771/i id: auto-5056d2b0090051cbb5de1ec23d1226677728e0fcec7b1ffa5b1b3f167aa741ae status: experimental description: Detects traffic or activity related to http://219.157.152.236:43771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.152.236:43771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.162.121:49584/bin.sh id: auto-b64fc2953f17299c111ee7c665982897621e083bfe3f08bad20a2f25d326f0d8 status: experimental description: Detects traffic or activity related to http://61.168.162.121:49584/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.162.121:49584/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.83.239:41590/i id: auto-188a8064df7df689857f0ae0bf614c07cf1b502037f8d747a7841e00739196e6 status: experimental description: Detects traffic or activity related to http://219.156.83.239:41590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.83.239:41590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.144.198:45169/i id: auto-4f78763020b16cde2124ecaa7db7698f40df16dcb5cbeb981c86ae50728a52d1 status: experimental description: Detects traffic or activity related to http://39.90.144.198:45169/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.144.198:45169/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.125.172:48928/bin.sh id: auto-0bcebece05a202e36526e897d8340e9c31a54fc64044271ee1ecf616479a16de status: experimental description: Detects traffic or activity related to http://27.215.125.172:48928/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.125.172:48928/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.5.36:33276/i id: auto-5e4691d123aac5f47414dd0e1d6f2ab4e64aca75e981d85c599c6bf3902b7fce status: experimental description: Detects traffic or activity related to http://125.41.5.36:33276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.5.36:33276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.142.157:50488/i id: auto-04df71a81c06a8763e9fbce8921551738ead0197e7952c31fbf60811d16a39e5 status: experimental description: Detects traffic or activity related to http://182.123.142.157:50488/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.142.157:50488/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.143.199:37273/i id: auto-0365b7fb44f567a51edba96a2c4a4b11ab7e14181b6944208f6026625e64c624 status: experimental description: Detects traffic or activity related to http://42.233.143.199:37273/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.143.199:37273/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.252.79:49993/bin.sh id: auto-827566c69b90661cb676cbf7172cf1b21282f67606be42541c8173cb8beab4ae status: experimental description: Detects traffic or activity related to http://125.44.252.79:49993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.252.79:49993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.96.168:56407/i id: auto-28b389f0926006311a5e3c591de883a5f6f17713c825ccfc0b9007cfd7452f43 status: experimental description: Detects traffic or activity related to http://110.37.96.168:56407/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.96.168:56407/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.165.154:38239/i id: auto-8303c2d735c1963135c222590ea3baf21ac87eaad137b40805967140d61ac4c6 status: experimental description: Detects traffic or activity related to http://123.13.165.154:38239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.165.154:38239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.3.89:50050/i id: auto-dbb52703e5b699d5a26ef0fc230a11b8f32eb74f95916f8b9cf95b9caaaba976 status: experimental description: Detects traffic or activity related to http://115.49.3.89:50050/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.3.89:50050/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.201.50:41814/i id: auto-9ddb2120a68eeef34842bf09a539e525e4705cf378e035f12aa2e419f081783e status: experimental description: Detects traffic or activity related to http://42.225.201.50:41814/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.201.50:41814/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.24.211:54814/bin.sh id: auto-30caff5c11e7d37dbac3708ff053600737ccc57a899912cc74d082ce27b26062 status: experimental description: Detects traffic or activity related to http://222.137.24.211:54814/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.24.211:54814/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.184.117:47605/i id: auto-862de57bb3d7d56d21803a250b9b7a28898333ad742af6caac192097030de378 status: experimental description: Detects traffic or activity related to http://115.57.184.117:47605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.184.117:47605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.3.89:50050/bin.sh id: auto-c8c9a786151c342bec867683ff4b54eda2b537cc8388cf83e6166fdf6461c622 status: experimental description: Detects traffic or activity related to http://115.49.3.89:50050/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.3.89:50050/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.32.192:54988/i id: auto-80d56bc83370e224201fee609434f0f42266cad6b9922b263f88041e19e882a2 status: experimental description: Detects traffic or activity related to http://110.37.32.192:54988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.32.192:54988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.206:48487/i id: auto-7af1cdc8bc2139deca0225e9d905cd82d69e2eaec26556241c30629a4d2c0cc5 status: experimental description: Detects traffic or activity related to http://119.179.252.206:48487/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.206:48487/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.11:38395/i id: auto-1775eec3574e3d954f92e934fc9458828346a26855d5961586e416294fb31636 status: experimental description: Detects traffic or activity related to http://59.97.176.11:38395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.11:38395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.161.169:42250/i id: auto-4148754b8abf52314f85d83585228cfde1db9efbc3f466ee56dd775994de0019 status: experimental description: Detects traffic or activity related to http://175.169.161.169:42250/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.161.169:42250/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.11:38395/bin.sh id: auto-5433510c058e905dab231ea3b1cb8bcca142399cbfc332288f7304287626be8e status: experimental description: Detects traffic or activity related to http://59.97.176.11:38395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.11:38395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.25.40:36866/i id: auto-d60714881955cd752ffde77fe42746835961892a6cbeb9f5c87d836109bc72f0 status: experimental description: Detects traffic or activity related to http://115.50.25.40:36866/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.25.40:36866/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.32.192:54988/bin.sh id: auto-42a961aa4886acfedd3b69b20eb7a53f2e09fb9525910c921b2efa85dc303e37 status: experimental description: Detects traffic or activity related to http://110.37.32.192:54988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.32.192:54988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.103:52846/i id: auto-3944f5c103295955d3cc4ca71e3a947514147184ae290f2faf92eddf3ff7984e status: experimental description: Detects traffic or activity related to http://110.36.0.103:52846/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.103:52846/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.77:58900/i id: auto-d585af982c96a4711a60775ec57a22d83c0667c9537273bffca937e74226e240 status: experimental description: Detects traffic or activity related to http://117.209.92.77:58900/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.77:58900/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.25.40:36866/bin.sh id: auto-00027b43d223cdcb24bb56b3f9c5b24aa0687ccaaa53f2e490c0b5717f24ba0b status: experimental description: Detects traffic or activity related to http://115.50.25.40:36866/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.25.40:36866/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.202.7:49120/i id: auto-7b4e03238f8daa1aa489b88bb82ed0473a260aa0f347266916bcab6e3fa5c9ff status: experimental description: Detects traffic or activity related to http://116.139.202.7:49120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.202.7:49120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.103:52846/bin.sh id: auto-14e5c5f0872dc50ea42f6f2e90933ad159fc8f0dbaef06e5ba284ae1d5398b45 status: experimental description: Detects traffic or activity related to http://110.36.0.103:52846/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.103:52846/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.77:58900/bin.sh id: auto-3a6bfb0b730729a17285eec99b353b20252d76263bb582bab9e20d86175b7b3a status: experimental description: Detects traffic or activity related to http://117.209.92.77:58900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.77:58900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.239.173.152:50929/i id: auto-88747ad804237595f8b120f4ea7060b29751dddd0420af3e5f5718f0e5c325db status: experimental description: Detects traffic or activity related to http://114.239.173.152:50929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.239.173.152:50929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.213.112.220:43953/bin.sh id: auto-660a1392e5f4c92dffb5f4c852458f497433ed9ad8ff911659b199bba9664360 status: experimental description: Detects traffic or activity related to http://117.213.112.220:43953/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.213.112.220:43953/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.69.236:37776/i id: auto-3f9a210d2740251019381bdf60e88fbd9759ca39e88d6611025ae2235493af3e status: experimental description: Detects traffic or activity related to http://182.117.69.236:37776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.69.236:37776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.239.173.152:50929/bin.sh id: auto-6d14c283addfeac33e418fd34983a5d532d9e5a4dee20700ada22aab14c25667 status: experimental description: Detects traffic or activity related to http://114.239.173.152:50929/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.239.173.152:50929/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.69.236:37776/bin.sh id: auto-7d4a1d20f79cb0680b6b0fafb5685f4e5641a8a16b299421d8bcceb43c433f99 status: experimental description: Detects traffic or activity related to http://182.117.69.236:37776/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.69.236:37776/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.230.3:53913/i id: auto-9ea1455cb5edc285a963df5eacfa7c75c9e73f3c6a6ee3761ebcc6a955c7b514 status: experimental description: Detects traffic or activity related to http://219.155.230.3:53913/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.230.3:53913/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.62.23:56719/i id: auto-c891633a971b743cd1f7419a21c4122ebcd95eb4e6052eaa9864180900a3c131 status: experimental description: Detects traffic or activity related to http://42.55.62.23:56719/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.62.23:56719/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.62.23:56719/bin.sh id: auto-72336517f668bd153c0736c15f2304b4fd9c442e84bc75dafd74dee8574a1d18 status: experimental description: Detects traffic or activity related to http://42.55.62.23:56719/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.62.23:56719/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.128.163:35483/i id: auto-12cf0ddb9f165ac86316204eef7d808539bffe4428c4e216bb74f7529b5fa677 status: experimental description: Detects traffic or activity related to http://123.5.128.163:35483/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.128.163:35483/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.186.184:60638/i id: auto-2e6656a08191a5816016e304dbdd1eed512cad716f2e78bf9acda3acfd834396 status: experimental description: Detects traffic or activity related to http://42.6.186.184:60638/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.186.184:60638/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jehovahfireworks.com/lemalfillempa.zip id: auto-16b64627de03f1574ea12228c2a464a99f9fc3a5d440424c9a33f05d84287934 status: experimental description: Detects traffic or activity related to https://jehovahfireworks.com/lemalfillempa.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jehovahfireworks.com/lemalfillempa.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.185.153:38449/i id: auto-863d7b6042f8714911d44fdb78bdc8ffd3a5e6bec9c445387c62591d11e23286 status: experimental description: Detects traffic or activity related to http://175.167.185.153:38449/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.185.153:38449/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bashupload.com/Daerjg.exe id: auto-c5c52e1a989a4f4e67b739e9a21b5b3f1c24a58a83b0946926bf38cc26c73d7f status: experimental description: Detects traffic or activity related to https://bashupload.com/Daerjg.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bashupload.com/Daerjg.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.5.36:33276/bin.sh id: auto-8f4017056dbf62fce363197ea5125dbda7170e241fa39d25f074e00ecb9bbbef status: experimental description: Detects traffic or activity related to http://125.41.5.36:33276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.5.36:33276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.198.81:41962/i id: auto-7112da5ea2d18f614f32936fea0ef62a6656b6b3f14d134fa217d64e60bf2472 status: experimental description: Detects traffic or activity related to http://42.180.198.81:41962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.198.81:41962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.6.83:49088/i id: auto-f28ea0bcfa9e75566d0326b9ae8deb67c66db946bd0c4fda7a0342a0b0473821 status: experimental description: Detects traffic or activity related to http://115.50.6.83:49088/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.6.83:49088/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.230.3:53913/bin.sh id: auto-060080999270bc786564b828144b00185bdacd1e59cb834924130ee87fc7f813 status: experimental description: Detects traffic or activity related to http://219.155.230.3:53913/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.230.3:53913/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.234.93:35511/i id: auto-494c0cfc1a92296bb90a1756a840537646069dc678e422c26fcb5f9c30fe633a status: experimental description: Detects traffic or activity related to http://42.232.234.93:35511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.234.93:35511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.44:44325/Mozi.m id: auto-a3c68c048671e527b0d4381d62bb23566f0b39bb98fe51c3c5f2a49cd223bed5 status: experimental description: Detects traffic or activity related to http://59.96.137.44:44325/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.44:44325/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.128.163:35483/bin.sh id: auto-5afa59fd64cf8cb3bf3c9cbb49808b48a9dee56cf4e1b1b01cd7b4a7bb12d53f status: experimental description: Detects traffic or activity related to http://123.5.128.163:35483/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.128.163:35483/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.185.153:38449/bin.sh id: auto-1bbf3e97ae4f74dc52a7f398ac0a7f8c812bdff5e610d7ea19da385c94020f59 status: experimental description: Detects traffic or activity related to http://175.167.185.153:38449/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.185.153:38449/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.6.83:49088/bin.sh id: auto-2668c286ec6e8bf60b92821adb048735746ad8346b239238509910e6369ca00e status: experimental description: Detects traffic or activity related to http://115.50.6.83:49088/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.6.83:49088/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.234.93:35511/bin.sh id: auto-fb0d2eec0448e5d5431fb7028a7fb8d28f7f42e9d34bec764347bae0f28f5079 status: experimental description: Detects traffic or activity related to http://42.232.234.93:35511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.234.93:35511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.92.76:41088/i id: auto-803dc9b48c7fed735253af1aea709168dc8e448ee893aa2719d3f47c7c3e58cf status: experimental description: Detects traffic or activity related to http://61.53.92.76:41088/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.92.76:41088/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.189:54998/i id: auto-cc4e9ae8ba572c65f16536c9641e603575f7cd6800b3558ed4056847065195c9 status: experimental description: Detects traffic or activity related to http://110.39.244.189:54998/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.189:54998/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.92.76:41088/bin.sh id: auto-646eb465975dde430e13cb3f636d02898eeefe9bb9a790495c8352f2ff0a86d2 status: experimental description: Detects traffic or activity related to http://61.53.92.76:41088/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.92.76:41088/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.167:43611/i id: auto-92314e5d1ba1788ec9de6da7ea3bad5f520765caabd62456f9661c3c13b7246a status: experimental description: Detects traffic or activity related to http://110.37.102.167:43611/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.167:43611/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.67.73:59171/i id: auto-96d904d7eac559e0f81860dfef5b247257848620c86887be11fed536882ae6fa status: experimental description: Detects traffic or activity related to http://42.235.67.73:59171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.67.73:59171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.97:35471/i id: auto-5b897899d19327673cbcd37309a3b09901067d08728409f6a772f10dd84f473f status: experimental description: Detects traffic or activity related to http://219.155.210.97:35471/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.97:35471/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.189.55:33830/i id: auto-665deaedd93686981e359388b63b29e1e1fe04aa4d7003802fef1215ca19f02a status: experimental description: Detects traffic or activity related to http://42.235.189.55:33830/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.189.55:33830/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.148.214:43439/i id: auto-6c7745bb165dc890fe21d7018cc0bd598da00d4e38f02752e29c12fdb9cb7684 status: experimental description: Detects traffic or activity related to http://39.90.148.214:43439/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.148.214:43439/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.67.73:59171/bin.sh id: auto-661e765a2a28ec0ef799540116cd261d602955f73933e7982c5fc6f70c262589 status: experimental description: Detects traffic or activity related to http://42.235.67.73:59171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.67.73:59171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.226.229.227:49613/i id: auto-5ff4071b82c1b1e414ae133336043623900c5afdbc2b5155e67270ae15b10bf8 status: experimental description: Detects traffic or activity related to http://121.226.229.227:49613/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.226.229.227:49613/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.188.99:59584/i id: auto-4c470b2ade115c18869942eaa8f9ee1bb1b3317c56ffce8e9d5563e09cc230c8 status: experimental description: Detects traffic or activity related to http://222.140.188.99:59584/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.188.99:59584/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.123.209:55872/i id: auto-ca936b8be9e8bbbb8ecbd31b3e5d2387440f740ff4a505304b7f4f4675e20a29 status: experimental description: Detects traffic or activity related to http://61.53.123.209:55872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.123.209:55872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.167:43611/bin.sh id: auto-f8a9061222bf494a25dcf132fd5fc00e99b101bca1424b2a3bdec188f8b0b71d status: experimental description: Detects traffic or activity related to http://110.37.102.167:43611/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.167:43611/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.97:35471/bin.sh id: auto-920af2f4e920e426c927a7556c4364bd7c0b10b8cab5ae6bbd52c9b15604a6b3 status: experimental description: Detects traffic or activity related to http://219.155.210.97:35471/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.97:35471/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.189.55:33830/bin.sh id: auto-db4e21a32057d20a0c6cb2ac31c6b2345c23184fae65be97129d6962aafdd098 status: experimental description: Detects traffic or activity related to http://42.235.189.55:33830/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.189.55:33830/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.133.129:48307/i id: auto-331d55b4900349203c3f307ec7e959a6980cb5bbc5bb73973fc0d496aa3a4d52 status: experimental description: Detects traffic or activity related to http://61.3.133.129:48307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.133.129:48307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.148.214:43439/bin.sh id: auto-07678a9a959c04ff36a23c99ae060d892d8ee6ac1da36944397c9a9e78f82434 status: experimental description: Detects traffic or activity related to http://39.90.148.214:43439/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.148.214:43439/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.196.229:35479/i id: auto-398e6370eaaa34d611d14be0dd72aa69957932387145fc7e0f9f5401240b9bda status: experimental description: Detects traffic or activity related to http://182.119.196.229:35479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.196.229:35479/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.226.229.227:49613/bin.sh id: auto-e755fbdd05c916f9eebecb0088dc7362acefb86252848c360000f46b07366f7c status: experimental description: Detects traffic or activity related to http://121.226.229.227:49613/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.226.229.227:49613/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.188.99:59584/bin.sh id: auto-03c90b0c3c727d59877a221f67c8a8b89f14b5026f63cf225de3bad6a995059f status: experimental description: Detects traffic or activity related to http://222.140.188.99:59584/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.188.99:59584/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.133.129:48307/bin.sh id: auto-d8b5d51c237d617d633aedb33ea0eb184fddfa9c291075e6007a0b9b482a19fc status: experimental description: Detects traffic or activity related to http://61.3.133.129:48307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.133.129:48307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.243.93.100:33659/i id: auto-9afb205c5291fe329d03ac1ec245f48d2c991e9ed190c5a8aa9d0deaf72b3ec2 status: experimental description: Detects traffic or activity related to http://112.243.93.100:33659/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.243.93.100:33659/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://170.246.163.25:38982/i id: auto-f027f6c10d08d22cf43ecc90405600490eba6e85f09ea268eb6b844de5afd84c status: experimental description: Detects traffic or activity related to http://170.246.163.25:38982/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://170.246.163.25:38982/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.243.93.100:33659/bin.sh id: auto-dccd770160c5110e081af8890fe184816043e4623ee3c01578874e1373d62036 status: experimental description: Detects traffic or activity related to http://112.243.93.100:33659/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.243.93.100:33659/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.46.44:59556/bin.sh id: auto-c3b27622d5f09e84bdd2da79dc0cc3a544b9ef8ebe40faaa513a3ea753a94391 status: experimental description: Detects traffic or activity related to http://222.141.46.44:59556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.46.44:59556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.54.34:55590/i id: auto-3308ed72abbbe5709232f144f0c1a7cd832aca969fed71c2bdcec0cb74f25140 status: experimental description: Detects traffic or activity related to http://219.157.54.34:55590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.54.34:55590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.120.114:33333/i id: auto-06af309389d1a5f14e8bb7d38cd584411331a775ca1cf5bef9c96e3980f46fda status: experimental description: Detects traffic or activity related to http://27.215.120.114:33333/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.120.114:33333/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://170.246.163.25:38982/bin.sh id: auto-4c06e0a030d2fe3ae63604d661a398e2ae6164d26588e18f0d259a3f283d1eaf status: experimental description: Detects traffic or activity related to http://170.246.163.25:38982/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://170.246.163.25:38982/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.57.127:33453/bin.sh id: auto-d2e2e1c1a6dad2b64e97558adf92cf29e3113ec18e4b77bdba423fa5bf51a8b6 status: experimental description: Detects traffic or activity related to http://125.45.57.127:33453/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.57.127:33453/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.34.161:48265/i id: auto-31e2a29214b246e999e5f25ad0e25b29aa32de669a9e28de64ddbf3b99a45b58 status: experimental description: Detects traffic or activity related to http://115.48.34.161:48265/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.34.161:48265/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.231.122:33072/bin.sh id: auto-d4c2f3a012f54533398bb16058f6d5e4eaf64519abba0bbdc506620b37ce5068 status: experimental description: Detects traffic or activity related to http://125.41.231.122:33072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.231.122:33072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.60.211.201:56047/i id: auto-438706b14962342bd8f4c939f02ad595ba2b8002fa8b33265442840b94418563 status: experimental description: Detects traffic or activity related to http://115.60.211.201:56047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.60.211.201:56047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.172.8:60649/bin.sh id: auto-76177d72ac48ab1e3b7bf2d280274f35d20fc75b5abd9d49908310ea2cc77702 status: experimental description: Detects traffic or activity related to http://119.189.172.8:60649/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.172.8:60649/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.101.19:33019/i id: auto-0a49eff96b5a912487dc70986b6bad8e5229cb62cbda00bb5922dffda36a3f67 status: experimental description: Detects traffic or activity related to http://113.237.101.19:33019/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.101.19:33019/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.171.173.155:8081/bot.mips id: auto-f0b09d1ae1d9c3fb487876b07a5cef52ffc7ded2703e5436594ef6e70222faad status: experimental description: Detects traffic or activity related to http://62.171.173.155:8081/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.171.173.155:8081/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.29.172:37706/bin.sh id: auto-effb674726e43aafd57555902d07622ff9a575e922464ee438da41116b1721ef status: experimental description: Detects traffic or activity related to http://182.119.29.172:37706/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.29.172:37706/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.49.144:38885/bin.sh id: auto-4fcc2f8a281b1795b25416c74c4e8737c4eb786d2f6587fe27e65a400e208a50 status: experimental description: Detects traffic or activity related to http://219.157.49.144:38885/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.49.144:38885/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.67.244:60727/i id: auto-0e0e08d544face1217c02ee41faf7019830eb92804ab1e6d58c9ab6d228561d5 status: experimental description: Detects traffic or activity related to http://175.151.67.244:60727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.67.244:60727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.29.145:52528/bin.sh id: auto-0edea1d630376191e9e8fc223dbe29fa6182ccbed64fdb6a8acc437b730d9ad3 status: experimental description: Detects traffic or activity related to http://115.49.29.145:52528/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.29.145:52528/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.222.42.38:35371/bin.sh id: auto-17e421a7f644c4381530fc2372cdaa61c87968e332b8a9a52cdfd7dc99559d96 status: experimental description: Detects traffic or activity related to http://27.222.42.38:35371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.222.42.38:35371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.127/bins/bot.arm7 id: auto-65d3acf512441da7b94d747e4b1c1eb11af2d573835f3e7aa72b225469fbe602 status: experimental description: Detects traffic or activity related to http://176.65.148.127/bins/bot.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.127/bins/bot.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.2.58.106:46171/i id: auto-fcc3c4b26510f9626a94fadcda551980a4f0cb320c889accec4f589d77b88eaf status: experimental description: Detects traffic or activity related to http://116.2.58.106:46171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.2.58.106:46171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.248.190:50692/i id: auto-54451ced929afd95e8657925f3d182e64ce9d7f449f56264e4ac3beffd03a037 status: experimental description: Detects traffic or activity related to http://182.121.248.190:50692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.248.190:50692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.59.104:42804/i id: auto-5f326e3c544f964f13866c9a15067d25b3beb970bf95629c4293b028547d4193 status: experimental description: Detects traffic or activity related to http://61.52.59.104:42804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.59.104:42804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.170.246:15628/i id: auto-91b71a79d26cb2d6c1694e643febb9fa2b668ed2711268686046e549ee2b1279 status: experimental description: Detects traffic or activity related to http://182.117.170.246:15628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.170.246:15628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.59.104:42804/bin.sh id: auto-07bd0ae7b761c05e4d4523978e55231b2faf0a55bd6e912aa05cc379416306ca status: experimental description: Detects traffic or activity related to http://61.52.59.104:42804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.59.104:42804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.223.218:41291/i id: auto-fb348b5884d291721eccc5658b3b0ce0286658f32f36af1a1a6245ac8b74e03a status: experimental description: Detects traffic or activity related to http://219.157.223.218:41291/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.223.218:41291/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.120.114:33333/bin.sh id: auto-cf6dde03c60d7f818cbfd978d7161bd669a6b185a9d28cb522c1df433e6ed165 status: experimental description: Detects traffic or activity related to http://27.215.120.114:33333/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.120.114:33333/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.222.166.218:58083/i id: auto-a2c9bd487b164c39bc3bb765be2cebd68c582f56ce593db1bb16a3cddcf46e5a status: experimental description: Detects traffic or activity related to http://117.222.166.218:58083/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.222.166.218:58083/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.248.190:50692/bin.sh id: auto-74588a76e2b01dd6f7b44eab3fdf7436a453b524940cd4cbe01ca3deb9680437 status: experimental description: Detects traffic or activity related to http://182.121.248.190:50692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.248.190:50692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.232.20:56093/i id: auto-f6ed5445395f01310b3bc167f3633ae8138ed4d6135a9cdf34ddf793a1c31285 status: experimental description: Detects traffic or activity related to http://117.244.232.20:56093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.232.20:56093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.222.166.218:58083/bin.sh id: auto-51645719da3426bfbf847cbe2f1b5e45678f1d63e52281a8dfb1dc4fb4f242a8 status: experimental description: Detects traffic or activity related to http://117.222.166.218:58083/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.222.166.218:58083/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.170.246:15628/bin.sh id: auto-942b106a3ef567def5598b1100b85b6da57d0015935016d7eb7de4e594f00065 status: experimental description: Detects traffic or activity related to http://182.117.170.246:15628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.170.246:15628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.148.190:34276/i id: auto-f6f58e14dfef62c7dc37dcacf7644e88474d64c3fceb98de41da9f1b0bb939d8 status: experimental description: Detects traffic or activity related to http://42.179.148.190:34276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.148.190:34276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.176.244:50424/i id: auto-f405072b21cbc5fa1d20051b2b8b3d807a2c3f37ced5705f1f7d6e6ff21325ab status: experimental description: Detects traffic or activity related to http://222.138.176.244:50424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.176.244:50424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.172.245:56790/i id: auto-9a63a584db1447548f7b97dcb44bb325d83a866d9b12814ded1d4787ecc981d9 status: experimental description: Detects traffic or activity related to http://37.52.172.245:56790/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.172.245:56790/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.46.44:59556/i id: auto-ea7048ab6661b770f26c972f0f9d4a768c9b09dda63a7c9bc8f0b97121220d17 status: experimental description: Detects traffic or activity related to http://222.141.46.44:59556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.46.44:59556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.199.20:40782/bin.sh id: auto-b662b5315e76b0bebe81bcaa4b914cc88bcc1164f7767f20ad744d4cbe84a246 status: experimental description: Detects traffic or activity related to http://123.9.199.20:40782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.199.20:40782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.89.219.53:36606/bin.sh id: auto-dbddbfc072dfa695d61cfc3a1d45dc8084e3422c94144824361dda77c5843b24 status: experimental description: Detects traffic or activity related to http://39.89.219.53:36606/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.89.219.53:36606/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.232.20:56093/bin.sh id: auto-e63b0f0c01e68ffc1c2d1bb932df536da50d1bf110fb321a4e727c877452d7eb status: experimental description: Detects traffic or activity related to http://117.244.232.20:56093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.232.20:56093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.215.192:37531/bin.sh id: auto-5df5f5a5a1f718c0935f9510e6b65702731cc602cc834befe546cba4e9d21420 status: experimental description: Detects traffic or activity related to http://117.215.215.192:37531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.215.192:37531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.81.65:37596/i id: auto-8abb29b4f9bc0c4d54cb57e9f31adad6e94bca3394ae9220c4a9e50e61062d75 status: experimental description: Detects traffic or activity related to http://27.37.81.65:37596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.81.65:37596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.172.245:56790/bin.sh id: auto-a1792ab7d497a606aa495f7960a73517ce39ba520ae9b3da79674ccf1aea8f87 status: experimental description: Detects traffic or activity related to http://37.52.172.245:56790/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.172.245:56790/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.157.244:52296/i id: auto-1c29f4be0a29e08210adb8fe74c6773ba03e07d139e52e1972d6699309f6dc2c status: experimental description: Detects traffic or activity related to http://115.55.157.244:52296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.157.244:52296/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.148.190:34276/bin.sh id: auto-1514f88209dabcec025a373bf987efc0950f5f12b7f954b9bde343c1a3d8d8e9 status: experimental description: Detects traffic or activity related to http://42.179.148.190:34276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.148.190:34276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.31.159:37703/bin.sh id: auto-26d9454a2b113defb0cd99cdb3353f7f8a6f475b868297bd0008c3f3db933476 status: experimental description: Detects traffic or activity related to http://42.224.31.159:37703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.31.159:37703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.157.244:52296/bin.sh id: auto-226f7009ce7bf5352b2ea2e9fd525dacaccf1a3b9bf5aaec8ca8698ddba59276 status: experimental description: Detects traffic or activity related to http://115.55.157.244:52296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.157.244:52296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.205.35:40587/i id: auto-33a7f6b73395c2f1c6226caa69c2257f9869f39db5135f418805c3f689e90db1 status: experimental description: Detects traffic or activity related to http://85.12.205.35:40587/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.205.35:40587/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.167.149:57041/i id: auto-c1ad17e368c771175404f0d48247eee0dfb46b4e76e18aaaf67108410016895e status: experimental description: Detects traffic or activity related to http://117.204.167.149:57041/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.167.149:57041/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/4635461563546876 id: auto-9c06fabd97f9bef2b1b94e3accd394442b1089f8dd9f43d400a4da642e64a268 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/4635461563546876 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/4635461563546876*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.100.171:38338/i id: auto-bb768fe3a90d9649df2a0b72d97c3f4eb49abeb9769920227deec6760e33699e status: experimental description: Detects traffic or activity related to http://115.49.100.171:38338/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.100.171:38338/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.108:34989/bin.sh id: auto-2e633c823ac393480f0f9b492bd51bc17aca3c7a3938dd1275f2162ad788efca status: experimental description: Detects traffic or activity related to http://117.209.31.108:34989/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.108:34989/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.205.35:40587/bin.sh id: auto-1bebdd5ccce8e422b75730a9169a3579ab6dcdb0979d5ad0884bfc1f247def43 status: experimental description: Detects traffic or activity related to http://85.12.205.35:40587/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.205.35:40587/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.56.112:56285/i id: auto-5a5fb90790b8f4ee3218c0f582e9142a9e1cb14d54c420b7ffcdb33563f8724b status: experimental description: Detects traffic or activity related to http://125.47.56.112:56285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.56.112:56285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.167.149:57041/bin.sh id: auto-95c4114f8df03b5df0d9551ff801e947cb4df06a9c0e70b1f7368ff065d00271 status: experimental description: Detects traffic or activity related to http://117.204.167.149:57041/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.167.149:57041/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8243889744/PVduvPo.exe id: auto-a35d9a1ea55ad96bb3f5476f9cfa8c2731b521b53bfd62c4857a61ada6f1c598 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8243889744/PVduvPo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8243889744/PVduvPo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.133.12:46408/bin.sh id: auto-568604ee6844eb6cd9d33390ec460a810daa0567c0edc03eaa459c6949e76e5a status: experimental description: Detects traffic or activity related to http://219.155.133.12:46408/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.133.12:46408/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.48:55599/i id: auto-0e3f35fda5f0689057fb5cce13d7971280449a26a81d8695ac5067ae7e5a8eae status: experimental description: Detects traffic or activity related to http://42.7.202.48:55599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.48:55599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.254:44382/i id: auto-2495450bce3823ead76a3425db994b478e3f7e8183b3236931f998daea398b87 status: experimental description: Detects traffic or activity related to http://42.239.235.254:44382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.254:44382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.163.21:45618/i id: auto-eb31abd28f4a65fa4761cec3676a503a08558735d13fcdee8096b49671642db7 status: experimental description: Detects traffic or activity related to http://222.134.163.21:45618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.163.21:45618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://itsnetflix.app/Clemente_Mueller_PA.msi id: auto-d0fb5bd7432fef7d992aaa6ea14246a592b89d001b4c466f5da2dfc1edb8eae1 status: experimental description: Detects traffic or activity related to https://itsnetflix.app/Clemente_Mueller_PA.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://itsnetflix.app/Clemente_Mueller_PA.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.80.96:43296/i id: auto-38efa45109a2685bda0f1101c708049d13684cb7b503afc464d98192ba4a608d status: experimental description: Detects traffic or activity related to http://42.235.80.96:43296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.80.96:43296/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.169.156:53511/bin.sh id: auto-9a4c761fce295889c27582348ffe48c8a7c05e057df4bd9d21e77b3f55d6818a status: experimental description: Detects traffic or activity related to http://222.136.169.156:53511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.169.156:53511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.48:55599/bin.sh id: auto-ba7650e0064118fb6a6d48c25d77dbcb4f8b25fa8f7cd55fb592b7dc5f7ad09c status: experimental description: Detects traffic or activity related to http://42.7.202.48:55599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.48:55599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.101:37486/bin.sh id: auto-675cd76dd068f9af2f90bc676867e8458ba2cd778d35f70fa37057c3a0c926b8 status: experimental description: Detects traffic or activity related to http://110.37.118.101:37486/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.101:37486/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.80.96:43296/bin.sh id: auto-e82a89b006f733b1693a66801babeb444ec1e1378aa4d260d4423922742ddd62 status: experimental description: Detects traffic or activity related to http://42.235.80.96:43296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.80.96:43296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://audicontadores.com/wp-content/Order2390.msi id: auto-a127ad20723e2b182cbe5396b6070f5602b9f5e3fdcab561488bc4a312a9ac77 status: experimental description: Detects traffic or activity related to https://audicontadores.com/wp-content/Order2390.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://audicontadores.com/wp-content/Order2390.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.68.172:33190/i id: auto-edaa75904b8f29a40aa34f46e0749af12e18a073abac12ff867a7ab1a3dab28b status: experimental description: Detects traffic or activity related to http://59.94.68.172:33190/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.68.172:33190/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.147.83:55321/i id: auto-32ae829d1c8168d49deebf42213fe319a5ab66b33bcf8f325b1a122154a12e4e status: experimental description: Detects traffic or activity related to http://115.48.147.83:55321/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.147.83:55321/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.37:50466/i id: auto-d3dac2a6ecbc3af968f85ea36f98da79ad4c3840f849d2225bbe3074258743a3 status: experimental description: Detects traffic or activity related to http://59.97.253.37:50466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.37:50466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.215:50869/i id: auto-123c493a54ff850609a6ff1744672f7c342853bf8c01282e8698483a06e38a6f status: experimental description: Detects traffic or activity related to http://110.37.11.215:50869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.215:50869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.170.246:41327/i id: auto-dfc0990b05fe99da5e6f0415bffc229dcb7341db71d12fa4149f3b183cbc4145 status: experimental description: Detects traffic or activity related to http://124.94.170.246:41327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.170.246:41327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/seen1111/df/main/f34.png id: auto-fae545ddcb9e38aa23f715a16c196790937f7a352b1392cdc4d29a9533693718 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/seen1111/df/main/f34.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/seen1111/df/main/f34.png*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.254:44382/bin.sh id: auto-dbfd8ef2964ef20afbc1325cddb6c35aeb85dc7f3cb3cf6d0f62615d91cae597 status: experimental description: Detects traffic or activity related to http://42.239.235.254:44382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.254:44382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.37:50466/bin.sh id: auto-d980451cc0b62ed8856678119ad055733dfc2b4ae9b151488978cb8846dec46c status: experimental description: Detects traffic or activity related to http://59.97.253.37:50466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.37:50466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.102:50596/i id: auto-2e7ac25a6f311b7efd7a67333a37b3e41747e31230fb026b72f3596066c87cda status: experimental description: Detects traffic or activity related to http://181.103.0.102:50596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.102:50596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.147.83:55321/bin.sh id: auto-9dc26f3b2d44a60703c6098ba94c22fe9e30a36780649609ba9dae2ac9acb94a status: experimental description: Detects traffic or activity related to http://115.48.147.83:55321/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.147.83:55321/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.18.182:36998/i id: auto-18e50ea952dc9cecf327e445f7b0bbc17c6687abf0007b3a4217dba7e044c314 status: experimental description: Detects traffic or activity related to http://120.61.18.182:36998/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.18.182:36998/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.102:50596/bin.sh id: auto-69248deb32f8d58b905d9b42445dac4ba9ca3c13b67b15fb6ca6b2af1032bd49 status: experimental description: Detects traffic or activity related to http://181.103.0.102:50596/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.102:50596/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.170.246:41327/bin.sh id: auto-676fee890f2b6b55771ffc2faa329229fe2207888d4ab0e5e8560d891aec2bc4 status: experimental description: Detects traffic or activity related to http://124.94.170.246:41327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.170.246:41327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.154.84.204:49123/i id: auto-c17240b6c4de164b5d1f6dfa6ba889e5d215f8c2c99c296945be2bae2ab4e147 status: experimental description: Detects traffic or activity related to http://177.154.84.204:49123/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.154.84.204:49123/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.56.50:46520/i id: auto-064b19f5d456773f5e0873da18582b6bf2ffdd7159a41c724aad6f942a2df370 status: experimental description: Detects traffic or activity related to http://119.115.56.50:46520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.56.50:46520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.151.242:45005/i id: auto-fd1a19d914ef344bd3022d820eeb7be901eadaa3e001a847b6bd2206a938c85e status: experimental description: Detects traffic or activity related to http://115.48.151.242:45005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.151.242:45005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.136.153:42555/i id: auto-934ecf9dc4d0ca2886bc166cb2bc2de96a20f0c36c573eb1e36dead2aed1c050 status: experimental description: Detects traffic or activity related to http://61.3.136.153:42555/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.136.153:42555/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.151.170:32804/i id: auto-46a4f834d001e7d33b28c0db5b97921bd4f58ddc3979745eb8f26fad1ff60ab3 status: experimental description: Detects traffic or activity related to http://115.56.151.170:32804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.151.170:32804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.58:55644/i id: auto-6bde5f5ba959dd4d76516b1138ce3a27f259d387ad896eb2f84e680d562b161c status: experimental description: Detects traffic or activity related to http://219.156.62.58:55644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.58:55644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.56.50:46520/bin.sh id: auto-5e9269216a477aad6acfffaa8a4ef519552de4240efa62a6c3c28ebbfa7ae0c8 status: experimental description: Detects traffic or activity related to http://119.115.56.50:46520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.56.50:46520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.49.12:33027/bin.sh id: auto-101b695f30352186f5e493e55108ba86387ff6d78c980560c96b08028baccbfa status: experimental description: Detects traffic or activity related to http://42.56.49.12:33027/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.49.12:33027/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.136.153:42555/bin.sh id: auto-ca3169eaf7173455e7848a3455376aa1d563720e305494d0caddec5a4b7783c0 status: experimental description: Detects traffic or activity related to http://61.3.136.153:42555/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.136.153:42555/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.151.170:32804/bin.sh id: auto-2ecf5b5842cb60dd193ceb56e10ae1373779667b0b9b1a10bde51f929137c509 status: experimental description: Detects traffic or activity related to http://115.56.151.170:32804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.151.170:32804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.58:55644/bin.sh id: auto-4897fc63fb641b31a7150b80464925e12aeb91fab804ea757fec8936af1d0491 status: experimental description: Detects traffic or activity related to http://219.156.62.58:55644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.58:55644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.197:39438/i id: auto-2924bad8634fcbccc44b3b61f75d8e69c6a26823cfb7c622ac28e3fe21017a7b status: experimental description: Detects traffic or activity related to http://117.209.89.197:39438/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.197:39438/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7724151170/vxCnaoV.exe id: auto-9f6c3ac41283cd703c64d27eaefa9f90f94f1ba609a0f6f33aacfb549ea83658 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7724151170/vxCnaoV.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7724151170/vxCnaoV.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/ohshit.sh id: auto-eec6a045609a7126bd0cbd3c40861d0c7c5d85a1a5756e81aa212556fa7708c2 status: experimental description: Detects traffic or activity related to http://151.243.109.76/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.127.36:45094/i id: auto-afb66e0321edd719a70d6dbcdbdc5c9d01af3cefff0e2241ba559b4ff8cca225 status: experimental description: Detects traffic or activity related to http://27.215.127.36:45094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.127.36:45094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10:235/xmrig id: auto-86ddd4cffa72d61046e75f388d35789a2349fc496e5aca701eaa672055249bed status: experimental description: Detects traffic or activity related to http://91.92.241.10:235/xmrig which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10:235/xmrig*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://trebblay.com/5h5h.js id: auto-1f1c66e809cc245f99562a73f7a4da135f2ac43ef2f6ee72beccadfd7f421350 status: experimental description: Detects traffic or activity related to https://trebblay.com/5h5h.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://trebblay.com/5h5h.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://trebblay.com/js.php id: auto-55de326f37777a3220edbaa88c7753c0c453253e2d9f566b1dac329e2f34669d status: experimental description: Detects traffic or activity related to https://trebblay.com/js.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://trebblay.com/js.php*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.sh4 id: auto-0fa9ee80838fb4ad646c9269f33b22be6f6515b0a1fc948de679794ba6761e68 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.arm id: auto-7ef2cd2633ab7c8b3e212bd6613c0f4ae37c4bbc2b5ff4b8fcaa48614e025ba2 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.142.223:44850/i id: auto-f10cfcb9dfb4b40026ce48ef7cedea4b20ec4bfaa341d3b6d24aa23424e00b17 status: experimental description: Detects traffic or activity related to http://175.173.142.223:44850/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.142.223:44850/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.36.87:33386/i id: auto-ad124322f6f814f28a2bb9b616c8b8d4118b31150274ae61f7f06768d43f8b9e status: experimental description: Detects traffic or activity related to http://115.63.36.87:33386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.36.87:33386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.arm5 id: auto-cafbd0a70fdc7387044e92cb9dc07e535ba1cf71db39441d0dad748e6ee3c314 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.mpsl id: auto-a0c219dad31b02254311abc7785f3843679901a64569d51acb45f9837d85d701 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.m68k id: auto-2f1d4f0077e30e97728d78b1f7c1a0947194a15d4c38531d0de68c819477b0da status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.x86 id: auto-d1c44de3ed3d2009c3cdbdc78fe470091b1c692ef2cba89a987dfd1e2592a9f8 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.arc id: auto-965cbcd055df3a6cfe2756a6e302d504bc7b7a0497e39c84703449bccf8cb190 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.arm6 id: auto-9e84b51022a3ff17356bc83507b213da41ab5af1dc29b192fa70c927e2e7ee51 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.spc id: auto-67e2ee53f2d56d7b38f69fd5555672aa8cc1babb9eedc2aa5db706d6e34c625b status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.arm7 id: auto-36664c5f2042693ea4eca3a4a4f15de61b72e3849cde0affb20708aced33296c status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.mips id: auto-7a8105b012948ca9a3f7453c647edb30193ee1d435cb6abfecc3d3beed25e8c6 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://miabiollen.com/middleware/settings-script.js id: auto-bc0bc6c2e5b1ac808f9cba1defbac2bc011fe94b5794a8b954d816116c25e295 status: experimental description: Detects traffic or activity related to https://miabiollen.com/middleware/settings-script.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://miabiollen.com/middleware/settings-script.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://miabiollen.com/middleware/router-server.js id: auto-c9675085aec50d57cd8ded83e42ae4054d05c36fc6dfa09c1edd5391545c342e status: experimental description: Detects traffic or activity related to https://miabiollen.com/middleware/router-server.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://miabiollen.com/middleware/router-server.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.42.38.49/query id: auto-168fa49c1652a201be2d8b32f0096364f08e55e671407295407c27c03398de15 status: experimental description: Detects traffic or activity related to http://193.42.38.49/query which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.42.38.49/query*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://heismanscholarship.com/j.js id: auto-8b3227ec2b258bc285eea1e01b66a4dfb340f5273f5b442ef8ee1cf21b0192e9 status: experimental description: Detects traffic or activity related to https://heismanscholarship.com/j.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://heismanscholarship.com/j.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.82.81:42107/i id: auto-e9194df5c6bf14c0c9757276819a149af6dd0103c1bbc05d0f4ce91ddd42d0af status: experimental description: Detects traffic or activity related to http://42.5.82.81:42107/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.82.81:42107/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.186.210:49606/i id: auto-4398deaadeec95d6dff6eeeb66d3f4aa80639edfb4b4133b22b1a48dc4585533 status: experimental description: Detects traffic or activity related to http://123.8.186.210:49606/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.186.210:49606/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.72.169:50202/Mozi.m id: auto-e44394d2e3ee072cdae1099e66dd2dc0ea278e76e9e5e8e50d8885b3d095a610 status: experimental description: Detects traffic or activity related to http://213.43.72.169:50202/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.72.169:50202/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.76/hiddenbin/boatnet.ppc id: auto-5d30ab60604e54249d921d127d76a17cb09ddeec951132e4c8aac7d9b1c98ba6 status: experimental description: Detects traffic or activity related to http://151.243.109.76/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.76/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.127/bins/bot.mips id: auto-a8e9f26afe30c77e167f49830d9da4790ee29e4c66e859c110880934e845ceaf status: experimental description: Detects traffic or activity related to http://176.65.148.127/bins/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.127/bins/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.127.36:45094/bin.sh id: auto-a056dc91e284d5d2cfda5c0cc671e3e33a208b5e70497ccc0e724e4129c96026 status: experimental description: Detects traffic or activity related to http://27.215.127.36:45094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.127.36:45094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7543821613/D1GulTb.exe id: auto-047d603c56e6d02812541f13d12c0e512232fe47bd0c65f6aaefa2e0507a3dc7 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7543821613/D1GulTb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7543821613/D1GulTb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7543821613/8AIO1z9.exe id: auto-c4c5159092dc500656761ef8e0b637ceb2bcf239ff4a9e8f529cb5f84d097f87 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7543821613/8AIO1z9.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7543821613/8AIO1z9.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.197:39438/bin.sh id: auto-4607857e8423a85b9922cfdf4dfc8d18d5272c2ff255ec582720ff044371d2ab status: experimental description: Detects traffic or activity related to http://117.209.89.197:39438/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.197:39438/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.196.229:35479/bin.sh id: auto-ec34a6fac212a40171e90b7861df7036677bfedf02fb93fc3f4692348542fe58 status: experimental description: Detects traffic or activity related to http://182.119.196.229:35479/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.196.229:35479/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.186.104:50609/i id: auto-a1785b0ec19205598e44c2af71d58d6fb27ef65cf06bab1038257106bb8245c8 status: experimental description: Detects traffic or activity related to http://219.157.186.104:50609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.186.104:50609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.19.131:40029/i id: auto-5cbc9fae35fc4222165d63b8ba56ca85244f3ab15fa8d0846abf0679c5ac0cbd status: experimental description: Detects traffic or activity related to http://115.52.19.131:40029/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.19.131:40029/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.232.182:38757/i id: auto-0b5db3d9b0af79ca3d7b8bfeba1b1c78226e904baf0a09c97159af60f6c4c314 status: experimental description: Detects traffic or activity related to http://221.202.232.182:38757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.232.182:38757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.155.252:55105/i id: auto-dc643d3650611f0523f1468cd85d9401089e66f1a54146a1d608b0b6e65d11c2 status: experimental description: Detects traffic or activity related to http://222.137.155.252:55105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.155.252:55105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.60.208.247:46826/i id: auto-6d7d9ff2ef4c49a57b729df7bc35037167558a04d9ae4a775ae49a817f5d25d2 status: experimental description: Detects traffic or activity related to http://115.60.208.247:46826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.60.208.247:46826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.94.220.75:51648/i id: auto-73e5cfeb48dadfb61dc3063b154306195619ca384f6f699dee8975237eb4f6f0 status: experimental description: Detects traffic or activity related to http://181.94.220.75:51648/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.94.220.75:51648/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.19.131:40029/bin.sh id: auto-0d304738864c43d6931ea36cb9238586f5e9a843dfe58d54a67cd9423246870a status: experimental description: Detects traffic or activity related to http://115.52.19.131:40029/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.19.131:40029/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/powerpc id: auto-a33d58c7bbdd475114e23bef51e5341e6c727033b19a6c09435148b7acba579e status: experimental description: Detects traffic or activity related to http://103.73.161.85/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.186.104:50609/bin.sh id: auto-520eab2e753669b10899f82a17e0d4ea9c0c96313bad15477836396d5f4f569c status: experimental description: Detects traffic or activity related to http://219.157.186.104:50609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.186.104:50609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.232.182:38757/bin.sh id: auto-e160276376de00c8f691bb86497972fe891fda1ad66fdfa724ac1d18ce14c616 status: experimental description: Detects traffic or activity related to http://221.202.232.182:38757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.232.182:38757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.94.220.75:51648/bin.sh id: auto-b473d8c43ee9323468ee054b2c22b61a39d03e1b3bfe2627018156be03737aa1 status: experimental description: Detects traffic or activity related to http://181.94.220.75:51648/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.94.220.75:51648/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.60.208.247:46826/bin.sh id: auto-1a3725052d82bb3e02cd7d256e59c9a905478440237408d8024e6d70db582122 status: experimental description: Detects traffic or activity related to http://115.60.208.247:46826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.60.208.247:46826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.155.252:55105/bin.sh id: auto-7c1da2f2ab887548a7f48e8b8bf8bac2e5c4bde0369e94733c8276f62413279f status: experimental description: Detects traffic or activity related to http://222.137.155.252:55105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.155.252:55105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7719759462/VhY9C9l.exe id: auto-0c6530ccc5b9f2a981ba7249faa53b78aa15ad41bf3d01b31d412e64cc573103 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7719759462/VhY9C9l.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7719759462/VhY9C9l.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.244.218:32991/i id: auto-02203592c677150da593460ba6189997b55a4f268739054404fd7a1e07fdbfad status: experimental description: Detects traffic or activity related to http://112.248.244.218:32991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.244.218:32991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.149.77:49815/i id: auto-18d07ece045e499f54a1db74d04a0e5df247caf346f9bb28126c6e5490c7aa69 status: experimental description: Detects traffic or activity related to http://115.48.149.77:49815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.149.77:49815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.38.248:46541/i id: auto-99e4d52f98f5aef7d1d6afbb6553144b997ee85a352a2e99fd7538da4652becb status: experimental description: Detects traffic or activity related to http://42.228.38.248:46541/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.38.248:46541/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.188:46073/i id: auto-1cf112b924ac6b1c04fef489f079c31bb0fc8871d270c26bc88c338fe9ff512f status: experimental description: Detects traffic or activity related to http://58.255.46.188:46073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.188:46073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.223.252:39554/i id: auto-89c400de31efb71ee776325ec238686edad18b4660ff64b2ecf09a714b49075b status: experimental description: Detects traffic or activity related to http://42.228.223.252:39554/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.223.252:39554/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.244.218:32991/bin.sh id: auto-cd5d53afbafbb00136efaed46713a274b956b96c824fb5c3842f4de5f9d1b22d status: experimental description: Detects traffic or activity related to http://112.248.244.218:32991/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.244.218:32991/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sys-sched-22.st-rpl-mrg-node.in.net/hexagram-98-gaffe id: auto-4979222d8f137f64e2065959a2ce9a3a41e832bd232678ab22996354bd60e7f2 status: experimental description: Detects traffic or activity related to https://sys-sched-22.st-rpl-mrg-node.in.net/hexagram-98-gaffe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sys-sched-22.st-rpl-mrg-node.in.net/hexagram-98-gaffe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.149.77:49815/bin.sh id: auto-05f32e9855a3282fd10bbbb0b37b799041c58d5fb3ffca92a8bc4cf21ac9e7dc status: experimental description: Detects traffic or activity related to http://115.48.149.77:49815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.149.77:49815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.149.205:36524/i id: auto-c9e2dba35722ce4b294b8b1bffe3d67bb34492a04d22802578531e0118150d62 status: experimental description: Detects traffic or activity related to http://42.233.149.205:36524/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.149.205:36524/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/spc id: auto-233e674dbdf28cfbe5f211c396a9ccf43d042f9eef58129c0d006d75d6869030 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/toto.sh id: auto-c70e7a04e856380f16a6321b67069c87a17f1e23bb7c0648a92d35f9750adad0 status: experimental description: Detects traffic or activity related to http://158.94.210.68/toto.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/toto.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.mpsl id: auto-a805eebd9fe9987565853f4ec499dfeedad62eea8fb7cb8e413ac8a7d784f059 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/web-api.sh id: auto-c07302088cc185d33197fd152a07e8c88293c0b16eb8314f34fb3d4af7c84f6c status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/web-api.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/web-api.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7566641088/XF754Rx.exe id: auto-7b13f1625bf01ceb88e68514e75fda33582d5baf158e9c7bd875ea66f054dd3c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7566641088/XF754Rx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7566641088/XF754Rx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.arm7 id: auto-395a013ccbb13a9d09e11e0622c110d04bf3902c41ab89bdeab075c80c9aa4f7 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/ppc id: auto-166f83f79cb29990381f13088f580c153f930682ac7caa8cf9f5a7988bb08708 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.ppc id: auto-5fe99f67dfd48eb48666d2467738c96c7cbec3fa687a864ffb8ed1d477d9428a status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.spc id: auto-7546141f11c95d05de6c69b735bdfa5f517a3169120fa41d808bdb6f722e43bc status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/sh4 id: auto-ee5076a53190f5c13d5627eae0a805ab5c6504b039efc4e3b262e167e59b788c status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/arm7 id: auto-500f65c00e5b680c32014b7d850549aa888ca7f96e54a1233b64dac19a14a22d status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/arm6 id: auto-8575c7858ff55f349ab87d1034019ffad4f6e0fb2cb68a27be7373e9a3c1f7ca status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/x86 id: auto-12cd5d60a6fb9a7fd583dee4a5ec5f2ca93e210bb3b12481a4f58ae9d534eff7 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/m68k id: auto-b1d898a559bd308789793ba9b7327c5ec9f542b405cd52bd11efbbc510ac8e0c status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/mips id: auto-099f1326440adb296256853569f5608260ff6c1b7d176affcbeb7f69bb2d7a39 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/mipsel id: auto-e73e769a9c1e5bddddde5e76f20d7a44f4ea1debf89b6b790d6fdb0e5a940287 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.mips id: auto-954f5ff57c94923eab7ed74e327b0a9c7df47f0231ec9ff2829d4252802f6a06 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/spc id: auto-4baa7783ee218905e4d3afc1857d0372cf52207d7c07c341f918f706a64c7de2 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/x86_64 id: auto-0982238fe9bb1780cb5e3e89b406a806432e527ce2f2adbcb42df9f19255197f status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/arm id: auto-88c912ae758803ed39035e74759d61d690009ab0b9a927e561ee3bb77a785f35 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/arm id: auto-fbfe281129d485298572a5a577912e0bd52b67239507c1f2d45ddc452d0568cd status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/web-api.sh id: auto-99e4e9273b283329319f5e535b5f8af31bfefc86a54780bf2709a435c8b5fa85 status: experimental description: Detects traffic or activity related to http://87.106.54.213/web-api.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/web-api.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/arm5 id: auto-ca0d6d4bdc76d4381f5cc893be9de5f9a8db9eaf9006b75313577e4804b63f9b status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.arm id: auto-d354fbae9075d7f80d36ff39da5eb349eab6a455c65411891bf5c961f22c2a41 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-54-213.pbiaas.com/bins/bot.x86_64 id: auto-046c358ac81540b44942e9b74cc62e61d38aedb60cf2830210c249a0c471b3f8 status: experimental description: Detects traffic or activity related to http://ip87-106-54-213.pbiaas.com/bins/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-54-213.pbiaas.com/bins/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/arm6 id: auto-f4bb49aa0458c523e86c3cb4a6574ef280d0cc500568a35fc1fe24d4550917a3 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/sh4 id: auto-b30884be7554f35fd4e7f2a6aade5a9e13819e7e882273ca5b4581980d7c61b2 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.68.226:57594/i id: auto-af4dc94b07830bdb0368adfa31ac0712e7af1f56afbed3baf4b2f62a823e8325 status: experimental description: Detects traffic or activity related to http://42.235.68.226:57594/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.68.226:57594/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/ppc id: auto-79dcfe9cc4cf063178ea01e104457bbe9071580e71957ec9a95a15d6a88efbb2 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/mipsel id: auto-522822c37dba6712cd4c59a542c96b8fd162cafc73eeeece2891cea9192d51a4 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/x86 id: auto-1d8ae5bcb8be465e2e36be8d5cdafc7a41612826079f58bce03b89fd30e3f82b status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.mpsl id: auto-5e7a94687a65803b6efc885681b0691dc42224976c44cab9730f173db358a5b9 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.arm id: auto-22ecada68c040575aa58b4901e21c1f9aa7086cb01defdbb52985f73228563d9 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.x86_64 id: auto-9a80717c4282dd8d8ca88fe75ba505c0e9e0fcec04e4f550eaedc33fda3b1870 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/x86_64 id: auto-960ed4a2e480f5f4f27bba259d9aa8c399b8fc129acc59b042ddb9936a081b72 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/arm5 id: auto-c5456bc71227daa5cb2b6f7ebea18398bceef2d00962c41e3d9e6de5e0ee5ded status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/mips id: auto-690761f86ae224ba029a62313f21e3ffdade42baff768d6ab1681323edefd8d5 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.spc id: auto-a746543d075b2dcfd848346d58e4a270913df397820035fe03fc96d0273b33f8 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.ppc id: auto-460a04af7ce2111a02f121b3c0701d33cb99a72fc0005bcbedc67d3e206df55f status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.arm7 id: auto-3e885623e0742bde9f10c84dca4c88831929178f9dce029755c3a0472d4261d3 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/arm7 id: auto-ef833691e680df14fcebf5580756c6ba5c6f6b8b2780c5480480af58bb5ec722 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/m68k id: auto-b5f95136d34f97a6beb1909317fba54de661c96aec6816fef1e4c6feb9667bd2 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.54.213/bins/bot.mips id: auto-352b3e9493c0fd5ac19afc490bba1e34276ba2f298f6c6c1e28bcab6964560b4 status: experimental description: Detects traffic or activity related to http://87.106.54.213/bins/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.54.213/bins/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.m68k id: auto-739ed7c6c85c992de6246c468bed8e1e96e3085127ca09f4cfb11ace3230b9ee status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.arm7 id: auto-b2c9fbf98e4cd52a6d25c5afe03a94b0eaedd1564e7f28030e992fcc1b3cb049 status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.arm5 id: auto-ea876de273fda7a1a39c0c1dace9239eea4dfeba5a7be1a121aba45c492667ec status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.spc id: auto-90b32a690d7f7f7be5522d6a7378d91e2133df67356c3f4d28a823028a8d1e32 status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.mips id: auto-4e859a47dba4679411df8f446d6e11aa4a83136893b26d827503d529331b787b status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.arm id: auto-c7cccdb5575351536e9ea52ed61a468a026e80fcc4d135c49473cd11fb1ae97d status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.sh4 id: auto-73e3e5bb38af3822a45082e29e6d6c798fd8bdfadcde904548c09adc917d8ac0 status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.x86 id: auto-b51189acf625a5c0fb699f7fd04ed0937181812aec5b0747d9bbd1f19291c6e7 status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.mpsl id: auto-0c76761b2651a92b9ef4edf2b3c75743659d07c2a0113df557289992dde46549 status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.50.123.25/bins/purves.ppc id: auto-9e2660ced9a39e855c283354a49cc1b0a1a31214ab516255b6b640f543a09aab status: experimental description: Detects traffic or activity related to http://74.50.123.25/bins/purves.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.50.123.25/bins/purves.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.149.205:36524/bin.sh id: auto-93de7389e0e08bae3f691687d0a12d901677a74cadd0ba21bdad4d9ce7db55bd status: experimental description: Detects traffic or activity related to http://42.233.149.205:36524/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.149.205:36524/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.160.44:49437/bin.sh id: auto-f560e878fb3a3e3cbe3ea318eb312069887998b72b42b2b0d837b0c1eff1bd06 status: experimental description: Detects traffic or activity related to http://175.146.160.44:49437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.160.44:49437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2av9bxno.sn1pglacier.ru/?=check&&actmn=FSgJOkaerhgnWAfg id: auto-47fe25e645a16a78547fb22982be9b5b44cbb91abfcbdae8bf32e498e09eb0de status: experimental description: Detects traffic or activity related to https://2av9bxno.sn1pglacier.ru/?=check&&actmn=FSgJOkaerhgnWAfg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2av9bxno.sn1pglacier.ru/?=check&&actmn=FSgJOkaerhgnWAfg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/wget.sh id: auto-f24f388665bc5f0b578858475d19c9cc163e3e19146e5399435ee4b028b85350 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/arm7 id: auto-7cbfce9373d46489003c0821f323973105817109459e985eae4c65b36e5575e9 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.223.252:39554/bin.sh id: auto-68a2d6d49ffced2b0b7d1a8854780ec2aaa8e16fdd1c33269e37929b0dd61797 status: experimental description: Detects traffic or activity related to http://42.228.223.252:39554/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.223.252:39554/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/x id: auto-74024fc87e3ca93ede64146efa453defddbe58f3c3990e419a47720bc2643722 status: experimental description: Detects traffic or activity related to http://151.243.213.58/x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/x*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/wget.sh id: auto-a748b01b5acfb8098120e4177c2800f19140f58fa72f64001aa80cf45eec5686 status: experimental description: Detects traffic or activity related to http://usa.eu.com/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/wget.sh id: auto-0e2fcc58d51930b487aac4a8a2289599e5319a4b93ad21fe4d228049bb47bbc2 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/d id: auto-473e919460946ea71c061748adb05785e71b790f53600fd207f33dae1a82bf96 status: experimental description: Detects traffic or activity related to http://151.243.213.58/d which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/d*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5729578977/H8Fo2rh.exe id: auto-4fd0f20e5cc4901990c8f7bf2b90f8e67480d862a5981159928672dc990e8ca1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5729578977/H8Fo2rh.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5729578977/H8Fo2rh.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/ppc id: auto-7982e6bb6a75b9a21596300de56101ce85040c7507b78e01fadbecab66f33acc status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/spc id: auto-1533fea25d1f321efe38c2394e8d3e4bec549a7dac9ea629b36eb3f7598c1f32 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/arm6 id: auto-c0ec61ac131d6c8ca93f8ee9490110a3feeae01778273348da7b963b7c7d767d status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/x86_64 id: auto-1baa3e3d5ffa6daa03567365244f2ecab72000d23fc88a28567b4dea8352a35a status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/arm5 id: auto-4dcabd5690c46dddca2a18180f735b333947cd0018e75caebecc1d14668f45a3 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/mipsel id: auto-882581b90339b63496fe468fbcc1f92d459e8b499673c2b42e8ab6e76fbd5772 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/ppc id: auto-5524e0b8ac4f8073c1046e5b8f2e1f5df570c6c79c82c0e195a7fd118f7622ec status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/x86 id: auto-16c4ab6869a05a30a7235cbd58a3cac21004e9612af686b166c97e9167f8f7cd status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/x86_64 id: auto-951b88602e6c9b52ba4de9b918e7a08a42e80cc8ed433b7a036753e9584a3153 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/arm5 id: auto-bf3ab5795db0545147a6f6822d6cb805d81484208922f37e33ae146c54affd36 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/m68k id: auto-6aeabb2bf6715bcecb18916bda22814182951dc8765343d79f8973ca74c783c8 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/arm id: auto-fd852e88ec75da572c32b9f312e85eba38791e0d9e3dc9fe8b58a670594088ef status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/x86 id: auto-277cce0282c15d05dfa5e60e00326d2bd2ce892c7ca9585e04f23d4e4380d438 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/sh4 id: auto-2ee2a03bf91cb4d3e738b4550b159c74e76921ae69a74cf27192ab3b69e0c4b5 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/mips id: auto-cd5640005df234e229de62f0ddd55eba81fd4f4c6fd25d23cc84d0a26097d1d0 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/mipsel id: auto-3b294b10e31de0e2434903f5d949266fe8aba4b2eb45f284e4085f559514480c status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip192.ip-147-135-3.us/bins/spc id: auto-749c0d8886471434184114a43eacff15658ce7e7e927c322e0a93f2611e910a5 status: experimental description: Detects traffic or activity related to http://ip192.ip-147-135-3.us/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip192.ip-147-135-3.us/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/mips id: auto-c2a0479a8eb42d13b4eb599b014edc7f441ec268bdf6bbe1b66c3ca2f1cb1868 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/arm7 id: auto-6fbef9c1440091d4bfbdc406ef1361c8dad465542a5fe80795479fedf5a66cf0 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/arm id: auto-f96a1782997a56731be945531ba7e2b3353ad945f31844ef00c378f38579af2b status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/mipsel id: auto-e3f6eccd1ccf7297c843f95bf87b244c5da333a35d918f8324115d0ecfae20bd status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/arm7 id: auto-36ffc7c2532daa9b10e16429ce1527513acc701a520f0f88bd19f2e1d39382ea status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/m68k id: auto-911ebd7ff9e413694477e858dd097b434f4ea7c056b421294eb8da215cbbffc7 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/arm6 id: auto-1a6670d4cd2460a98de9b9c35c6546f94687fbbaa64e1f426f8b7dcece9fee31 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/x86 id: auto-c2d234603380b5bdbeaa3b63a013571e487c1900a9a521e2eea2010658fd9828 status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/sh4 id: auto-937053fcc755871d9a7ac700b89dd77a701170103a50e338ebaa5935890e2df2 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/arm5 id: auto-cb8d9e7cc620db597ceda96c9fcdac34155ca94fac367d9b689b33b0ce1a25a7 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/ppc id: auto-adc48b521a6173f22626dfa5ecbbb153d8cbb2d8b61e447d430131e758927601 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/arm6 id: auto-9f6686bddd1e0b0985f3aab48caf6eca1eafea20931d641cbbd54a953891519d status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/sh4 id: auto-75db1d8e70c8758008fb20dc264a8e3f54c0faef6362c08a3439705ba0f7725e status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.usa.eu.com/bins/x86_64 id: auto-031b7991e8fd6c57920ae22e50577417d5e8ebd57a58bd886a2b16828dc05dcc status: experimental description: Detects traffic or activity related to http://www.usa.eu.com/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.usa.eu.com/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/arm id: auto-ae4a7b69ec1f69dad09db7f9bdd13215f8dd59ef2767e5d31536e94585e1566a status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/spc id: auto-aabfce6b78fd5e7d31ffcebd6c8c839166fac351a863c5446814199ff39759c7 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/m68k id: auto-ac5e10343638f80679be7a91417547cc4642c0ba5de4d4078b2f17ec8955d140 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://usa.eu.com/bins/mips id: auto-3aac0a820f8930d10b251059ac2f37955b03e9592cfb57555ec816ba0f96f1e7 status: experimental description: Detects traffic or activity related to http://usa.eu.com/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://usa.eu.com/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.68.226:57594/bin.sh id: auto-f209e8120eec762750b0699dfafef96151fd71f1762c4e1cf58944e7014a57c9 status: experimental description: Detects traffic or activity related to http://42.235.68.226:57594/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.68.226:57594/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.49.144:38885/i id: auto-618cf01b0a2d9a358153f785f519cd5fbb1597c57bbad03f03f4c6ef2e191ea3 status: experimental description: Detects traffic or activity related to http://219.157.49.144:38885/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.49.144:38885/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.65.132:49734/i id: auto-bac10ff446ee484dc1af82cf4c0f858c82c00f5e6f5eea0f15a04dd3c3cec7b7 status: experimental description: Detects traffic or activity related to http://42.231.65.132:49734/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.65.132:49734/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.79.11:50279/i id: auto-c15bb1ee240c921bdaf74d8432f62d3444966a8824caa698d6918a34a98aba35 status: experimental description: Detects traffic or activity related to http://42.224.79.11:50279/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.79.11:50279/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.83.84:37579/i id: auto-12b1f4af1ee907265080e07335421efbf78b16971af8d3caef93e16a9789c163 status: experimental description: Detects traffic or activity related to http://115.63.83.84:37579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.83.84:37579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.247.20:56559/bin.sh id: auto-b9efa077592740cece88344ea5ad467890bcab3beb0a4fd78f848f5c2153fdfb status: experimental description: Detects traffic or activity related to http://42.239.247.20:56559/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.247.20:56559/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.20.138:60301/i id: auto-2b2193d87ca474e7576033655db2800e2e298b2dd743a360ef02114bb5244d68 status: experimental description: Detects traffic or activity related to http://175.150.20.138:60301/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.20.138:60301/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.27.50:40101/i id: auto-9a5b95f73f8fdf9931f1790bc2d250d9a172cbe9658538c54b20435093e92b0b status: experimental description: Detects traffic or activity related to http://125.45.27.50:40101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.27.50:40101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.178.48:38035/i id: auto-ac516865297eb1fe7a40574708baf2dc770b0f3d970f36a6505cf20c86828752 status: experimental description: Detects traffic or activity related to http://118.81.178.48:38035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.178.48:38035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.122.223:58100/i id: auto-cdf31189e848fe691b06f4ea15c4c8622f002042a7c8c76130573aa41bf26fe3 status: experimental description: Detects traffic or activity related to http://123.14.122.223:58100/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.122.223:58100/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.239.230.84:9999/02.08.2022.exe id: auto-62d9031eec68c6dbc1b378c87d0c578f73439e8c88e97fc19e324e765ef22dde status: experimental description: Detects traffic or activity related to http://47.239.230.84:9999/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.239.230.84:9999/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.40.37.253:50059/02.08.2022.exe id: auto-7a00a3fc203c742a02c45a303241c25094ba28cfa07432149cab5671f4eb4e2f status: experimental description: Detects traffic or activity related to http://121.40.37.253:50059/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.40.37.253:50059/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.226.26.143/02.08.2022.exe id: auto-7c389764a4c6e7bb5e15381302678b251230d860f14b5f6fc1e2c14afac20903 status: experimental description: Detects traffic or activity related to http://20.226.26.143/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.226.26.143/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.151.0.101:1555/sshd id: auto-dee261cd9fc9b8ab32cd6db24ebfdc6f04b97f49a09ade0e4b2dedd99fd9c80c status: experimental description: Detects traffic or activity related to http://62.151.0.101:1555/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.151.0.101:1555/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.145.168.74:1309/i id: auto-d0c74dd2d30ed9c0ce44d20bc8e58df01439aab2de667eddf089679e14a36023 status: experimental description: Detects traffic or activity related to http://103.145.168.74:1309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.145.168.74:1309/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.120.209:2000/sshd id: auto-ac2994ef7b7154906f7cdae92fff9e9578877f0df61b7139cdf602549876fbdb status: experimental description: Detects traffic or activity related to http://59.182.120.209:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.120.209:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.72.198.127/sshd id: auto-9c9f9f3c0bb36fd849fe71c1b2c784c7bfc186db307393844417c0ea0c8a05ef status: experimental description: Detects traffic or activity related to http://115.72.198.127/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.72.198.127/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.106.110.215:20757/i id: auto-a46b2e8b7aef3c7ea25ec28327e1cd15c782ef0ee66bd3a2ae1d89559a148142 status: experimental description: Detects traffic or activity related to http://89.106.110.215:20757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.106.110.215:20757/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.250.19.154:58833/i id: auto-0dc1ec1f160542971fab82956a1d7d24396ae20f970723baab73c76d3158af78 status: experimental description: Detects traffic or activity related to http://46.250.19.154:58833/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.250.19.154:58833/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.12.171.228:8080/sshd id: auto-2036b4f3a322e2de3a0e5aca34f223cb139d2eb47ed3e8154c498fddfe881a5c status: experimental description: Detects traffic or activity related to http://77.12.171.228:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.12.171.228:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.18.157.172:91/sshd id: auto-c76506429be5fb96029bd231d12ed9c0d34a362c728551961d6b2d24bc64490e status: experimental description: Detects traffic or activity related to http://88.18.157.172:91/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.18.157.172:91/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.105.104:2003/sshd id: auto-772783c911f9eec9510197787ff02d8e4394eb20760963637da139f7afdfdeff status: experimental description: Detects traffic or activity related to http://61.3.105.104:2003/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.105.104:2003/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.165.125.212:56264/i id: auto-241003d2d3747ea2e341c618601caa9682c6a7b4a2bc8e6e799ea357a657996e status: experimental description: Detects traffic or activity related to http://178.165.125.212:56264/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.165.125.212:56264/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.178.48:38035/bin.sh id: auto-c91664aed626ad3be1da2def4e504f8e425b3ca18ac3f796fb7d0831f9bb0c78 status: experimental description: Detects traffic or activity related to http://118.81.178.48:38035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.178.48:38035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.216.34.178:57016/i id: auto-b50cc3a6d8c57897595ca7e79f83373f71405fefefcc416319be2c202dbc3445 status: experimental description: Detects traffic or activity related to http://27.216.34.178:57016/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.216.34.178:57016/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.122.223:58100/bin.sh id: auto-9bb93ff9c1608fd4bb484d5dda4c2cbb129b7ff12c7ee500aa5802e819201452 status: experimental description: Detects traffic or activity related to http://123.14.122.223:58100/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.122.223:58100/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.24.54:58160/bin.sh id: auto-1bff630a5bb75ebd057dd0ba66fa7df120e71864034dfffd56652e877686c22b status: experimental description: Detects traffic or activity related to http://42.178.24.54:58160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.24.54:58160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.121.135:20927/.i id: auto-f43d1cd4482b7de606a2543711d0b08fdea99eecf5edc96b6c91db3525e85e8a status: experimental description: Detects traffic or activity related to http://58.47.121.135:20927/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.121.135:20927/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/semihaersoy513-star/Chrome/raw/refs/heads/main/Chrome.apk id: auto-0a382565923f519fdc067249c5558be40fd43b354d437fcb4064b745da9c7d8f status: experimental description: Detects traffic or activity related to https://github.com/semihaersoy513-star/Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/semihaersoy513-star/Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/fasla12/png/raw/refs/heads/main/foto.apk id: auto-894afceb9f1f16e3f3fcff76ca524d3d487c22a9460b722e3fc2f974cfd88c70 status: experimental description: Detects traffic or activity related to https://github.com/fasla12/png/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/fasla12/png/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/konini2256-ship-it/aa/raw/refs/heads/main/foto.apk id: auto-2db2c0ca301ea77d6e87ed5947a40c152712128ddc942923f033675fa5718c46 status: experimental description: Detects traffic or activity related to https://github.com/konini2256-ship-it/aa/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/konini2256-ship-it/aa/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Azaz0112/fotos/raw/6eaa4f215e22159c338ac4a2ff63f745291400ab/fotos.apk id: auto-5fb3489a1c04c0214620738f71baf2c786c58833c358bb754158435e5d466b3a status: experimental description: Detects traffic or activity related to https://github.com/Azaz0112/fotos/raw/6eaa4f215e22159c338ac4a2ff63f745291400ab/fotos.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Azaz0112/fotos/raw/6eaa4f215e22159c338ac4a2ff63f745291400ab/fotos.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/karakayaeslem931-cloud/iptvv/raw/refs/heads/main/%C4%B0nat%20TV.apk id: auto-b118e2d9f4c8fce12c6fed841f72d8ada68b505904a42e1b97d43ac96e5d76b0 status: experimental description: Detects traffic or activity related to https://github.com/karakayaeslem931-cloud/iptvv/raw/refs/heads/main/%C4%B0nat%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/karakayaeslem931-cloud/iptvv/raw/refs/heads/main/%C4%B0nat%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tvciipitr/iptva/raw/refs/heads/main/%C4%B0nat%20TV.apk id: auto-5bda4f9fa8f892c9110839cfa09868f1babd949c842698c5b310ac2e8d64f31a status: experimental description: Detects traffic or activity related to https://github.com/tvciipitr/iptva/raw/refs/heads/main/%C4%B0nat%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tvciipitr/iptva/raw/refs/heads/main/%C4%B0nat%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/metehansakar184-byte/ewewew/raw/refs/heads/main/chrome.apk id: auto-014909a3fbe849f640c657c2845180f0dddcfbf9c2213f8079dfdc69ec050052 status: experimental description: Detects traffic or activity related to https://github.com/metehansakar184-byte/ewewew/raw/refs/heads/main/chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/metehansakar184-byte/ewewew/raw/refs/heads/main/chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.216.34.178:57016/bin.sh id: auto-188348e96bcc5b32de5daa9b9273836e838d8c80a7603f97c7e19de7b6458797 status: experimental description: Detects traffic or activity related to http://27.216.34.178:57016/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.216.34.178:57016/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.55/u6j3phm900pz.exe id: auto-cb2fcb6d214e3f2e0a634f1da7a53d631d97a4074f6f1e98b9b0529341b86745 status: experimental description: Detects traffic or activity related to http://45.93.20.55/u6j3phm900pz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.55/u6j3phm900pz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.252.216:49993/i id: auto-41502854fc53836d45be2dd4466811920ecb01ee76a79a7032092ad9cad81d1b status: experimental description: Detects traffic or activity related to http://125.44.252.216:49993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.252.216:49993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.66.68:48188/i id: auto-c66d481506690f8a4e8613ab5495bdbd1f725c0c429c415e362e06c06e0c3c42 status: experimental description: Detects traffic or activity related to http://125.45.66.68:48188/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.66.68:48188/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.163.165:47339/i id: auto-d7d217c7ced771672744dc59948069a7e0168298e71c6fe086a917613ed66f05 status: experimental description: Detects traffic or activity related to http://113.238.163.165:47339/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.163.165:47339/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.83.26:34694/i id: auto-561cba56487b6a010b9824cfa26b7bd5a2624c55f7e4c9e117e75336af864f7e status: experimental description: Detects traffic or activity related to http://42.225.83.26:34694/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.83.26:34694/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.182:37618/i id: auto-c8ad993123656b315ffd502b2ec9366850a90428e0a099919d9965313877d2f3 status: experimental description: Detects traffic or activity related to http://110.37.39.182:37618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.182:37618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.20.183:33329/i id: auto-d35162f4972e23854b82bc8ad753551051dba7797a980bc54b70d86a7a3c6c25 status: experimental description: Detects traffic or activity related to http://123.189.20.183:33329/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.20.183:33329/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.252.216:49993/bin.sh id: auto-79a5bff4dbf6b9611523a007ee82bb627f1ea0e938bde5f4a5478b86ae32fe3d status: experimental description: Detects traffic or activity related to http://125.44.252.216:49993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.252.216:49993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.60.245:52528/i id: auto-ab9d82e08c8656839b81f4fa3b69084161e27e12fde83b222200c4d181f1db8b status: experimental description: Detects traffic or activity related to http://219.155.60.245:52528/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.60.245:52528/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.182:37618/bin.sh id: auto-5f7b8b673c55a8e9bcc5ab828ef5a0fd60ef744d5c8bf218922e2e35a2c52ad7 status: experimental description: Detects traffic or activity related to http://110.37.39.182:37618/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.182:37618/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.251.16:34132/i id: auto-c601b8f4690d6ff235be041fd84ef8289c14a01eab4212ac1965e9765c455a40 status: experimental description: Detects traffic or activity related to http://221.13.251.16:34132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.251.16:34132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.19.6:48493/i id: auto-67e78415ab7f6cf83db228c75308e599dd97bcf0f08ce41b8e98e16ef6e9f327 status: experimental description: Detects traffic or activity related to http://110.37.19.6:48493/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.19.6:48493/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.34.60:41306/i id: auto-d5a932fd88ccd8825862e8011748c2ffe454de3b896108078e8889e2bd5de64e status: experimental description: Detects traffic or activity related to http://42.6.34.60:41306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.34.60:41306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.20.183:33329/bin.sh id: auto-b841d3ee906c3414aeb23f82ce82c16a3d340abb7dd96914518af31e9999200b status: experimental description: Detects traffic or activity related to http://123.189.20.183:33329/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.20.183:33329/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.163.165:47339/bin.sh id: auto-fa8880ff249c42ddf7ef8a5a00184346fbf1d2a62c0629c92a23c39e67a88021 status: experimental description: Detects traffic or activity related to http://113.238.163.165:47339/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.163.165:47339/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.60.245:52528/bin.sh id: auto-505d55a01af5bbeef9f0a44584da2d6ab92cb04b52c732f90e9f9e09025997b4 status: experimental description: Detects traffic or activity related to http://219.155.60.245:52528/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.60.245:52528/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.226.135.151:35418/i id: auto-6d72538f9f344febb1c38bf304c9ac0b125951f9c561f000db9b8de5b27ea4e1 status: experimental description: Detects traffic or activity related to http://112.226.135.151:35418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.226.135.151:35418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.226.135.151:35418/bin.sh id: auto-7ce82704ebe1ad56178b8666bc0075b3702644cadf64033c4b5027378f040bed status: experimental description: Detects traffic or activity related to http://112.226.135.151:35418/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.226.135.151:35418/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.178.244:41057/i id: auto-09be35d68e5589b9c3f2f407fe97758b35db8e278755cdd4227c68c91fd9f24e status: experimental description: Detects traffic or activity related to http://116.140.178.244:41057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.178.244:41057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.110:46497/i id: auto-5a684c4c6c20d4f5850fed832ee5df8e3a5dc61811522e89603b5a33cbc908cb status: experimental description: Detects traffic or activity related to http://110.37.61.110:46497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.110:46497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.166:59293/bin.sh id: auto-c7f3373f816df0a899b6b83a92fb6b0e570db083963e0ae7d46f3349916f2802 status: experimental description: Detects traffic or activity related to http://219.157.67.166:59293/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.166:59293/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.166:59293/i id: auto-29a8a3e3bd3b2e30771d6d85f0fe78c8b7f82799eca626d121fe5edd63d24527 status: experimental description: Detects traffic or activity related to http://219.157.67.166:59293/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.166:59293/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.180.14:39232/i id: auto-1676c14a13c2a31dfdb9bf4107278485c2f362cdfbc923e9c54b3053f6e8c0e1 status: experimental description: Detects traffic or activity related to http://27.215.180.14:39232/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.180.14:39232/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.146.185.126:47038/i id: auto-bc549107550f4d18d1a8b1358d90566dda75ab066b0dfc5a01a1f98621cd5726 status: experimental description: Detects traffic or activity related to http://182.146.185.126:47038/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.146.185.126:47038/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.163.184.136:35870/i id: auto-6facff39c8d9ccc481e65b81ffa4aed8b511530d7e15fd5582fc5cc74c513a24 status: experimental description: Detects traffic or activity related to http://46.163.184.136:35870/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.163.184.136:35870/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.91.197:38022/i id: auto-1cf9924223e1800e32888d1feead150751a7369d5b730c6ab8cd26b29217a1bb status: experimental description: Detects traffic or activity related to http://42.231.91.197:38022/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.91.197:38022/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.91.197:38022/bin.sh id: auto-258d1abee09172e63cbfbce886ede6dc607253dc534e67b289c5f876424d2b71 status: experimental description: Detects traffic or activity related to http://42.231.91.197:38022/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.91.197:38022/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.83.26:34694/bin.sh id: auto-139cb4eceff4fdf3d4a2577c697bff4a819c11bb193e6804cf866ee051fbab1f status: experimental description: Detects traffic or activity related to http://42.225.83.26:34694/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.83.26:34694/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.44.133:34390/i id: auto-a197d5298e2d3a35a08c4c34df7ddb2c72c9daa3378a89dd9db9eab6fcc14a42 status: experimental description: Detects traffic or activity related to http://58.255.44.133:34390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.44.133:34390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.77.48:43030/i id: auto-b526702ee9b7764430c3f8bd08460d67a1a0053cbcb28e93ae16f88bac405350 status: experimental description: Detects traffic or activity related to http://42.87.77.48:43030/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.77.48:43030/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.28.112:43935/i id: auto-7044f9099a9fd73ed1915fbb83d91c8ed27b9edd62b447da9c23f8f2f2d93992 status: experimental description: Detects traffic or activity related to http://182.112.28.112:43935/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.28.112:43935/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.237.123:56352/i id: auto-5d5325331841bed8eac352ee10e6937afb1ee75f5513b7a211d64ddfc128acc1 status: experimental description: Detects traffic or activity related to http://61.53.237.123:56352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.237.123:56352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.176.215:56585/i id: auto-6c4fbb2d3b76e9d112ef49f2571269008864fd4f238f2cfcc278b0429526bc9d status: experimental description: Detects traffic or activity related to http://42.232.176.215:56585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.176.215:56585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.193.95:47686/i id: auto-d248ba1d3e864f84fcb8f21b51a8d5b71ec52be87266937e6d152bf0c66f86fb status: experimental description: Detects traffic or activity related to http://115.55.193.95:47686/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.193.95:47686/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.108.254:43826/bin.sh id: auto-0313ebf38d0fded63e534b3aa2c0b3a625ac58aeeedb345457181800687f58e9 status: experimental description: Detects traffic or activity related to http://119.115.108.254:43826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.108.254:43826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.237.123:56352/bin.sh id: auto-490e59dfab36691f452e6f5571b6c0c7d65fb3adc02b8b1366e4d5d154ad4e1b status: experimental description: Detects traffic or activity related to http://61.53.237.123:56352/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.237.123:56352/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.28.112:43935/bin.sh id: auto-0842cad2538685a55be1f4703e210376ba65cdbb64d206dcd6d380401be6741b status: experimental description: Detects traffic or activity related to http://182.112.28.112:43935/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.28.112:43935/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/xtrablessings.txt id: auto-4e2fd139d846822d96665924569e6ed70815044b8d97c9665d19469284e89ba2 status: experimental description: Detects traffic or activity related to https://grabfull.store/text/xtrablessings.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/xtrablessings.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/wealthyblesskelly.txt id: auto-a34fbe7d2d857a301f1377f21042393950564c8866a70ccb2cb678ed94756bdf status: experimental description: Detects traffic or activity related to https://grabfull.store/text/wealthyblesskelly.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/wealthyblesskelly.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/xtrablessingwealth.txt id: auto-7cc6dd2348f8602eeaec33bf0bffdbf742849796a9e2c6ae9f70b965ab232565 status: experimental description: Detects traffic or activity related to https://grabfull.store/text/xtrablessingwealth.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/xtrablessingwealth.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/xxblessings.txt id: auto-afbe47778461c4f2e31896644f91f66a584197723e548b37fa33ab046884d8bc status: experimental description: Detects traffic or activity related to https://grabfull.store/text/xxblessings.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/xxblessings.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/onedrives.txt id: auto-3ca6c0c77f5a56674c85da7d4e230c897041a6e12fd378e8f7711ba22cd3b31a status: experimental description: Detects traffic or activity related to https://grabfull.store/text/onedrives.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/onedrives.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/onedrive.txt id: auto-628bee30457b23002081ddbd84f546995e4f2bd8c3e642b435fe6677dfdcfa2c status: experimental description: Detects traffic or activity related to https://grabfull.store/text/onedrive.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/onedrive.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://daily-poser.sync-structre-mn-inter.in.net/justly-code45 id: auto-87ddb72cf855cb0bc18f9a2b01296e6463d7f7a74c202ba0ea1f09f15f0c01f3 status: experimental description: Detects traffic or activity related to https://daily-poser.sync-structre-mn-inter.in.net/justly-code45 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://daily-poser.sync-structre-mn-inter.in.net/justly-code45*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/onedrives.vbs id: auto-467cec10a6a1698b2b2c0617dd54b5ec8718c139cf9f2594fb8dd1b5c62d8c3b status: experimental description: Detects traffic or activity related to https://grabfull.store/text/onedrives.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/onedrives.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grabfull.store/text/wealthykellyzbat.txt id: auto-7b54e62d9f8a02256d9b1e6b17769b4e7dae51b7e1ff15ee871aaff709a82208 status: experimental description: Detects traffic or activity related to https://grabfull.store/text/wealthykellyzbat.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grabfull.store/text/wealthykellyzbat.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.192:43704/i id: auto-cb79083d347adb97930c02697eed02a3b000ccbbb661794eeca106282201e679 status: experimental description: Detects traffic or activity related to http://110.39.237.192:43704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.192:43704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.193.95:47686/bin.sh id: auto-52791b557d6ab06e87261cd3982d931598d1ae5378050debdea93582367007b4 status: experimental description: Detects traffic or activity related to http://115.55.193.95:47686/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.193.95:47686/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.176.215:56585/bin.sh id: auto-ef89bcbdc621a8b39ac57a23b88b4b1cf853f9d587f28c2f6564554abb1b21f3 status: experimental description: Detects traffic or activity related to http://42.232.176.215:56585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.176.215:56585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/oven-s24ubprime id: auto-564fa8e7ad32b912b1c2bdf253a2d38fa3aedecff91908e5b2f36768b9b9b3a2 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/oven-s24ubprime which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/relight-73-unsigned/tk-hz-ctrl-70/oven-s24ubprime*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.65.64:57207/i id: auto-19c54f78e358de4a73f8a41f94ab9ae790d6778aca264066a8fbab44c1aeeb3b status: experimental description: Detects traffic or activity related to http://110.37.65.64:57207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.65.64:57207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.129.167.115:44705/bin.sh id: auto-9fd7d2594ec760095ecd09dc7392a77b03b09c1906a435387b73c0d14f0e945e status: experimental description: Detects traffic or activity related to http://124.129.167.115:44705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.129.167.115:44705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.214.31:55630/bin.sh id: auto-f01e48008532eafda4db8e4e17ea9ff9b8df8cf9c77ad36dc1ff53d1127a56a9 status: experimental description: Detects traffic or activity related to http://123.14.214.31:55630/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.214.31:55630/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.77.48:43030/bin.sh id: auto-969e003c40cf495e8b40dc05a4775e6581a6703f5d8e9cb8e96ae86cdda6cf86 status: experimental description: Detects traffic or activity related to http://42.87.77.48:43030/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.77.48:43030/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.72.176:49236/bin.sh id: auto-abc55a3fc15d03d8df57fefcef0e9b9751862ffa90ffa101bf524e5cb7011921 status: experimental description: Detects traffic or activity related to http://110.37.72.176:49236/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.72.176:49236/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.167:47039/bin.sh id: auto-50ee2082679fa9b13af486134fe862d20c77075be13523c130a0b4d1485c8265 status: experimental description: Detects traffic or activity related to http://123.12.225.167:47039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.167:47039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/armv6l id: auto-ae9af795b749490b2570ba905b21964c512ba5be4f497a5db93ef1826119172d status: experimental description: Detects traffic or activity related to http://103.73.161.85/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/sh4 id: auto-1b81bbce9abde540f875bdce40c9986d29b88247df727e2493fb6718cd4b52bc status: experimental description: Detects traffic or activity related to http://103.73.161.85/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/armv4l id: auto-8b9f90e5f2e156a38cfc094e65c4139385a0287426aa127a4e6ecd4854bffb5c status: experimental description: Detects traffic or activity related to http://103.73.161.85/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/mips id: auto-f88e372ea8a8087cb6673b6c33dece844eb90867adfddafa33816fe5ad30e31d status: experimental description: Detects traffic or activity related to http://103.73.161.85/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/m68k id: auto-dd0479a22fc09c6742cdc3198260eeff3a5d22cda986e7bbb980f220c39ab7ea status: experimental description: Detects traffic or activity related to http://103.73.161.85/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/i686 id: auto-e73c0675f80fa3f0b4b2de5a3f6af99eea0d8a234eec10833e303d9d08275726 status: experimental description: Detects traffic or activity related to http://103.73.161.85/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/i586 id: auto-45a0bf79777ba0f0465a381dec0a1008160352f4d05be3375c83e6c62d52ce66 status: experimental description: Detects traffic or activity related to http://103.73.161.85/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/armv7l id: auto-d11543054b73919562540b237280ff505f12eb97eff29450c90138fd7a5e742f status: experimental description: Detects traffic or activity related to http://103.73.161.85/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/armv5l id: auto-ea22390c93e8c5c31bf2ae1d1ea00f201d4cc24ab9182f5b26f2396cc21e2b04 status: experimental description: Detects traffic or activity related to http://103.73.161.85/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.73.161.85/mipsel id: auto-36dfedddcddb3abb14bff7f82884fc6b5d1cf5763bc7cf6067e64bc89553e341 status: experimental description: Detects traffic or activity related to http://103.73.161.85/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.73.161.85/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.143.172.196:45824/bin.sh id: auto-57ca9aedb7d5156849b96f25047f9d6690ed27daa7e886536d4fad7dbd535198 status: experimental description: Detects traffic or activity related to http://91.143.172.196:45824/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.143.172.196:45824/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.241.26:42652/i id: auto-fcf79b884128f43197f2785e554832e951326e25d48b0dadb12123bab0f10da6 status: experimental description: Detects traffic or activity related to http://27.207.241.26:42652/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.241.26:42652/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.133.9:39269/bin.sh id: auto-4131d6f4749f16cf31f69439616a0f234af49ea8896c6fd46b3d45c7516e743b status: experimental description: Detects traffic or activity related to http://115.58.133.9:39269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.133.9:39269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.89.219.53:36606/i id: auto-bfc26012ff408e3cfcc0d35f94b09533b0752d1a5c94da4ce2d1c5e352747417 status: experimental description: Detects traffic or activity related to http://39.89.219.53:36606/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.89.219.53:36606/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.76.90:34556/i id: auto-f43273012239870dfbae4c3697e7749fa7a646899dc64fb0201a8af034c50e7e status: experimental description: Detects traffic or activity related to http://123.188.76.90:34556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.76.90:34556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.241.26:42652/bin.sh id: auto-d7cab4d88f1ec56cf6ee5a7f91845c82e1e6c2ae0752782351b389e7770ee997 status: experimental description: Detects traffic or activity related to http://27.207.241.26:42652/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.241.26:42652/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.174:43706/i id: auto-c98d2ad3a148cd148dcc808637cfce0980801039a9cf3cdfe662ac351acd2b76 status: experimental description: Detects traffic or activity related to http://110.37.110.174:43706/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.174:43706/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.120.15:32961/i id: auto-7f6d3856dd940e7e76ffc23977fce031e1b82320e2c6934114d528921e3c76ac status: experimental description: Detects traffic or activity related to http://115.58.120.15:32961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.120.15:32961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.5.161:57777/i id: auto-cc4f27fa642403f5f92625c2dff262c231d5ea2b441d3d9f4bab6a3c016555f2 status: experimental description: Detects traffic or activity related to http://42.85.5.161:57777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.5.161:57777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.149.224:49578/i id: auto-3b1d983bd9217745c159c9b2c35591f68734af5c5691e85b8f7a692c8838a889 status: experimental description: Detects traffic or activity related to http://175.148.149.224:49578/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.149.224:49578/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.53.159:49407/i id: auto-c112a6578e3da198bb995dbe30a0570ad04cea1b3a0307ef69b5bb2d53e22e40 status: experimental description: Detects traffic or activity related to http://123.11.53.159:49407/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.53.159:49407/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.76.90:34556/bin.sh id: auto-c9d0f7f02c7d35a3645b9084fb51cb83db62ae1bc7bdba6fa7c214930ccf7fab status: experimental description: Detects traffic or activity related to http://123.188.76.90:34556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.76.90:34556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.133.9:39269/i id: auto-7dacabb51ee109717f7e724bb4e7f5e74a21dc14259015c08f76741b3cb59a31 status: experimental description: Detects traffic or activity related to http://115.58.133.9:39269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.133.9:39269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.174:43706/bin.sh id: auto-8170104a905d70c16a3c8b582c42eb0598c603528f20a8318d4e5f861c008d89 status: experimental description: Detects traffic or activity related to http://110.37.110.174:43706/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.174:43706/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:54623/i id: auto-3df4d375f3020c700c6acd6493deec97ce7be94e6de219c6d262ddd46484e0d6 status: experimental description: Detects traffic or activity related to http://110.36.16.78:54623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:54623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:39107/i id: auto-c9c3c38588325317b535d7e8130a012e7b940a2d2ef60cd1427cdc13043d22e2 status: experimental description: Detects traffic or activity related to http://118.232.137.101:39107/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:39107/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.149.224:49578/bin.sh id: auto-42c6a3f3fe1057837bb336e6387194e63e4301a8283d0534657232eda5d486ca status: experimental description: Detects traffic or activity related to http://175.148.149.224:49578/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.149.224:49578/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.17.17:42626/i id: auto-ed1a2a9e28b35f753d8cdcfd004793622b9c2f0291f7bfacc7b5eaf31030b3d1 status: experimental description: Detects traffic or activity related to http://123.5.17.17:42626/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.17.17:42626/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.17.17:42626/bin.sh id: auto-40ec54cb6efbfd2f79c382734760c9e77654fc1cd3151b50c7202f6dd8b417e5 status: experimental description: Detects traffic or activity related to http://123.5.17.17:42626/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.17.17:42626/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.27.50:40101/bin.sh id: auto-9e0d85d5522e7ef8feee08aee56993a5c52099152ff3a7bb8d43449ad1d9828f status: experimental description: Detects traffic or activity related to http://125.45.27.50:40101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.27.50:40101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.120.15:32961/bin.sh id: auto-75ce49d8df49221c7e34019df5142ddb36e9c03cc9d3bc29afb3ac39b23f491a status: experimental description: Detects traffic or activity related to http://115.58.120.15:32961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.120.15:32961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.30.227:46001/i id: auto-7193a99cad0138d6baa50fc6e4a4dea15406b5a1f9c22eb2ba5ab6a51c1d5d6d status: experimental description: Detects traffic or activity related to http://182.127.30.227:46001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.30.227:46001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.26.98:47260/i id: auto-005f487ec6b9f55b6639be0253ab9540b3a09ffdbe3635ef7ee270614e5ce49e status: experimental description: Detects traffic or activity related to http://42.52.26.98:47260/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.26.98:47260/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.8.71:45302/i id: auto-347e14384af6ec770fdcd5be4a21d70c615e9e8d7c91a4db358c366f83c52a86 status: experimental description: Detects traffic or activity related to http://182.119.8.71:45302/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.8.71:45302/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.28.119:39660/i id: auto-5bcf0b4b86c2bd32d6ee856284d6eea8d334618f5933e15ca7577cc62e159916 status: experimental description: Detects traffic or activity related to http://110.37.28.119:39660/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.28.119:39660/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.100.171:38338/bin.sh id: auto-e29db1593ae96d880d849e4706cae63c22dda044c8c945f58ae94fe001e43b24 status: experimental description: Detects traffic or activity related to http://115.49.100.171:38338/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.100.171:38338/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.251.127:36451/i id: auto-c7758f8b13f584f5e477670d714b62af13c6efad065ba41e828744de95606208 status: experimental description: Detects traffic or activity related to http://110.39.251.127:36451/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.251.127:36451/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.14.232:41284/i id: auto-a36419176554601a3c8e8a8a5b9b2a1be9b9bf0f605bb23d117b29a5dc1f387a status: experimental description: Detects traffic or activity related to http://42.54.14.232:41284/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.14.232:41284/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.30.227:46001/bin.sh id: auto-aeb8f844389354ce95c46d251ad9065016f3c566d28e46e1a2af082b612db709 status: experimental description: Detects traffic or activity related to http://182.127.30.227:46001/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.30.227:46001/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.105:50598/bin.sh id: auto-c283549fdef3e07dbf54cd270dd3159a50767bcda8a616c50cfae010af11694e status: experimental description: Detects traffic or activity related to http://168.195.7.105:50598/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.105:50598/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.138.12:57806/i id: auto-29404d8acd814f00380d9d417ceaa125b7e3ac27946ccccbe90afea5cd9c3efa status: experimental description: Detects traffic or activity related to http://123.5.138.12:57806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.138.12:57806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.26.98:47260/bin.sh id: auto-beaafefa1e73873353acb33b41d0ec3d4e4c814a3e93b59a245af473399a779a status: experimental description: Detects traffic or activity related to http://42.52.26.98:47260/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.26.98:47260/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.28.119:39660/bin.sh id: auto-b666e48c5c0b26b769cd9884dcf091251c86ca080f6099eff24e118e4febc5a9 status: experimental description: Detects traffic or activity related to http://110.37.28.119:39660/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.28.119:39660/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://paste.rs/RBCDk id: auto-bd3e92744c70249f1e00bbe58b3e5d83de471751f2e3c492a64c0e1d24d21029 status: experimental description: Detects traffic or activity related to https://paste.rs/RBCDk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://paste.rs/RBCDk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://paste.rs/AZoyo id: auto-847e2e80b1ac7ce50ffa6c0ec927eb27c1f3fbb6991a0fd62bc2c789be2c9d6a status: experimental description: Detects traffic or activity related to https://paste.rs/AZoyo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://paste.rs/AZoyo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.8.71:45302/bin.sh id: auto-faba2cc016cfbb0cd01bbc4c29c2d99526b3ec32fbd62831dc2befbb6b3403b3 status: experimental description: Detects traffic or activity related to http://182.119.8.71:45302/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.8.71:45302/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.166.114:40340/i id: auto-eadfa8dcb7c450848467d6178358ec7eebc313f09520e4c48e0f795fe0b73ac6 status: experimental description: Detects traffic or activity related to http://182.127.166.114:40340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.166.114:40340/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.73.150:43132/i id: auto-a59318899e0a8cbfad10125d416fc6fbd43385aa5b417661aeae5d8561d11456 status: experimental description: Detects traffic or activity related to http://123.11.73.150:43132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.73.150:43132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.150.230:45138/i id: auto-de518fbd2b5957b1137ef50c807fe3f31e9aec7088e08fa03421cd6513515c7f status: experimental description: Detects traffic or activity related to http://39.90.150.230:45138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.150.230:45138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.73.150:43132/bin.sh id: auto-aef2b5462b655b1a35ccfbc48e574a3608f988a04f627807d1b53ba4bb4965ff status: experimental description: Detects traffic or activity related to http://123.11.73.150:43132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.73.150:43132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:36060/i id: auto-44547fda7580c6a4683062a675ca837c4f147cdd4dc28c69cef3adce22060c04 status: experimental description: Detects traffic or activity related to http://110.37.59.132:36060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:36060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.143.172.196:45824/i id: auto-1783a04456bc4698ff245e951b63fe9dfc3eec07e7cab6dd337e13d920f135d6 status: experimental description: Detects traffic or activity related to http://91.143.172.196:45824/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.143.172.196:45824/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.150.230:45138/bin.sh id: auto-0faa7e288f0ad3fca4af96c2753ae1418ccd771ce03e2668b6115b9e2dad3d14 status: experimental description: Detects traffic or activity related to http://39.90.150.230:45138/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.150.230:45138/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.43.188:48161/i id: auto-e430960b97ef0e34324e23dc0bb1047bd72ecde627eb4208664c17dcdcba83dd status: experimental description: Detects traffic or activity related to http://182.121.43.188:48161/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.43.188:48161/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/summ-forday16/breathe id: auto-172a4f9a35a2f4130007aca7e2574c2e4234e64b1f789744feddd12de7792177 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/summ-forday16/breathe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/summ-forday16/breathe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.138.12:57806/bin.sh id: auto-76e13f2877e20d4c65071b718ab6ce6511454be306229ce855283ee0b156556b status: experimental description: Detects traffic or activity related to http://123.5.138.12:57806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.138.12:57806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/how-upheld-gains/dance id: auto-4227f28d7c256aa6d4fd32b5e4f1e21e214f3702df803e962a6629564b102458 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/how-upheld-gains/dance which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/how-upheld-gains/dance*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:36060/bin.sh id: auto-4f0156cb02e6ed75fadc7c6a6bff34d96646ec38b74e7ec928ae9fe5c081531e status: experimental description: Detects traffic or activity related to http://110.37.59.132:36060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:36060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.77.2:39206/bin.sh id: auto-13080dab6f04a6acc60d5b0938817cd319bd94b45d706a1fe2e814d5fdb8c692 status: experimental description: Detects traffic or activity related to http://220.202.77.2:39206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.77.2:39206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.43.188:48161/bin.sh id: auto-5b9b24abec54a64ae68509eb03da9587761453400840b1588827c23e5ca892ec status: experimental description: Detects traffic or activity related to http://182.121.43.188:48161/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.43.188:48161/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.168.61:44062/i id: auto-8c928c3cd8d55886285ae71c6f7e6c75587f680219f0e6aab295f22168795a43 status: experimental description: Detects traffic or activity related to http://119.116.168.61:44062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.168.61:44062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.53.77:43020/i id: auto-7626471a042718ca6e4e59c36afdc507a7b618fbbcb41620251e5a5d028c09c4 status: experimental description: Detects traffic or activity related to http://42.86.53.77:43020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.53.77:43020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.57.127:33453/i id: auto-12efe63f162aa6d7484b32ce5a82647a54abb2a08f9957950af16ab12a05f86d status: experimental description: Detects traffic or activity related to http://125.45.57.127:33453/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.57.127:33453/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.243.0:44024/i id: auto-4516572c74ee14b04969cf8ca9465cc9ec8f37dc2bc55779aaa57a2151783c78 status: experimental description: Detects traffic or activity related to http://42.57.243.0:44024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.243.0:44024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.70.229.43:44304/i id: auto-43cba044b5cc7bfb3f8ef1b91f360f68f081b2a366c78ffbe70024e86f6c61f9 status: experimental description: Detects traffic or activity related to http://36.70.229.43:44304/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.70.229.43:44304/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.55.22.176:46516/i id: auto-0317d2fd48b8f942b575704688ac0d995595e6673da751e6c6a84b78df986d32 status: experimental description: Detects traffic or activity related to http://190.55.22.176:46516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.55.22.176:46516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.29.172:37706/i id: auto-f6dfb4cb4b3e710e3fce1be731027b3cdd05bd7369cf071e0777df794fbfaf56 status: experimental description: Detects traffic or activity related to http://182.119.29.172:37706/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.29.172:37706/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.208.77:43299/i id: auto-e3f279de215b925e5bd68ca0d36a2fde935aa1aa255186a368e2b5e699a96161 status: experimental description: Detects traffic or activity related to http://182.123.208.77:43299/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.208.77:43299/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.17.177:55222/i id: auto-e8fe26d9a4d6ffc80f9b25a768c0821995b5937c4b2789accf140a86e4dd7b24 status: experimental description: Detects traffic or activity related to http://110.36.17.177:55222/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.17.177:55222/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.199.20:40782/i id: auto-939fc3e493a0e060c8a32521dac94ddb91a4b9759d5bc0c4e44b89444c816fe5 status: experimental description: Detects traffic or activity related to http://123.9.199.20:40782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.199.20:40782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.24.176.168:40511/bin.sh id: auto-9414c648d21f7c5a4e3b6e9924a95ff678a9b0426a776458178c8621fdd89d4e status: experimental description: Detects traffic or activity related to http://217.24.176.168:40511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.24.176.168:40511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.138.93:38541/i id: auto-c3ac674aa2a265dfa11de7efd3a979e198dd0ec8c3fb393330f61277702f3705 status: experimental description: Detects traffic or activity related to http://222.136.138.93:38541/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.138.93:38541/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.69.145:59887/i id: auto-1783767cd1c4fe31f1b0407cc8dc4ee5192d7a893d3aa21507e1974ca605b41a status: experimental description: Detects traffic or activity related to http://61.54.69.145:59887/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.69.145:59887/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.69.145:59887/bin.sh id: auto-7e1b026bb548be52bfbd2a2685e8f8637b0f57b1ca4df8485785ba210e5988e7 status: experimental description: Detects traffic or activity related to http://61.54.69.145:59887/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.69.145:59887/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.201.50:41814/bin.sh id: auto-00e0ef27fcb45a06b80021cda5903d5a4df5b5ade2d780614366455062209aa2 status: experimental description: Detects traffic or activity related to http://42.225.201.50:41814/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.201.50:41814/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.29.125:41484/i id: auto-60797d4300c179f9e50b8cb585e6903e36e505d1b7cf19ad62a88d969da5f737 status: experimental description: Detects traffic or activity related to http://117.206.29.125:41484/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.29.125:41484/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.82.213:60845/i id: auto-93c21525db85e305746e3c840cab49cbb0371b12f9a67b15ecd4fb25f9e06ae0 status: experimental description: Detects traffic or activity related to http://115.57.82.213:60845/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.82.213:60845/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.136.245:34064/i id: auto-fe130fdf1c0927ad2e097b552d9aecbd0c29f8df21e777f01b8c2f843e4beacf status: experimental description: Detects traffic or activity related to http://61.3.136.245:34064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.136.245:34064/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/how-upheld-gains/act id: auto-e214b7889a408e44539730aba7a0b292ad680943539b21732aa3268df234c0b3 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/how-upheld-gains/act which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/untapped-showing-id-tid/how-upheld-gains/act*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.115.90:33392/i id: auto-c473096a90148aa9d451b703fdfc966f5fe333f775cc9fb6c54800156b762eb9 status: experimental description: Detects traffic or activity related to http://110.37.115.90:33392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.115.90:33392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.156.247:48219/i id: auto-8986877ca8aa09c2df167e03db0bd53f013f0b24336f513d5cf0c2f02a2aa056 status: experimental description: Detects traffic or activity related to http://113.236.156.247:48219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.156.247:48219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.136.245:34064/bin.sh id: auto-d410d3667963dcdb1a367be8282ffe69f10d5ae5b3c1532a55efa77e184706ad status: experimental description: Detects traffic or activity related to http://61.3.136.245:34064/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.136.245:34064/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.103.181:52861/i id: auto-5d9cff7376859bb995b835cccebfe8f58c5a498f48299ebd577fe5002135b547 status: experimental description: Detects traffic or activity related to http://112.248.103.181:52861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.103.181:52861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.206:48487/bin.sh id: auto-1349484d6cec0955cc0dfa2fcd6ad4d7a8a8b5a3ed495202f1c3c058c61b28aa status: experimental description: Detects traffic or activity related to http://119.179.252.206:48487/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.206:48487/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.156.247:48219/bin.sh id: auto-81ab19c2f5ddc5173f0a85839e6040a997addd66a03cd27db4ccf1efe8479474 status: experimental description: Detects traffic or activity related to http://113.236.156.247:48219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.156.247:48219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.82.213:60845/bin.sh id: auto-86a001ce5b8c52100711bdf4a318376db5232e653314793cfcaf825be7d003e6 status: experimental description: Detects traffic or activity related to http://115.57.82.213:60845/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.82.213:60845/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.103.181:52861/bin.sh id: auto-7609ac93ef792c9d7dd3e5ab8520b1882397da4decb1f0de4d324cb521754142 status: experimental description: Detects traffic or activity related to http://112.248.103.181:52861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.103.181:52861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.108.185:48427/i id: auto-d00a80b29c98709633fc0d08b8d87cdc03ce99b1e2cb92bfa0086e6ffba84fd9 status: experimental description: Detects traffic or activity related to http://117.235.108.185:48427/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.108.185:48427/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.108.185:48427/bin.sh id: auto-bb359f4590516de6155cb4aefc57e9241e2e4aa50f3ab56051eee0332cdfe6b1 status: experimental description: Detects traffic or activity related to http://117.235.108.185:48427/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.108.185:48427/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.29.125:41484/bin.sh id: auto-c7b307c29c25be5d69127a60cc210b4ada0ae2832e0abd1afe57e2ad78cb5596 status: experimental description: Detects traffic or activity related to http://117.206.29.125:41484/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.29.125:41484/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.227:50944/i id: auto-30d7bac4a9104e9f7829d1980a2ebeb7d233267cb7e8e23aca64bee7187b2591 status: experimental description: Detects traffic or activity related to http://110.37.3.227:50944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.227:50944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:39107/bin.sh id: auto-e23b8ad168339531ffa75a25178941c021aff5ac5862c1e8669267f83a9fb21c status: experimental description: Detects traffic or activity related to http://118.232.137.101:39107/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:39107/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.183.108:35793/i id: auto-89dfe1a9c36ba691abe94b07b197d07e4cae23043c8e0c92caf53fb2916ee105 status: experimental description: Detects traffic or activity related to http://27.215.183.108:35793/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.183.108:35793/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/m68k id: auto-fbd213e520552ae0d0bf2a62e6e2b64ef8b6a2376a93549d87a23e95f6542ac2 status: experimental description: Detects traffic or activity related to http://209.200.246.33/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/arm6 id: auto-3e9898c5ee8f84c2686b2bc8622deef5687d28771959b1a9c9a3d44c50bccb48 status: experimental description: Detects traffic or activity related to http://209.200.246.33/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/spc id: auto-aa4ac1df5862963a4b1ff3c0883bfe6d8dd9a6a2e6e76750658fbab7a98f53eb status: experimental description: Detects traffic or activity related to http://209.200.246.33/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/arm id: auto-7d507beecdaf821532f89dce18d2ef5f551796b2dc99882e0dc46d7bd83978fa status: experimental description: Detects traffic or activity related to http://209.200.246.33/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/mpsl id: auto-e4d9aa5aa1462442be0d1ce8881058b5b8e2e3884e64dd776de258be9a37dd85 status: experimental description: Detects traffic or activity related to http://209.200.246.33/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/sh4 id: auto-18cd4e3ab6a3f693d41107a82d9c9acea8666ba1e0f53c94f93ce206d3fd27d6 status: experimental description: Detects traffic or activity related to http://209.200.246.33/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/arm5 id: auto-580d20bff2fb1abfb09ecfe48d499cb67c88c2721de53379b9ed7425fb00f37e status: experimental description: Detects traffic or activity related to http://209.200.246.33/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/arm7 id: auto-0701159874e50704db024edf7a2dadf63649919b51480983bf7830c6c0507004 status: experimental description: Detects traffic or activity related to http://209.200.246.33/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/ppc id: auto-1a7fb777ca88021f1cda30ae6db963f96a6e46c10ebd7533e7639a46464fe064 status: experimental description: Detects traffic or activity related to http://209.200.246.33/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/mips id: auto-42f6fb474639390d5b32c98040c9664365f43e983111c7dd18f34638ff3c3275 status: experimental description: Detects traffic or activity related to http://209.200.246.33/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/narm6 id: auto-fcc1617b956abc78b98089f1ac15323d82fcfb7bdfcd5e40b7e20acba0521057 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/narm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/narm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/narm5 id: auto-e381bd99b0a4a87c9af10dc8bf3a2db5a1b6ebd736f2993c583765d92cfd320b status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/narm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/narm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/narm4 id: auto-aa4ad02402c1a84febf0e4b757dde473f1dd088c170a245e720a44f08c88209b status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/narm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/narm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/x86 id: auto-dd63861509c39e9c0bc59dc97a24282bcf00968a358592b56b268481c741829c status: experimental description: Detects traffic or activity related to http://209.200.246.33/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.168:51140/bin.sh id: auto-e98fa2e611b66908e6b8d9f83c412abac595deb9683a598f3274f7c048b69c77 status: experimental description: Detects traffic or activity related to http://60.23.238.168:51140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.168:51140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.168:51140/i id: auto-eb77a9b1d8853e94eb65f2eaca48e95cf3d8af1b2563c48f749f78a98eb53674 status: experimental description: Detects traffic or activity related to http://60.23.238.168:51140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.168:51140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.84:52659/bin.sh id: auto-9bddbc1bedac4b083278e55d8515508817ab9b934cf664f3a9f0a668500a621d status: experimental description: Detects traffic or activity related to http://110.39.246.84:52659/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.84:52659/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.183.108:35793/bin.sh id: auto-33743ebdc8e1539b63d7e7d381a6381d15d3c99f6bcc0081232af9b13593cbd4 status: experimental description: Detects traffic or activity related to http://27.215.183.108:35793/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.183.108:35793/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.213.215:44975/i id: auto-a81ca353455fc15c33ff19f2a43fefba9e146d02bd63470f4dc4bf50540e7a21 status: experimental description: Detects traffic or activity related to http://110.38.213.215:44975/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.213.215:44975/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.213.215:44975/bin.sh id: auto-ec794e6ec285508015fcd3a0be4dbdbf58c842779cc68395608fc3e399d844bf status: experimental description: Detects traffic or activity related to http://110.38.213.215:44975/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.213.215:44975/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.43:48972/i id: auto-ea0f2df6ded2b4f0488f614396ff1e40fdaff5adc9aa34ab73bfdd5d2d18ea23 status: experimental description: Detects traffic or activity related to http://110.37.121.43:48972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.43:48972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.63.73:32991/i id: auto-d9512818fcb9efcc3ad5c0952949111ed1fa1e9ca6898598b053cc089bc58eeb status: experimental description: Detects traffic or activity related to http://115.55.63.73:32991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.63.73:32991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.183.110.39:33461/i id: auto-c104d5ab91de663bd5f205e41ef7f83174ddf3d4914946f8f03dbe78428ed893 status: experimental description: Detects traffic or activity related to http://59.183.110.39:33461/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.183.110.39:33461/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.43:48972/bin.sh id: auto-bdd6714e07f6093fc5a5037524e6979367cd8a51742bdb869bcbd82e92c3f317 status: experimental description: Detects traffic or activity related to http://110.37.121.43:48972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.43:48972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.175.234:53297/bin.sh id: auto-d8dbb0fd113cd21ef01ebd8ee74075a2b64b764730841b4d2498c5f2b3b676d7 status: experimental description: Detects traffic or activity related to http://113.229.175.234:53297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.175.234:53297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.63.73:32991/bin.sh id: auto-12a901bf87a1c769f29e7fbf6663ba8bae9b97ba14864f1118ae4b02665a64f9 status: experimental description: Detects traffic or activity related to http://115.55.63.73:32991/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.63.73:32991/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.147.95:39193/i id: auto-a821c7fbf340b214343d7e6a92c02994a5ba9de33ab67fc7ca2f9c9b254bf824 status: experimental description: Detects traffic or activity related to http://125.40.147.95:39193/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.147.95:39193/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.123.74:55400/i id: auto-bb8dd650688e231065b36e669779d582a5eb1cc5db9014b8349cda1546f1986a status: experimental description: Detects traffic or activity related to http://182.124.123.74:55400/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.123.74:55400/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.199:45861/i id: auto-91f11ca559fc99cb70846bd8fb7dfd87d0108861d4a0fffc1ddf8c08076af8ca status: experimental description: Detects traffic or activity related to http://110.37.35.199:45861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.199:45861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.153:48341/i id: auto-440063c6e8b280a411018873ff3318712bb180e8561c174540264352154ff742 status: experimental description: Detects traffic or activity related to http://110.39.235.153:48341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.153:48341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.136.87.219:40215/i id: auto-33b147394aa832ebf2bc1090657cdf6d9c431db6f36c40d5bbba0292a1f534a4 status: experimental description: Detects traffic or activity related to http://61.136.87.219:40215/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.136.87.219:40215/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.110.11:59048/bin.sh id: auto-90c209c5d256eca1905bdfea2c249651828d77618fbccf1abc93813bfbb72cf1 status: experimental description: Detects traffic or activity related to http://117.195.110.11:59048/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.110.11:59048/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.49.231:45751/bin.sh id: auto-2131277d53436cb99101b25b742cfd0dc230a7093cb70ae63537a517dcc407a6 status: experimental description: Detects traffic or activity related to http://115.55.49.231:45751/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.49.231:45751/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.251.95:40007/i id: auto-1786b86e5005778b9c1e7d95547d6fb650a4ceaa0a97f471b607e7b889232f3e status: experimental description: Detects traffic or activity related to http://115.55.251.95:40007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.251.95:40007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.136.87.219:40215/bin.sh id: auto-608723dbe5cb7f40cfde160a99dc0d6af959308f76825de7e2ec0d405c817953 status: experimental description: Detects traffic or activity related to http://61.136.87.219:40215/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.136.87.219:40215/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.199:45861/bin.sh id: auto-0f0ee9d5aab9ae7eef7ee573f284d532758cf9825ae398b43506580125bf1138 status: experimental description: Detects traffic or activity related to http://110.37.35.199:45861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.199:45861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.251.95:40007/bin.sh id: auto-b9ba4185f0fdb9d3615a232a1d94649578b140669ee408f425f7c360c0a68740 status: experimental description: Detects traffic or activity related to http://115.55.251.95:40007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.251.95:40007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.203.95:47882/i id: auto-1729294dd93b5237523af5bbb3eaabd0ebbd99593d8069fce6c44dff3e92df89 status: experimental description: Detects traffic or activity related to http://115.53.203.95:47882/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.203.95:47882/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.119.241:41249/bin.sh id: auto-f9ada0497a9bb21dc1719119de511c089da16a1131751064ddb1ff7be82cf074 status: experimental description: Detects traffic or activity related to http://110.37.119.241:41249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.119.241:41249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.mpsl id: auto-34a5d59a8d11cc9b2fb20f6f4de72aa245513eeb30613ca1ff455ecba253b896 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.m68k id: auto-d87cc3511e973af2bca242b84d245743e39308ce01bad5c31d58122f25fb5575 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.arm6 id: auto-f4b0c2a43cb433e5f16237e8fe8490769e642172f485268f523ef361cc22b329 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.arm7 id: auto-d93ab931fceab90437b4a7f9b43b7b446b00dd14f116d13d358133d15442899d status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.ppc id: auto-259b18cadc402bffdf206fd34b92e17a63a9e016efc751a765ea2106309034f2 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.arm id: auto-25e2802635aa1b63e622c81c483a9fd8595894548373a6371357529d7c24b2e9 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.arm5 id: auto-e60d233cc4708f0b0405f52cc2abf6291c94237870519d569a978646f3244cc6 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/payload.sh id: auto-050a19141b16b9334de6ae38fb8040466bad97fa55cf1a9721841a9ed4d2e364 status: experimental description: Detects traffic or activity related to http://209.200.246.33/payload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/payload.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.x86 id: auto-187371909b056d9ddaf19d51e2b9fb6d0b1a270e51038cb623caa27e91387788 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.sh4 id: auto-83614e3c8dfdc6071d1454eed805175f9669f0314003a69ef435f4cff806fcd4 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.200.246.33/flood.mips id: auto-b4b053093bf7df09e864dbf3118cb78f342ad4b14fd22cc2abdf7311d1074411 status: experimental description: Detects traffic or activity related to http://209.200.246.33/flood.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.200.246.33/flood.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.203.95:47882/bin.sh id: auto-3863d663a74be0d5445b5ddcaa846b991279fd87eb9503ff905b4453e84cd9b2 status: experimental description: Detects traffic or activity related to http://115.53.203.95:47882/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.203.95:47882/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/nmips id: auto-238654a0f65f8e87b35e7b4427edf5eafd6f5ac690e443a66ef6f8be00ed8b3e status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/nmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/nmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/narm7 id: auto-b410ff145750dc235933028fffbff653e1d918f51d5f94e8d8032a337a865727 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/narm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/narm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.3.116:48241/bin.sh id: auto-53eeb55972a7c7fe8cb58352ab567fda07b7f41092653fde123cbe70e13ad1e1 status: experimental description: Detects traffic or activity related to http://182.119.3.116:48241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.3.116:48241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.88.91:43478/i id: auto-3b698aa8792982b73edf69d7fa716d6935c1fb96fcb982a4156565118bfe5c04 status: experimental description: Detects traffic or activity related to http://110.37.88.91:43478/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.88.91:43478/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.87.76:57269/i id: auto-10857f43a45bc137f7e8b0a0182e9e799de1616db85c78ee91f6e5da9d54005b status: experimental description: Detects traffic or activity related to http://42.225.87.76:57269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.87.76:57269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10:235/lolMiner_v1.98_Lin64.tar.gz id: auto-58700c781cd6f7181ac6f015029b38993fbf97959bef8af651948f7f1406a497 status: experimental description: Detects traffic or activity related to http://91.92.241.10:235/lolMiner_v1.98_Lin64.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10:235/lolMiner_v1.98_Lin64.tar.gz*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.88.91:43478/bin.sh id: auto-732ec046f62a1c286b2ac743389611de6e57559b7ee40bf7f2eb3d90c87e1484 status: experimental description: Detects traffic or activity related to http://110.37.88.91:43478/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.88.91:43478/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/nOLxbcM.exe id: auto-37b2c8545ff737c64611bbe8c7d6c7af0255f7bb42eff17acedc56bc8eb732e3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/nOLxbcM.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/nOLxbcM.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.103:33743/i id: auto-6feab3e5db0bf7fd8e752c5dbc1cdccb2684af4b1fd5e5220bacb201dbe602cb status: experimental description: Detects traffic or activity related to http://110.36.0.103:33743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.103:33743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.106.227:53600/i id: auto-7149fe103159746806d5d1689adec076a2e19a7afb612e79e2294bbdac1bce3d status: experimental description: Detects traffic or activity related to http://61.53.106.227:53600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.106.227:53600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.68:42420/i id: auto-0b5c296b09d292b572edf3c8603b68da7f665da25d794841aa7ea188b3d5b8e3 status: experimental description: Detects traffic or activity related to http://110.37.67.68:42420/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.68:42420/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.75.218:38102/i id: auto-6046924773d2707f1b4f57cfd9566e06f32104732e5a8d2801773fcfa33fccd5 status: experimental description: Detects traffic or activity related to http://42.232.75.218:38102/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.75.218:38102/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.129.167.115:44705/i id: auto-b0afcb0e9b228283d8f3a7661cece9348a68eec20c813010ff6832f1ab2d6c46 status: experimental description: Detects traffic or activity related to http://124.129.167.115:44705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.129.167.115:44705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.24.11:43586/i id: auto-9d157de27f71f34dbecc8bb344270683603ceac0ad4f6319629e4b0da358b93a status: experimental description: Detects traffic or activity related to http://110.37.24.11:43586/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.24.11:43586/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.68:42420/bin.sh id: auto-0baa3e56021464436a0ffd2589f4de854898483144b1270d2c06a3b5938559e0 status: experimental description: Detects traffic or activity related to http://110.37.67.68:42420/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.68:42420/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.49.231:45751/i id: auto-9764df1f0eb19d5a210b11e6c58bf8467113951f2eb454f8f458b3d46ba1615d status: experimental description: Detects traffic or activity related to http://115.55.49.231:45751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.49.231:45751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.62.65:45424/i id: auto-c0f402bcebcaf988600dcda50ca1cd69f8d456ee483d201114cd03bc3f6bec7d status: experimental description: Detects traffic or activity related to http://182.119.62.65:45424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.62.65:45424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.189:55065/i id: auto-4cbb20d1437232445aec561ab861e69cbe41958ef424f981c7e0a8a45b7a41dd status: experimental description: Detects traffic or activity related to http://110.39.244.189:55065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.189:55065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.77.56:43886/i id: auto-bbca3da8a433ce5b41d9db64644a79b78e949c353aef4f434c6d885a574b97ae status: experimental description: Detects traffic or activity related to http://115.49.77.56:43886/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.77.56:43886/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.55/zx.exe id: auto-184ac57f64ff78a2edde2335740042c7203022fcd408df00e17bc25cf3ac9624 status: experimental description: Detects traffic or activity related to http://45.93.20.55/zx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.55/zx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.55/Bot.exe id: auto-493b2950cde1f1b13687b9af5b55c0be4894af988b2a33c767055d87c9a2f15a status: experimental description: Detects traffic or activity related to http://45.93.20.55/Bot.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.55/Bot.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.55/Clipper.exe id: auto-685ccf1ed991f3294c3618c1f575b18c0ee641444a944479b6f7deb44c788f38 status: experimental description: Detects traffic or activity related to http://45.93.20.55/Clipper.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.55/Clipper.exe*' condition: selection level: high tags: - attack.t1588.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.70.229.43:44304/bin.sh id: auto-1983b6e28e87ce4a86af1a456bf66d730ff8763126bdddb909d3e30f86001054 status: experimental description: Detects traffic or activity related to http://36.70.229.43:44304/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.70.229.43:44304/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10:235/xd.sh id: auto-92582141918535e9fb040f8a08d62ea10fb6a7c3be59647ccb21d569385b0be6 status: experimental description: Detects traffic or activity related to http://91.92.241.10:235/xd.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10:235/xd.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10:235/wow2.sh id: auto-7f50594c83ba768656de724bdc7faa2c19ada1af49712120cb78b3eb27c43217 status: experimental description: Detects traffic or activity related to http://91.92.241.10:235/wow2.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10:235/wow2.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.108.89.220:42869/i id: auto-c56f4368bfb892301f2a79777b18e1fe3d26b4dd34fb59e0ad14c637deb9d952 status: experimental description: Detects traffic or activity related to http://179.108.89.220:42869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.108.89.220:42869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.106:39471/i id: auto-9ec4a0031f7149d08e7a9dc3588628393f9880479f14f468b4d3a5c96e2cb0f5 status: experimental description: Detects traffic or activity related to http://182.116.53.106:39471/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.106:39471/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.103:33743/bin.sh id: auto-87798a923189270db496be8c96037e09b0955a25be0ad64efd94d51373c0737e status: experimental description: Detects traffic or activity related to http://110.36.0.103:33743/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.103:33743/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.255.231:50422/i id: auto-93b23cb545c418a78b9f399bfe9e366fa4bd0778e4459c4ddf2d005373f7ea71 status: experimental description: Detects traffic or activity related to http://42.231.255.231:50422/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.255.231:50422/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.106.227:53600/bin.sh id: auto-dfc8d4014a853e4dd06356edad61adb816de1c808af15eac09fe5b3e20528b3b status: experimental description: Detects traffic or activity related to http://61.53.106.227:53600/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.106.227:53600/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.77.56:43886/bin.sh id: auto-d5fc72c72a3e6a29d9bae6730fc3388f109128fae3f20458c9ee565db024726e status: experimental description: Detects traffic or activity related to http://115.49.77.56:43886/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.77.56:43886/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.45.168:55622/i id: auto-88186fe7a0ca5547521637d696d9037e1242bb62528db3f333cc5887b8952b15 status: experimental description: Detects traffic or activity related to http://222.141.45.168:55622/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.45.168:55622/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.106:39471/bin.sh id: auto-6917929d70a34704004f5ec0a27537c7ac39aa2c0a0a670d9f98aba672de6c74 status: experimental description: Detects traffic or activity related to http://182.116.53.106:39471/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.106:39471/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.255.231:50422/bin.sh id: auto-10846e32fcb6abb94d93484912a77a9ad44e2825e4a9566269ce1f7c12ca4109 status: experimental description: Detects traffic or activity related to http://42.231.255.231:50422/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.255.231:50422/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.36.150:33704/i id: auto-dbb08b354b211a6e448b1f78a01d9c62fcb639a058f2414751ea99e83da40e8f status: experimental description: Detects traffic or activity related to http://221.14.36.150:33704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.36.150:33704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.104.96:49469/i id: auto-ebb229ea5f75ad7fd31ec55305844b305558f8b463b674d016f9748075b7cbfd status: experimental description: Detects traffic or activity related to http://123.13.104.96:49469/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.104.96:49469/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.45.168:55622/bin.sh id: auto-6b9a705e936b1b932312b969b88c2c3d1ab3b23615091e092c8efd172d1b02e3 status: experimental description: Detects traffic or activity related to http://222.141.45.168:55622/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.45.168:55622/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.169.156:53511/i id: auto-47461ccc2dfc99b565c057f591dee3d91a84c6a9cd339474c492ce0ce73bed26 status: experimental description: Detects traffic or activity related to http://222.136.169.156:53511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.169.156:53511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:41469/i id: auto-49883311b49c7dea060a91c737e5caf71bd6a9264232a87523c116d3bdc73c1c status: experimental description: Detects traffic or activity related to http://173.28.101.7:41469/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:41469/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.234.5:37257/i id: auto-5532fae0b47aadcb665e02db408ce729aada65b015d11643eb1409063bc524e9 status: experimental description: Detects traffic or activity related to http://123.12.234.5:37257/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.234.5:37257/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.62.65:45424/bin.sh id: auto-627ea39fd9efd1614676ea6bf92708a1475574c8de9123a99a4c195c39d4f8fe status: experimental description: Detects traffic or activity related to http://182.119.62.65:45424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.62.65:45424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.12.158:49105/i id: auto-c474e9120bd5f1e57a01ac413ac2a4d5eb61201d160bd3b8a7110394fee7dd20 status: experimental description: Detects traffic or activity related to http://113.238.12.158:49105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.12.158:49105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.104.96:49469/bin.sh id: auto-0c1d58306dd1187015ade346d3c8e70b6c763c60d20b37efc66b22ee43a500c8 status: experimental description: Detects traffic or activity related to http://123.13.104.96:49469/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.104.96:49469/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.87.76:57269/bin.sh id: auto-c3df19bcb086322a55a332b6e4846fc39fba9717b61fda057b2bb71b7f74f194 status: experimental description: Detects traffic or activity related to http://42.225.87.76:57269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.87.76:57269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.47.9:52078/bin.sh id: auto-808eaf107fd53d6ef71864a1105814998015444429111212e005be605b97c190 status: experimental description: Detects traffic or activity related to http://110.37.47.9:52078/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.47.9:52078/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.159:60428/i id: auto-be065a822645751147f70d6c277cc5a11e9621df99f4e66744cb7094724a78e3 status: experimental description: Detects traffic or activity related to http://110.36.0.159:60428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.159:60428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://v22017014235143770.goodsrv.de/.s/pty4 id: auto-ff03900525468299f12bb315a4ed0403181ecd27db90d7c36b45b21711473674 status: experimental description: Detects traffic or activity related to http://v22017014235143770.goodsrv.de/.s/pty4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://v22017014235143770.goodsrv.de/.s/pty4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://v22017014235143770.goodsrv.de/.s/pty5 id: auto-61baabcbadf4fb556d558d3766114b7fe0333388f7cdc4800db33f552cfa4d11 status: experimental description: Detects traffic or activity related to http://v22017014235143770.goodsrv.de/.s/pty5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://v22017014235143770.goodsrv.de/.s/pty5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://v22017014235143770.goodsrv.de/.s/pty10 id: auto-1c0c86417cde1a842a6154dbe1c11170fcb6c7ffb82cb3bfb750f84fdad138bf status: experimental description: Detects traffic or activity related to http://v22017014235143770.goodsrv.de/.s/pty10 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://v22017014235143770.goodsrv.de/.s/pty10*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.120.167.228/.s/pty10 id: auto-3345794d3522e669d98ea2ba5d8810aed868c157b62d507b0f5333ec6b5eeb80 status: experimental description: Detects traffic or activity related to http://37.120.167.228/.s/pty10 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.120.167.228/.s/pty10*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://v22017014235143770.goodsrv.de/.s/pty1 id: auto-7692eff6f0292d75a60cad8262a509837eab3967d8d61db95648452e247f4690 status: experimental description: Detects traffic or activity related to http://v22017014235143770.goodsrv.de/.s/pty1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://v22017014235143770.goodsrv.de/.s/pty1*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://68.183.109.173/.u/3sh id: auto-713c56e67d12fbd52132e57cbca93045459f022fdba48b760758db8b7c3ed835 status: experimental description: Detects traffic or activity related to http://68.183.109.173/.u/3sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://68.183.109.173/.u/3sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.120.167.228/.s/pty5 id: auto-9ea87a98f2940f823a92e961fa800e3d57ccc72dd37666500fa91837d16953d1 status: experimental description: Detects traffic or activity related to http://37.120.167.228/.s/pty5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.120.167.228/.s/pty5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.120.167.228/.s/pty2 id: auto-8d41fc86cd186fcc6f40b8d3c56189c69351e37774e217c840fd5996608ee3ff status: experimental description: Detects traffic or activity related to http://37.120.167.228/.s/pty2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.120.167.228/.s/pty2*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.120.167.228/.s/pty3 id: auto-1683d85a0b2b40e35e352a6a43e7f4dd67849fcd6a83303927760f98dc2ad032 status: experimental description: Detects traffic or activity related to http://37.120.167.228/.s/pty3 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.120.167.228/.s/pty3*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.120.167.228/.s/pty4 id: auto-7f8b569968b894e445fa4832d29384d6381e66f3111a6291355a9dd932d09f38 status: experimental description: Detects traffic or activity related to http://37.120.167.228/.s/pty4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.120.167.228/.s/pty4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://v22017014235143770.goodsrv.de/.s/pty3 id: auto-22c78e597aaa5df7063746d026633bf1f46c02f3c297c916522063e7e647da1f status: experimental description: Detects traffic or activity related to http://v22017014235143770.goodsrv.de/.s/pty3 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://v22017014235143770.goodsrv.de/.s/pty3*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://v22017014235143770.goodsrv.de/.s/pty2 id: auto-be040d01bc7234618162f5bd97a4c5c84fe33960a7acf80454f4a42f583fec24 status: experimental description: Detects traffic or activity related to http://v22017014235143770.goodsrv.de/.s/pty2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://v22017014235143770.goodsrv.de/.s/pty2*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.120.167.228/.s/pty1 id: auto-9a9294e29ad002220a057200e0bb293aed8f448e321804442f870aeee77e82be status: experimental description: Detects traffic or activity related to http://37.120.167.228/.s/pty1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.120.167.228/.s/pty1*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.14.51:41691/i id: auto-7da29fc4ff27b86de1102fbc42e6dfe99cc8c7d4fdc0cd78b8d8add5a6ec356b status: experimental description: Detects traffic or activity related to http://42.176.14.51:41691/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.14.51:41691/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.36.150:33704/bin.sh id: auto-bf408a3b672e21f08df4ba5a78aa624613458a2b2c7d09f3b907c3b00c388444 status: experimental description: Detects traffic or activity related to http://221.14.36.150:33704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.36.150:33704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.84:52659/i id: auto-97b561bc5b558251cf1faa5778956a36635ad17bdc24e8364e82f4d5b7e6af15 status: experimental description: Detects traffic or activity related to http://110.39.246.84:52659/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.84:52659/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.251:46670/i id: auto-e38fc90e8a71a6a7007b960fcce09a72f2e0940fde46daecd184ca6261610be1 status: experimental description: Detects traffic or activity related to http://117.209.91.251:46670/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.251:46670/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.159:60428/bin.sh id: auto-58e49df1e899a6af15be87a750c54d4abf8f498f5e12b3fc4cb9bf4354ebedad status: experimental description: Detects traffic or activity related to http://110.36.0.159:60428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.159:60428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.14.51:41691/bin.sh id: auto-386fba71a9d90385064bbaacdb9e54fc9e60f665522ce87ef0ba03ef591c0919 status: experimental description: Detects traffic or activity related to http://42.176.14.51:41691/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.14.51:41691/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/ppowerpc id: auto-0ebdecf601187742ed595cd6912f018d43c216bf0b06011613c94350a356f339 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/ppowerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/ppowerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pi586 id: auto-9ab0c0c1b5364801d59498feb8a7f0a51599e33f7f9b5d44a38a0b85449ab152 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pi586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pi586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pi686 id: auto-035abf4d39117c84c7b4528102f71c89b369a977d24e6b9d5ac99632f30da5e6 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pi686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pi686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pi486 id: auto-758874429bd861b043cb5e0c53f39edfd37640b8b43866a023ca04b562765e2d status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pi486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pi486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.56.55:47421/i id: auto-c623b808727564a65abe9b5e1c50d7f46de3700bc8c8f41ec722026a0f86aa51 status: experimental description: Detects traffic or activity related to http://42.178.56.55:47421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.56.55:47421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.251:46670/bin.sh id: auto-61b49ca77705e8b09648dd9c3c80909bad975c06fded3b904de0889c35303196 status: experimental description: Detects traffic or activity related to http://117.209.91.251:46670/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.251:46670/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.234.5:37257/bin.sh id: auto-5084bf7f9c9f77a2ea83e074ebaf3ff4f43d3ac5620e00c7eddaa35cdcf1d8b0 status: experimental description: Detects traffic or activity related to http://123.12.234.5:37257/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.234.5:37257/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.58.192:37414/i id: auto-0aeee0d5ff2f0c84fd3b4c02d16b207cec286f0d7482e802bd608a94d08c755e status: experimental description: Detects traffic or activity related to http://117.215.58.192:37414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.58.192:37414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.176.95:35168/i id: auto-3a841612f2d0e5fe45f62e94e547a957c3491f0e03b5b74ee2cdc54f13eaffba status: experimental description: Detects traffic or activity related to http://125.44.176.95:35168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.176.95:35168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.56.55:47421/bin.sh id: auto-2973f4c44509cbd377f786752f3c95e9830688989f708220b5ede728a48b22a1 status: experimental description: Detects traffic or activity related to http://42.178.56.55:47421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.56.55:47421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.217.205:55481/i id: auto-a445e9e92283cea67dd99af3626fc661be89857fae44f2d4de150c49975d69f5 status: experimental description: Detects traffic or activity related to http://60.19.217.205:55481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.217.205:55481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.227.79:48634/i id: auto-ea8bd7b6a32aa51f760788bd77084a0d4e46f2c79f765ac2a48ab54fe1853ffa status: experimental description: Detects traffic or activity related to http://125.41.227.79:48634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.227.79:48634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.58.192:37414/bin.sh id: auto-99355f588b737d04f2340afa445ffb28e69a687a7279054084701c1c2e3b2c4a status: experimental description: Detects traffic or activity related to http://117.215.58.192:37414/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.58.192:37414/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.227.79:48634/bin.sh id: auto-e94a2c51af272aa76a6dab14a6c965c1380dd1494257e2e64761661e56f24c66 status: experimental description: Detects traffic or activity related to http://125.41.227.79:48634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.227.79:48634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.217.205:55481/bin.sh id: auto-2edb60b440badbc9cc71f5d89cc1d7862448da98e89667df8b7076a3ed1de557 status: experimental description: Detects traffic or activity related to http://60.19.217.205:55481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.217.205:55481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/m68k id: auto-96c99dbd296b2f0462d8493fb493820548903a56b5fb0582d76a33586c875f9a status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/arm5 id: auto-4c4e4d639e1b006a8c163d8472aecc5c37ab496313eb6508aa97f447a30ecaa1 status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/ppc id: auto-4339dab8235381708b964b3801be1703872ece96aac11ee0d899fec9d76cf793 status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/sh4 id: auto-11bfcb22ad5ec416e523adb6e6914f0cb4dc5a3ee1429243993f2174ea51c7ec status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/mips id: auto-c4f347c7a99feaf1f2a5ddf32c89cf53f9f26967abae7066b3f5dc9a40989cbb status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/arm6 id: auto-320ea25a3de6e0f13371ca4f9175163757dc7b965158a8a3df6013c7f89c5c08 status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/x86 id: auto-3d6fd83758716cba87ee15fbe36c7d0bb301b864168669bd41005ad186dcb05f status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/spc id: auto-b2a68313e9d44d6537b7c8bcfe97ac129af25b09c0f242eaf724258b4bc2b723 status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.180/bins/arm7 id: auto-13494427b296bb1238d8a80df043f9802b43255ed2caa9aa285674e4d822b5ec status: experimental description: Detects traffic or activity related to http://45.156.87.180/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.180/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.163.24:49034/i id: auto-07fa670ee25f0deb9f77ca25af1f68ad4fa9ea5f8924d2c049cdb20281d696be status: experimental description: Detects traffic or activity related to http://222.134.163.24:49034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.163.24:49034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.46.53:40176/i id: auto-5740ae0d0b48f5989295a199bccdfb283ed070fba01459711dadc191e5034940 status: experimental description: Detects traffic or activity related to http://110.37.46.53:40176/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.46.53:40176/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.206.23:53849/i id: auto-fea7f6829d1064b3e2376f882c995fb9c9c6902dd3c5595b8270da2e81a4c30c status: experimental description: Detects traffic or activity related to http://115.55.206.23:53849/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.206.23:53849/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6021162326/vjU8KET.exe id: auto-986bc169a88aa149c113d7e14512c11128014db381c62cc9e27c172dca14c2aa status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6021162326/vjU8KET.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6021162326/vjU8KET.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.176.95:35168/bin.sh id: auto-a2f29d28c2e7ed6ce085572c8a90a94dbce2d670f683ab0fd8f8b8b41c0fed4d status: experimental description: Detects traffic or activity related to http://125.44.176.95:35168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.176.95:35168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/auth-st-snap54 id: auto-4a24504f0cf4ab132aeb727deb7b3a6d30027a7273d323542ba21f0afe51e317 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/auth-st-snap54 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/auth-st-snap54*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.200:40208/i id: auto-3e13b215aabdb4513e58bf1396524c75173b55aefd70a3604ce41966f19d9f4e status: experimental description: Detects traffic or activity related to http://110.36.0.200:40208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.200:40208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.225.139:48074/i id: auto-a67f584dded6a6bf5f4879f91eb2c3fc5a8e700de23864cbe55519ad09c408fc status: experimental description: Detects traffic or activity related to http://1.181.225.139:48074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.225.139:48074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:54988/i id: auto-0aac92151d15e92aaad376e0b37f768c51e21f5d999515a19f7a0ef4f98dd809 status: experimental description: Detects traffic or activity related to http://110.36.0.104:54988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:54988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.153.21:41636/i id: auto-5a978fd46d620516a7c5b167f19a604a7f7561f6cd1601ace775985ca3873579 status: experimental description: Detects traffic or activity related to http://117.192.153.21:41636/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.153.21:41636/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.206.23:53849/bin.sh id: auto-f6bb7fcf3fe939fa7a85f0a70f71e42add4560fcbea7a47bf61e9797fcd0635c status: experimental description: Detects traffic or activity related to http://115.55.206.23:53849/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.206.23:53849/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.196.160:35066/i id: auto-453464527bf7f7fcabe4241ab35ee75aed633b3478fea949e9b6a2afe1f1e76c status: experimental description: Detects traffic or activity related to http://182.114.196.160:35066/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.196.160:35066/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.57.137:45384/i id: auto-1a40a6676b0538addeacd52ef16fe4cf0bea8d18aa3018b12fa82190c756d7fa status: experimental description: Detects traffic or activity related to http://125.45.57.137:45384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.57.137:45384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.46.53:40176/bin.sh id: auto-822aa15b2c8dece0456f5552d2592c3429dc9493bb68d3e0953e510a0b4f2f14 status: experimental description: Detects traffic or activity related to http://110.37.46.53:40176/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.46.53:40176/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.0.193:37024/i id: auto-495c2a809055554949e58cec86b057dff8c9c37a20a424a3364d0c13f70cb8b8 status: experimental description: Detects traffic or activity related to http://61.52.0.193:37024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.0.193:37024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.72.189:37031/i id: auto-e63b2934f6f494826e6932d65a5c96cb94c189de3905abbcdaafa20c0e6b520b status: experimental description: Detects traffic or activity related to http://125.43.72.189:37031/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.72.189:37031/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.153.21:41636/bin.sh id: auto-7039937e17154549256d533e3f48d317d77ee576c9bb459d16baabae2991c9a6 status: experimental description: Detects traffic or activity related to http://117.192.153.21:41636/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.153.21:41636/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:54988/bin.sh id: auto-2817ad1482fae81d90650c0baaca830da796410a5a89a894d4650b6e8899af3c status: experimental description: Detects traffic or activity related to http://110.36.0.104:54988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:54988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.225.139:48074/bin.sh id: auto-cf9c05e97fbebbe7e073860c1326bbff1b7590bb189ff60c7e277344292f5cdd status: experimental description: Detects traffic or activity related to http://1.181.225.139:48074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.225.139:48074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.215:50869/bin.sh id: auto-6e87697774179eb86f2bf2c6831e285b12a6dc577bccac4ff9bee54b7601c9eb status: experimental description: Detects traffic or activity related to http://110.37.11.215:50869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.215:50869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.146.54:43481/i id: auto-91b131daced8b0fb49b3268f5c9b1e09b746826ae2fe5777742d94d86200ec2e status: experimental description: Detects traffic or activity related to http://42.224.146.54:43481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.146.54:43481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.57.137:45384/bin.sh id: auto-8b2583cdd125bd5ad48e2ad84908edb44a56b97ccaddad6592a624db91920fbd status: experimental description: Detects traffic or activity related to http://125.45.57.137:45384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.57.137:45384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.196.160:35066/bin.sh id: auto-6c3e2cf6c312a37bc0d0f425d74e53a3fb38106784253aabec83e54f48d20f20 status: experimental description: Detects traffic or activity related to http://182.114.196.160:35066/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.196.160:35066/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.13.16:56451/i id: auto-34d95c007bf7a87499dc3c51061eba0909e12bf1e407158d0c1caf9831f1c13c status: experimental description: Detects traffic or activity related to http://110.37.13.16:56451/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.13.16:56451/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.130.146:60116/i id: auto-58fcb736bd057b85109bbb32157233b9462b165a62a017ef446fa41d9e3d2f48 status: experimental description: Detects traffic or activity related to http://222.140.130.146:60116/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.130.146:60116/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.0.193:37024/bin.sh id: auto-e9c83d7a662817ce8e577dff3c9167954d46c91bc5f901e83ae2550fa2258600 status: experimental description: Detects traffic or activity related to http://61.52.0.193:37024/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.0.193:37024/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.24.176.168:40511/i id: auto-0a30bb9d3f4c0b1bd09c15762896d47238b2602b2e6d8ec23f062765dfbbc3c2 status: experimental description: Detects traffic or activity related to http://217.24.176.168:40511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.24.176.168:40511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.109.41.140:38865/i id: auto-c72696a9ea97fbc108c91c46bd386dbcdc6ba8ee39b5cfb12057a067af046a35 status: experimental description: Detects traffic or activity related to http://41.109.41.140:38865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.109.41.140:38865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.13.16:56451/bin.sh id: auto-f93eebb4768d998b9fec1e8c0f521e468a09d98b0ec05740eb2aa824f5974963 status: experimental description: Detects traffic or activity related to http://110.37.13.16:56451/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.13.16:56451/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.146.54:43481/bin.sh id: auto-ae6d483301d548c3e019c36854bf4d82bfe7e7c33876553ea81a9415dab3f1e5 status: experimental description: Detects traffic or activity related to http://42.224.146.54:43481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.146.54:43481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.109.41.140:38865/bin.sh id: auto-3430a4b4b9e35f8e7a94a0fdea0124afe0eb8715246c03bdff2fb007b8491b23 status: experimental description: Detects traffic or activity related to http://41.109.41.140:38865/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.109.41.140:38865/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6382108206/HvjE3aQ.exe id: auto-8f5ac54ec6d1c55981c4e601879b2e721de1c0bf902bd0e7917f524562a794e4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6382108206/HvjE3aQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6382108206/HvjE3aQ.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.61:43217/i id: auto-eff4a01e0acc2163e9989dd92d1526a55c59604be97054f3b16e2ccc7429de4c status: experimental description: Detects traffic or activity related to http://110.37.55.61:43217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.61:43217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.155.246:34105/i id: auto-8ace15667d4c279193a25acdb15d2734ff79f9e014193040d796fefe5e5b2eea status: experimental description: Detects traffic or activity related to http://115.56.155.246:34105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.155.246:34105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.166.218:37478/i id: auto-c78ba2d4906a6ecd738e946a4108ceec0ffef3255042e8ea89f16c9adee99433 status: experimental description: Detects traffic or activity related to http://117.205.166.218:37478/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.166.218:37478/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.214.7:45901/i id: auto-d00df0543c67999e27a50a3fabe883464decfc1eb0f9255d9dcfce34af10a9db status: experimental description: Detects traffic or activity related to http://221.202.214.7:45901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.214.7:45901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.214.7:45901/bin.sh id: auto-dad4a5584f51a8802e968e9f823a9032d02375ff5f7b08fd3baef55831ecdabc status: experimental description: Detects traffic or activity related to http://221.202.214.7:45901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.214.7:45901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.52.162:41423/i id: auto-290b29baa409808f3624b7170a21265b5f9405f2976d6fabacbe8a8a1e48c535 status: experimental description: Detects traffic or activity related to http://27.215.52.162:41423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.52.162:41423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.61:43217/bin.sh id: auto-3062d922df2ccf953cfbc13854336b35bd8be90edbbfb6f4cf54fe1873ddc8ad status: experimental description: Detects traffic or activity related to http://110.37.55.61:43217/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.61:43217/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.166.218:37478/bin.sh id: auto-de640f96debee8ffa44aa2c262c8c8cc033b8b5d0f90d378382ca749335e5764 status: experimental description: Detects traffic or activity related to http://117.205.166.218:37478/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.166.218:37478/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.155.246:34105/bin.sh id: auto-703d82fceca32b7b07e986058864a905b651d5116bc0f2478b59b92bc84de3b6 status: experimental description: Detects traffic or activity related to http://115.56.155.246:34105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.155.246:34105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.246.186:51762/i id: auto-28bc07bef5c668084629aceecb7ed01948eb95bf3424057557e98d139f60e93f status: experimental description: Detects traffic or activity related to http://42.227.246.186:51762/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.246.186:51762/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.80.89:33337/i id: auto-4c0bec455279dc2875bed7d001dce10f1239b9fef46da486203e18f22ba2ada7 status: experimental description: Detects traffic or activity related to http://117.200.80.89:33337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.80.89:33337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.178.139:43539/i id: auto-a128165489759531bffb74e89f9107701f4182e3e826a303fb9a19efe12976c7 status: experimental description: Detects traffic or activity related to http://112.198.178.139:43539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.178.139:43539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.246.186:51762/bin.sh id: auto-0fcfb1acc0040b8e096318f25b3113ed6e321e970057cf3bfd87ec0ef569a386 status: experimental description: Detects traffic or activity related to http://42.227.246.186:51762/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.246.186:51762/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.207.213:51521/i id: auto-22ec5528b234ca9fad30ad4d5de633c164e50d612626e0ca35d83dd76219623b status: experimental description: Detects traffic or activity related to http://61.53.207.213:51521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.207.213:51521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.251:53461/i id: auto-99766070dcf6bf5278b6ef0cc2b78b96acb8008a1cfe421ff6c1e9b5020c334a status: experimental description: Detects traffic or activity related to http://110.37.53.251:53461/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.251:53461/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.108.254:43826/i id: auto-348dcb1bd44f1e52fa5ce36acf3c2a631b5719492d928881e5935c172ad6871d status: experimental description: Detects traffic or activity related to http://119.115.108.254:43826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.108.254:43826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.41.98:46502/i id: auto-bb28d9f27be9cdccff1675d60500bf51833760c059eb8c907e4ee90ce6042bff status: experimental description: Detects traffic or activity related to http://182.121.41.98:46502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.41.98:46502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://projenhazir.com/i id: auto-64f7e588c50137820764de72f0ce7605757f5002e8df2334b8b7b47dcc5c8d16 status: experimental description: Detects traffic or activity related to http://projenhazir.com/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://projenhazir.com/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.231:36676/i id: auto-46e6684a17f7a2762f372e6445019837bfd80126596ce7c180c91a5085d136f9 status: experimental description: Detects traffic or activity related to http://110.37.1.231:36676/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.231:36676/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.128:40154/bin.sh id: auto-b78367f0c290caac263b8f905d03926c778a1b0b1579ef00dcc24cdd74526389 status: experimental description: Detects traffic or activity related to http://117.209.94.128:40154/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.128:40154/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.141.111:57355/bin.sh id: auto-774fdb952e5b92afd31d64054fe414bbbd0a2fd0e0ac2b6268799afdbc5fea74 status: experimental description: Detects traffic or activity related to http://219.156.141.111:57355/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.141.111:57355/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.62.144:50545/i id: auto-bf975499127e76263f74e00d8d4d31ed81ae870e55dadf0195d53f1cb0f6a472 status: experimental description: Detects traffic or activity related to http://42.55.62.144:50545/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.62.144:50545/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.117.192:52851/i id: auto-d90f329694fc782ce7a3035382e730816140edffa9b1ad5ff37926f82bb354e8 status: experimental description: Detects traffic or activity related to http://59.94.117.192:52851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.117.192:52851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.141.111:57355/i id: auto-ce0bc8f548e9d3d70608e5a7565813ba0eab3a0f1b6f0304e69b083bf25e874a status: experimental description: Detects traffic or activity related to http://219.156.141.111:57355/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.141.111:57355/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.80.62:34374/i id: auto-dae321a9a7f52b5bb17b1ba42364c9aca371e97df6790e96af1f65087ce23b59 status: experimental description: Detects traffic or activity related to http://110.37.80.62:34374/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.80.62:34374/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.140.202.149:55886/Mozi.m id: auto-c510ec7184595ad10e964c7f1ba35776a713e0774d741feb324363dcf4b718c7 status: experimental description: Detects traffic or activity related to http://31.140.202.149:55886/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.140.202.149:55886/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.111.65:36867/i id: auto-d22915ecb6be5764846d721d4962c0617208408f15206fae9abc3310eb89ceb4 status: experimental description: Detects traffic or activity related to http://112.248.111.65:36867/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.111.65:36867/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.52.162:41423/bin.sh id: auto-11a20a45eabf7f09b1b9f891485345ec98b0c981f4699eef7a9a5b1c09fde9c6 status: experimental description: Detects traffic or activity related to http://27.215.52.162:41423/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.52.162:41423/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.223.97:44599/i id: auto-24a72d65c692e3fbce4742c483e695ed9a3798bdf922a735ed09a6b26af3009c status: experimental description: Detects traffic or activity related to http://116.138.223.97:44599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.223.97:44599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.26.186:35764/bin.sh id: auto-e0abd48eba8e8e8870eaa753782668eab64a865f41f7fe38340eec503818b1f7 status: experimental description: Detects traffic or activity related to http://117.248.26.186:35764/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.26.186:35764/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.154.84.204:58799/i id: auto-fde0b8c0382b0322db7edc1632dcfd912908e1daf662089f332579b2dece924f status: experimental description: Detects traffic or activity related to http://177.154.84.204:58799/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.154.84.204:58799/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.209:35323/i id: auto-7da0567d5f617ce649c3de613de7482bebe7f68a74b533f5993d79842c1d46a5 status: experimental description: Detects traffic or activity related to http://117.209.23.209:35323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.209:35323/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.204.149:41832/bin.sh id: auto-c2b72c3b538067ff68dc566b7a9e91977fea6553ba038e9fc455b105a23b2f47 status: experimental description: Detects traffic or activity related to http://42.234.204.149:41832/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.204.149:41832/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.214.30.148/zyxel.sh id: auto-cfc561b1b755416476fe8f0f760cd8a74fc2f22ff9be3dfa74927e56be65a183 status: experimental description: Detects traffic or activity related to http://188.214.30.148/zyxel.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.214.30.148/zyxel.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.111.65:36867/bin.sh id: auto-1053b89c5be2ef470ffad957fe88c2833a47d891ca9924f739b86557bdfba671 status: experimental description: Detects traffic or activity related to http://112.248.111.65:36867/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.111.65:36867/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6964245325/j3bB2xi.exe id: auto-2af71794c87ffe7bac293d50fbfa9ca664c7e9e54a1c0014bb65001d8f7ad148 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6964245325/j3bB2xi.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6964245325/j3bB2xi.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.154.84.204:58799/bin.sh id: auto-d10b9198efe8b2aeef3fb7415248e30082229bfce827933dca1f1fe487e7b8f6 status: experimental description: Detects traffic or activity related to http://177.154.84.204:58799/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.154.84.204:58799/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.209:35323/bin.sh id: auto-f050ca12134b146f885d90a1ae02b1d6064fdd63e7efbf3c9b47ec3ea85ac48c status: experimental description: Detects traffic or activity related to http://117.209.23.209:35323/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.209:35323/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.60.128.16:42503/i id: auto-c1561daebe35c9a8419dd5a3520ca372c26f89f330713c03afcf97614a667e4a status: experimental description: Detects traffic or activity related to http://47.60.128.16:42503/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.60.128.16:42503/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.48.95:46177/i id: auto-9a027ccddde8a1e7979cbd8c6b7eda32ef6abba9c177c641a418b59103998243 status: experimental description: Detects traffic or activity related to http://110.37.48.95:46177/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.48.95:46177/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.115:42950/i id: auto-d40634ff312059e95aac7949d1cee44077b1e1f432baecdc8f2e05a48f8f2750 status: experimental description: Detects traffic or activity related to http://117.209.8.115:42950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.115:42950/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.115:42950/bin.sh id: auto-41cf9848f378efade1ef193cf6f66dff9999e5a05c5247f1c38790dd435716bc status: experimental description: Detects traffic or activity related to http://117.209.8.115:42950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.115:42950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.60.128.16:42503/bin.sh id: auto-64cec63b5ece9ad76d51063b3770b34c6074f9a9668b6ee5bc8e460d1877aed0 status: experimental description: Detects traffic or activity related to http://47.60.128.16:42503/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.60.128.16:42503/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.125.43:39862/i id: auto-32dbebd8d2ac90ca96821c95b59858a01fb57c7501fc612b92cec569e8c654be status: experimental description: Detects traffic or activity related to http://222.138.125.43:39862/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.125.43:39862/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.48.95:46177/bin.sh id: auto-287eab8173b2094e757d734d2c36717f5d59e8ff153fc7a063b4d4d73497a0c3 status: experimental description: Detects traffic or activity related to http://110.37.48.95:46177/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.48.95:46177/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.166:55748/i id: auto-5c48bbf2789a402df018d6d61a61d14235685adb370ab76ce5957420e7e097d3 status: experimental description: Detects traffic or activity related to http://110.37.45.166:55748/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.166:55748/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.216.195:33909/i id: auto-0aeefd6a06822ea990ad93063256f3522d151c2a4a5a2f1d27b22c9e4132fad1 status: experimental description: Detects traffic or activity related to http://42.229.216.195:33909/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.216.195:33909/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.144.215:34535/i id: auto-5c784c9271ead3fe5020da61d84da96cfa966cb3786ad01db751b87962ee9e5a status: experimental description: Detects traffic or activity related to http://39.90.144.215:34535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.144.215:34535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.spc id: auto-c3992fba8895bc5051d6ba1d30a56857db0243f2bc0f7600a516d68b24e09d3e status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.arm6 id: auto-9e129ad9b5b009d4c5c70aef21490b276b45406d8b7fe013032d928de96ce5fe status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.arc id: auto-ea6769c6b57311679f6af4bb4bc5f6e95857326d7d64334aeb2cdcc51595cf94 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.ppc id: auto-13c2400aae28b540be9accb3dcb5a076b97b3bb3104d9a20c798eb5b8fe884a4 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.m68k id: auto-de1d1ebde3fed2c027037821fad176ebd11f0eb7fbb5e4abff35c23902cca503 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.mips id: auto-db22f736759d572edd93c9c3f1a97a2bdf7cc062eff06656a6d0511b08080e11 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.mpsl id: auto-974b60b542f3aacb2487ae4a7fa69de7f694ad75e3d7fd1ede60ed35c983ef07 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.i686 id: auto-634212301ef8955c7cfb6fbadd6f1e531ae43670413bfad215c177338217b8f2 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.x86 id: auto-77467a97de942821adf09cabd1131b807cb14221f436f06017359009242a464e status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.arm5 id: auto-88df44b210b534cb5ade0be15f2cc49d4b0d89c845b901fa0090ac0ff63844d7 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.arm id: auto-e0913766d264e95fa0506d13e33e03ce3da69019b412e248aa654e1b24a9e348 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.arm7 id: auto-f1dbefb8793bce6d695e3161fdd6cf2098c6da010b3ba487bc9b5452a803ed64 status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.x86_64 id: auto-66074e5c8a5352eefd65608fbfe01995cd419dd5b92c8cdd589f165a4809a21b status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/mamakmukekkontol/zerobotv9.sh4 id: auto-b3ddb3348195a67a944eb5b86843a7fb444e075129c490e91093cc64c2658e1b status: experimental description: Detects traffic or activity related to http://144.172.100.228/mamakmukekkontol/zerobotv9.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/mamakmukekkontol/zerobotv9.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.123.253:47329/i id: auto-6374a9299c53a14f29ce2e498534257a5832d7c981f8862cac44888512775601 status: experimental description: Detects traffic or activity related to http://117.209.123.253:47329/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.123.253:47329/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.115.176.9:32929/Mozi.m id: auto-e93ae119f6555b20066222e45c8a30a8e1736e673ebf5e6421a4895d982fd03c status: experimental description: Detects traffic or activity related to http://45.115.176.9:32929/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.115.176.9:32929/Mozi.m*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.spc id: auto-684554785e631bddacd4d949bacc565d42473a30a79dd718f2c2b9554c8077d5 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.spc*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.x86 id: auto-eacc3df213d3748be6bc56a1f5ce58f68e4552fdcac41df6842c7171c207ccac status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.x86*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.m68k id: auto-353d950222fde4158aeb3a2e377723b68519c28dbba6708b5a158f94e65bbbcf status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.m68k*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.arm4 id: auto-a5f5533923dfb9c923cd1310fc6763f64a1d1a523a4fe3bff2e55612869b9251 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.arm4*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.mips id: auto-402e8711f99c58b61ad2104c5bbe6fd3b9539655c302447e9a93143f8c2dab6b status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.mips*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.arm id: auto-2107341c341c621707f18feb98d6e4d20b35dbedbd8828a635701941440fb180 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.arm*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.6/bins/px86 id: auto-75b807be787b56debf80e1bb31854813a5484c1e64f32da45a3ebc32367da298 status: experimental description: Detects traffic or activity related to http://94.156.152.6/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.6/bins/px86*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.100.228/tol.sh id: auto-b02fa10f66a0b653deec98951f5fd5efc6fbc8ea5b4bcf87f20061384edf3756 status: experimental description: Detects traffic or activity related to http://144.172.100.228/tol.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.100.228/tol.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/i486 id: auto-3055b1b713ff7fb3edd7ff1280f50553c0ce027a6f4d9a375255c1a345d5180a status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/i486*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/mpsl id: auto-499deebd7d402cff008d74dfc05ef3186fc5e9f73fdfde29cb71589c10feab83 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/mpsl*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/ppc440 id: auto-75b402d4e540cfab350c5c2e04f51ad25668fcf5e376e1651b1c3487254797a4 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/ppc440*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.arm4 id: auto-1a085393716ff2e73a026278dca05a13646cdb11211a4bd50cf3ba06d5737eb7 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.arm4*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.arm7 id: auto-21ce453fb135b650ce4c5a0122bae5a99a7cebd30e0e38d4b0c0e3aa3affd588 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.arm7*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.mpsl id: auto-bfca316dc8a03bd0b5fdf24622a25229ff6c15effbaac8e306118ec33a9fe9ab status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.mpsl*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/wget.sh id: auto-fd3563d787b63b5356ba2154bf20e2153ad5c498afe39acadb9639df77a19e5d status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/wget.sh*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.ppc id: auto-398fb4ace1b3f0f50576469d2423c9b928f8d9e5114d862dcecf7a3d781845b8 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.ppc*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/w.sh id: auto-992cb1c6ea7658e31d6879d0eb98e8a2399f21fb6553ce062f54a33c645f1b19 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/w.sh*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.arm5 id: auto-fb5403192b0ea581dbe8b39a8951c7aed500352c704a59310cf2ba524815915e status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.arm5*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.x86_64 id: auto-ca2134d2174ee0a53f1056a475b661e890dba1fcef4679eb660a7e500f0059bc status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.x86_64*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.arm6 id: auto-d1192062699f448fd0e1a84af20697380f6ee7d42f7cbfa414b178feb95be729 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.arm6*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/astro.sh4 id: auto-fbc336c94eb1409fe4804cf8d4db8da8ea4556aec502e0ef7d7b73bdf7c0bdd8 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/astro.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/astro.sh4*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aicloudfz8346967.tino.page/bins/c.sh id: auto-3d2486e5185d3a57c24d37d6412801248f17f21bd119e1ef01b18c66c2879f20 status: experimental description: Detects traffic or activity related to http://aicloudfz8346967.tino.page/bins/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aicloudfz8346967.tino.page/bins/c.sh*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.166:55748/bin.sh id: auto-5c4ab26719f13e7ceff9f7d5fe570cfc9104b0704cdc944ed37d1a00dffdb257 status: experimental description: Detects traffic or activity related to http://110.37.45.166:55748/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.166:55748/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.x86_64 id: auto-c935e8c0e9de0803868553c12bce134f2e4428d2f7b34f84079dd62210d68071 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.x86_64*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/w.sh id: auto-92fcc67b6bcf4b31a6f1dc11c53b029e07cc1625687cfcd06ac55181964a4c23 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/w.sh*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/wget.sh id: auto-b8ce488df37732228f7fa614cfa8758dce1fa2fb957c29830e273d87cc25c152 status: experimental description: Detects traffic or activity related to http://130.12.180.132/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/wget.sh*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.216.195:33909/bin.sh id: auto-07e263e783acdc21b17f46a29228ee7a4311ce6ac240c1a6d481b9241e9d2ebc status: experimental description: Detects traffic or activity related to http://42.229.216.195:33909/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.216.195:33909/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.169.32:35479/i id: auto-a9fe1cedf5648212173fb1beb0a82a874633e21dfe50ca860e98a1ae4de4151d status: experimental description: Detects traffic or activity related to http://125.41.169.32:35479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.169.32:35479/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.11.244:57806/i id: auto-caa883f1052459da285bf372224d0678c13b1fd795c033a9328af1c02af83383 status: experimental description: Detects traffic or activity related to http://42.224.11.244:57806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.11.244:57806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.169.32:35479/bin.sh id: auto-cebdc0bbde1de9cff18e4be59b0bc173aa66991d3996b5c6d59fc3eca0d24212 status: experimental description: Detects traffic or activity related to http://125.41.169.32:35479/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.169.32:35479/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.219.155:40975/i id: auto-6ecc2100a6e84dbd02a0f0f5bb833559cf53e58cea09758e348a2bbec9cd70fc status: experimental description: Detects traffic or activity related to http://110.38.219.155:40975/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.219.155:40975/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.243.138.201:51714/i id: auto-dcb31cde5918d7874d4e8eae3de231e5ed48ae15f00204e12820cd2ba7b07fdc status: experimental description: Detects traffic or activity related to http://61.243.138.201:51714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.243.138.201:51714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.144.215:34535/bin.sh id: auto-74c5128b42b94fb884359ed40c7495d9936b0a568a36e39beceec8ec9ba2a2a6 status: experimental description: Detects traffic or activity related to http://39.90.144.215:34535/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.144.215:34535/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.125.43:39862/bin.sh id: auto-597e53c2184da3fe1c209e8cea2bd9aa26ba74d54ccad8789085bf921cd9f1aa status: experimental description: Detects traffic or activity related to http://222.138.125.43:39862/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.125.43:39862/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.123.253:47329/bin.sh id: auto-46cce8a55b08046caa1bea76ca9409ead760683b6135cd5e6e7a0b64ce666958 status: experimental description: Detects traffic or activity related to http://117.209.123.253:47329/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.123.253:47329/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.11.244:57806/bin.sh id: auto-cebc2038a70700b9271d8ec141819ae37e5b2ab84a9ccd53799441376638ca95 status: experimental description: Detects traffic or activity related to http://42.224.11.244:57806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.11.244:57806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.140.215:37579/i id: auto-7995645f8d5b7edff840140c834cf612ea95ffc0e0b3b12fe52c2ed3da650b76 status: experimental description: Detects traffic or activity related to http://182.123.140.215:37579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.140.215:37579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.219.155:40975/bin.sh id: auto-1be7d0e8cfb991ed428bf5e02ceefe01749918c69a004a7d9bf2134b6d7556e3 status: experimental description: Detects traffic or activity related to http://110.38.219.155:40975/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.219.155:40975/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.243.138.201:51714/bin.sh id: auto-b7706d73e913c690592ce000b3af3fbb88ec8a7359b56ee24342f1381f7b7eb6 status: experimental description: Detects traffic or activity related to http://61.243.138.201:51714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.243.138.201:51714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.130.146:60116/bin.sh id: auto-f7f900a282308078f8258d0a09586b18a709922934d69208a2b2bde4a5b9c894 status: experimental description: Detects traffic or activity related to http://222.140.130.146:60116/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.130.146:60116/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.252.176:38538/bin.sh id: auto-ddb73c5c7c5b84c69cbb35a8c5925bebf7dc41f7d2f37f5319813332b31bab23 status: experimental description: Detects traffic or activity related to http://221.15.252.176:38538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.252.176:38538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.112.100:40453/i id: auto-af5484b180555b0155b3455156af9e80d55c8070e11d8bebd8331a5effd87341 status: experimental description: Detects traffic or activity related to http://110.37.112.100:40453/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.112.100:40453/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.105.203:54104/i id: auto-997424dd7c3e5b88098f25d28ff0625c5742eda9868ad4e000810b9c40cd7715 status: experimental description: Detects traffic or activity related to http://175.173.105.203:54104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.105.203:54104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.165.223:60684/i id: auto-956dd40eb573dc52b6f1b9a057df5c22830a9f401e8d0e348638d3a064ee1a5c status: experimental description: Detects traffic or activity related to http://115.56.165.223:60684/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.165.223:60684/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.88.93:45595/i id: auto-b36769cc75b492aa7536a232f63a9f95b512034732867306d7622f36420fdb8f status: experimental description: Detects traffic or activity related to http://42.231.88.93:45595/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.88.93:45595/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.105.203:54104/bin.sh id: auto-313617e7757db8137e4820843f21e788d74969ca5708ca5fc7dfa7f79722d1c9 status: experimental description: Detects traffic or activity related to http://175.173.105.203:54104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.105.203:54104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnaarch64xnxn id: auto-f33433bcd106013d5d40ebab558086f3c55503cf8fa103f42f4861155986b45d status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnaarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnaarch64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnor1kxnxn id: auto-a422c9a8a9dff6f351d20a90ede85f2a2bb4ef7d74482c1cb8b6da5731e426ec status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnor1kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnor1kxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnsh4xnxn id: auto-71c948e0209a54c6e6e3bd42ef27034e855cff3b36c46e371ed2907a86848ea4 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnsh4xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnsh4xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnpowerpcxnxn id: auto-2a471ce3c47c0ae723b572b1d53a83bd175ce9993d9f81717325e51ed5d21b2e status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnpowerpcxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnpowerpcxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnm68kxnxn id: auto-524180b4cdb05081c724ecccebb5cd0d28066bf43577fe2865971dab60b8356f status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnm68kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnm68kxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxni386xnxn id: auto-e524000e6a5f265d3d7f06128d0e0f40e8d3da2253ded2eb4ac03932cedc8d1c status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxni386xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxni386xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnloongarch64xnxn id: auto-f3c565558d07828e04bced23523701a23cfd8c304277e70ae8b6332cceed6e81 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnloongarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnloongarch64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnriscv32xnxn id: auto-c9042ae6d309231ad821cffcdfd2a3b333fc054c6b4fb6393e361271f5793649 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnriscv32xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnriscv32xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnriscv64xnxn id: auto-1dece655ae30e1346b9877a4f1ccf9523cb579429e10a6ded00d26a18cf734ad status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnriscv64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnriscv64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnsh2xnxn id: auto-71085302b8b7318cf54e79c2399f0f67eb3b459b41015accfe5524b3f1bd81d5 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnsh2xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnsh2xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnx86_64xnxn id: auto-416aba21f3d81ead24b13d6ce57e9f149d2f974f57af38facd13852980ff6e82 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnx86_64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/run.sh id: auto-de9a25c5ac315728cc4c63be15746c99ac34c29831c9082d59fa6f5d94beeef9 status: experimental description: Detects traffic or activity related to http://51.81.135.242/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/run.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnmicroblazexnxn id: auto-31fea17f323b19e5be3e516a263a301d30e3e6afd58c15acad533402938dcde2 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnmicroblazexnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnmicroblazexnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.81.135.242/bins/xnxnxnxnxnxnxnxnmipsxnxn id: auto-9116b63f5919c497dce840b2ad3cf80054c27968b09393712951fb36d01d7f54 status: experimental description: Detects traffic or activity related to http://51.81.135.242/bins/xnxnxnxnxnxnxnxnmipsxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.81.135.242/bins/xnxnxnxnxnxnxnxnmipsxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.88.93:45595/bin.sh id: auto-94f628e40c099f83b909fa5a07a20ffaf6eaca280337c20f87d938fa9f34c871 status: experimental description: Detects traffic or activity related to http://42.231.88.93:45595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.88.93:45595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.226.235:54039/i id: auto-d654fb9ab3a65fc368585314ad2020d2ea59125f094244e1568b0fd1c7845c7e status: experimental description: Detects traffic or activity related to http://182.112.226.235:54039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.226.235:54039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.179.234.65:45393/i id: auto-32bc71e5f10cc612435796c0bee60db57f9398b11034a308f37ee26621f0a84d status: experimental description: Detects traffic or activity related to http://123.179.234.65:45393/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.179.234.65:45393/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.112.100:40453/bin.sh id: auto-d7b290d9313ee60fcc2fd2a69426fd31d0bee99ba649f7fe6bbeaeae90b8e80c status: experimental description: Detects traffic or activity related to http://110.37.112.100:40453/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.112.100:40453/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.112.139:42912/Mozi.m id: auto-f7da4a405e3742169db1c169c52bf998190549d0ece925e1d0d02917990b574a status: experimental description: Detects traffic or activity related to http://59.94.112.139:42912/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.112.139:42912/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.226.235:54039/bin.sh id: auto-54dc6e52e898c217214312718c2816feeb2c6c1b6cff6ad1fdfc78932e564f09 status: experimental description: Detects traffic or activity related to http://182.112.226.235:54039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.226.235:54039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.115.19:47953/i id: auto-45e34a5477a57bb4150cc583d95894b6e7a6909b858232bc61d09ca3f74bc8ab status: experimental description: Detects traffic or activity related to http://117.200.115.19:47953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.115.19:47953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.178.134:46134/i id: auto-861959ace1489167157734f872e4a01c1f11aacd52594942bd6e27f0b1daa05c status: experimental description: Detects traffic or activity related to http://123.8.178.134:46134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.178.134:46134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.229.161:57312/i id: auto-74da5311b7beb30911ca198f91ea2290e82e88e1c2a176f773e81883c4eaab8c status: experimental description: Detects traffic or activity related to http://123.12.229.161:57312/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.229.161:57312/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.140.215:37579/bin.sh id: auto-7552f3a1b5072f25b7821315e4d8db5db364da7d6ca2795f47e80dd19b52499d status: experimental description: Detects traffic or activity related to http://182.123.140.215:37579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.140.215:37579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/Ex4xs64.exe id: auto-e0a212aead797dba32f0fab507615c52cd097341223f542cb07975d0c77a5746 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/Ex4xs64.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/Ex4xs64.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5190150032/4dyxYQW.exe id: auto-7d8ac8f50e965f12d368084e2d39e52b125d754e5df61b6bf59dbb2c025f6a67 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5190150032/4dyxYQW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5190150032/4dyxYQW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.178.134:46134/bin.sh id: auto-d003ba12805c2557cb581d6cc597ad6bd01eeeac7fe87cd23686eaff2e046531 status: experimental description: Detects traffic or activity related to http://123.8.178.134:46134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.178.134:46134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.13.149:58627/i id: auto-a4b47d2c90e2780635e04018ea9c45331bb255765514a0ecb27ea0e57c878850 status: experimental description: Detects traffic or activity related to http://110.37.13.149:58627/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.13.149:58627/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.115.19:47953/bin.sh id: auto-f045c270cddd2d00cfa91420a6082a2afd97803c7b00adf0758008a6d7bd60de status: experimental description: Detects traffic or activity related to http://117.200.115.19:47953/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.115.19:47953/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.48.19:60160/i id: auto-7d35713811033965e9cd26a4ca5d3908366f838afd8ff1b0aaa6270dcc187195 status: experimental description: Detects traffic or activity related to http://182.114.48.19:60160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.48.19:60160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.229.161:57312/bin.sh id: auto-b1085b95ffc8714554f89ae9ec49fc4b657dd84f9cef0be2f1579a5c46eeefa4 status: experimental description: Detects traffic or activity related to http://123.12.229.161:57312/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.229.161:57312/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.112.224:59553/i id: auto-f25d0abe5ca7b1a6db32c0bf7c3e47b51730f4bdfbe2571f860777fe474ddf99 status: experimental description: Detects traffic or activity related to http://112.248.112.224:59553/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.112.224:59553/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.13.149:58627/bin.sh id: auto-41ee242e3217b80a4082e756e0af45c06621112654c23e902032ee88583eae20 status: experimental description: Detects traffic or activity related to http://110.37.13.149:58627/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.13.149:58627/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.223.218:55934/i id: auto-ac188af3e99bb639e74568506920e57fd5aac525ee6569122290eb46490e347d status: experimental description: Detects traffic or activity related to http://219.157.223.218:55934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.223.218:55934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.5.227:50488/i id: auto-8fab197a3f7e8c3d589680bc11a843ff38f4be1b1336d5ef8b33a64eab857085 status: experimental description: Detects traffic or activity related to http://115.51.5.227:50488/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.5.227:50488/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.148.63:45588/i id: auto-3b9c84ef18357e0b683a4231d2cd93d4bf6f871deae47ed62bca9d32d8ae9a89 status: experimental description: Detects traffic or activity related to http://60.22.148.63:45588/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.148.63:45588/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.112.224:59553/bin.sh id: auto-3ef99fa1eca11d9c1852d624dbc0c6d98de0be3c0bc4c2d59e11ba66a35f1605 status: experimental description: Detects traffic or activity related to http://112.248.112.224:59553/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.112.224:59553/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.215.19:41467/bin.sh id: auto-7bf6db7b5bbbe7556ca694ace87a182bf0464ef3910c2982cb49e2b746ebcf8b status: experimental description: Detects traffic or activity related to http://119.189.215.19:41467/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.215.19:41467/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.223.218:55934/bin.sh id: auto-f3d0f0b1967de7063f3ce2f2b9c49c2c9c3830b7da7dc98898e56a11f3e8e319 status: experimental description: Detects traffic or activity related to http://219.157.223.218:55934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.223.218:55934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.ppc440fp id: auto-0c54893cdc0c8c3320283186ad59cbf08ea3933ec10f92d1ba16b18acba285dd status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.ppc440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.i468 id: auto-4186b3436d6e8717e67981d5a5f6f77c4bf9454742a70c3a5fef8ccd947a106e status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.arm4 id: auto-5078afad15785f3058ead1e92ffb9fb2f70af0983b282eaa97ba0115e3439f94 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/parm4 id: auto-637678af5da9454f4bb599dbc47ae04b29c9d4c3f4923f96c2b5dfb5da5ab801 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/parm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/parm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.10.141:40289/i id: auto-a7fbb790983bbb9c9fbd95a2f6a579b7fae1f46240e618ab5ff4ea3c8654bd9a status: experimental description: Detects traffic or activity related to http://60.18.10.141:40289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.10.141:40289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.64.135.181:42965/i id: auto-c61e9d19163d062c97a6a07504a30bbda70082cb93e15f856dafc51b86284329 status: experimental description: Detects traffic or activity related to http://217.64.135.181:42965/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.64.135.181:42965/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://75.180.21.218:53846/i id: auto-04790bb0cd275ece19d3cb29b241dc5a6f9047250cab098ac8fdaeeaff29b3ad status: experimental description: Detects traffic or activity related to http://75.180.21.218:53846/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://75.180.21.218:53846/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.96.210:44787/i id: auto-7f36f77cd3092a18b3b1383086c200a8cf2b38a68896c54d52c69bece80b2af6 status: experimental description: Detects traffic or activity related to http://110.37.96.210:44787/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.96.210:44787/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.25.50.187:34009/i id: auto-0fcf056fbaf2abb22f39009f229da9ce43b26e1eee7114cc3fbeaf7ea69c7b31 status: experimental description: Detects traffic or activity related to http://125.25.50.187:34009/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.25.50.187:34009/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.105.250:40816/i id: auto-8290b923dec4aade224bc3fd03507523c5ebac73db40ebe26204b0699e5e77be status: experimental description: Detects traffic or activity related to http://112.248.105.250:40816/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.105.250:40816/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:39917/i id: auto-5824407a52b24eab095454a3fcdc466115090d826dabc5268b67f5c7b0c15457 status: experimental description: Detects traffic or activity related to http://110.37.110.217:39917/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:39917/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.148.63:45588/bin.sh id: auto-c40a3155ae43d9effb6f8e417aa4b24422e900d20f3d2e4a59fa835f24cd36e5 status: experimental description: Detects traffic or activity related to http://60.22.148.63:45588/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.148.63:45588/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.107.173:53303/i id: auto-cb931d30814a4dbe1db25ecea4e7ffbbdbc1a8cc6e2aeb25b60fe909fcba9a7f status: experimental description: Detects traffic or activity related to http://27.37.107.173:53303/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.107.173:53303/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.8.120:44211/i id: auto-023db4847bf27e4006780bd6d27abcb7c0c1f7b966b558a87e3346542d87b1fa status: experimental description: Detects traffic or activity related to http://125.40.8.120:44211/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.8.120:44211/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.91.44.112:8080/02.08.2022.exe id: auto-cd2aa2bd280c2d0d3051cdeddac02c665335616d381f1710d14e62b037a9cd8c status: experimental description: Detects traffic or activity related to http://119.91.44.112:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.91.44.112:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.156.161.9/02.08.2022.exe id: auto-9972c5f447809532a66ba6f3f00be17f171c34e625d41d9e01f5ae49a612095e status: experimental description: Detects traffic or activity related to http://124.156.161.9/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.156.161.9/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.32.108.119:61115/i id: auto-cf2c616156618ee86e2779aafe78f7a78fb01e154b853bdb14290ca45f992edf status: experimental description: Detects traffic or activity related to http://36.32.108.119:61115/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.32.108.119:61115/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.174.192.246/sshd id: auto-b3394e30c2d1dd020f8aa9e1eab5fec0afd61dc451fbbaa02e051ac0d9eea927 status: experimental description: Detects traffic or activity related to http://113.174.192.246/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.174.192.246/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.248.146.15:44379/i id: auto-b5c3910420f126713c57e3683612c606477bc75302f80a4499c6d7c7d1c74881 status: experimental description: Detects traffic or activity related to http://92.248.146.15:44379/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.248.146.15:44379/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.96.96.35:14390/i id: auto-3638bae2fe8f9cf514ee51531b8fbede2dc6b29fdbd021df2bf84123986e5107 status: experimental description: Detects traffic or activity related to http://103.96.96.35:14390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.96.96.35:14390/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.67.193:2003/sshd id: auto-f38b793be50d13861cd56d3a3b86ca57b3854a87c092b583f974dca79f9ee971 status: experimental description: Detects traffic or activity related to http://59.94.67.193:2003/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.67.193:2003/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.103.168.170/sshd id: auto-b498a5737ced4aad895e3bafee71c035288ba87f968bf96344ae1b64d33934d9 status: experimental description: Detects traffic or activity related to http://116.103.168.170/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.103.168.170/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.100.98:2000/sshd id: auto-66c25d865dbb52c33645712ce8aa241bff36e54d96f49ae1362ba5d81d2a4ce7 status: experimental description: Detects traffic or activity related to http://61.3.100.98:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.100.98:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.147.202.53:9635/i id: auto-6abb6c60a9a2082b9ab260972efd6c6af8623b7340120866a6dde21c132997ec status: experimental description: Detects traffic or activity related to http://45.147.202.53:9635/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.147.202.53:9635/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.206.140.231:32192/i id: auto-38c0b6dd5195566170fef79c3c661fc2dbeceb06d72ddfc79cc36c5c4539d536 status: experimental description: Detects traffic or activity related to http://176.206.140.231:32192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.206.140.231:32192/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.105.250:40816/bin.sh id: auto-17fde52e5489906630bf0a4f704d970213079985a387165096165adcb72dd1c7 status: experimental description: Detects traffic or activity related to http://112.248.105.250:40816/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.105.250:40816/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.107.173:53303/bin.sh id: auto-af83cd44340d642b91c8b84a45357322b2c9f69ed4c00f501971a868f599277a status: experimental description: Detects traffic or activity related to http://27.37.107.173:53303/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.107.173:53303/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.55:38939/i id: auto-cd669a54589f7fbdc9de4ea3d97579062b4b47563503794ad3d29d9bb9963524 status: experimental description: Detects traffic or activity related to http://110.37.5.55:38939/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.55:38939/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.33.189:55766/i id: auto-dad257f81ce81a9781d44149aaf804d9d7a735029b5866c7b8e856eabe447606 status: experimental description: Detects traffic or activity related to http://219.154.33.189:55766/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.33.189:55766/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.197.203:40545/i id: auto-ea82f75d9715a109ee1df4623957219ac2c7ad2ad11cb57d2c5baa72129229a4 status: experimental description: Detects traffic or activity related to http://182.123.197.203:40545/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.197.203:40545/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.138.238:53952/i id: auto-0296f7e2f2813da9476e5eceebcfb0ada0f767acb5328322045dcebb9356b49c status: experimental description: Detects traffic or activity related to http://61.53.138.238:53952/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.138.238:53952/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.207.234:58216/i id: auto-2dfc0228f936e8f4c5e3e44305b0a541cb1077ea2e5055368b6a7c71281dcbc0 status: experimental description: Detects traffic or activity related to http://123.5.207.234:58216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.207.234:58216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.207.234:58216/bin.sh id: auto-98fdd9d329c78415420b9b146f675d38821b4d1878c613b7446baff40e109865 status: experimental description: Detects traffic or activity related to http://123.5.207.234:58216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.207.234:58216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/telnet.sh id: auto-4449061b04d5ba479dc159f97b8a4f56fb071aedd3e6d747aed117490dc4d01e status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/telnet.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/telnet.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/b.sh id: auto-c29c8fffaf9ad87f949707d9cfc3b03dd0141dc685165eac22529a34d69b25fc status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/b.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/b.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.55:38939/bin.sh id: auto-c34196ba7fc3cab685e828edae119f11763d442446ae9757412da9c9397d9c62 status: experimental description: Detects traffic or activity related to http://110.37.5.55:38939/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.55:38939/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.116.14.93:59151/i id: auto-617f28c1313143c2ea912df94b02e03d4bb1ca6b226e7c9f4721c4040fedc1b0 status: experimental description: Detects traffic or activity related to http://69.116.14.93:59151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.116.14.93:59151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.33.189:55766/bin.sh id: auto-80b9f7dee730844f54298dc2981d0ff1d375ebb849af2d5fca7f29da68e846ba status: experimental description: Detects traffic or activity related to http://219.154.33.189:55766/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.33.189:55766/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.12.2:54793/i id: auto-f1015f23403cd2afd618103cc9ad77fb4287b01c9cf0d1efdcba7f7e601ec60e status: experimental description: Detects traffic or activity related to http://222.141.12.2:54793/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.12.2:54793/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.10.141:40289/bin.sh id: auto-0c712d931b8b8b019e48aa6e378c0acc815db7f083f0d5c394b2f7b77d7e51c0 status: experimental description: Detects traffic or activity related to http://60.18.10.141:40289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.10.141:40289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tokitokusb.sbs/TikTok18.apk id: auto-ed036ddfca249b51fa6377b8bda1cb0513742271b2b45edf444c7be81fb9a5a8 status: experimental description: Detects traffic or activity related to https://tokitokusb.sbs/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tokitokusb.sbs/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tiksok.top/TikTok.apk id: auto-b6a65288897ddbf22d679fc9aa746f05d835f38f4e3d4e325bee260b96dd35a9 status: experimental description: Detects traffic or activity related to https://tiksok.top/TikTok.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tiksok.top/TikTok.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:39917/bin.sh id: auto-5e0dfa9be46b55209c45ec0b94395352b109eceb8125c178427b7c2c3a566110 status: experimental description: Detects traffic or activity related to http://110.37.110.217:39917/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:39917/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.166.73:37273/bin.sh id: auto-e411aed6ea95e7f94bf4969732f79d4400e83f3258a6b6942e00fcbe2d59b47d status: experimental description: Detects traffic or activity related to http://115.54.166.73:37273/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.166.73:37273/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.156.105:37375/i id: auto-5397036d4895119343c5fa60134b04d6bf579d0f5d4d8960451dd0a54de01bea status: experimental description: Detects traffic or activity related to http://42.234.156.105:37375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.156.105:37375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.116.14.93:59151/bin.sh id: auto-7816803238a64c791d18d3b1a3ad77000e8bac0fa6c6b335441eae2eb5c65a7c status: experimental description: Detects traffic or activity related to http://69.116.14.93:59151/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.116.14.93:59151/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.12.2:54793/bin.sh id: auto-55a8b02af0f55589d309e19bce8daa5b1f53032a18d441dc5daff2ef3f6aa820 status: experimental description: Detects traffic or activity related to http://222.141.12.2:54793/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.12.2:54793/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.48.19:60160/bin.sh id: auto-e041e91757a452a7721d32e11dcbfffff9c164a2acf0d7075b4bf153cc00ebcf status: experimental description: Detects traffic or activity related to http://182.114.48.19:60160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.48.19:60160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.97/ep9TS2/httpgd id: auto-2e6356a68884adaeb5c5e2c17dde9ee17074bcf4207fdcb95ecb47bde7430fd7 status: experimental description: Detects traffic or activity related to http://194.110.247.97/ep9TS2/httpgd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.97/ep9TS2/httpgd*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.79.77.16/ep9TS2/httpgd id: auto-bc27a5c08d1a9cbcf0bda22b7171432e8c2dadb34e5d40886fb98eebd9012bb6 status: experimental description: Detects traffic or activity related to http://103.79.77.16/ep9TS2/httpgd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.79.77.16/ep9TS2/httpgd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.79.77.16/ep9TS2/nnt.sh id: auto-e463d4dce2a63344fabd4fb03b3207e8ed8f4de7179ee28cdd9cc3d4271bb08c status: experimental description: Detects traffic or activity related to http://103.79.77.16/ep9TS2/nnt.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.79.77.16/ep9TS2/nnt.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.97/ep9TS2/is.sh id: auto-490e29f35de0de5b3b3511d4b1155c2dfb9fd8853b9c4f16c9daea2c26c97ba2 status: experimental description: Detects traffic or activity related to http://194.110.247.97/ep9TS2/is.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.97/ep9TS2/is.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.97/ep9TS2/nnt.sh id: auto-018288779a2a6eb520605a0b35ee5df16d56cd26b7091784b2978e24a80d3084 status: experimental description: Detects traffic or activity related to http://194.110.247.97/ep9TS2/nnt.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.97/ep9TS2/nnt.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.97/ep9TS2/ndt.sh id: auto-e9b9e71c6a256e398c20a75d71f10eb719fe05d4b22fed5898512536a83aeb16 status: experimental description: Detects traffic or activity related to http://194.110.247.97/ep9TS2/ndt.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.97/ep9TS2/ndt.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.243:52846/i id: auto-26325b7f745935ec63c62301a6f3625391beeff004b9e70534c98d3dc67d769a status: experimental description: Detects traffic or activity related to http://110.37.45.243:52846/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.243:52846/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.166.77.31:19708/i id: auto-451dd93ead8b59e521051e31621ea85a0074460177daa651bdbd7cde3ae22480 status: experimental description: Detects traffic or activity related to http://124.166.77.31:19708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.166.77.31:19708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.166.114:40340/bin.sh id: auto-70402b3c5566645b3dacf6996943442d8f78ba16d73f3ab904a73bcb7e40b401 status: experimental description: Detects traffic or activity related to http://182.127.166.114:40340/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.166.114:40340/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.127.104:48482/bin.sh id: auto-76eb979afa756e57afa95c8397370733f2158574b8b7c74dd54321c13fd4ab9b status: experimental description: Detects traffic or activity related to http://123.14.127.104:48482/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.127.104:48482/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.204.160:44583/i id: auto-4bec18bb86a0fc811faa592d3034f5a9e12379728093a9c99192c4177748f86f status: experimental description: Detects traffic or activity related to http://222.138.204.160:44583/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.204.160:44583/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.156.105:37375/bin.sh id: auto-5060633aea8f05d0eb2a40a62c7557dce109ca33a8579eb46c50f12a59a12ab8 status: experimental description: Detects traffic or activity related to http://42.234.156.105:37375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.156.105:37375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.110.177:35414/i id: auto-e01a3e58af84e64b481a47b59420a2eda1a8cdaa00f19381b4f271f12e4bc86b status: experimental description: Detects traffic or activity related to http://115.52.110.177:35414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.110.177:35414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.203.237.140:45112/i id: auto-0b12734594acc4c8a3a20c48cf6ec8dd85b9ed623fef7ad1c7c2cae81b9e38ae status: experimental description: Detects traffic or activity related to http://221.203.237.140:45112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.203.237.140:45112/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.50.177:35953/i id: auto-63bdaf7afc41124451ec3985a83f5acaeab21845869e11625d7a79dda7ab5ba2 status: experimental description: Detects traffic or activity related to http://182.114.50.177:35953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.50.177:35953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.166.77.31:19708/bin.sh id: auto-991f46ae698c1fab425a5139fb7b4fa72a90ebb3a8d08954d0a8d72c1a9551f8 status: experimental description: Detects traffic or activity related to http://124.166.77.31:19708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.166.77.31:19708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.243:52846/bin.sh id: auto-6f651c2ba85a94e35b039cd5ae9cbda4239c9856103de002cd59a864b0100d4b status: experimental description: Detects traffic or activity related to http://110.37.45.243:52846/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.243:52846/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.12.225:56537/bin.sh id: auto-8b412be729f09baf6d09e03fdfa998443948915b24a94de02d47ac2779d5e4ba status: experimental description: Detects traffic or activity related to http://115.63.12.225:56537/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.12.225:56537/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.110.177:35414/bin.sh id: auto-d861c4a6257f8e7bc14d050f58a5a9cf6d68ac2b2376d6dbda7d9ee2572fd77b status: experimental description: Detects traffic or activity related to http://115.52.110.177:35414/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.110.177:35414/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.149.160:42381/i id: auto-ee464f4fe0991fd0896141e634e66a1c601429230100fc37f17bcee22afe4335 status: experimental description: Detects traffic or activity related to http://222.138.149.160:42381/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.149.160:42381/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/mipsel id: auto-b8676949fbab0410cd640180c3c47c0e3411bd0794f64c33f459c4b470d11d80 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/x86_64 id: auto-689dda8799929695fe0382d5756286e9c63c09c031d06f677efbcf0e677bd836 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/arm7 id: auto-260aec3d3e7683400c7f1d4baf742666f427d58c349011152cdce8cf83ce1c92 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/spc id: auto-2e5f065f863e7c4ed443b74bc229387d62df6bae8636ad315aca642f5658e90c status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/mips id: auto-a84dfa3d104309baebd7c7af8f8bb064a0579e890fd1ca584e7229fa845fc76b status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/arm id: auto-cbf3ee71d2a98d6623636c78509ecdea9cf15f06a844e7af0d482eada956a34c status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/arm5 id: auto-410c6712b7caf36e9b887c2af68be9fb168013b095097c094af18ed991054249 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/arm6 id: auto-ec32f8c5c3ba38b3605f5dda5d66786fcf949f277964b8625c1f9e5927a037e5 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/sh4 id: auto-112ec1b999e4f20ae44cfd20cf3c5fa6c4d19d87524c243fd57d70b703e55064 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/ppc id: auto-e081613bf937f59e3e6da0223cb6644e71e6607c893a139dec79367d34ccaf9f status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/x86 id: auto-69a636f22d295e54d85a19f2b0fb367d95ffd3fce7aa0add49d84588030b1a6b status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/bins/m68k id: auto-2c941c62442397c2f24e3d3cb9016dfa73dd4380f347a06de87d9e3ee33d7397 status: experimental description: Detects traffic or activity related to http://147.135.3.192/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.3.192/wget.sh id: auto-91aba0d7117e875a6a940a1216f0111638d3336295899a1aa54f93ae26a8b192 status: experimental description: Detects traffic or activity related to http://147.135.3.192/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.3.192/wget.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.149.160:42381/bin.sh id: auto-e090dcf20de8eff7f0b3af52a96467b9e08cb0776574a614cc58f6f8a9f7c739 status: experimental description: Detects traffic or activity related to http://222.138.149.160:42381/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.149.160:42381/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.98.132:50756/bin.sh id: auto-3f70ce66c9bf33378300f6c1627c4e5a0b88197e06e3c19cf5fb9dc86d6f3a35 status: experimental description: Detects traffic or activity related to http://202.107.98.132:50756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.98.132:50756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.255.133:51217/i id: auto-d00a6d721a75431883514f2833d9410bea10e4d09a8391340f100330a1841881 status: experimental description: Detects traffic or activity related to http://117.208.255.133:51217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.255.133:51217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.204.160:44583/bin.sh id: auto-95f4a85aa51afa69f0e54d4522104614f870046263806c8ffdaa48f92adc826c status: experimental description: Detects traffic or activity related to http://222.138.204.160:44583/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.204.160:44583/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.255.133:51217/bin.sh id: auto-31af40ca74c89780e7175fc012920884473ef196c08016de299261a4ea727c70 status: experimental description: Detects traffic or activity related to http://117.208.255.133:51217/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.255.133:51217/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.175:36964/i id: auto-65d50ca9a079f9c3f590cae5f3117c3c766c9ef1b47b146f41b15987ea7c4458 status: experimental description: Detects traffic or activity related to http://110.36.0.175:36964/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.175:36964/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.77.200:39199/i id: auto-5ac81c7934ef821a168fdf2591633ef558b748f5c5814b0c3342173b461e4738 status: experimental description: Detects traffic or activity related to http://60.22.77.200:39199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.77.200:39199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.76.235:50719/i id: auto-98166c1c8e5a0bb92a95a9d4d3573c725b45ff941b717d32804e1b01fbf378fa status: experimental description: Detects traffic or activity related to http://112.249.76.235:50719/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.76.235:50719/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.192.226.109:47450/i id: auto-9fb5d29f8df43b5b7252359f102c75e0de0eb58f2c01cb38e2ea07f7970987ab status: experimental description: Detects traffic or activity related to http://220.192.226.109:47450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.192.226.109:47450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.219.180:50149/bin.sh id: auto-9005fd7db37827a60ececb4be460fe0fbcced97cc651faaffd018213db195846 status: experimental description: Detects traffic or activity related to http://115.55.219.180:50149/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.219.180:50149/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.3.116:48241/i id: auto-37967a6c157dbc50070ac6a3e32efa44925d58115068f88a9142ec769a5f883a status: experimental description: Detects traffic or activity related to http://182.119.3.116:48241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.3.116:48241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.175:36964/bin.sh id: auto-9611c9ef0dfdc073c13adda453cdc330d26fd21cb976cd8478db9dcaf3dacf0c status: experimental description: Detects traffic or activity related to http://110.36.0.175:36964/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.175:36964/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.83.197:57697/i id: auto-c31ccccc5f464d171a476a9dc516d72e529ee530e080766070e8e40a58fab089 status: experimental description: Detects traffic or activity related to http://115.57.83.197:57697/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.83.197:57697/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.255.191:48189/i id: auto-a2f573fa80c32a5cf05474978c67b566ab0cde9bfa1f2e4bedfd90f3e7a614f0 status: experimental description: Detects traffic or activity related to http://110.39.255.191:48189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.255.191:48189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.45.176:52057/bin.sh id: auto-6e2ad8a2335d4c7be7b05baec3fd02d1ebae684a990af8286eb5c39c6655c684 status: experimental description: Detects traffic or activity related to http://117.217.45.176:52057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.45.176:52057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.77.200:39199/bin.sh id: auto-b2ec00ca5fd1fb473dadf81eaf27f0a92cd554e241e84410e6585d5405d97957 status: experimental description: Detects traffic or activity related to http://60.22.77.200:39199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.77.200:39199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/617141857/rZ7xHIy.exe id: auto-c58bbc7d31e8d4c576496caf7b37bd166925211a2e33c0b0507355ad646c707c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/617141857/rZ7xHIy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/617141857/rZ7xHIy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.117.16:44562/i id: auto-561a060296437699225df37e6a4c7d209e1b2250b7d227c153837f4d7941a489 status: experimental description: Detects traffic or activity related to http://123.14.117.16:44562/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.117.16:44562/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.35.150:56480/i id: auto-6a40c13fcd1972394a56541793f938adbae4b2a90b5b5241221eac2de6a65657 status: experimental description: Detects traffic or activity related to http://125.47.35.150:56480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.35.150:56480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.151/xopbs.exe id: auto-bc760c1c4bea9399ff89ce2bc0fda3e2d221a4000187ada27f55ad71a999b33a status: experimental description: Detects traffic or activity related to http://45.93.20.151/xopbs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.151/xopbs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.86.128:48637/i id: auto-3d7fae8cc586c8f1af91de9f59af3472aa39d2f0d558f5c105df15045efed823 status: experimental description: Detects traffic or activity related to http://110.37.86.128:48637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.86.128:48637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.231.154:42945/i id: auto-da51ed6b6fcd76b62648bac2d6aebb5c275eed07fc7700c9b7467327f6945144 status: experimental description: Detects traffic or activity related to http://115.50.231.154:42945/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.231.154:42945/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.64:55164/i id: auto-4e0538320362900ec0416abdc9604e60d286f985735824e57305c1be43a68788 status: experimental description: Detects traffic or activity related to http://110.37.66.64:55164/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.64:55164/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.117.16:44562/bin.sh id: auto-b6c53ec85cc82859896b9fa9649ffe9647fc88b94cce7142aab86daca5747325 status: experimental description: Detects traffic or activity related to http://123.14.117.16:44562/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.117.16:44562/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.32.53:44474/i id: auto-916358296326a376ac9ee78e5b114712cd1a9c528f2ed242680525110ddf607e status: experimental description: Detects traffic or activity related to http://180.191.32.53:44474/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.32.53:44474/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.64:55164/bin.sh id: auto-9ac600207b3b973728bd0320510a1a5ea7e2caaa1e70ec55e2db9f59293b44ea status: experimental description: Detects traffic or activity related to http://110.37.66.64:55164/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.64:55164/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.89.146:50858/bin.sh id: auto-8eddc307844c375e915d9a728fad0dd5a41ec8671c4b2b91de1d2bd6445cad4a status: experimental description: Detects traffic or activity related to http://119.117.89.146:50858/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.89.146:50858/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.86.128:48637/bin.sh id: auto-54b1ad4c4699357dd679871c50853957e611ba02632798b67c80362162086ada status: experimental description: Detects traffic or activity related to http://110.37.86.128:48637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.86.128:48637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.231.154:42945/bin.sh id: auto-7f9619faa20c642162e96ae217c0cc6a645d8cbdae2dce9e6c1dfd030bcbddb6 status: experimental description: Detects traffic or activity related to http://115.50.231.154:42945/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.231.154:42945/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.136.155:41363/i id: auto-3970a6b7a754ee39b6bc2455b1b0bcaf80fafbc297681dba7f44e434807f8fcd status: experimental description: Detects traffic or activity related to http://108.170.136.155:41363/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.136.155:41363/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.102.154:39997/i id: auto-2a870c2203f6609d9f43fe97f09407e4b08b31ba68b4cc9b2b7604361e96fa02 status: experimental description: Detects traffic or activity related to http://113.230.102.154:39997/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.102.154:39997/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.68.168.193:33277/i id: auto-9b5f2ddad49417a7ba964262f7b614d9ad62cad3765ac1f209dabf8a558c27db status: experimental description: Detects traffic or activity related to http://219.68.168.193:33277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.68.168.193:33277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.32.53:44474/bin.sh id: auto-aa775423a88eff4559ffe6348c3aa3867a5fe5478cd3143c1adba415f92d7d5e status: experimental description: Detects traffic or activity related to http://180.191.32.53:44474/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.32.53:44474/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.53.53:50422/i id: auto-5c169afec080849d4b91add62a5c501a8528365475132c836bcbfbc1471b0c6d status: experimental description: Detects traffic or activity related to http://115.48.53.53:50422/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.53.53:50422/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.136.155:41363/bin.sh id: auto-e792b54bd8303964953672e8d4783c9b77f69f94422192a42935e12bc9d5928e status: experimental description: Detects traffic or activity related to http://108.170.136.155:41363/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.136.155:41363/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.119.205:52520/i id: auto-0729331b375de2e21f712f412ba56ed65097257dd23104bb0c2e2f11c5a17eb2 status: experimental description: Detects traffic or activity related to http://42.4.119.205:52520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.119.205:52520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/payload.sh id: auto-a49fb75c32d38576aae96aa34521308299ce72c5695b7867cf4d05a3a2bc16cd status: experimental description: Detects traffic or activity related to http://64.34.87.123/payload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/payload.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.12.225:56537/i id: auto-153fa7aa29323e139a0b7dcb54fd29b679fd3f7bab31db039e372a5872b87f87 status: experimental description: Detects traffic or activity related to http://115.63.12.225:56537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.12.225:56537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/m68k id: auto-f032eedf3a5325f0cb2c4337338fb5bfd61a8bbf11f56f5f6cffa904be9034db status: experimental description: Detects traffic or activity related to http://64.34.87.123/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/ppc id: auto-c56a4852a92eb0b4404a70cf09f0ff24d40220cd477f5b489fb86d025aca1613 status: experimental description: Detects traffic or activity related to http://64.34.87.123/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/sh4 id: auto-301fb0e2e9ce181ab5ac3a774f499e5806503b3f992b3ba0ad8ceb25cd457fe2 status: experimental description: Detects traffic or activity related to http://64.34.87.123/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/arm7 id: auto-505a3bd2ef06529efdbc939290a4be55419a41a11f44326973105b9d0cc00ec7 status: experimental description: Detects traffic or activity related to http://64.34.87.123/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/mpsl id: auto-9419416e349e6a0ebc25ff156cb5f21edb9b1e773195dc2f702c48f1d565c20a status: experimental description: Detects traffic or activity related to http://64.34.87.123/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/arm6 id: auto-feba80d557b90880e3eb773b847ae7cf271ead4c59af82278859f79b7ea3536d status: experimental description: Detects traffic or activity related to http://64.34.87.123/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/spc id: auto-9cb00fa13035a12329fd30caf0ea204655d5a798d69f6d56e68e92587194ae2a status: experimental description: Detects traffic or activity related to http://64.34.87.123/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/test.sh id: auto-e01850c8146475dbd576dbf8eee959ff5edd5444f93d47918e6f2a080ce76322 status: experimental description: Detects traffic or activity related to http://64.34.87.123/test.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/test.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/arm5 id: auto-35a910ac152c5a764b70adb3ecc904c2c04616d71e236cbbd8d18ec148ede19f status: experimental description: Detects traffic or activity related to http://64.34.87.123/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:46394/i id: auto-45a8e230157a3a9eacaa2a5d83efbe4c954414a863ba584658806b45b35b2838 status: experimental description: Detects traffic or activity related to http://110.37.35.89:46394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:46394/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.206.127:42609/i id: auto-7ac2115674bc2bb62b23ab6afad1a7b59d541344a235c0ff813929c15adc1b22 status: experimental description: Detects traffic or activity related to http://110.38.206.127:42609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.206.127:42609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.68.168.193:33277/bin.sh id: auto-399e1f86ddd0ce5fdb8ee457529849a6fab2ee380062f767932280123d9b8b38 status: experimental description: Detects traffic or activity related to http://219.68.168.193:33277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.68.168.193:33277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/trans1at id: auto-72f65388e21802742bfcce53761a9ce5e6a70e3bc7f1a376672c0e91c461a82f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/trans1at which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/trans1at*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.53.53:50422/bin.sh id: auto-1c8763243c45b843f67110c92bc57fa964e8211d39912d2559be722cfdab320d status: experimental description: Detects traffic or activity related to http://115.48.53.53:50422/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.53.53:50422/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.75.22:54946/i id: auto-104b6a4a0e632885950bb4176a934c6c4b8d4ba08ffa63548dde86c98cc9465e status: experimental description: Detects traffic or activity related to http://117.206.75.22:54946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.75.22:54946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.44.125:40831/i id: auto-7de193b72b37324057fc02c65351229bed191e9b3a2d07d0afbd2883580f0906 status: experimental description: Detects traffic or activity related to http://27.215.44.125:40831/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.44.125:40831/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.167:47039/i id: auto-0f1df0442b8b02ae849eaaddc223b30d55cc55570d02b95231aece0215021ddc status: experimental description: Detects traffic or activity related to http://123.12.225.167:47039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.167:47039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/arm id: auto-13a08f71473ff1dbc6b387c050ef35dd07107d040f6ab27c25d6bcb6c39c5947 status: experimental description: Detects traffic or activity related to http://64.34.87.123/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/x86 id: auto-d5763c6bcafaf6073cd9a71d67cc932cf962472dc25d31102706b018f51d33a9 status: experimental description: Detects traffic or activity related to http://64.34.87.123/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.34.87.123/mips id: auto-c7430fdd689daf862706de481f4087128546eac771cb376174da15010cf27f3f status: experimental description: Detects traffic or activity related to http://64.34.87.123/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.34.87.123/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://203.99.180.141:42318/i id: auto-9beb8820a2b8d8208f103757bafb51500e04cb504fc7b04feb0a0edc8a6b0ed7 status: experimental description: Detects traffic or activity related to http://203.99.180.141:42318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://203.99.180.141:42318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomaarm7 id: auto-543a6055a6bf5d7fd49a243e9fb41973a5606c0352b5273c913b9bc8b489ac33 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomaarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomaarm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomamipsel id: auto-79ba40f33be813bfb16fc1c0cab6d8860e8a2f7c293469b102fd2d71d07b575d status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomamipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomamipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomaarm id: auto-a2a602dddb5ebff7809a5dfee1599df899c936997dec642773b7e366d4bec04d status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomaarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomaarm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomai686 id: auto-3379646408f26787b491b509ac5bda5947f029170585215ffa557dfe78ca0601 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomai686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomai686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomai486 id: auto-b53acef7f2506dd74b56ef7299609906da03f0bf34848f03441b6d16d3636de8 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomai486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomai486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomaarm5 id: auto-5597e9f45c246b3fc49c2af9637a25464356d366bacbd5eb51938c5e2d4a2059 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomaarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomaarm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomaarm6 id: auto-35038b241664662e4ede4651de648a3cb6c297064e1f502e75e660a3672fd828 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomaarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomaarm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomaaarch64 id: auto-b1dfda5634aeb69b43741d56bba7c1f0e5eab35fe79d30eeb0c4cf901ce67bb5 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomaaarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomaaarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomam68k id: auto-06d8b42cd356e146c80a4c45403416dfa0db0a6b296ab1fd1e5ad8759879f435 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomam68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomam68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomamips id: auto-d784ea342c1f71daa45a127f84f0b0c22d510b5e46fc015a0bfa8f15e6a1521b status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomamips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomamips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/colomappc id: auto-5ba7f484428e5186fa59c94eea5807ab4962d38ab06232cd1c64e2e937a45192 status: experimental description: Detects traffic or activity related to http://204.10.161.71/colomappc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/colomappc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/1.sh id: auto-6dc89bf3d19fd092e7391877c0e9ab13bc9433717e9b24ab0f4c0a74b69a27f2 status: experimental description: Detects traffic or activity related to http://204.10.161.71/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/1.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/%E6%9C%A8%E9%A9%AC.7z id: auto-b189904c31c6efcbae9ac558e80414362a8531e0fd75dbb2d60057c6a5e552cf status: experimental description: Detects traffic or activity related to http://204.10.161.71/%E6%9C%A8%E9%A9%AC.7z which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/%E6%9C%A8%E9%A9%AC.7z*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.243.165.220:40455/bin.sh id: auto-6634a1fe59e305f3ce356ae36d759e94369a0a6f079bed4c2efae2dc3b146a6e status: experimental description: Detects traffic or activity related to http://117.243.165.220:40455/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.243.165.220:40455/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.113.166.79:48350/bin.sh id: auto-54e8fd725b7c78804b71ba501765f0efbc02d2cabd09729280c500f1f24d86e6 status: experimental description: Detects traffic or activity related to http://93.113.166.79:48350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.113.166.79:48350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:46394/bin.sh id: auto-e9b2496428c1cfc69ebe61bc684b4fd5fa0e72306003b5989e8329bea564e8ed status: experimental description: Detects traffic or activity related to http://110.37.35.89:46394/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:46394/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.206.127:42609/bin.sh id: auto-83ee0ebedbc32ad8fe9ec444095bd9ce4fba12d88ae7d3ea4adf356e74244f69 status: experimental description: Detects traffic or activity related to http://110.38.206.127:42609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.206.127:42609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youbuce.lol/YouTubeRU.apk id: auto-4a66a097fe5c59417a0a3b413c23a599d830f50f24297800967931a796ccc406 status: experimental description: Detects traffic or activity related to https://youbuce.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youbuce.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ytby.lol/YouTubeRU.apk id: auto-e648839c4c16c4dace6681a4179232f1b9e380e4b758aa3dab6d2d6688e1a204 status: experimental description: Detects traffic or activity related to https://ytby.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ytby.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.70.205.211/plugins-dist/safehtml/lang/font/cb.txt id: auto-cdbe140eae1628e3308e2f565bf7baf00a4a9f02af808866f6d30cba8985c8b3 status: experimental description: Detects traffic or activity related to http://34.70.205.211/plugins-dist/safehtml/lang/font/cb.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.70.205.211/plugins-dist/safehtml/lang/font/cb.txt*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.72.176:49236/i id: auto-a2f7ac47455e172fc8d983132ea190058dc0e840344bc28ebf8208e226ea72db status: experimental description: Detects traffic or activity related to http://110.37.72.176:49236/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.72.176:49236/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.44.78:43192/i id: auto-55fe8e1fbfc0d6b4eb5058be2c55b2e1887023cffc324f66e35b7b603968a3cf status: experimental description: Detects traffic or activity related to http://182.121.44.78:43192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.44.78:43192/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.166.73:37273/i id: auto-39b010423c9c0c31d5c123da60bbe4b5465b3393bb334ffea31c26b99dea46e0 status: experimental description: Detects traffic or activity related to http://115.54.166.73:37273/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.166.73:37273/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.190.201:34001/i id: auto-6cf7528539503d928a34e724134b6d34aaaa846310b8bbaee78f838e5edff7b7 status: experimental description: Detects traffic or activity related to http://42.228.190.201:34001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.190.201:34001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.243.166.158:33849/i id: auto-4b735c5ee7b9b8415e469c2ae512a4110ae3faca636f000fcbc1e24dac216ed5 status: experimental description: Detects traffic or activity related to http://117.243.166.158:33849/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.243.166.158:33849/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.30.130:48018/i id: auto-d62e534a278577e6cf86a36f65a4e7b8e7e976826988d03e11d750d4edc01c26 status: experimental description: Detects traffic or activity related to http://110.37.30.130:48018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.30.130:48018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.139.115:43569/bin.sh id: auto-dccffc1b799abfe9f837cb82d9269dbca6dea92d6d164b86db1299808a8f0c6e status: experimental description: Detects traffic or activity related to http://113.236.139.115:43569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.139.115:43569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.243.166.158:33849/bin.sh id: auto-e56de08ccbd90131f9fcf8998a5d82ce507485f5565cad630d341e19998dd607 status: experimental description: Detects traffic or activity related to http://117.243.166.158:33849/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.243.166.158:33849/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.44.78:43192/bin.sh id: auto-fa9c1a0ec83a968b902de4b20ee3e380ecc153fb1487f46fa3c642665d6b66ff status: experimental description: Detects traffic or activity related to http://182.121.44.78:43192/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.44.78:43192/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.30.130:48018/bin.sh id: auto-3dce4d60a801f90518b345618e08fb92d574bc1f0ed56df3fcb26bd06d4091a6 status: experimental description: Detects traffic or activity related to http://110.37.30.130:48018/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.30.130:48018/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.145.98:43733/bin.sh id: auto-f27cfe752e7483d9f344ce388328a71ff8f9d8299e60d53a7b64136d5f67b955 status: experimental description: Detects traffic or activity related to http://115.56.145.98:43733/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.145.98:43733/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.38.148:46079/i id: auto-0d3ee45e0d2bf9279d702dff798e4e6146789a536dc61f06d25b6a896c08abd6 status: experimental description: Detects traffic or activity related to http://115.63.38.148:46079/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.38.148:46079/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.121.145:47181/i id: auto-8ec252dedc434b8f39409f290c60cb603bd8ca28972b221f75a9f828b80cab95 status: experimental description: Detects traffic or activity related to http://182.127.121.145:47181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.121.145:47181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.71.227:38076/bin.sh id: auto-ce5e871ab49bf31d0e65086770776908a54fc40a81417893f7d83f564b6f5c47 status: experimental description: Detects traffic or activity related to http://59.94.71.227:38076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.71.227:38076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.38.148:46079/bin.sh id: auto-38190f6fdd58db49c479be3294054bdcb3d8ad9118fce689d7dd838f2b3d3486 status: experimental description: Detects traffic or activity related to http://115.63.38.148:46079/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.38.148:46079/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.220:43938/i id: auto-769bc2fb811a4366c140c435747c89b83e0ff28e20a03ed1b99cb09dd6b2816e status: experimental description: Detects traffic or activity related to http://115.55.51.220:43938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.220:43938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.121.145:47181/bin.sh id: auto-db599264abcd49317fb0b890b84769d71b57e52c473d5e34aff3bc3b88769a96 status: experimental description: Detects traffic or activity related to http://182.127.121.145:47181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.121.145:47181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.5.227:50488/bin.sh id: auto-0eaedaf411118152363587219959fbaa12ed4cdd3d2818feb370b13201f60f9c status: experimental description: Detects traffic or activity related to http://115.51.5.227:50488/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.5.227:50488/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.161.158:34469/bin.sh id: auto-b61f4c6b1550aedc6a41a834076b5f9acb763d1b776fca6b474402df3ed3397e status: experimental description: Detects traffic or activity related to http://182.127.161.158:34469/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.161.158:34469/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.220:43938/bin.sh id: auto-9410158c3f39bd86fc2f32b3395e90c745f8119f944a3c1877b960659247c3a1 status: experimental description: Detects traffic or activity related to http://115.55.51.220:43938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.220:43938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.16.65.93:48034/i id: auto-9103c959ec2ccb34086a72f5a45564be1fb8238cfd3eb3534815697dc2b1dc0f status: experimental description: Detects traffic or activity related to http://60.16.65.93:48034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.16.65.93:48034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.142.90:33965/i id: auto-bdac6ca0c93d7662709b914822f0ad346ad6bfc20fa7978d2eda4b0df9bbe805 status: experimental description: Detects traffic or activity related to http://42.58.142.90:33965/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.142.90:33965/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.163.155:46826/i id: auto-9dc62b3763895ff5a01478986bf8bb177f03cbf99a1673ada125b04f3b40c3b2 status: experimental description: Detects traffic or activity related to http://182.119.163.155:46826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.163.155:46826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.123.189:59066/i id: auto-c2f2dd4ee8f1fdf6a59c0773085525f3753aea2cce80c05ab163d2d95b39a465 status: experimental description: Detects traffic or activity related to http://182.127.123.189:59066/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.123.189:59066/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.163.155:46826/bin.sh id: auto-af439a8e9bd264b5283b7ac844001c70a6cbb544d46fdc0ceb93ab20d091a6a5 status: experimental description: Detects traffic or activity related to http://182.119.163.155:46826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.163.155:46826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.150.178:42221/i id: auto-4bceaaab6e6d0b7f85c2bdef7676cadb81d91d89168306291c426ccdbcaba3a5 status: experimental description: Detects traffic or activity related to http://222.138.150.178:42221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.150.178:42221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.147:46259/bin.sh id: auto-85e9a8fca3d4397074001633a49e0638ac25cfc4040bdfdad7a702bafa434a84 status: experimental description: Detects traffic or activity related to http://110.39.246.147:46259/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.147:46259/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.123.189:59066/bin.sh id: auto-b5f5d289d221426c7901dbbe9340bc240761cf62c42b4992c28993c48835381e status: experimental description: Detects traffic or activity related to http://182.127.123.189:59066/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.123.189:59066/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.158.178:60739/i id: auto-11caf8b1a65622c69101a3b8a6c07d1e03a5e73aa2292b1fabac775a03a26b85 status: experimental description: Detects traffic or activity related to http://222.140.158.178:60739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.158.178:60739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.150.178:42221/bin.sh id: auto-e6447afee932685493e1fb5612e7cd0aa9ff5cbef29e1a9197ace0168d5acd1a status: experimental description: Detects traffic or activity related to http://222.138.150.178:42221/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.150.178:42221/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.2:60015/bin.sh id: auto-82477150fdc7e7dfb2ff780c2e51f7b7136403593bc4f7b0d03e48f6dc553fb3 status: experimental description: Detects traffic or activity related to http://117.209.92.2:60015/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.2:60015/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.220.69.49:58189/i id: auto-374d744823bcf9ed785731fb72624a982663408fda11db58153630993d50298b status: experimental description: Detects traffic or activity related to http://91.220.69.49:58189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.220.69.49:58189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.95.26:37703/bin.sh id: auto-1a1eb6a8f1ee44e9f5a4579557d605a3bb4ddd740345196e042a47a0632c3189 status: experimental description: Detects traffic or activity related to http://221.15.95.26:37703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.95.26:37703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:46382/bin.sh id: auto-c54b18bf8c302ffdce3796d42810c26ed2910658ffb666a67b3f3dcaf44dda6e status: experimental description: Detects traffic or activity related to http://110.37.123.210:46382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:46382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.200:33170/i id: auto-14fd62009e0fcb3b3ed5995931bdeb01e4dc4be293b8a809c1cd91182617912b status: experimental description: Detects traffic or activity related to http://59.97.182.200:33170/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.200:33170/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.122.245:39995/i id: auto-4202b2ecabbbcadb793239d265d40d9cafdfd54d20bc593b2e676c07cf26bc12 status: experimental description: Detects traffic or activity related to http://113.229.122.245:39995/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.122.245:39995/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.220.69.49:58189/bin.sh id: auto-e6c364f9ef8fba6c8ce0503dfd56ce4382eb2d7baa94719bafbe046d09cb69e3 status: experimental description: Detects traffic or activity related to http://91.220.69.49:58189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.220.69.49:58189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.158.178:60739/bin.sh id: auto-9248776a5f87206f9b4008c78b02fbb3d38bd27efa303dbf02d2e61f191a4776 status: experimental description: Detects traffic or activity related to http://222.140.158.178:60739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.158.178:60739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.200:33170/bin.sh id: auto-842fa9b12216fbae6044fa1ce23e08cfb626f68cf32e04eb37c3b96e4989f6d8 status: experimental description: Detects traffic or activity related to http://59.97.182.200:33170/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.200:33170/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.115.91:42832/i id: auto-1e9d17b33ab7671048a395f546a6668c2efe87709ca6adfdfb98ab81f70bea97 status: experimental description: Detects traffic or activity related to http://110.37.115.91:42832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.115.91:42832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.130.184:35483/bin.sh id: auto-731f9352917a9e233e777b9a3980adb08d8fad4716fc5b567c2e254c5e24b2ae status: experimental description: Detects traffic or activity related to http://123.5.130.184:35483/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.130.184:35483/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.206.77:51028/i id: auto-ada652bc947fe702504a58a22eba0b7c34c2e53abae855711e3c31b00741351d status: experimental description: Detects traffic or activity related to http://117.198.206.77:51028/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.206.77:51028/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.115.91:42832/bin.sh id: auto-79472a7b710cb3e18b614d64827a094f6139abd6295a5931062f5946a4289be5 status: experimental description: Detects traffic or activity related to http://110.37.115.91:42832/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.115.91:42832/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.63:32815/bin.sh id: auto-fba3d760f1031f33afbee810eed5a23719bd7bbaaac63e08be59bff2129e07b3 status: experimental description: Detects traffic or activity related to http://110.36.15.63:32815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.63:32815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.56.19:34742/i id: auto-18022a086e3fe1331b69608d3add8652ddd22f7feba531d0a4a60433ae160933 status: experimental description: Detects traffic or activity related to http://61.52.56.19:34742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.56.19:34742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.56.220:50572/i id: auto-56667445e615514e4b82b04ec88ada6bf3909d1a35a964f95955b06768a471c8 status: experimental description: Detects traffic or activity related to http://110.37.56.220:50572/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.56.220:50572/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.25.148:47013/i id: auto-e58db67211325b18dd3c6eca32a9e8cbbca428966519b157fc91e0171c4e827c status: experimental description: Detects traffic or activity related to http://120.61.25.148:47013/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.25.148:47013/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.56.19:34742/bin.sh id: auto-dfb5a87ea701fefcc6f77ff33e9dbc8b7786824a5191bb6cfcf0989f5eeef74d status: experimental description: Detects traffic or activity related to http://61.52.56.19:34742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.56.19:34742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.153.88:57013/bin.sh id: auto-81f90808e2589e7e40a96c394e842b2e57e47d8e3098ad11556e42bdd41e690b status: experimental description: Detects traffic or activity related to http://59.182.153.88:57013/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.153.88:57013/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.169.41:32978/bin.sh id: auto-621ccee459389bb9021312c9c94777ddbfb52556e2528fb9589f2c271589982e status: experimental description: Detects traffic or activity related to http://42.58.169.41:32978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.169.41:32978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.161.158:34469/i id: auto-73bb29b06d49532883407d7a0c31e8c55bf13761ddf1ed6213be346d0dd4a162 status: experimental description: Detects traffic or activity related to http://182.127.161.158:34469/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.161.158:34469/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://204.10.161.71/x86 id: auto-41043d1935d8d05969251b0a6f75fcda131b495319d1cff8bd0a72bcf4c3f513 status: experimental description: Detects traffic or activity related to http://204.10.161.71/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://204.10.161.71/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.219.193:42142/i id: auto-c2cd8fbdc193eb3d00cb591e6dde523f446ba729fea065c568964a7e88028447 status: experimental description: Detects traffic or activity related to http://61.52.219.193:42142/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.219.193:42142/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.198:33671/i id: auto-71982256e8609d5d2a45e6b57b5293922978ea5b1ffe2d4b8b04c56d797553e6 status: experimental description: Detects traffic or activity related to http://110.37.66.198:33671/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.198:33671/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.191:39765/i id: auto-48686159a3a00f5f554c6e45ab14e7a9d817fdbf86d4ae2caffe8b376e07f81a status: experimental description: Detects traffic or activity related to http://110.36.0.191:39765/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.191:39765/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.16.125:50700/i id: auto-4351628bc93ee40b26714304adccc9c23bf9b9645d7e732ac803124bb671cde7 status: experimental description: Detects traffic or activity related to http://120.61.16.125:50700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.16.125:50700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.95.26:37703/i id: auto-d735db67f62a8a1ab2b742137b34d9e4000aeac25da3985510644ba2d4a586a1 status: experimental description: Detects traffic or activity related to http://221.15.95.26:37703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.95.26:37703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.182:49854/i id: auto-a825b21a7e7d2477ba298c95b527a0cc61d43c1b3291983a85e9ed53a1666dd8 status: experimental description: Detects traffic or activity related to http://182.116.53.182:49854/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.182:49854/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.20.233:53723/i id: auto-946983915a741616b37768a474cba27f03fb84c551fe516c7be392da1bc61470 status: experimental description: Detects traffic or activity related to http://222.137.20.233:53723/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.20.233:53723/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.210.15:48963/bin.sh id: auto-72c259e5c23ba6d15a30b95fd20096ca1a36bf85105717a3dc1ae173bd0e86fe status: experimental description: Detects traffic or activity related to http://27.202.210.15:48963/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.210.15:48963/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.16.125:50700/bin.sh id: auto-35f80382e55614cb58d39bfa54121e34aef4be09e705da0753e1f4b7071d3f7e status: experimental description: Detects traffic or activity related to http://120.61.16.125:50700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.16.125:50700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.25.148:47013/bin.sh id: auto-05d8919aa84768d4520b21bfe35360cdfff44eb8e485c0abedaca32e5bcdfb74 status: experimental description: Detects traffic or activity related to http://120.61.25.148:47013/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.25.148:47013/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.182:49854/bin.sh id: auto-7f91b560ff9ebeab0affa8e9413dced8ad06a22f5b26eb3b5a3f7300dac1d5d5 status: experimental description: Detects traffic or activity related to http://182.116.53.182:49854/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.182:49854/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.16.57:43530/i id: auto-6169476981da210507d45d4f97317c52b29540835cab7ca64e8f46833df5da99 status: experimental description: Detects traffic or activity related to http://115.61.16.57:43530/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.16.57:43530/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.233.226:46050/bin.sh id: auto-55c7b41b90eeb04df25de26e6df1ac781ea720be0f22a6c6e356ae7ed317176d status: experimental description: Detects traffic or activity related to http://110.39.233.226:46050/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.233.226:46050/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:53518/i id: auto-33c692a41a908afcaae86673f7975c7b91a762dd3d7558c9497ad033f6777d0e status: experimental description: Detects traffic or activity related to http://124.29.225.50:53518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:53518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/x.sh id: auto-d4c2cb51ea09d95fd5a9081fe6da01f0a879c08972ba6ee67ce3e0ee0fab9115 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/x.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/x.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.20.233:53723/bin.sh id: auto-d37bbe7493f29e497d6148add4b7b6ecd9b71f8c66c4d0fc9f472e5ec2ed5df1 status: experimental description: Detects traffic or activity related to http://222.137.20.233:53723/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.20.233:53723/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.97.225:60344/i id: auto-72215e37c43ae5e73103588fbbed18f69be68f8efa0025f8702b3be936248640 status: experimental description: Detects traffic or activity related to http://116.138.97.225:60344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.97.225:60344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/arc id: auto-ed354826d8c035bb5ad6a071568d3184700fc51bd59558f05170897c481afd5f status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/sh4 id: auto-d1e575489c4e33aed79d627683bf8ed18c8af9a894e934c26e60dbb92e34ab6c status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/m68k id: auto-f7d3af44887c178b1d1823289b651264846745083af78d1dcc1ab6f3d6934d03 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/c.sh id: auto-06455a8b819abcfb4516b1813064d28c60e1365c3f4f4e0716b31a40313dd15d status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/c.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/mips id: auto-75daff06a018bff30bee831a994723442a187f6cb291ed74ce81e95d4fb9043c status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/x86 id: auto-02dec9f8937fd980a9836c78fe8218d00be3c7ee269d3b46d0b5f017ab2b470a status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/x86_64 id: auto-72055c993b32b862e92540cfb5f109f15895f05577e21daf4a3d48aae295a947 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/arm id: auto-aa35189fa0299483e1cb36c95f6a12952e0122a23b1ea3bb3d4046b44e60e699 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/arm6 id: auto-15d25e959cd88c82ab6a20c72b662316e71d5588ef16e289c3e64620f6953786 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/arm5 id: auto-6efcf2e2f96c37c06e314f7103a36dc1ef50007db7230c393bf4ba1ade3bd11f status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/mpsl id: auto-731552b07308d73f9af02716f09b321edff12009f7a7c322ae13c29a450ad92b status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/ppc id: auto-3dd81eb581f7432dfe5740057ac165ed66b13571ff8cce4a2a95eccb05afb788 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/w.sh id: auto-8eeff1ec6ecb00a481398da397e2b601897ac5d7be0232b341092d290f34b062 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/w.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/wget.sh id: auto-43f9a6c1cbee7b670d07656fa6560b8c5e1b3c66c397754228fe4e8c13f2aa2b status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/x86_32 id: auto-c6b99089e6786df6610e348e68d1986f6fc8d610f91e2bbbf43961eaf4315390 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/spc id: auto-bda28adebf025079c3e365b1d07b107e69e5e51c10e4a00b0839b6fb3fe31897 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://static.37.21.42.77.clients.your-server.de/systemcl/arm7 id: auto-64947478b423124bbacd7563928853109359c96c9d69a5e21ce2c34caf023201 status: experimental description: Detects traffic or activity related to http://static.37.21.42.77.clients.your-server.de/systemcl/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://static.37.21.42.77.clients.your-server.de/systemcl/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.16.57:43530/bin.sh id: auto-ece1b09ba1dc669b94ac97d2a38eda489204d7fd824313f4ab1af30cccb510d6 status: experimental description: Detects traffic or activity related to http://115.61.16.57:43530/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.16.57:43530/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/net-19-77-21 id: auto-56ad5247c383fda350143ee8b53416a9bed9a31f1dcb68e92ec4c30b54481a0f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/net-19-77-21 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/step8-det-19-runtime/repl-88-rt-msh11/net-19-77-21*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:53518/bin.sh id: auto-da9a2b941952e5437df7be8ab9b42fdd9b0570715f0856dc5295fad0658385ed status: experimental description: Detects traffic or activity related to http://124.29.225.50:53518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:53518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.97.225:60344/bin.sh id: auto-351e715ccffa8c926906c908487c129cc0b6d8b3fb8f345faa5adddd7c13b44e status: experimental description: Detects traffic or activity related to http://116.138.97.225:60344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.97.225:60344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.90.185.76/x6.pdf id: auto-ad97606666ce11c8a1fdd516eb5f0aec1ba7b7e02d31dd99d15b871a850df9b7 status: experimental description: Detects traffic or activity related to http://77.90.185.76/x6.pdf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.90.185.76/x6.pdf*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.189.106:41018/bin.sh id: auto-1d1a4522d49af0269ec6293c7e8b5444d9b9a1137423cae5f812752bef5aa5dd status: experimental description: Detects traffic or activity related to http://27.207.189.106:41018/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.189.106:41018/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/parm6 id: auto-e35ca594f5835b94ba44dd2d6f4525ef67f5f6cca148436a563b982fe1f73266 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/parm id: auto-65d762092d82166cd34754bc109f94fac53037d597cd1941086d42d2c445b0cf status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/parm7 id: auto-82e8e246ccb664d3599638665c60fd19efc8d6f926bffe5daa3524c38f7adc49 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/parm5 id: auto-0ed8026303d13ec288b3cad31cea33cedb6235afd3fd195e80f3f1dfc770644f status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pmips id: auto-deb552571bc2a3a3d7b7644a7ac73f3822a00f4b8f9db181c325cf1c338f5ded status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/px86 id: auto-97c692c95270b9610093673a7a25d53f27081d3096f3c1ed9178889f1be149cb status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pmpsl id: auto-df3d47136d97b0f5f47088a852f88e6503d89023e399c648c0930b5411e65276 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6334661508/nKfwZmn.exe id: auto-39b69ddbc6302d1f1f5d0f83988ede4d8953739ea1810723c6694325916597ee status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6334661508/nKfwZmn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6334661508/nKfwZmn.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.i686 id: auto-9b671b0e4278252cb9a8a52faa5d195e1477b8295937a8d2fdbef6af8fd9c62e status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.mpsl id: auto-11129bcb14f4b0d8a503739724aaf4e4e01906933a013ef378465c13a9d77aae status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.m68k id: auto-b4ed480279200c963bcc167268c7f9b7baaaac6254b454e85fe94ee2f523fee3 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.mips id: auto-61a5b1950760d2c6b22655fdae360e0085d83be776ece6387e8a27b99113b809 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.sh4 id: auto-05d7d3999fffd63fc8eea43c5305989f098a91eb43df7f1e14e2a294e48f13ef status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.ppc id: auto-3f363bf97bd67680cd732dd82009b6cf9b93b2660316ebc55ada206f125365d9 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.x86_64 id: auto-25ec0e27d27bc03d1f3ee6d658ae3252cfbfb893c30fd43f1df1d612a58b16c3 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.x86 id: auto-0919820b5102b055d06c32588756768227db1ef25790573e282c6e007a9e80ab status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/sora.sh id: auto-81c19309ce762269d895f15755cf7a5ce4aece2936e8706e5e044a038ec18b03 status: experimental description: Detects traffic or activity related to http://87.121.79.186/sora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/sora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.arm5 id: auto-5e65a2c2dfcd470e2f505d8e8b951fc96b7c1bff083596d3ba99358ec2de1540 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.arm6 id: auto-379050f6fa5ba0bc6263827505ce1d63f9d77426c8a0d2972796186245163922 status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.186/bins/cosmic.arm7 id: auto-4ab485b3672baf3b776c82fc9ab7589b77c9ecc1f0780c865cd1889b1b0461ec status: experimental description: Detects traffic or activity related to http://87.121.79.186/bins/cosmic.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.186/bins/cosmic.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.247.20:56559/i id: auto-0e31c1296821f747cb96285d7925453b9376d2242f081b8b19200c345fee46e4 status: experimental description: Detects traffic or activity related to http://42.239.247.20:56559/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.247.20:56559/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:50992/bin.sh id: auto-939f95a55a215db7ff89361a1fd4d38ac51db7b184fe325ed8317be4aea6a675 status: experimental description: Detects traffic or activity related to http://74.214.56.173:50992/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:50992/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.98.240:50251/i id: auto-82812c8fb78d25e3187b91d5539f5f87dd231760bac495df37c8d4a945bfd0ef status: experimental description: Detects traffic or activity related to http://39.79.98.240:50251/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.98.240:50251/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.196.164:38144/bin.sh id: auto-c4a48831cdd4dd260975458beaba2f0546851f834e8099bc7df79317bce8d1e6 status: experimental description: Detects traffic or activity related to http://42.177.196.164:38144/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.196.164:38144/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.207:49066/bin.sh id: auto-3d76c999fe1e0697f1ab5c0bc76e23e9913ad3a41cb29179da6ab53cab74bc80 status: experimental description: Detects traffic or activity related to http://117.209.24.207:49066/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.207:49066/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.98.240:50251/bin.sh id: auto-1f1d76be31d549e4f2a8e92d32b14ba1a88230cec2931ffd2f20ff031c6e37a4 status: experimental description: Detects traffic or activity related to http://39.79.98.240:50251/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.98.240:50251/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/ppc id: auto-8187282245fd4ea122d6d1c99c1ef8f75aac1b483aa49bd942cc041c279c17cb status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/mpsl id: auto-2b324e840f2e4ff15c8d53de47737419510e0cacacc30963c06e5df2b26ae9c9 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/x86_64 id: auto-3709c5eee2e00f29e4aba5135f2e00b6658b5602c4357f5c906bc4915f140281 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/arm5 id: auto-2654545b256d9b256201a07261690c9569acc3feaad0c3ef3286dae8f7182066 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/m68k id: auto-6e5cb15e63f45499f88eb4e958ede4a6a075bfc0ee2b20a041e1d5a68b6a6613 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/x86_32 id: auto-c11de2b7f3d1e4b8f3326bf0905b0f26b1cd48211e2d94afc29a2f4e42063267 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/arm6 id: auto-2c7045d52fcf96a13ed56931d27f2280761c7bb0fb24bb5dd6274097eacbd43e status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/sh4 id: auto-df35f75273e83e059dbf1de1741bf04f8ddb654786e18fcd30f7766571e4a848 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/spc id: auto-39c1827d4f3120ae0a8d9a4785b52c4592397ff9da6d0ea77597797214286b6e status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/arm7 id: auto-d230904693adae74e942c78f6ba0f24e672268621e0de7c5d1ff50dca549dc43 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/arc id: auto-4a7140e868ec83edc9fed5f3df88cfbd3a568fcf90e575f2021d2117ed0b2200 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/i486 id: auto-f748ea0c84cb5b21cd1095c8e51ee52050ba255bb632c9d64978882e72452785 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/ppc440 id: auto-fef35acf53024e17a46442099fa0f758b0d9cfd6cfe5f822e65750858a0e4117 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/w.sh id: auto-e015d2ddb4f54d51d74c49433e80fa62cdb38ea9682a17276480096b030800ac status: experimental description: Detects traffic or activity related to http://77.42.21.37/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/w.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/c.sh id: auto-f87bed1d8bbe0ddf7727d1f1c51c99fe13369116b2993d366db4b43abde3416b status: experimental description: Detects traffic or activity related to http://77.42.21.37/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/c.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/wget.sh id: auto-a8df2461878c517758403e636d2651374f0f45678a3bc360911b9217275c0634 status: experimental description: Detects traffic or activity related to http://77.42.21.37/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.136.49.94:56005/i id: auto-e6de56b123db80bc1c4da7dc0f777f53ff8d981471514fab3d60ea2688f0648d status: experimental description: Detects traffic or activity related to http://110.136.49.94:56005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.136.49.94:56005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.248.100.211/n2/x86 id: auto-f03dfd3d084efae16ae630a4abe4481591a83d5c77bd0a46fbe446e3d1028053 status: experimental description: Detects traffic or activity related to http://162.248.100.211/n2/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.248.100.211/n2/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.248.100.211/n2/mips id: auto-a38cf531f91fe1b64d92ad23f5ed75a3f9dd89c6e6d51b29f8b3080ab53247fb status: experimental description: Detects traffic or activity related to http://162.248.100.211/n2/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.248.100.211/n2/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.248.100.211/n2/mpsl id: auto-cccf368bfc23e0fbdf8a7523c0966ec1c8054f76c6a5af5b81a705181bb5d238 status: experimental description: Detects traffic or activity related to http://162.248.100.211/n2/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.248.100.211/n2/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.248.100.211/n2/tbk id: auto-55b7959710d4bdcca67c8537e82db300eab663b7eb3980b2b1113adc861750a1 status: experimental description: Detects traffic or activity related to http://162.248.100.211/n2/tbk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.248.100.211/n2/tbk*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.248.100.211/n2/armv5l id: auto-e6c6bd13345abb3839d598084e00889c86d9976d02fe3bbaeb5d12d9a0070f2e status: experimental description: Detects traffic or activity related to http://162.248.100.211/n2/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.248.100.211/n2/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.97.216:34737/i id: auto-e9e53ea8bba811ffc7a474aac6e335ca9385c85bc1b4ec1119f696c8e7bd5cfb status: experimental description: Detects traffic or activity related to http://113.228.97.216:34737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.97.216:34737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.72.2.83:3950/.i id: auto-f815f71aed628d9868a0f8f76f837abf71e5f004c861cd1dc4a4b8b89fc82ecc status: experimental description: Detects traffic or activity related to http://116.72.2.83:3950/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.72.2.83:3950/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.155.178:45005/i id: auto-37883f0cf1f68da0db336bfbf7ef55aca57e6b19d68f692aac329142c713b169 status: experimental description: Detects traffic or activity related to http://115.48.155.178:45005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.155.178:45005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.225.146:45506/i id: auto-b1ac7f675747a9af0afa185ee3e138e2d176a3cde134f9786a6520d786922735 status: experimental description: Detects traffic or activity related to http://42.239.225.146:45506/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.225.146:45506/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.97.216:34737/bin.sh id: auto-f843aaee0dbcb7e0baa22d395bbd56aa4257db67ace5bb8ac07c3878d3168cd6 status: experimental description: Detects traffic or activity related to http://113.228.97.216:34737/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.97.216:34737/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.7.149:42429/i id: auto-c71df316d849b8081256d977d4c22e0350b208d90fe82b83b080aa0c4f20ac12 status: experimental description: Detects traffic or activity related to http://117.223.7.149:42429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.7.149:42429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.180.197:44152/bin.sh id: auto-9323ca8da59201acbf2c36849e75f3be01ae6cd17b68de5a6d6986c8d26fd073 status: experimental description: Detects traffic or activity related to http://42.232.180.197:44152/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.180.197:44152/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.7.149:42429/bin.sh id: auto-27379645ef2140ba16bc6bc303d12a434bd973f88b6dfd5a0afdca76c0d675e6 status: experimental description: Detects traffic or activity related to http://117.223.7.149:42429/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.7.149:42429/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.225.146:45506/bin.sh id: auto-35d7674d21e164b385d51c048cd7728faa647d6acb22372faa46823a67cad80c status: experimental description: Detects traffic or activity related to http://42.239.225.146:45506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.225.146:45506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.88.23:58971/i id: auto-aa3a04f886b9ee76739bc15deb3ac1bbc8bcbbdc8109ad52ee4c9a0988bd59c9 status: experimental description: Detects traffic or activity related to http://42.59.88.23:58971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.88.23:58971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/tmsint/random.exe id: auto-6ab4a4d4d8778a55b7ce948eca1302ab674c6298681ac30462ed57400c94ee34 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/tmsint/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/tmsint/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.8.198:34538/bin.sh id: auto-d12ce89b2f05db51fc1cb08d5d99cffcf6d778963663c6c6a8afa7c9dcad6615 status: experimental description: Detects traffic or activity related to http://110.37.8.198:34538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.8.198:34538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.186.232:36495/i id: auto-bfb2b1e6dbbd14be3b1f0e740db6f6eece89130c520d827f382e93207619e404 status: experimental description: Detects traffic or activity related to http://61.52.186.232:36495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.186.232:36495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dansorium.gr/DarkCyan-fa1d3_Install.exe id: auto-e170f9076e5c5d05b2826d8f2692ab43347c80bb89d16756120bad7fc4bfa654 status: experimental description: Detects traffic or activity related to http://dansorium.gr/DarkCyan-fa1d3_Install.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dansorium.gr/DarkCyan-fa1d3_Install.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.88.23:58971/bin.sh id: auto-5122b0fdb1304955927a7d4e0f26cb9c932b79d6acf43ebb03f2d39abfc1e94b status: experimental description: Detects traffic or activity related to http://42.59.88.23:58971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.88.23:58971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.186.232:36495/bin.sh id: auto-b0c20d29c79f89d37f07da8eaf637ae37ed110cd7d6b2909e0b3a02fef92877e status: experimental description: Detects traffic or activity related to http://61.52.186.232:36495/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.186.232:36495/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.82.244:44729/i id: auto-1d7e28f80d48a97dd25a25ee94bad5e52ef53fd6f442224bdf7e5923a85c4321 status: experimental description: Detects traffic or activity related to http://39.187.82.244:44729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.82.244:44729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.21.134:60929/i id: auto-d0a3a6c68af5eba1687c567c6b9e7c8e34fb7796e4e385dbea2d5d22144f9c2f status: experimental description: Detects traffic or activity related to http://182.116.21.134:60929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.21.134:60929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.219.180:50149/i id: auto-b3d4013a89e11fe4e96e6d4561f2f6fdb1dd27960b0cb49ed606d8a53ab43eb7 status: experimental description: Detects traffic or activity related to http://115.55.219.180:50149/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.219.180:50149/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1364242491/fMHYIy7.exe id: auto-4e9d9be80f4e5349eb66207b48f8790c2a01935c5e580fbfaafa42a3c7c6e9b1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1364242491/fMHYIy7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1364242491/fMHYIy7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.72.93:51298/i id: auto-f21279508156ff909013cc1994ea2a5c4b2d58b624720d2f18fec75b1050b11e status: experimental description: Detects traffic or activity related to http://61.53.72.93:51298/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.72.93:51298/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.67:51370/i id: auto-e8ea0d11d418fe8db825ef9cbd30a4c297c1573f9bca9c242ed8591dade8ea24 status: experimental description: Detects traffic or activity related to http://110.39.244.67:51370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.67:51370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.21.134:60929/bin.sh id: auto-e90b59e50909688f2a3d16aebe7084632e1e85e2aaff7509b48a7d7b702213b6 status: experimental description: Detects traffic or activity related to http://182.116.21.134:60929/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.21.134:60929/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.82.244:44729/bin.sh id: auto-1038f5bc014b08ab38dce61e22dfdc883b2e05f549317b931a0ccb588bbb300e status: experimental description: Detects traffic or activity related to http://39.187.82.244:44729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.82.244:44729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7948739500/W44E7h0.exe id: auto-44be8fcd6f0fe06fb7e5cd64c0c1c78057b3e69574c459042a279cdd4f832bdc status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7948739500/W44E7h0.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7948739500/W44E7h0.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.187.2:49606/i id: auto-f719e08bd4b896893c328c44d94d0eae8459fd15ec0db1939453673ae948da81 status: experimental description: Detects traffic or activity related to http://123.8.187.2:49606/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.187.2:49606/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.67:51370/bin.sh id: auto-850577bbdff90149e64b4604e5bd9621b5d37e6abb41a02d254ce138fb015644 status: experimental description: Detects traffic or activity related to http://110.39.244.67:51370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.67:51370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.238.168:43063/i id: auto-4613262898ff65701e9e0f18243c8842a71e13906b716eee2f36e4a2ee338109 status: experimental description: Detects traffic or activity related to http://110.39.238.168:43063/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.238.168:43063/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.248.236:36762/bin.sh id: auto-ac3cb64ebf259e7d4b4f82b09a59b988d6bb6046c79af3e5c2d9d7d6323ac128 status: experimental description: Detects traffic or activity related to http://222.142.248.236:36762/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.248.236:36762/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.87.241:36843/bin.sh id: auto-872bb0a2d9e00be46347cae1c42bea17de99604744a8d334c1d7447048ff91ef status: experimental description: Detects traffic or activity related to http://182.121.87.241:36843/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.87.241:36843/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.245.2:52130/i id: auto-b4772a9205afd4faea3b78aa043130ef0af5c00cfe7d987ce8ce172f1032a62b status: experimental description: Detects traffic or activity related to http://221.15.245.2:52130/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.245.2:52130/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.225.65.217:35668/i id: auto-042a562a1a111e7466560d27e060f9528d0124f68023bfe234a4a7a098cc190e status: experimental description: Detects traffic or activity related to http://188.225.65.217:35668/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.225.65.217:35668/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.187.2:49606/bin.sh id: auto-9c088caae745fb8fe08213d95b2765c2358e469e20969736bd95f7e5a4537b47 status: experimental description: Detects traffic or activity related to http://123.8.187.2:49606/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.187.2:49606/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.14.252:57370/bin.sh id: auto-f1d552f2f66dc8e0eb068cff272def12827ae756001b93e97168537712aa7e19 status: experimental description: Detects traffic or activity related to http://110.36.14.252:57370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.14.252:57370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.34:58163/i id: auto-35a0baa5bc645aa650ba13c44cadda4a23d00c817ebd51729166eb0c045c4243 status: experimental description: Detects traffic or activity related to http://110.39.227.34:58163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.34:58163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.34:58163/bin.sh id: auto-5c6a528232eaf92f845ce37c99448847b60a105b98d5535e48e3ca7c007c9620 status: experimental description: Detects traffic or activity related to http://110.39.227.34:58163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.34:58163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.238.168:43063/bin.sh id: auto-c041773476b9cfe9fde2241d415143a789a3736cbfd88467428a28851c68745d status: experimental description: Detects traffic or activity related to http://110.39.238.168:43063/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.238.168:43063/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.190.123:36190/i id: auto-24b4e8c666cb5dab8ff81b138c34b92e11bc17aa503125e6b16431d27b8b8967 status: experimental description: Detects traffic or activity related to http://116.138.190.123:36190/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.190.123:36190/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.72.93:51298/bin.sh id: auto-67ca112c244a07e17ae532f0df040e9afaf82fc07740da10465f355c3fedf346 status: experimental description: Detects traffic or activity related to http://61.53.72.93:51298/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.72.93:51298/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.245.2:52130/bin.sh id: auto-3d7c88c0d92c49a6795fec7baa78ae1dce6137f00787eb822925aea2f8e59a05 status: experimental description: Detects traffic or activity related to http://221.15.245.2:52130/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.245.2:52130/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.190.123:36190/bin.sh id: auto-6c8983addddcf528298cbb21c47a0e4950d4e57ece785b89f15efb4c821e4ec2 status: experimental description: Detects traffic or activity related to http://116.138.190.123:36190/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.190.123:36190/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.24.107:58283/bin.sh id: auto-17888eb833005cc3510686d68286a670375297eed689d1337b92859a8e3ec430 status: experimental description: Detects traffic or activity related to http://117.248.24.107:58283/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.24.107:58283/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.225.65.217:35668/bin.sh id: auto-c8a13e7cff0b77479e6a8faeb613d3966f875d5d6de92945a5fb9366661d2403 status: experimental description: Detects traffic or activity related to http://188.225.65.217:35668/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.225.65.217:35668/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.150.0.136/dewfhuewr4r89/98hy67/kworker id: auto-f7dbc144bdd6c7540297ab86b8b9cffb14c6172f21e9b369d6c46fb0849d5a2d status: experimental description: Detects traffic or activity related to http://38.150.0.136/dewfhuewr4r89/98hy67/kworker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.150.0.136/dewfhuewr4r89/98hy67/kworker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.70.205.211/plugins-dist/safehtml/lang/font/cr.sh id: auto-c2a802f25fcd36cf00c04c8716e279c69a6f263c92cfdb705babca5118b5a047 status: experimental description: Detects traffic or activity related to http://34.70.205.211/plugins-dist/safehtml/lang/font/cr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.70.205.211/plugins-dist/safehtml/lang/font/cr.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.70.205.211/plugins-dist/safehtml/lang/font/javae id: auto-2f717df3a0362935e3042b9dfa22061845ccbd3c51f25695225f3f1a00416cd6 status: experimental description: Detects traffic or activity related to http://34.70.205.211/plugins-dist/safehtml/lang/font/javae which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.70.205.211/plugins-dist/safehtml/lang/font/javae*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.180.197:44152/i id: auto-2de6dbe5ac558c47b2eeb7a4aab3a1b8ace7a8282b9231ead7b65d01bba5c21c status: experimental description: Detects traffic or activity related to http://42.232.180.197:44152/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.180.197:44152/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.233.226:46050/i id: auto-9ff873f2f91ccacd23821442a43941fd25e377025cb2ef56bed639fe90d9f4e7 status: experimental description: Detects traffic or activity related to http://110.39.233.226:46050/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.233.226:46050/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.70.205.211/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz id: auto-3ce2cfc7bd83c28333847c6b570e733786cd85c95dc7ce8e8bf6bb7b196cf1a0 status: experimental description: Detects traffic or activity related to http://34.70.205.211/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.70.205.211/plugins-dist/safehtml/lang/font/pnscan-1.14.1.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.70.205.211/plugins-dist/safehtml/lang/font/1.0.5.tar.gz id: auto-a182c5397b9421102e99728b071961bd3f88e1b63856efbe3698345b35124658 status: experimental description: Detects traffic or activity related to http://34.70.205.211/plugins-dist/safehtml/lang/font/1.0.5.tar.gz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.70.205.211/plugins-dist/safehtml/lang/font/1.0.5.tar.gz*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.144.111:35542/i id: auto-4f2c38571d316d9cb0154db9c149ebfe42b15f9fd496f4eef6e4cd5d991b7260 status: experimental description: Detects traffic or activity related to http://219.154.144.111:35542/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.144.111:35542/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.144.111:35542/bin.sh id: auto-a7dc588521d024171a74dc2b2fe663af7d471924e73d9d4b89ba096eed4eebe9 status: experimental description: Detects traffic or activity related to http://219.154.144.111:35542/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.144.111:35542/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.189.106:41018/i id: auto-3d16b2c8f13d004edc22ceafe513e120e4331eb77fd6b1d12e5aa3a301488bb0 status: experimental description: Detects traffic or activity related to http://27.207.189.106:41018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.189.106:41018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.122.245:39995/bin.sh id: auto-53aea7b1ba95aca9e8922f038472d05dec9ad1595e174a0090d8b4d6f2b3d82b status: experimental description: Detects traffic or activity related to http://113.229.122.245:39995/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.122.245:39995/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.240.144:53273/bin.sh id: auto-5a53fdeaadfbeb34db4b10349f9b24eda5c144111f34b7b06e9874940b824dc2 status: experimental description: Detects traffic or activity related to http://117.221.240.144:53273/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.240.144:53273/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.76.235:50719/bin.sh id: auto-7291a0de676858e598314c3fe155e8f8b54b179df240bd1a6c2eebf48046e3ef status: experimental description: Detects traffic or activity related to http://112.249.76.235:50719/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.76.235:50719/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.34:46404/i id: auto-f8c217e46e79d7e2f3d30e90784514678bdbcec84d4fc78fdd5bdb837fb38b48 status: experimental description: Detects traffic or activity related to http://110.37.61.34:46404/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.34:46404/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/arm id: auto-d12d2fad1aa81b41d8cfa3ba787e3b1b9a3de34e4517500202911018fef9dbda status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.2.245:42888/i id: auto-de8f5ad4b18724cd95d3471428212fccf8d64f928728e8b988dc1f16cf7d49f6 status: experimental description: Detects traffic or activity related to http://125.41.2.245:42888/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.2.245:42888/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.240.144:53273/i id: auto-bba316b8a9af667e42302c7166ac11e8d80ee08faaa056d66a95d3c02a79b996 status: experimental description: Detects traffic or activity related to http://117.221.240.144:53273/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.240.144:53273/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.158.220:33394/i id: auto-b7703bb6729177ba2e7052e303d51f82479541034c05af6793d694cef5389de7 status: experimental description: Detects traffic or activity related to http://123.189.158.220:33394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.158.220:33394/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.184.114:49785/bin.sh id: auto-5c45d7d8e271572108da8a251c9b37901b437687deba87eab0ded3a169419e54 status: experimental description: Detects traffic or activity related to http://222.140.184.114:49785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.184.114:49785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.147.95:39193/bin.sh id: auto-24dc00c9a1a35a3ac01e3641abff2a12fef9717d6ebfa5962b5311a54e336def status: experimental description: Detects traffic or activity related to http://125.40.147.95:39193/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.147.95:39193/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/mips id: auto-847f0c76a24e7895a1254e5d55d7463da015cfce077be58bcbe8c0e8666ac585 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.42.21.37/systemcl/x86 id: auto-9b3ea46bec9ce7f92f296cb8cc5800c0828808ebf76921a2f893392a1b8d0663 status: experimental description: Detects traffic or activity related to http://77.42.21.37/systemcl/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.42.21.37/systemcl/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.132.196.41:33693/i id: auto-1db30d900260968068bb6048a33e519850e425d31584e20ca787bf4c9a27c410 status: experimental description: Detects traffic or activity related to http://219.132.196.41:33693/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.132.196.41:33693/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.207.213:51521/bin.sh id: auto-90109eecb6cefe088c52821de6d285a4bbaf0ea5fa44d12511bcc25c8a770739 status: experimental description: Detects traffic or activity related to http://61.53.207.213:51521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.207.213:51521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.150.0.118/dewfhuewr4r89/98hy67//kworker id: auto-2828775350e7c408899607ea4f1e3db67dfed7063ea0af483696e79d85356f5d status: experimental description: Detects traffic or activity related to http://38.150.0.118/dewfhuewr4r89/98hy67//kworker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.150.0.118/dewfhuewr4r89/98hy67//kworker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker id: auto-edf90991270e5a676e012cec23dced623280867a7f46f1cc731d39341b9f86e2 status: experimental description: Detects traffic or activity related to http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.70.205.211/plugins-dist/safehtml/lang/font/kworker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.34.236:38939/i id: auto-5b0ea4bf01a52f827b1f7a76b4dd0da3cb0c6d5599d8f78b0d6f0a1b6fd20738 status: experimental description: Detects traffic or activity related to http://180.191.34.236:38939/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.34.236:38939/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.203.72.209:49618/Mozi.m id: auto-5a6dc7808554a1404b6288f8db7a8af431f999cd45c4cc2f5e2ad20823b415ec status: experimental description: Detects traffic or activity related to http://103.203.72.209:49618/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.203.72.209:49618/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.88.134:38249/Mozi.m id: auto-5e9bbe5a6311848c0d9d21763b450c22ddfb9b7175778fa4ac230b8f7269f048 status: experimental description: Detects traffic or activity related to http://59.92.88.134:38249/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.88.134:38249/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.167.169.152:38454/Mozi.m id: auto-745335850c4b671eed94ab46f756f26182e7d28513d37f74cf0777700b56869f status: experimental description: Detects traffic or activity related to http://66.167.169.152:38454/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.167.169.152:38454/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.255.18.8:43694/Mozi.m id: auto-0f9f0510d32bc444c7f8555b2d51a5cc96639af728e26c483570b1bcc2c8cbbb status: experimental description: Detects traffic or activity related to http://36.255.18.8:43694/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.255.18.8:43694/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.5.0.216:46021/Mozi.m id: auto-ba0e7178796166752e4a8c707395367db0c8ca8c1fc03a98134ed22319ded521 status: experimental description: Detects traffic or activity related to http://139.5.0.216:46021/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.5.0.216:46021/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5729578977/kF7xiki.exe id: auto-810354873584466f5a2a13c07a7caf14f3b2f723a00a394b55eedf5646728866 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5729578977/kF7xiki.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5729578977/kF7xiki.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.230.66.105:11666/Mozi.m id: auto-534f08cb4c991a2df72193dbea387c2147ac3ca5a1721dbd9fb74d6e7483e3b3 status: experimental description: Detects traffic or activity related to http://45.230.66.105:11666/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.230.66.105:11666/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.252.159.79:59437/Mozi.m id: auto-787cf7d79a0873c4f1628cdd4eb0d865bf28172e808e3acb58ce5b9735bd80e3 status: experimental description: Detects traffic or activity related to http://43.252.159.79:59437/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.252.159.79:59437/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.98.100:55857/i id: auto-ed0b98645a17624976e9f7611ce1d8f6b0f6de4bfb59386360ae54c22bfd2243 status: experimental description: Detects traffic or activity related to http://110.37.98.100:55857/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.98.100:55857/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.106.11:55742/i id: auto-5c56aff8c4c5c1459f920c35d1c9a3debdf0bc56eb32305ca18c481192fef916 status: experimental description: Detects traffic or activity related to http://113.228.106.11:55742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.106.11:55742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.132.196.41:33693/bin.sh id: auto-096d093a9e0bcfcde0e900653c2833b5504ef954966a1627bd104ec1e606e5bb status: experimental description: Detects traffic or activity related to http://219.132.196.41:33693/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.132.196.41:33693/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.45.38:57709/i id: auto-4d65d695b0a545b32605a19f581bd755bf8af031a633620e559f8431f3a98265 status: experimental description: Detects traffic or activity related to http://222.141.45.38:57709/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.45.38:57709/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.133:53462/i id: auto-1ac855a5d177a546d59eb5772323e63896ab2708674be035c4a10a06821a62cb status: experimental description: Detects traffic or activity related to http://115.63.51.133:53462/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.133:53462/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.170.177:34289/i id: auto-100d7d76a48957b94f4656df96a266b118fba3f937350a5ed72193cc2a3ae916 status: experimental description: Detects traffic or activity related to http://123.4.170.177:34289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.170.177:34289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.34.236:38939/bin.sh id: auto-c64dc533f5fed682770259d0cdd05cbfbd930f38e33c4cddfd3e015f4e88a99f status: experimental description: Detects traffic or activity related to http://180.191.34.236:38939/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.34.236:38939/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.45.38:57709/bin.sh id: auto-12bb3ec3d4f9d9df563a13576afc1c02ca608877f50ec0692b5a16153a1fa1da status: experimental description: Detects traffic or activity related to http://222.141.45.38:57709/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.45.38:57709/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.250.17.29:41932/i id: auto-99f17eedd0a49cfc53de9df8dbf882d1e23adb9a5731cf4d67d856c758a7a3a4 status: experimental description: Detects traffic or activity related to http://162.250.17.29:41932/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.250.17.29:41932/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7377994722/LHB1O5m.exe id: auto-88280682193683de7247b4828dee651ca6aa4bd0e06b5a80845d7bd22055283c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7377994722/LHB1O5m.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7377994722/LHB1O5m.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.196.140:59191/i id: auto-05c08dc0a7c0a013313d49a4a0df100a0515031c982f1a1968a0596318fc11c2 status: experimental description: Detects traffic or activity related to http://120.28.196.140:59191/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.196.140:59191/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.196.140:59191/bin.sh id: auto-1ae8c6d39465c24f868ca0bb43b5fc1642846e252889e94a94215f545b453c42 status: experimental description: Detects traffic or activity related to http://120.28.196.140:59191/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.196.140:59191/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.133:53462/bin.sh id: auto-60545447db729743d867140832c3982066fcc5f2cfec5e2d9209abea1d6bce66 status: experimental description: Detects traffic or activity related to http://115.63.51.133:53462/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.133:53462/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://b.clu-e.eu/t.sh id: auto-dec0f2216e1b10134353af8d6e6ddc25a2c404902307c614a385c898d16c21c5 status: experimental description: Detects traffic or activity related to http://b.clu-e.eu/t.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://b.clu-e.eu/t.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.250.17.29:41932/bin.sh id: auto-f63c55a844d7093c455a40799dd7169d0521dac8c8bfa8da786b5c34716085c8 status: experimental description: Detects traffic or activity related to http://162.250.17.29:41932/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.250.17.29:41932/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.170.177:34289/bin.sh id: auto-4bfb2e940fa709bdd9b8f18f53b689c7435e0a717151434743215cff612562ae status: experimental description: Detects traffic or activity related to http://123.4.170.177:34289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.170.177:34289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.244.129:46507/i id: auto-bdcd628cf61d3378bba261af01f742403464ecdc795eab2b10f7d227583fc49d status: experimental description: Detects traffic or activity related to http://123.9.244.129:46507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.244.129:46507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.28.233:41221/bin.sh id: auto-511468b8fd92684e3a45d5bf20b3574d153952cfc3f70b895a8952aadc261e83 status: experimental description: Detects traffic or activity related to http://59.88.28.233:41221/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.28.233:41221/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.46.93:44420/bin.sh id: auto-676d10f3ba15afb220ee719280089d2515e4420e55508868cec28e323efe7798 status: experimental description: Detects traffic or activity related to http://110.37.46.93:44420/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.46.93:44420/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.56.220:50572/bin.sh id: auto-0f00e5c44035e95f662de7bdb447bbd354ae82961f479f9f234f402143650c32 status: experimental description: Detects traffic or activity related to http://110.37.56.220:50572/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.56.220:50572/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.112.65:33552/bin.sh id: auto-8ee481238f21029321b9c98a1bf049c26e21ba666263e6815a5bc2160764a5f4 status: experimental description: Detects traffic or activity related to http://123.9.112.65:33552/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.112.65:33552/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.111.122:37841/i id: auto-74edb1d26c9469021785d035c4149b08b6ba5a26ba8507a61a7551b5807e42fc status: experimental description: Detects traffic or activity related to http://110.37.111.122:37841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.111.122:37841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.231.137:37666/i id: auto-1cd7d9b7384125cc5a15a6f2a77716060257b6b82e51d268562c823536d00153 status: experimental description: Detects traffic or activity related to http://42.232.231.137:37666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.231.137:37666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.40:40743/i id: auto-aea64910307f252df295d290cb7616bc018ffa924482a3ebe26cc9a42e168078 status: experimental description: Detects traffic or activity related to http://117.209.91.40:40743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.40:40743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.244.129:46507/bin.sh id: auto-9bbf1f454e313ea5581eea8b603ab2efbd9cc4dee07c22ae74b5694ac9320a76 status: experimental description: Detects traffic or activity related to http://123.9.244.129:46507/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.244.129:46507/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.154.78:52505/i id: auto-a9cba4a4e422dfe31eb8adb565e6e42878513357636a814a39a375c3d43db966 status: experimental description: Detects traffic or activity related to http://42.229.154.78:52505/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.154.78:52505/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.81.185:33814/i id: auto-473beeb0bf9d1cff2c434709a0dc40f80cbb4fa86aa2423e407956d24d6bc8cb status: experimental description: Detects traffic or activity related to http://219.156.81.185:33814/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.81.185:33814/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/arm5 id: auto-29e5f07d897764c62232544aab02746ae53258505a62060f2747ddfcb017a78b status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/debug.dbg id: auto-0f1115a981204547fc93cf61f29e859f1f527e1e2790f09384927eb9b8cf93ac status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/mipsel id: auto-2382616b8fcb697a76e7657e37066a41ab3f4fc98270cdcd99e453fad224b5bc status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/arm id: auto-741bcab751d111bf12641f8d5abd0ab13596deb21c9facd075cdb06e19d3315d status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/mpsl id: auto-bcb36ba205f73b5d45b70d663aa5857469407a387e3209c3ee2a3a4dc28e8cb5 status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/mips id: auto-72a864a0bc221085c164f288387e3678002051010320c3ee42e5de804649418c status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/ppc id: auto-37bddc6e00140eb7b3e0f607f206e4f01d4e29523a4f64a80ccdbc9b77cb547b status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/arm6 id: auto-13dcbb694955d1d018d44d97e3864e7ad788a6189777ea458116e3d5261882f3 status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/x86_64 id: auto-152dc935332287d82ae8795b75bd1910ecceeb3055ea4e503b0a9f56a0624c8a status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/arm6 id: auto-0a81f794a545a419bb9652fe4b95132811f3076cf4e48ead9fbdfd2b3c29dd1d status: experimental description: Detects traffic or activity related to http://139.162.20.230/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/x86 id: auto-14d05636f38bb22e9a8232e951025daf4eb14940f5bf0083a73f6cc93b627b3a status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/m68k id: auto-6d51c4222e88a7f3a1e594f861cf3cd56f8d391c96d2bbe641ef824f0bd58050 status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/arm7 id: auto-32a270ca200044b9cd87849ac926c11ad4d038d8ba08432b4c4260bf4328e5f0 status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/sparc id: auto-4075b88e19e00e49d6f98f8e0e45ee6794288cfe7d30ad2586fc59ade6eafeb6 status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/spc id: auto-f585b0c7afdf9150d05dfeff8f31762b61825ceb600fb7e3acf282b447ed3ef5 status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/sh4 id: auto-eabdc5a2646f366053ba3b99396fe86255db08501b1e87663228b6d0504b8e7e status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/debug.dbg id: auto-375c46e28d65f17b0cb05da9519989d45ce014600d4ba53e9e64665e804485df status: experimental description: Detects traffic or activity related to http://139.162.20.230/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/mipsel id: auto-ab9b0d2d720d6d450dba1c1b257b4376e4aa03045d2aebbc52ef64e6a6165682 status: experimental description: Detects traffic or activity related to http://139.162.20.230/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/arm7 id: auto-d361133736eac94e637a1bd7455670256d2fd57b754836edeb156d9dd1aceb56 status: experimental description: Detects traffic or activity related to http://139.162.20.230/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/m68k id: auto-d3d3cd203f959584497595672ccd40b379c08b8cd0ccc7746c5581a1dd38a6df status: experimental description: Detects traffic or activity related to http://139.162.20.230/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/spc id: auto-2285e258738e446460dfae4ed55aafd3c27ddf8ca1afd8402d127160b98b5935 status: experimental description: Detects traffic or activity related to http://139.162.20.230/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/sh4 id: auto-70b5cedd0f7fd0db164227b61cfc8acfbc4794fa3a748ef2ad9dd9ecb908da97 status: experimental description: Detects traffic or activity related to http://139.162.20.230/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/x86 id: auto-22f88f5588e8a35e5440fcb7d70f266b61e236228e7ea32bbb1265f52b48d650 status: experimental description: Detects traffic or activity related to http://139.162.20.230/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/ppc id: auto-cb8e17138b464639e165d807fb00acdb2a502c2c1fdb01efbb003043efa4c5b3 status: experimental description: Detects traffic or activity related to http://139.162.20.230/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/mpsl id: auto-1ecae20c7a37f86125a8f51ef4be2173f8a7e3cdd23f27a963726ee8acbc1d72 status: experimental description: Detects traffic or activity related to http://139.162.20.230/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/arm5 id: auto-7cae15ae477279dc21f993d64a051b1da469e8ee6ac44781e578a3fe663c43d0 status: experimental description: Detects traffic or activity related to http://139.162.20.230/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/x86_64 id: auto-f8a809455f95bb0b097949e890c92ce4884fec0d3960cba1e8d644aa6f423ab5 status: experimental description: Detects traffic or activity related to http://139.162.20.230/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/sparc id: auto-5f10bb66c447a07bdc0f8e4d21fd0b51069ec7cddf7f3de67f812af2a4de1de0 status: experimental description: Detects traffic or activity related to http://139.162.20.230/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.231.137:37666/bin.sh id: auto-a7ba6901f8b30c5f6b8c9992b73b83d29d5298a8732af9c3d851267c1628e883 status: experimental description: Detects traffic or activity related to http://42.232.231.137:37666/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.231.137:37666/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.154.78:52505/bin.sh id: auto-7e3c92d3840390123ac305f30c55f1af541d33d7cacc3bece433e71fd911bccd status: experimental description: Detects traffic or activity related to http://42.229.154.78:52505/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.154.78:52505/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/wget.sh id: auto-b230e41969a68ffaf1ed2f34280037eef2fbfb0278b1ddd389cef642a626859a status: experimental description: Detects traffic or activity related to http://139.162.20.230/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139-162-20-230.ip.linodeusercontent.com/wget.sh id: auto-b04a53cd13e5d022963caa1c955242ea7986cf5eaf1b0694f9aa4eacb224967b status: experimental description: Detects traffic or activity related to http://139-162-20-230.ip.linodeusercontent.com/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139-162-20-230.ip.linodeusercontent.com/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.81.185:33814/bin.sh id: auto-91693451e1f0af7dc6cc98995685d394288495b583020f8c8b29526cbfb63d90 status: experimental description: Detects traffic or activity related to http://219.156.81.185:33814/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.81.185:33814/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.247.164:50557/bin.sh id: auto-26a45bcf51c8992e832770d914bf4213a747310d9bb518c81880c6403a9c7264 status: experimental description: Detects traffic or activity related to http://110.39.247.164:50557/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.247.164:50557/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.146.253:57839/i id: auto-61846ee4b85123c1b0d920216a6cf4fb33cb1f212cc23e2e3113df55c4c80c5e status: experimental description: Detects traffic or activity related to http://112.225.146.253:57839/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.146.253:57839/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.205.250:35967/i id: auto-cbd601b2b8d83b57e727c603b72b725c2bb8e9e5ef1c569bdbef09839593a7df status: experimental description: Detects traffic or activity related to http://110.38.205.250:35967/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.205.250:35967/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.mips id: auto-4bf0d6c2741db6526c3682816317fe6e5ee5433c14e3cb652a5bf3a4db86917a status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.x86 id: auto-5aa1b091862dc2964860f5b0194962a31e1576b7313d89cb00de8f92cabb2957 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.arm7 id: auto-9190650f9c98917d1f6ebecc443499b6de40fb23f1aba7d310cacc05e4f0a6c5 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/obs.sh id: auto-c6991ca991f86b83f4bd5d3b586d0341c5de7186615cb22ce0dda8b3fe1be49a status: experimental description: Detects traffic or activity related to http://91.92.242.88/obs.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/obs.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.arm5 id: auto-ff6e2e901cfbc88e5d96e7719bba4020292a03d1ec64c131569a0a0742f449ad status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.arm id: auto-496500845f3bc72c7aa6eca3d9d25a1df3008404e1ca743329c72014f517f92a status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.ppc id: auto-7cfa17b6bfa484110339f5677cccb7f66229900f246f88cde25d1e1c568425f8 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.arm6 id: auto-f721d42bce7070a57fb8a5e2907450b0a7a3641357bf166f44af9ad4dfbfc923 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.x86_64 id: auto-9254f4a16a38b813e687f12241c562cdfb50704a534724360ded61bcf02f5497 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.spc id: auto-58f63767d700127f7704943cef139524d7c244b9de38f6f726ddafec00533de8 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/bins/vcimanagement.mpsl id: auto-db2f35b0087968937f514b3ba9ededba541f932dd27602f23e5276759d9ca122 status: experimental description: Detects traffic or activity related to http://91.92.242.88/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.146.253:57839/bin.sh id: auto-bec6a8b4daea5fa39b02419b07eab5b9f6675732d99e85a4ded69e1a7df33239 status: experimental description: Detects traffic or activity related to http://112.225.146.253:57839/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.146.253:57839/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.235.167:40324/i id: auto-dc4ea02c7404348feed83deb94628dbc9993cd42306cd503bab936779d1cdbf5 status: experimental description: Detects traffic or activity related to http://42.228.235.167:40324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.235.167:40324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.39.59:48939/bin.sh id: auto-8b757aeb9a4327d25d91b0193e3e5eb20bc077a08f46f88dbd693a03a2f3d647 status: experimental description: Detects traffic or activity related to http://61.52.39.59:48939/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.39.59:48939/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.235.167:40324/bin.sh id: auto-557cbe8c507699eee26afb6ef42cc820cc1737fdce0b1c4b5c1a5afa62a258c2 status: experimental description: Detects traffic or activity related to http://42.228.235.167:40324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.235.167:40324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.127:5000/DE/Rechnung_093392.lnk id: auto-f5d0b4d8f41b194b6a22dac1da61f27322d0236e7bd2976004308d883613ec3d status: experimental description: Detects traffic or activity related to http://91.92.240.127:5000/DE/Rechnung_093392.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.127:5000/DE/Rechnung_093392.lnk*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.127:5000/bill.wsh id: auto-6c465fe8696b11779c5c17c3409c29a8861d674a2d788d94ef746b474ea50117 status: experimental description: Detects traffic or activity related to http://91.92.240.127:5000/bill.wsh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.127:5000/bill.wsh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.127:5000/BB.bat id: auto-547c57f0707e42ca951bd1503b3ed119b4a8949f7bc8cbdf729b81e5a5ffd339 status: experimental description: Detects traffic or activity related to http://91.92.240.127:5000/BB.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.127:5000/BB.bat*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:56360/i id: auto-85a6665b9d5ef2cd6036014d73e9dd4f38ba321a92cf7e844097da21c7a3cc5a status: experimental description: Detects traffic or activity related to http://110.37.52.120:56360/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:56360/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.27.199.101:55209/i id: auto-488c07858f44cf89a12bd92bb953fe0e27ad3e70f32a48a4442d09cc4532bae7 status: experimental description: Detects traffic or activity related to http://112.27.199.101:55209/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.27.199.101:55209/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/26ols.bat id: auto-4b235b09ae51f38857e5fac7aa2b1f2e2f155e7533e50ea988f6de002c2105b1 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/26ols.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/26ols.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/msn.js id: auto-c48b538077caadbb1e1d12d874d272c2b73a6aba08e19eb6ce8ac2c833a279d1 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/msn.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/msn.js*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/iov.wsh id: auto-01e38a9ab2624b11931121a3ebfb40a9bcc3d83e2d5c9b3c7a0e06cf9e0ce1f7 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/iov.wsh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/iov.wsh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/son.bat id: auto-417aec9833052788a973d39f272712fd7972b6bd89a0d7f75d8eaec2f3158cd4 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/son.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/son.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/drucken/Rechnung-vom%2020.01-2026.PDF.lnk id: auto-b867fe104a4610e2857e6be7b1671fd1e7066b13bd91804f1c370706d7516e09 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/drucken/Rechnung-vom%2020.01-2026.PDF.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/drucken/Rechnung-vom%2020.01-2026.PDF.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/vwo.zip id: auto-0ba7188d42d6f0ff8eeb8762cafb275745700669415a8392cc5a495ce0df086e status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/vwo.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/vwo.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/buch.js id: auto-8b8acdc4a2d4a7b708d33c3cc7ad56fc61c404eda1de4ecadb1435a6713838f4 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/buch.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/buch.js*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://grades-stock-set-ana.trycloudflare.com/dam.wsh id: auto-93c291144363b968cdc9db3768da5bd5394f175abaaa67ada9a8861e7d9bf965 status: experimental description: Detects traffic or activity related to http://grades-stock-set-ana.trycloudflare.com/dam.wsh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://grades-stock-set-ana.trycloudflare.com/dam.wsh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.205.250:35967/bin.sh id: auto-b00d907012c8b232caaef343cec6426711668cb08ad05b19f191cbc8a63ddf45 status: experimental description: Detects traffic or activity related to http://110.38.205.250:35967/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.205.250:35967/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/mipsel id: auto-050020bad03e795fc7f3eae8ed5e2e5e07d58eab8a8bf64e1d69f293cbb9f6b7 status: experimental description: Detects traffic or activity related to http://64.89.163.194/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/mipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/m id: auto-5f30e7c90e2a17cbd847f197749a857a139a5bf845c09d74557090b56c7d5edb status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/m*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/m id: auto-4af8fc651c2ff5de42a483e8704ce16145bf6b1bd4c70f532e4e97f1914df201 status: experimental description: Detects traffic or activity related to http://64.89.163.194/m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/m*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/arm7 id: auto-0581c2a48e460fc81525a63faabe1ea9bcb5285ba4c8c46200f104f802dde4c2 status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/x86_64 id: auto-2c479e1febe3b5e359bd89cd314765b861c11b48408c1c81b7df09ebe2595070 status: experimental description: Detects traffic or activity related to http://64.89.163.194/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/mips id: auto-4b1c09943b738a914c95aac2b998abac4e3abe632a38becd6eeecb69411bc1ca status: experimental description: Detects traffic or activity related to http://64.89.163.194/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/x86_32 id: auto-43a0f78bda92036420b9c423ba57032654bb4c726652a2d7d581c948d06c34f1 status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/x86_32*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/private.sh id: auto-be6c1f2c2814c62f78e7835de59f1b0ec427d24b820b9151ca52af5452f9212e status: experimental description: Detects traffic or activity related to http://64.89.163.194/private.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/private.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/x86_64 id: auto-9871f45fedd343da8349a1f2b5ab27473cff25b624cb832177cbe7068de9f0e2 status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/mips id: auto-49e4592d32794b74d9ce5a42498bea4800544547d1737b2f56cbafe3f2932cc2 status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/x86_32 id: auto-6931462117ba1f1e853918f6aca3db91866a2ba960ad5269746f571dcebe43c5 status: experimental description: Detects traffic or activity related to http://64.89.163.194/x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/x86_32*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/arm id: auto-f26788d5d0e7b161a8a50bd749b4a1c3528c50f4856e51d4cbfe8799d707ff61 status: experimental description: Detects traffic or activity related to http://64.89.163.194/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/arm id: auto-0e7ff6b4d5185d5214d73784a8c3f6fb27fa627e210f43c9987381ea533b825b status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/arm5 id: auto-e41749dd2890eb4bfb52cae2b93d96b258ff3aebc807c37c4d5a879acd83b13a status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/powerpc id: auto-25c22956720eae37a7690df6c4d83374635672a242aa05a9c909af44ec400730 status: experimental description: Detects traffic or activity related to http://64.89.163.194/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/powerpc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/arm6 id: auto-bb0f967764a990c35741ff251b2b655e912a5e20a5e51ece02f320567e2edef3 status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/arm5 id: auto-a1ac459e6dd8dc11b2fd081c85aff07e4f90d4220003c63d9f1799912a197577 status: experimental description: Detects traffic or activity related to http://64.89.163.194/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/powerpc id: auto-5ac31291c6e97e95b64279e3c34728dc451f2ffd8be269a5525965e11deb260a status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/powerpc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/bins/mipsel id: auto-9c58ed80ea9f4933e554602fbf7beffb89d5cb79ff0c31948e69919aa85626b2 status: experimental description: Detects traffic or activity related to http://64.89.163.194/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/bins/mipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/arm7 id: auto-8cc2de183c120e8bb6190d5e987626845511d532873965ae5404caaab68221f1 status: experimental description: Detects traffic or activity related to http://64.89.163.194/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/arm6 id: auto-12145010e9c3e4d48ca74cd96d2e3ec676a69d606f74f2eaaa3b5a648666bece status: experimental description: Detects traffic or activity related to http://64.89.163.194/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.194/downloader.sh id: auto-692777e35e53bf2c16576b498262838791e491af7916818185bfa065f0cdc6a1 status: experimental description: Detects traffic or activity related to http://64.89.163.194/downloader.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.194/downloader.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://accrochezvous.fr/plugins-dist/safehtml/images/cc.txt id: auto-3101011348b188caa420b4b26d455bbbb3df644eccabebeb22ac17f7588db413 status: experimental description: Detects traffic or activity related to http://accrochezvous.fr/plugins-dist/safehtml/images/cc.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://accrochezvous.fr/plugins-dist/safehtml/images/cc.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://accrochezvous.fr/plugins-dist/safehtml/images/cc.txt id: auto-c6c50f79ec2d7d59e8487fc3e3515d9b4fc80df3a279a12e847ab3c07f004f17 status: experimental description: Detects traffic or activity related to https://accrochezvous.fr/plugins-dist/safehtml/images/cc.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://accrochezvous.fr/plugins-dist/safehtml/images/cc.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upppc id: auto-394efb962e90e1bff35de23f7828b6b933dba967467afb562a991ea2ad6a1c55 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upm68k id: auto-85459a34e7adb09d5659351d3f4d0f0033d19cd67ecfa8935b7e0e3ce15f7e43 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upspc id: auto-7550ce6dca692d4161c70588fd3c08189151ab6f9ea63ff41c8c9812cf4a154b status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upx86 id: auto-ddafda99da1b9951f26a24777b0d51e65bf77283c51e27aa510c1b91d1bbb9ed status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0uparm7 id: auto-136f4c1b829e398ba0c45320bb401da112c2c1dd7eb804e50476a890b29dc427 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0uparm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0uparm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upmips id: auto-4658e19765609a7970f2c1efa6c6995a724a353b4142eac15be09d3d2f9a8ed1 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upx64 id: auto-b9d5b112740eb38f9f4d9fdcb1e2108635aff014813449250c5408020f190e69 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upx64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upx64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upmpsl id: auto-ee6c9fdeb6553301fed5553112ac5b3c9da439a3448299c8e7fcceb62b270fb1 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0upsh4 id: auto-d2317159b3dc9bd1607f99cbd1b2dcaf053ab471cc1ef8abe87504e51b3d7af8 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0upsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0upsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/o id: auto-f1769a877036e97cf9017a49da8ea1aefbd994d75029e3cc32c1d689e42c5d37 status: experimental description: Detects traffic or activity related to http://109.111.55.252/o which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/o*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0uparm6 id: auto-c41a3ffc064c79d0329edad908ae1650c1b010c5ccab378a84b4775fdf51c170 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0uparm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0uparm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0uparm id: auto-9ed9f575526d2a5e78ca47f32015f8a55e19f8b3ccba576953ea032ad24b22d9 status: experimental description: Detects traffic or activity related to http://109.111.55.252/0uparm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0uparm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.252/0uparm5 id: auto-904fff5ff6d21479b4dfa25660815c2a6bd6dee079d4a3f2849c50bb4fa402fd status: experimental description: Detects traffic or activity related to http://109.111.55.252/0uparm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.252/0uparm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.169.33:51135/bin.sh id: auto-751d9399105e94a6269ee6ee978148acad96659ad8169190fed808a9b246ebc1 status: experimental description: Detects traffic or activity related to http://115.50.169.33:51135/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.169.33:51135/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.mipsel id: auto-fa60237f9e9d9dbaf3aa534d5be7c9f19c360923a09bb55dd9f47327cc62225b status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.mipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.i486 id: auto-088864a918df3431436ba21c0da66eb2a536d227320e7c6104f2bd6999346173 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.i486*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.i686 id: auto-805f726dc1f9de4551bbdabadaf1742ee4f56214e8b3b99cdb5aadc6ca982e35 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.sh4 id: auto-867d8e597a5412b39279c2691d9ab9fee59c28f585736a291514cd4e8d5de2fd status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.powerpc-440fp id: auto-f428f091a31694be5cb01a4a2f416450206e854c5bc3658108eee1e25721e805 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.powerpc-440fp*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.powerpc id: auto-864038da712ab55248fc2b2e2bb6f2aa23a8ad7674cbaf91bb373b111fa4fcea status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.powerpc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.x86_64 id: auto-006f3b6e02647b5d7904e867d4821e90b69054117e45a9f159be600da0ce2fb5 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install id: auto-e3c2975f52446cfb297be46b462981299190e580e3e9a307fd4c2a2c333e7a1c status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.i586 id: auto-ee899e7451b337a513ef32a1061b852c41387fa4797973cc390a94f8e2451916 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.i586*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.armv5l id: auto-fe8c8604c9c8268efc412322359eecbf3e64f50d3fcdd5c33f46ad48f244fee8 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.armv5l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.mips id: auto-8c73de102081f72c4f26f02f472632faa4d65099765c7fe4906e71e1d355c54b status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.armv4l id: auto-a990f21c5763eccceb1fbd84038eda512af09bd2e06e3a60647a216ea57caa7b status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.armv4l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.m68k id: auto-e76336c568319a8b9faf2fb4f41dddcaf5f85add86da6f28e9f3bbf7598c005b status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.armv6l id: auto-357cbad33df1b204d7c847b26c7a2060fa3138b924adc259396f34b7760324a2 status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.armv6l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.98.85:8080/bot.armv7l id: auto-88b4aaa9425c3596ec8c9231ae576b258fc7dc4f26512433ad4cc81eeb70660e status: experimental description: Detects traffic or activity related to http://45.90.98.85:8080/bot.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.98.85:8080/bot.armv7l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:56360/bin.sh id: auto-927188b26b962da9fc0747d475a03058f5754957825a9234dfb1909f57a43158 status: experimental description: Detects traffic or activity related to http://110.37.52.120:56360/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:56360/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.m68k id: auto-a2cc47d3f36f152d040f0cc862a333c307aeaade61770ab0719d025797062858 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.arm id: auto-3cf906b948cf4b9af3af423f50eb1cd3ea1e3332610da8e48dc42d47cefe7420 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/wget.sh id: auto-48335f8905eef1d103c0279bc30a25082407b9b2581360d5149f6cfc35b30cfa status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/wget.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/run.sh id: auto-da89b4dcea6df3cba0a540696da17b098005f6f9b56312c60d3bce925d353099 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/run.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.sh4 id: auto-fa2b530d66a9a19764cd513c6c0a04b7295d177bd7ff8fcd63f4c576c0751fbd status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.arm6 id: auto-6113298922666e473d28316abfff9de3c337ceb4ed54f01c89ec4cf2f6e8fddc status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.arm5 id: auto-151939b76e07f151cfc4993de543f7fc649e7dc93aa38408bd75bf5b8c3fdba7 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.mips id: auto-5aacc2d1db48bed56bd8abcdc216416e35972ed79374b0884ae1fcb90df99bd6 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/c.sh id: auto-dc6a2ed614f8e10d93f7d18b716d619ad6c5773278924f4ba2639172f3ae0008 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/c.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.mpsl id: auto-959d8ba1682e50155d73b6af960719f959eab0fead2a86e0bdbc37dabb828006 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.ppc id: auto-4ff38fb99e3e62f292b698d85ecf94d7227416738d700a6bafef29155a4db246 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.spc id: auto-33985f7cc8f1c71f75f872090e581dfc403bbfa91c7e757e4c9f15d6d696bd77 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.arm7 id: auto-3e640863cbb3bd097f3742dcf91ffd601aa3ce4436f4ecabed15bccc2480cd82 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.219.150:551/bins/astro.x86 id: auto-ec75331242e6fca32f021bccab5d12b685354d0c474ebdc5b8af47d133c7fbe2 status: experimental description: Detects traffic or activity related to http://103.130.219.150:551/bins/astro.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.219.150:551/bins/astro.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.226.237.11:45035/i id: auto-3362aa639b7a19682df91c48c10e22056068cb77e73cbbc573901b8c1890ba00 status: experimental description: Detects traffic or activity related to http://85.226.237.11:45035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.226.237.11:45035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.79.64.164:8888/02.08.2022.exe id: auto-40a0d2bbb662be34c0b74ed096fb0f20cabd8be92a08ade8d3c6c4a3e1cce953 status: experimental description: Detects traffic or activity related to http://120.79.64.164:8888/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.79.64.164:8888/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.221.187.11/02.08.2022.exe id: auto-2b9c9edaaa246cdecd76c70784753e4faa85148b338e4c7e5fd1b52acf930cee status: experimental description: Detects traffic or activity related to http://124.221.187.11/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.221.187.11/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.189/02.08.2022.exe id: auto-e0dc2e1e8b3bbb733d58dfc439199c715966d8a0afb12de48b5395bba30c8133 status: experimental description: Detects traffic or activity related to http://64.89.163.189/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.189/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.97.180.71:2154/i id: auto-07803ce0d452725f7310315d3bfe79f3d31e6a2863b3e376f4f6505e3629304d status: experimental description: Detects traffic or activity related to http://138.97.180.71:2154/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.97.180.71:2154/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.129.21.74:5500/i id: auto-558372002956e7a76fe8affb8def7681d3756399e348ae95728f18225cf82186 status: experimental description: Detects traffic or activity related to http://181.129.21.74:5500/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.129.21.74:5500/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://98.128.185.13:53571/i id: auto-354a2a321b7db1218af401eecec59464deab6c5527816ca0f5d33d42a84f406f status: experimental description: Detects traffic or activity related to http://98.128.185.13:53571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://98.128.185.13:53571/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.90.205.117:18963/i id: auto-bacaa1cf19d4bc9809a8301b632d647b38933f830e61019822aaf93bf8077a9a status: experimental description: Detects traffic or activity related to http://103.90.205.117:18963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.90.205.117:18963/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.173.126.227/sshd id: auto-8c9ab747d9d3e9e3e141dba98ebf87d8987e3e8f9a4c8a90070e729f758d529e status: experimental description: Detects traffic or activity related to http://14.173.126.227/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.173.126.227/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.33.238:2000/sshd id: auto-308730c65af5e8dad89fb82eef8e8b0a964f528167952636764cc0f18f8699dc status: experimental description: Detects traffic or activity related to http://59.88.33.238:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.33.238:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.137.134.87:8024/sshd id: auto-9c10f7ee31c4708572da4567a29ce76b2f9412e4c53a958552dc304e9da749dd status: experimental description: Detects traffic or activity related to http://77.137.134.87:8024/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.137.134.87:8024/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.11.101:85/sshd id: auto-ad2fe3658157fee46b6495f1fb409102f3c53f1020ecc192be52a551753fabb6 status: experimental description: Detects traffic or activity related to http://120.157.11.101:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.11.101:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.166.116:9301/sshd id: auto-1c9afcad7bf5ece7eb873cdb22968228345fec7801b51c91baf6cdd2b99967dd status: experimental description: Detects traffic or activity related to http://178.50.166.116:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.166.116:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.234.175.204:8081/sshd id: auto-1c288bd0c8b68a8fae18cfbce5bc8e993c4b2579af0c13208c4fb4f64038b803 status: experimental description: Detects traffic or activity related to http://185.234.175.204:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.234.175.204:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.60.13.15:2004/sshd id: auto-434ba464c8feeb19a5920c74c2e4e6f4db2f20ceb8ea983692f1ed035d36af0d status: experimental description: Detects traffic or activity related to http://182.60.13.15:2004/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.60.13.15:2004/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.233.151.169/sshd id: auto-1e7231e0ea9fc484c2fed58f42a7d0a1bd471af9dd42358991f1ec1e61414f03 status: experimental description: Detects traffic or activity related to http://14.233.151.169/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.233.151.169/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.200.27.35:8080/sshd id: auto-09b73ea5a070774abf183737a2e457bffbd268d9713316febebbf69e0070bdf1 status: experimental description: Detects traffic or activity related to http://181.200.27.35:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.200.27.35:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.24.74.0:10052/sshd id: auto-c6daa3714d16ae0f9f684028f100204a9e519796356d5ada2e593e8675bd308b status: experimental description: Detects traffic or activity related to http://88.24.74.0:10052/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.24.74.0:10052/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.24.74.0:10062/sshd id: auto-b38f17a055054edeb47d096d6e95fd61281492ba163adea8b39ae19f2d016a9f status: experimental description: Detects traffic or activity related to http://88.24.74.0:10062/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.24.74.0:10062/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.181.193.157:8080/sshd id: auto-220bbca3d6bdef6b05aaea23a19a16429829cee6a8fda12f7af41a983ffdfe76 status: experimental description: Detects traffic or activity related to http://77.181.193.157:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.181.193.157:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.143.84/sshd id: auto-44586f00cf4bcfafe4aeb2cf9eea235404b75ba41de18910eb57fd310eb3d697 status: experimental description: Detects traffic or activity related to http://91.80.143.84/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.143.84/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.206:39270/bin.sh id: auto-0e51316c06d65b50583d6a40a09583d41880b05f69f337ac1321f9c050dd554e status: experimental description: Detects traffic or activity related to http://117.209.94.206:39270/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.206:39270/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.arm id: auto-96acae4b2c24cae3832305bfa0452cae7456ca2d5f7c0f8189f5479b710b24bb status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7870243899/LtpEjjE.exe id: auto-1ee7d42408215c3cdda4359b81d8289ebc5be91b1894fc36c0dd78286e588673 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7870243899/LtpEjjE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7870243899/LtpEjjE.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.x86 id: auto-397906d961509ad4d248ca68ff21e79eb8495c9891c4fe26328300ca7b859d8f status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.aarch64be id: auto-059c7af1e92d1de13ca5c6139040e1986c21d7c9995cb0934ef511bf6d13bb4a status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.aarch64be which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.aarch64be*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.mips id: auto-9735915c76018fc3789b4dd7dfbdea1840f9c6114c76d15aa3943f958805ef08 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.aarch64 id: auto-53b3aea03116fb5fbb3cd994f92327d9fe6007e8debc9400e5fc54dd712f8c01 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.i486 id: auto-d9f7c752ff9a1a6ed54c4275eba7e6fb5d681c7a957caa48e6d7ac4a91412954 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.arm7 id: auto-14ea1b4e8dae13dd9dd90334ebe8d4218dff99e98ae7de9b311c0d90bbb72256 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.mips64 id: auto-53bf33162bf4604c7bc88d71c636aeda66b4ac1c9540d4a1d156dfd146f03301 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.sh4 id: auto-d945439e8503adf82033e57d7d593d1f4af2780ded36a51fbc2d027d61414468 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.225.138:48161/i id: auto-7d196f92b57bfccd2701a409e27506901c7a3e3f4c5d24ec8bca6c8e3779aa22 status: experimental description: Detects traffic or activity related to http://182.121.225.138:48161/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.225.138:48161/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.i686 id: auto-839da5609e95889021989a56ae91513bb4c3cebec8f97b0e4e21f222ed160253 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.ppc id: auto-63868b388936904352805c1fa8a25f8f048793a2b4412f4a6a0abb0d2428cb1a status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.arm5 id: auto-4b443f6a18a0be2d99008e35c136d13d9f77069c0af46f3e8ffd244ea97eb1e9 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.ppc440fp id: auto-563b1347b2b0d37a3d94b1fc3b4367d9cf3ac5691f807f4ef8909418e93e1988 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.ppc440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.m68k id: auto-84732e3a7f5e1e41d7c4f7530b964278b55d07b8605ddd3c336c8c4418a53be8 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.arm6 id: auto-2fd145dc15e90d667184f99f308c116682e25d93f8ffc30206f6f1001111162f status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.x86_64 id: auto-a00dbab1c4a5dadb84182ddf0a447c71df31fd16824776f1caa9dc0dfcaa0586 status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/a/sys64.mpsl id: auto-088828a83961e292fe12b9865bf63c25daed9413e1b107ff673fdbfe4a6df78c status: experimental description: Detects traffic or activity related to http://151.243.213.58/a/sys64.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/a/sys64.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.189.210:59827/bin.sh id: auto-99024968a5a387e08bab5ded138952b5bd5225635efe3b7a6c82a8ded152a74d status: experimental description: Detects traffic or activity related to http://116.140.189.210:59827/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.189.210:59827/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.14.80:51010/i id: auto-92b47aff2019126e50ad35617a1ace4b846007fb9699980f58a1ff9c18fe0a00 status: experimental description: Detects traffic or activity related to http://123.8.14.80:51010/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.14.80:51010/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.106.34:51441/i id: auto-ef012c1dca9dbd955b725050bde95d8ab34a5d639a3cf1db462bdb1078a4b6c7 status: experimental description: Detects traffic or activity related to http://116.138.106.34:51441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.106.34:51441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.226.237.11:45035/bin.sh id: auto-f118b14ed617c8a8fa90fdf6eb089d5d15497c9dc779e936b62ae09f8e883c83 status: experimental description: Detects traffic or activity related to http://85.226.237.11:45035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.226.237.11:45035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.213.58/d.sh id: auto-b69817922a03c0d407508fde1d7207e5be85c47045ab7fd348139595513f98b9 status: experimental description: Detects traffic or activity related to http://151.243.213.58/d.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.213.58/d.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.225.138:48161/bin.sh id: auto-d9be5a5723ca0ff402983cc530a47b5a909d19eca5804b8a145354ae3a08c040 status: experimental description: Detects traffic or activity related to http://182.121.225.138:48161/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.225.138:48161/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.239.147.201/zyxel.sh id: auto-2fec769f8a3c5e98cf4cbbfc25069b6035bca2816441d53cc5ae3caf02450142 status: experimental description: Detects traffic or activity related to http://193.239.147.201/zyxel.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.239.147.201/zyxel.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.148.230:44382/i id: auto-393938a28f1e2ead0a3f4aa8c87e793f72edf41f8b253da17ef94a8922c5e3ca status: experimental description: Detects traffic or activity related to http://61.53.148.230:44382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.148.230:44382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.87.241:36843/i id: auto-177f7bdd68cf1c7bc68c0c8bc57a2e076ad5f2b334abb827cf8edb54be50370f status: experimental description: Detects traffic or activity related to http://182.121.87.241:36843/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.87.241:36843/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.14.80:51010/bin.sh id: auto-e4b4761df85ec888611f0307254530d8f8ef914e94517b61a7273f563be61827 status: experimental description: Detects traffic or activity related to http://123.8.14.80:51010/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.14.80:51010/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.195.5:48696/i id: auto-1576c7359d2612009bb74fec4de285091107bdba5f38383bfc5661d19aa9d8f8 status: experimental description: Detects traffic or activity related to http://175.147.195.5:48696/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.195.5:48696/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.231.208:38563/i id: auto-48892bf24dcc4733116914eff33dbe7187e967ded438e7949fa419d9c5f41296 status: experimental description: Detects traffic or activity related to http://219.155.231.208:38563/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.231.208:38563/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.192.202:41442/i id: auto-b2f380adb21115f77df6e7ffc65663003b2a1aadfba96c6a9afdf11eccb1d609 status: experimental description: Detects traffic or activity related to http://123.9.192.202:41442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.192.202:41442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.127.104:48482/i id: auto-dba385ff1fcb2c3657dcc1d539e05de2127e42dc053c6c14e0a061babe59aba6 status: experimental description: Detects traffic or activity related to http://123.14.127.104:48482/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.127.104:48482/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/arm id: auto-79311b6d291931dff82db30d2b9c3bee4974ea7e0fa0cdb670fcbee52cfef3ab status: experimental description: Detects traffic or activity related to http://139.162.20.230/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.255:55986/i id: auto-5cd0d9f725ebd73c0124af103a0e624c1771046ba1aad74b51c7edbcf581b5a7 status: experimental description: Detects traffic or activity related to http://115.63.51.255:55986/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.255:55986/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.20.230/mips id: auto-582a6145390090a946c9355e66db6e670d3b812a4ca4df8380cb96351b6c1e74 status: experimental description: Detects traffic or activity related to http://139.162.20.230/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.20.230/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.223.97:44599/bin.sh id: auto-dce1512f190164e8498df272c76d388c11f27e343597b764cbf8599f46df6805 status: experimental description: Detects traffic or activity related to http://116.138.223.97:44599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.223.97:44599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.130.184:35483/i id: auto-5955096645a465b66cb675ec836600a0c392131f2b27bfd2a28e9e0d62dfbcc9 status: experimental description: Detects traffic or activity related to http://123.5.130.184:35483/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.130.184:35483/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.151.142:56656/i id: auto-78b8d39bf184b5ee603130f6041830422ce209bdcfd04f5546c66bbbe5d800e5 status: experimental description: Detects traffic or activity related to http://115.48.151.142:56656/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.151.142:56656/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.48.159:55942/i id: auto-71c68c72a52aabaa20ab73a6144b07f0735c9691b763ce0c8038adfc8e7d6ed0 status: experimental description: Detects traffic or activity related to http://115.55.48.159:55942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.48.159:55942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.108.77:35941/i id: auto-6391afc90706324f51606748eca93e3194fdb790291d7d9a9953ceafe3a4b804 status: experimental description: Detects traffic or activity related to http://27.217.108.77:35941/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.108.77:35941/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.148.230:44382/bin.sh id: auto-c80718f23c1969115822916e8dd17215ee8a2b8f8039acb0a6d57ca9c7f800a7 status: experimental description: Detects traffic or activity related to http://61.53.148.230:44382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.148.230:44382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.144.52:55950/bin.sh id: auto-55c2a98c2b6ec0059b9ee572e9f9724e047224f2503df73fecd081c9d97266f8 status: experimental description: Detects traffic or activity related to http://59.88.144.52:55950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.144.52:55950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8408827406/H72O62M.exe id: auto-d1afc443224e55050a11208d5cd6aadb590fa1a0fe4ef6f9c8f5aa6950c2dac3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8408827406/H72O62M.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8408827406/H72O62M.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.105:50598/i id: auto-59e6721c302aeed7002c8f63594895ff9c934b278e48dfbf59f2238aa50c105f status: experimental description: Detects traffic or activity related to http://168.195.7.105:50598/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.105:50598/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/zyxel.sh id: auto-037a2c9ab4d0247eec3cdff2becec832d6aa1c8383d04119607a18cdc0ae352a status: experimental description: Detects traffic or activity related to http://37.60.225.5/zyxel.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/zyxel.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.209.210/zyxel.sh id: auto-5349bc3ad783a10fe8d6c453f212a332ceac0a52c2ce4c6ef9b6afececdb706c status: experimental description: Detects traffic or activity related to http://158.94.209.210/zyxel.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.209.210/zyxel.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.222.181:36703/i id: auto-a87707b30bca5946f34f829cd86f3627b30bfcf53fa42120569dcc1ae62a2879 status: experimental description: Detects traffic or activity related to http://42.178.222.181:36703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.222.181:36703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.224.90.121:62554/.i id: auto-746b08a89a6e5bbc33b4260a08fab29b26fe3b38bf04d716fc776c1e318299fa status: experimental description: Detects traffic or activity related to http://36.224.90.121:62554/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.224.90.121:62554/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pppc id: auto-11473ea7311638e082995c38936797d06c9a6e0f3f2fd504a78fbf4cfd4fe931 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/psh4 id: auto-50ac1624c965d9f94bffdbd1c45f13faa8b58d40f756ad3c3b676dc229850ece status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pm68k id: auto-7514869cb4eb1e867c7a4c908b29f0c0dd4d8d2f45fa3adda2592122fc2b2373 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/pspc id: auto-020a51723aa54ab05f3aa31a76d314b288fcd7893013aaf3e073fed0ed3cbdfa status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/pspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/pspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.i686 id: auto-1b243865f0ad9cad36d688380eba70771c13475d01178ee674234275ee431f40 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot. id: auto-79098739f2f5f2451ae81732f796fd158420f213468132565a9c9ab1943d12f4 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot. which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.spc id: auto-be4a1cc6e972ff8b075c7006020492efda99d7717bbca1ec3a3bfefe2c8ddcb4 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.x86_64 id: auto-82a0a1fa8d11d8a50e3c883ff2292022f1196515170cd9e2c939a4e6a599f060 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.i468 id: auto-26ebdaf7ce05f75521e87751c16e458cd113ff32d22e203c472276b2b4598865 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hollow-paper.info/ id: auto-22b214e46a74677d625e24095f85e19037687814a578ce222a75eb397f462dc2 status: experimental description: Detects traffic or activity related to https://hollow-paper.info/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hollow-paper.info/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.201.71:33929/bin.sh id: auto-4c442eb0c9bdf4db3ce3b2defae03b432a27eca6a1b983e53b1d697922a22bd2 status: experimental description: Detects traffic or activity related to http://182.121.201.71:33929/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.201.71:33929/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.20.19.221/p.txt id: auto-22af2ce0ce847595e09e9ac6f101d3b582abbd5bc2f70f89e3a7bd171fee5642 status: experimental description: Detects traffic or activity related to http://195.20.19.221/p.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.20.19.221/p.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.88/8UsA.sh id: auto-5db5f76f38913c67fb1f4f905031462b97c2d6593cf2fa977e8f90a4baaa25ab status: experimental description: Detects traffic or activity related to http://91.92.242.88/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.88/8UsA.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.222.181:36703/bin.sh id: auto-1cc26d49f18463721e4244d8a6406519abe72792cd1223f93e0cdf4656e12566 status: experimental description: Detects traffic or activity related to http://42.178.222.181:36703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.222.181:36703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.235.28:49033/i id: auto-23d2565ea14bba59b17d6c6bbd0bcaf8f60104d9752c9abd8014ef6b8ee19728 status: experimental description: Detects traffic or activity related to http://39.86.235.28:49033/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.235.28:49033/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.191.146:38409/i id: auto-4671f59fc3fde3dc37d2bf8eb3b970be798e74b5c92beba289a32071f35308e7 status: experimental description: Detects traffic or activity related to http://221.15.191.146:38409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.191.146:38409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.78.25:34637/i id: auto-160748424eec2904eb28193219ab744fe89d71e89c0d4ea00cb55e990bbeb9be status: experimental description: Detects traffic or activity related to http://113.231.78.25:34637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.78.25:34637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.191.146:38409/bin.sh id: auto-56d8e4cbf556d297055473ccb4049afabacbbcb15c55974404af8b947a544904 status: experimental description: Detects traffic or activity related to http://221.15.191.146:38409/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.191.146:38409/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.78.25:34637/bin.sh id: auto-89e64d1fca6dacff1cd78c71de69d64b51533eb34191ab4b35d5ae629abb97b2 status: experimental description: Detects traffic or activity related to http://113.231.78.25:34637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.78.25:34637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.182.166.123:56411/i id: auto-9fca31f4c60ca07839150d0a146f1615613d77bc06f8c3c7fe4f46c80093a3aa status: experimental description: Detects traffic or activity related to http://119.182.166.123:56411/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.182.166.123:56411/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/maska/random.exe id: auto-0a71555d549fac8813ea10fd01d819d6983b894ba905f5ca7549d963698ea8f6 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/maska/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/maska/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/projz id: auto-0a3fc01ab4e9c5d3baa77088cadaadcede86126e41287d91a132ff54eb369334 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/projz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/paper-skydiver-drv8/crispy-machine-band3/projz*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.232.105:35984/i id: auto-c1afa13c19b026989aeeeb0c19e7c2560b22a7d61a3dd57554afd6d48b3002ba status: experimental description: Detects traffic or activity related to http://60.23.232.105:35984/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.232.105:35984/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.107.221:46464/i id: auto-f7a65dc7566ba6e38f418a3ea18bbc98752567d628b7b98effeec680939456ac status: experimental description: Detects traffic or activity related to http://27.37.107.221:46464/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.107.221:46464/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.182.166.123:56411/bin.sh id: auto-9a867788caf902572b56d420bdaae01eb3b5b257ec58f4769057413fd05a6040 status: experimental description: Detects traffic or activity related to http://119.182.166.123:56411/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.182.166.123:56411/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.232.105:35984/bin.sh id: auto-a42982772899a62d0fb691d711182e50bf28f198f575e1f042fe2185a6ec2f53 status: experimental description: Detects traffic or activity related to http://60.23.232.105:35984/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.232.105:35984/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.52.162:51660/i id: auto-472845b32c805f0fd460b2f1c4395c6bafb06cbcf76eb5007cb9734c9c343f58 status: experimental description: Detects traffic or activity related to http://219.157.52.162:51660/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.52.162:51660/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.226.77:51945/i id: auto-7c2fd0e893e17e78146d596610dcde81bf107935bcd721e9edb1c822ef75d938 status: experimental description: Detects traffic or activity related to http://123.12.226.77:51945/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.226.77:51945/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.114.190:43935/bin.sh id: auto-6a026d5cfb945358d78f5b6501eca8709df8f94276fd4f41fd4a87d0214ab3eb status: experimental description: Detects traffic or activity related to http://182.126.114.190:43935/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.114.190:43935/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.107.221:46464/bin.sh id: auto-cf4819fdcdd5d048ff5e6e8086eea8c7e0f2c033899c6ad5ee097e25be86ea28 status: experimental description: Detects traffic or activity related to http://27.37.107.221:46464/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.107.221:46464/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.115:40271/i id: auto-ca73417a6ee1acf76fe555c5eb8987d12246fda93192b8374a3fa0868d53ffce status: experimental description: Detects traffic or activity related to http://42.235.91.115:40271/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.115:40271/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.252.200:42626/bin.sh id: auto-3e00775ee1654e2a8baae5818886e759d086855b56821bcc94a759c7f1e840b5 status: experimental description: Detects traffic or activity related to http://119.115.252.200:42626/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.252.200:42626/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.52.162:51660/bin.sh id: auto-0ab589dabc023ff4010952faeabf26592b6df940f676190f5020dd725cced30c status: experimental description: Detects traffic or activity related to http://219.157.52.162:51660/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.52.162:51660/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.187.241:45122/i id: auto-62f8b861fa482eb5198029aa5d2b93e0aa28d8a5092b9a07b81f494f1c615bc4 status: experimental description: Detects traffic or activity related to http://112.248.187.241:45122/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.187.241:45122/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.113.161:44562/i id: auto-74ad8e32296a3f77f45a03d33f62f27b7356b96f17479fa412d2691a75915a63 status: experimental description: Detects traffic or activity related to http://123.14.113.161:44562/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.113.161:44562/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.134.123:60116/i id: auto-6f11b8f822ce869f9754305c8d56aacfd3b67bd768ebbc4879f0608ed2df0f0c status: experimental description: Detects traffic or activity related to http://222.140.134.123:60116/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.134.123:60116/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.115:40271/bin.sh id: auto-5bffc7c93fc9e4e54549059928e3a1130ef32f50e74e68812906e3cb7489643e status: experimental description: Detects traffic or activity related to http://42.235.91.115:40271/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.115:40271/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.63:52822/i id: auto-b7c2a78fc30dca5894ace984fff4ca51a862d5753a289bb26fc64242149bddb9 status: experimental description: Detects traffic or activity related to http://117.209.26.63:52822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.63:52822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.228.194:53516/bin.sh id: auto-98f016ac3270d49f447c263794564c94853b49f25b165d735a69dd94bd73ae2c status: experimental description: Detects traffic or activity related to http://42.225.228.194:53516/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.228.194:53516/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:60694/i id: auto-7ce47576ca000a3279ad47e435e5f71f236c0e7ef90a3e7eeddfab54012230d8 status: experimental description: Detects traffic or activity related to http://118.232.137.101:60694/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:60694/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.113.161:44562/bin.sh id: auto-0a719b3daa0716744f7f3cfe3086121ce693a5f64bceecc0ab03e8c22db57d29 status: experimental description: Detects traffic or activity related to http://123.14.113.161:44562/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.113.161:44562/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.187.241:45122/bin.sh id: auto-89d4b8ac25a429f963b3c5496358299a4691c59ac3b95f5916102c4728844d55 status: experimental description: Detects traffic or activity related to http://112.248.187.241:45122/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.187.241:45122/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.63:52822/bin.sh id: auto-7f40ac503a6150ea2ef9afea20664a197b179ec220f648c3b258e91f742bebdb status: experimental description: Detects traffic or activity related to http://117.209.26.63:52822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.63:52822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.141.143:55765/i id: auto-aab9fbdcebe6fdd47cf4b5934e80459eaf18e3c23e73d7cd7234678f050bdd5c status: experimental description: Detects traffic or activity related to http://42.180.141.143:55765/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.141.143:55765/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.88:49387/i id: auto-af141b7b6f214f6c589b491bcc730dd24b843d994181d5306f252f06fdab8aaa status: experimental description: Detects traffic or activity related to http://110.37.39.88:49387/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.88:49387/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.141.143:55765/bin.sh id: auto-672858b9d993ee8d81186657752448951a068dea223c20c06f723164749725c1 status: experimental description: Detects traffic or activity related to http://42.180.141.143:55765/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.141.143:55765/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.90.42:32833/bin.sh id: auto-56960ab03147bb9de6ae45520730d30d2d2af290fd9eaf3955838b7ed7b01598 status: experimental description: Detects traffic or activity related to http://117.205.90.42:32833/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.90.42:32833/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.231.155.14:48850/bin.sh id: auto-4fab70ae658c03279a3cfdbf7d6992d58fb0e17c707adf1f09453415ea0df9ef status: experimental description: Detects traffic or activity related to http://117.231.155.14:48850/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.231.155.14:48850/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.178.244:41057/bin.sh id: auto-04643972af8aa6a6aebca2655f0e8a6ab200670fb624b6e47353ea926159b273 status: experimental description: Detects traffic or activity related to http://116.140.178.244:41057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.178.244:41057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.134.123:60116/bin.sh id: auto-8fa2e8dacb465df6a3389a29d3e0bf7ed454d84ef8d3051f57177bcd3697c568 status: experimental description: Detects traffic or activity related to http://222.140.134.123:60116/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.134.123:60116/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.88:49387/bin.sh id: auto-02d7b65db9f139f8c6cb7452bd3c4b3d7023b48baed6cad4cb76dbea132f94a2 status: experimental description: Detects traffic or activity related to http://110.37.39.88:49387/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.88:49387/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.10.32:36483/bin.sh id: auto-ec899669e2f00e76da3fe7469f9eef57985811934c49aa62aa09843cb24e5506 status: experimental description: Detects traffic or activity related to http://117.209.10.32:36483/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.10.32:36483/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.213.215:60442/i id: auto-1f532a1c5a48549ebc0481c911318e4675d001464a8e7e9390bb9e2b0c887a67 status: experimental description: Detects traffic or activity related to http://110.38.213.215:60442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.213.215:60442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.112.230:55125/i id: auto-892d583b17efe2dcbff6d13bdc756a21c14b03684c341517232f2732da6b5aee status: experimental description: Detects traffic or activity related to http://125.40.112.230:55125/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.112.230:55125/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.125.128:40832/i id: auto-19c27021fa3dd6c45acf325a476d27e20ba46bf69204cb2a302cbaf946e4681f status: experimental description: Detects traffic or activity related to http://123.5.125.128:40832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.125.128:40832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.226.199:55818/i id: auto-8adf666f6eeb1dbf37fbcbe65814067cb4be8311c0cbe96de9f9340ee3650422 status: experimental description: Detects traffic or activity related to http://115.55.226.199:55818/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.226.199:55818/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.233.118:55133/bin.sh id: auto-e02224b5e4cf47622b06482f173534c60a71a75563dd29a97ad12e26529cd827 status: experimental description: Detects traffic or activity related to http://117.206.233.118:55133/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.233.118:55133/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.130.179:36704/i id: auto-b954f925fef93718f80023a3457edf5dfe3ca8e905258cefacc7080084e066da status: experimental description: Detects traffic or activity related to http://219.157.130.179:36704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.130.179:36704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.213.215:60442/bin.sh id: auto-3f558e60b06c4c7b49bb7002e6490fb26cac870f92c9ba77166eb2816e7c98ea status: experimental description: Detects traffic or activity related to http://110.38.213.215:60442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.213.215:60442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.177.226:50142/i id: auto-355c1193b2a39b4121cf573ee2c176754f21e7af4aad546884eb7be86bc2033b status: experimental description: Detects traffic or activity related to http://123.12.177.226:50142/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.177.226:50142/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.85.206:41979/bin.sh id: auto-eaf124936f3b85a8fae45ee26ddf7efcb43f4c1cde2a2324dd26bff22e57e19b status: experimental description: Detects traffic or activity related to http://115.55.85.206:41979/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.85.206:41979/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.112.230:55125/bin.sh id: auto-e5392fcbfb017919208df9fd4f4b951547952a4e906cf9fc2ea80ac3f95b80c9 status: experimental description: Detects traffic or activity related to http://125.40.112.230:55125/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.112.230:55125/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.125.128:40832/bin.sh id: auto-be5027bc452f9ce6770af156efdf99964526b8e6415121631389942fc94290b0 status: experimental description: Detects traffic or activity related to http://123.5.125.128:40832/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.125.128:40832/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.115.175:49992/Mozi.a id: auto-a0c3c7aede8dc96d20eb990bee3924f9d9972ffca87b0ee6d0ce31e3c4e2597d status: experimental description: Detects traffic or activity related to http://59.94.115.175:49992/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.115.175:49992/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.226.199:55818/bin.sh id: auto-92113625a9231e85031dce1c4946972751090fc6d7340c171b4c01654f13c1cb status: experimental description: Detects traffic or activity related to http://115.55.226.199:55818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.226.199:55818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.42.233:48461/i id: auto-3fd9adf0e5b8821a1bae04f270ccb68c5d65aeb5d8cf65017bec96ee0b74965f status: experimental description: Detects traffic or activity related to http://115.55.42.233:48461/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.42.233:48461/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.130.179:36704/bin.sh id: auto-176fa2c2c1b9a1869fa551f636c39fb1efb2aa1907f561a898a4320a1bb36929 status: experimental description: Detects traffic or activity related to http://219.157.130.179:36704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.130.179:36704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.112.179:47181/i id: auto-89ce8ae0f99ed896b51aa2b65346290b51d225a46d401288b23dfedc92e4a8a5 status: experimental description: Detects traffic or activity related to http://182.127.112.179:47181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.112.179:47181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.177.226:50142/bin.sh id: auto-2597e2d3596633b566afdf95b21acd3575b50bcb6e5640a9a5522f1994f40246 status: experimental description: Detects traffic or activity related to http://123.12.177.226:50142/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.177.226:50142/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.253.21:60163/i id: auto-9f3684c0d8d4d6083a412de4392a27ab02da1a39e5d22a5e305c36535d9eae8a status: experimental description: Detects traffic or activity related to http://182.121.253.21:60163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.253.21:60163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.26.253:35066/i id: auto-28edd7bd55e0e234263c3b0d2c27a70e69b2197046831c693551b40da821b6c1 status: experimental description: Detects traffic or activity related to http://115.49.26.253:35066/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.26.253:35066/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.132.195:38984/i id: auto-e9c036f206d04aa5e3f7e2ddd937de7503575e3e0acf44e49a2fa606be460528 status: experimental description: Detects traffic or activity related to http://115.63.132.195:38984/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.132.195:38984/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.243:36297/i id: auto-60e7b806309ad0a299b094c4ea6da888a151be81ba2f9e38f085052aa2f03d0f status: experimental description: Detects traffic or activity related to http://110.37.45.243:36297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.243:36297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.74.114:41012/i id: auto-d12568398002688eabcf9986446d2df1906a211f5d0a8c73505657c743e0c3b5 status: experimental description: Detects traffic or activity related to http://61.53.74.114:41012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.74.114:41012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.209.114:56358/i id: auto-3fcbff02fe32d892111cbea20dce055ef8f7d65a208e57f283f0960bbe34586e status: experimental description: Detects traffic or activity related to http://119.186.209.114:56358/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.209.114:56358/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.220.166:40276/i id: auto-417bbc2285a4e68959681d7849c7a495b7889cf45264e298d08916326c3ad352 status: experimental description: Detects traffic or activity related to http://117.247.220.166:40276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.220.166:40276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.42.233:48461/bin.sh id: auto-6bff284218dadd91305c78bb6cb800c5620ba7bdcef67d0ee6392e4893f3592d status: experimental description: Detects traffic or activity related to http://115.55.42.233:48461/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.42.233:48461/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.132.195:38984/bin.sh id: auto-95cc9755a081e7b911fac1223d480b15c15022c1a0f0255f1fcb0e93a01e4b07 status: experimental description: Detects traffic or activity related to http://115.63.132.195:38984/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.132.195:38984/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.74.114:41012/bin.sh id: auto-e473660bc793808195f310d58886e4ed7e1949767346cd8dcc2b363bb989803c status: experimental description: Detects traffic or activity related to http://61.53.74.114:41012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.74.114:41012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.122.204:37776/i id: auto-8792f93e3af4e221d4db19abe84079e84f03e2945ca1055fea65595680981f7e status: experimental description: Detects traffic or activity related to http://182.116.122.204:37776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.122.204:37776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.26.253:35066/bin.sh id: auto-b242e4bdfc4aa97394ea3b9eec9b8c28a8652456cb54cbe8c7fc0591c3d00a0e status: experimental description: Detects traffic or activity related to http://115.49.26.253:35066/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.26.253:35066/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.217.121:40010/i id: auto-7f81018954e08bd7fc308a56087103e0670b1f214420d38b300d4031b6407b1e status: experimental description: Detects traffic or activity related to http://60.19.217.121:40010/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.217.121:40010/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.187.104:52296/bin.sh id: auto-f298dd22f68784217550053c1c57aa1bb34784b56a66f546349c258f075c8094 status: experimental description: Detects traffic or activity related to http://115.55.187.104:52296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.187.104:52296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.131:39420/i id: auto-57710e4258efc86c558387b594366bd63042f24dc6b5382473f066f21431719d status: experimental description: Detects traffic or activity related to http://42.239.235.131:39420/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.131:39420/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.217.121:40010/bin.sh id: auto-c8e327317a241b2da074044433ba1031ddbbb2cf7ceb9be8fab1c0b74243afde status: experimental description: Detects traffic or activity related to http://60.19.217.121:40010/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.217.121:40010/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.122.204:37776/bin.sh id: auto-39bcf2541ede8b555cbbd490162549a9b2dbdd39a49f6275a2c06603165b0670 status: experimental description: Detects traffic or activity related to http://182.116.122.204:37776/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.122.204:37776/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/cbot/raw_subprocess_debug.exe id: auto-ec6841b16659687a3c10e37a6812bbac7fd7ba2499cd322092ba8b551d3f5355 status: experimental description: Detects traffic or activity related to http://45.83.207.173/cbot/raw_subprocess_debug.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/cbot/raw_subprocess_debug.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/cbot/raw_subprocess.exe id: auto-bad0e335c397165a94337387e046fd1745f8eaa0e1ee1cadcbef68668ca9606c status: experimental description: Detects traffic or activity related to http://45.83.207.173/cbot/raw_subprocess.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/cbot/raw_subprocess.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/cbot/subprocess.exe id: auto-414b48013cedc1fba0fd8884cb7107f65a6d46cc2ded04ebf9cd7b6cf9664071 status: experimental description: Detects traffic or activity related to http://45.83.207.173/cbot/subprocess.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/cbot/subprocess.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/cbot/subprocess_debug.exe id: auto-9da90702aeda11afca71d1ab46e1bfaec133479be22c951ff0289891144b1c0d status: experimental description: Detects traffic or activity related to http://45.83.207.173/cbot/subprocess_debug.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/cbot/subprocess_debug.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.165.125.212:56264/.i id: auto-a2bbe086fb4fe3ead2051954dde9ae29ec223f61125b2c8b818e879c5f88df71 status: experimental description: Detects traffic or activity related to http://178.165.125.212:56264/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.165.125.212:56264/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.244.30:46940/i id: auto-d40c6051bc43da94550f47c0874731687a105c9b28ebc9f719121d641a297947 status: experimental description: Detects traffic or activity related to http://42.228.244.30:46940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.244.30:46940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.35.53:50269/i id: auto-c417d70d6a508fa81bd75cdcbad6f00448f60e0693e0090ab5d7ae7d2b378319 status: experimental description: Detects traffic or activity related to http://42.228.35.53:50269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.35.53:50269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.250.17.150:41267/i id: auto-caecef81d9a7b5db5cf5464ab19b7bd6792b7c43472b8b303d0399a86c42d5ef status: experimental description: Detects traffic or activity related to http://162.250.17.150:41267/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.250.17.150:41267/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.223.213:32961/i id: auto-378fa99aa390112d49ed3209cb5f97d7ed053e45575c73bc2f5517a62cd3d279 status: experimental description: Detects traffic or activity related to http://222.142.223.213:32961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.223.213:32961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.28.230.161:38246/i id: auto-5b8526df8368dace0ce6324d13dded1894543934e5a4a5e830daf0ad4ecfa469 status: experimental description: Detects traffic or activity related to http://218.28.230.161:38246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.28.230.161:38246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.131:39420/bin.sh id: auto-9f87840f3e83ae131a011fa2424e1fb3eab837c0e2a90d45f1ae0ddd1cf0c1d4 status: experimental description: Detects traffic or activity related to http://42.239.235.131:39420/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.131:39420/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/ohshit.sh id: auto-4ecd183a3939227b2532944ee71b40b748e85d1a6425e709d60272a201ec4f1e status: experimental description: Detects traffic or activity related to http://167.88.164.167/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.98.61.207/armv7l id: auto-556adfb8cb722b0fb4560851b13506fc231e3dc3582fe68de80e9c6b6a6422dd status: experimental description: Detects traffic or activity related to http://198.98.61.207/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.98.61.207/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.244.30:46940/bin.sh id: auto-97ec86a0c277b4936286624db1416209875baee3c0521aebee0b918d88a7873d status: experimental description: Detects traffic or activity related to http://42.228.244.30:46940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.244.30:46940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.28.230.161:38246/bin.sh id: auto-7fd21718731d187d60c02bfbde0040200250331f0ac5befa198e3c88801945b4 status: experimental description: Detects traffic or activity related to http://218.28.230.161:38246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.28.230.161:38246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.182.85:46134/i id: auto-4ac5f5f2e777d04b02821f56375c0f4e3f61766661bc6e0fb96909117af0c344 status: experimental description: Detects traffic or activity related to http://123.8.182.85:46134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.182.85:46134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.35.53:50269/bin.sh id: auto-5b86296e3b6f802ae54ffd9bba5b7ed8433c3daa5e076d26b96417d1b4114d69 status: experimental description: Detects traffic or activity related to http://42.228.35.53:50269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.35.53:50269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.223.213:32961/bin.sh id: auto-9226bc5b7527b1b3f83cccd0e13a8a97d0f760d3afd3e05b8817a11f17b37409 status: experimental description: Detects traffic or activity related to http://222.142.223.213:32961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.223.213:32961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://90.228.239.131:41428/i id: auto-10b105d194642e79a7691d76942505169fc29182041a58eb694fe4d5453a90d1 status: experimental description: Detects traffic or activity related to http://90.228.239.131:41428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://90.228.239.131:41428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.148.157:56168/i id: auto-28d79246484bdca53719f481087696201e25bc8c7470f3f0c20db74e3e013e1c status: experimental description: Detects traffic or activity related to http://39.90.148.157:56168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.148.157:56168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-74506ace261846d4bfc80d45a1f06b40.r2.dev/GTRF19.3-6.rar id: auto-4ef4496e358730ba45d8067e934b754c5e9249a8dc1556a4dd4067be367ceefa status: experimental description: Detects traffic or activity related to https://pub-74506ace261846d4bfc80d45a1f06b40.r2.dev/GTRF19.3-6.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-74506ace261846d4bfc80d45a1f06b40.r2.dev/GTRF19.3-6.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-40f0bc7019cc4cc4af33b722c6d5f182.r2.dev/tsgx12.3.rar id: auto-5316c6816d797a8d2ac4d62dd90fbb8a339ab6ea18231943ce3a12fd08e52836 status: experimental description: Detects traffic or activity related to https://pub-40f0bc7019cc4cc4af33b722c6d5f182.r2.dev/tsgx12.3.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-40f0bc7019cc4cc4af33b722c6d5f182.r2.dev/tsgx12.3.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-1ec812ea405b44f9976acd137f20fe96.r2.dev/Yghs1.3.6.rar id: auto-171967e0b69cd9e6396db21f9f06e76a4239ac9a582494ff32c04f53818fc297 status: experimental description: Detects traffic or activity related to https://pub-1ec812ea405b44f9976acd137f20fe96.r2.dev/Yghs1.3.6.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-1ec812ea405b44f9976acd137f20fe96.r2.dev/Yghs1.3.6.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.0.83:57655/i id: auto-a40fbae2b1024ff11b935e801213ec3b8bca16ed18346b5b6cd53cef3a0d291c status: experimental description: Detects traffic or activity related to http://115.49.0.83:57655/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.0.83:57655/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.45:45306/bin.sh id: auto-a5c8695bf7a3e3ab990e8db1b18e9908400c2268404361cf1eadac35faf5f0f0 status: experimental description: Detects traffic or activity related to http://117.209.81.45:45306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.45:45306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.50.182:40285/i id: auto-3a265582dd4e1b161ae976976462206cceba9707d41b4625d43e0df38483aabc status: experimental description: Detects traffic or activity related to http://182.117.50.182:40285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.50.182:40285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://receiver.cy/files/jar/component id: auto-1e777c377a23dad3ac5b705c50b20f32a22262d763b133fc3f7c2c53ffd13bb8 status: experimental description: Detects traffic or activity related to https://receiver.cy/files/jar/component which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://receiver.cy/files/jar/component*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1065962404/CBNz8dR.ps1 id: auto-72e098de22ee1db45ac6bc9d81d14ecad670fa504b6f00ed460c5733621bd562 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1065962404/CBNz8dR.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1065962404/CBNz8dR.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-f3a5f16c0d0b45eab9e2e6a05a61d733.r2.dev/Loiu9s361.rar id: auto-4611f9174112d6e1cfa4228477c789f31b555253c20d9d63a26898d806a49a5b status: experimental description: Detects traffic or activity related to https://pub-f3a5f16c0d0b45eab9e2e6a05a61d733.r2.dev/Loiu9s361.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-f3a5f16c0d0b45eab9e2e6a05a61d733.r2.dev/Loiu9s361.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.180.53:42384/bin.sh id: auto-1e43b5b47a4dea0711b1821a99547375a1f0e5bc45c4607ae551f74f0c93f528 status: experimental description: Detects traffic or activity related to http://222.138.180.53:42384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.180.53:42384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.209.114:56358/bin.sh id: auto-db490a3a390de15112e5d78e9696ef438c2302e4647d9aee2ecac6731c80e731 status: experimental description: Detects traffic or activity related to http://119.186.209.114:56358/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.209.114:56358/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.182.85:46134/bin.sh id: auto-3fad2c65f8ea8f702b14ecb4f8472731dc02da1c544d82f94ac8222d26fcb44d status: experimental description: Detects traffic or activity related to http://123.8.182.85:46134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.182.85:46134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.0.83:57655/bin.sh id: auto-5fc80475cc14e24dc8875e40f8eb749b9f90fce4ca4c390da5c30844c5a2e207 status: experimental description: Detects traffic or activity related to http://115.49.0.83:57655/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.0.83:57655/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.148.157:56168/bin.sh id: auto-36eba8aaed43b93dddbe9f5dd76292db2ffa79688300854df9f5a17c2cff91c8 status: experimental description: Detects traffic or activity related to http://39.90.148.157:56168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.148.157:56168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://90.228.239.131:41428/bin.sh id: auto-e0daa3de33c3294aecc619dd965778d12897ea727e5dfb2ce6fc9ed337cbd0eb status: experimental description: Detects traffic or activity related to http://90.228.239.131:41428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://90.228.239.131:41428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.236.76:58140/i id: auto-83ec2e6d103ac64015b7de6669ef0b8dba2832bc65be2637e817df724f3ae3c5 status: experimental description: Detects traffic or activity related to http://59.98.236.76:58140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.236.76:58140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.214.110:47672/i id: auto-7906c5bfaa0f3c96577c47d60ce019b8776489c3eaf357547bdc742cbe50c125 status: experimental description: Detects traffic or activity related to http://219.157.214.110:47672/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.214.110:47672/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aegisxray.com/Pandoras_Box/pandora.ppc id: auto-ed927110adbb5ed9bf9a1e6edace3ae2e9eac39d594db5d04daa73201cb7983d status: experimental description: Detects traffic or activity related to http://aegisxray.com/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aegisxray.com/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.214.110:47672/bin.sh id: auto-6b493543a3fb1c55519c955f8d54f17bc3625eea046e4dca5d5c114f1ddf175b status: experimental description: Detects traffic or activity related to http://219.157.214.110:47672/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.214.110:47672/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.audiovisionworks.com/Pandora.sh id: auto-6a363a963f0adbec340d5548da7abd7d712dd8448901cc8e1b87a5ecdeeb0bf2 status: experimental description: Detects traffic or activity related to http://www.audiovisionworks.com/Pandora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.audiovisionworks.com/Pandora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://audiovisionworks.com/Pandora.sh id: auto-eb6ddda9c16272b0cde0908b2d2d86add8ed694c61ab7ca1988aafd5feaef605 status: experimental description: Detects traffic or activity related to http://audiovisionworks.com/Pandora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://audiovisionworks.com/Pandora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aegisxray.com/Pandora.sh id: auto-4a550301c8858ab68d74ecdf169e3d11e423f5413b7964e673ec92746217ff36 status: experimental description: Detects traffic or activity related to http://aegisxray.com/Pandora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aegisxray.com/Pandora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-143-220.pbiaas.com/Pandora.sh id: auto-36ac108851c8031441d554719efbd199d2a81203fb6a48c05f6f417198189427 status: experimental description: Detects traffic or activity related to http://ip87-106-143-220.pbiaas.com/Pandora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-143-220.pbiaas.com/Pandora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.aegisxray.com/Pandora.sh id: auto-edef28f32adbaa27feeb6637a3f17c89a6fc2b4663747e49de2a3b01a1e7c7e0 status: experimental description: Detects traffic or activity related to http://www.aegisxray.com/Pandora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.aegisxray.com/Pandora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6608710704/QWKgBhv.exe id: auto-15ce1bafe642a7645c6cca9bf9b6c9adbdbf8434cf17347ea8d1c0c4966887ff status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6608710704/QWKgBhv.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6608710704/QWKgBhv.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://audiovisionworks.com/Pandoras_Box/pandora.ppc id: auto-9f9bc64141ca431c4ba628eb52b2c488c03e1a3015f7d8fd5d1c378eab830431 status: experimental description: Detects traffic or activity related to http://audiovisionworks.com/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://audiovisionworks.com/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://audiovisionworks.com/Pandoras_Box/pandora.arm id: auto-e109869c985eb9572d13de0532edd181dd1619a625d836ccc31c77aaa766f83e status: experimental description: Detects traffic or activity related to http://audiovisionworks.com/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://audiovisionworks.com/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.audiovisionworks.com/Pandoras_Box/pandora.arm id: auto-4b308d9b4149ce6e0a9ec90349008625807724f8c1b547ea9458d5efc6726f70 status: experimental description: Detects traffic or activity related to http://www.audiovisionworks.com/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.audiovisionworks.com/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://audiovisionworks.com/Pandoras_Box/pandora.mpsl id: auto-cb2e285d5585c5dfab7efe862cab1f3b9d654b95f4add1f1ac739c3f8d7637cd status: experimental description: Detects traffic or activity related to http://audiovisionworks.com/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://audiovisionworks.com/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.aegisxray.com/Pandoras_Box/pandora.arm7 id: auto-5cb1f776193e8ba252d967e238fe76a50d6271db0c2ddeb86cd999327fb07f09 status: experimental description: Detects traffic or activity related to http://www.aegisxray.com/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.aegisxray.com/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.arm7 id: auto-14530744361df901720cd016a614ab857a9f9246690d9397cb21d076d197fb0e status: experimental description: Detects traffic or activity related to http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://audiovisionworks.com/Pandoras_Box/pandora.arm7 id: auto-151ffe069a036c688cee885b1e2822b7de1de0c00bfe54b37946b99f6d7a6c0d status: experimental description: Detects traffic or activity related to http://audiovisionworks.com/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://audiovisionworks.com/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aegisxray.com/Pandoras_Box/pandora.arm7 id: auto-5755f25dcd4b0ab627e1fb8a8b8295ef4b67cc7a98205b856939b8936beba3c4 status: experimental description: Detects traffic or activity related to http://aegisxray.com/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aegisxray.com/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aegisxray.com/Pandoras_Box/pandora.arm id: auto-4ef1f77f7b8233c931e0debe87b5e24a077da22f472917c1efaee7102b600207 status: experimental description: Detects traffic or activity related to http://aegisxray.com/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aegisxray.com/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.mpsl id: auto-b630e32e1862d63e948993030c5d631009818dc5d0deb7d7e7fb9d4ca8ed6fb2 status: experimental description: Detects traffic or activity related to http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aegisxray.com/Pandoras_Box/pandora.mpsl id: auto-425b4aab515116a75ce2e9b9f9b395cc3a8dd794273528ca925aa26aca98b812 status: experimental description: Detects traffic or activity related to http://aegisxray.com/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aegisxray.com/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.aegisxray.com/Pandoras_Box/pandora.ppc id: auto-684b222480a5e1a93ae368dcdaddeb6bb467bba1269a2a3a248aefa5aed8b04f status: experimental description: Detects traffic or activity related to http://www.aegisxray.com/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.aegisxray.com/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.audiovisionworks.com/Pandoras_Box/pandora.ppc id: auto-dbf23616dc66e7c10b7fccbc1f708c362255f28f45160ef9875e0bc98a283c26 status: experimental description: Detects traffic or activity related to http://www.audiovisionworks.com/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.audiovisionworks.com/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.audiovisionworks.com/Pandoras_Box/pandora.arm7 id: auto-f876d875e0616a743ae8b661a0c14b2ad4cfa56de1b5bdae25a5387d321c34d2 status: experimental description: Detects traffic or activity related to http://www.audiovisionworks.com/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.audiovisionworks.com/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.aegisxray.com/Pandoras_Box/pandora.arm id: auto-0f827707ccac558a377a3d8a63821c02f3847dc06e44ce20da21a027abeda308 status: experimental description: Detects traffic or activity related to http://www.aegisxray.com/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.aegisxray.com/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.ppc id: auto-c6531e9a3927be6042476f9f260a4a679e9cf6b944965c9a88572f0f8875f217 status: experimental description: Detects traffic or activity related to http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.aegisxray.com/Pandoras_Box/pandora.mpsl id: auto-c3330ef2701d23303b8b39a5fad18825eb605e5ab048f97110a03c8ce3651c9e status: experimental description: Detects traffic or activity related to http://www.aegisxray.com/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.aegisxray.com/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.audiovisionworks.com/Pandoras_Box/pandora.mpsl id: auto-11bf520213d0f70e64f56e8e051a3ae9c20e6c8c56e7933bfd2a46fdb7a30033 status: experimental description: Detects traffic or activity related to http://www.audiovisionworks.com/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.audiovisionworks.com/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.arm id: auto-1c30b6ee4d6f3ce3e0fe9f4eef578f03dcf40ea92d409f0789e8bec6109621d8 status: experimental description: Detects traffic or activity related to http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip87-106-143-220.pbiaas.com/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.91.169.90:46071/bin.sh id: auto-168ef49b07abd09f49915231a8d4061aed444370ee34c8fdeace04b308e79803 status: experimental description: Detects traffic or activity related to http://59.91.169.90:46071/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.91.169.90:46071/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.152.84/sh id: auto-23396eaca1e6398bbd7718e8293115a7a1aecde438d09d558d9bd081889cfb8e status: experimental description: Detects traffic or activity related to http://192.227.152.84/sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.152.84/sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.152.84/y id: auto-cc345c6b1c64b33de3f81b4866315f7a01e68ae18fa95e544a6ae336ecc5bcfd status: experimental description: Detects traffic or activity related to http://192.227.152.84/y which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.152.84/y*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.152.84/mips id: auto-e7f220654a61a249c556a613d08aeaf97fcf9a2e7273c949a01e5bb259236ff9 status: experimental description: Detects traffic or activity related to http://192.227.152.84/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.152.84/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.152.84/x86 id: auto-f91cf48a8e36bf33ad0d80f683d1a29da1144cb14f403d75f69cc58282e0d56d status: experimental description: Detects traffic or activity related to http://192.227.152.84/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.152.84/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.47.9:50929/i id: auto-38b22e44dd5487df784bc3b966fa15470631509057b76bd2f69b05b4f5067539 status: experimental description: Detects traffic or activity related to http://110.37.47.9:50929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.47.9:50929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.65.139:39131/i id: auto-90c34bbb2bb5922994013d2ffa23bab54b79f216bdd8d8eb31aa13fcbb3d37ab status: experimental description: Detects traffic or activity related to http://42.226.65.139:39131/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.65.139:39131/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.154.209:36539/i id: auto-107f9ce75cdd9c9dbbdd425ea0dc565ea52025a3fa0ae5a9113f07b0befaec00 status: experimental description: Detects traffic or activity related to http://117.192.154.209:36539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.154.209:36539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.188:53126/i id: auto-53d5a28133b66bf6098ebabca53b1b1a8627586a9c6118c5da2e6342dd6419b5 status: experimental description: Detects traffic or activity related to http://110.39.229.188:53126/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.188:53126/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.mipsel id: auto-f2d23da2c46a66af94557e583e9c1e889de16fbb57c0a83bbe9cad0c52b01dcb status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.armv5l id: auto-0fbc825f5109a35abc3c72f65959b396d30ea87cf09ac7b02c17f0e9d283adb7 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install id: auto-e3ca6e91bdf104c276c918f56b726188f79c633e3d09e14d82b17b457d5cb3ef status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.armv6l id: auto-68ee6c75aacaf66fdd393b9f39775a7cad987ef97ec452f13593ad5793d7b900 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.sh id: auto-42bcb4b62df513779862b0fae88ea0f6134523ddce4df782ed5c291c7038ab3f status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.powerpc id: auto-519aef3e871f9a1093bbd53b70570634244596760de23345b273e230de49e83e status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.armv7l id: auto-83ef43154e5a2fd024b35bd48c59d3db26cd478f8e641ad262cb9b5ae5dce6be status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.i686 id: auto-7f87119f4bebc145f2122b74a03f5a03e4707a2d0766b35124bfaded70f1a31e status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.sh4 id: auto-7409bda5b0fd638d235f1fbbbb1b8ed01988b1db020e4eafadcdb15a7d6225b9 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.x86_64 id: auto-93b6412b8237604a044062e814915e79f21600804c66fcd33b299f67b5066714 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.powerpc-440fp id: auto-6632b41b7339947595e78b1f6ac6412469d61e0168d37f5f10b0cfe263948096 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.powerpc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.i586 id: auto-94eeea08058a6d5a97dc9d5ee23b272ac3fc6bb02910e36afdfe792d050ce428 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.i486 id: auto-744938ff0df4bbd7546269e95dea93e5ea6639b8593ec8e68fd25f9f8721b35c status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.mips id: auto-36643f6c970dc77b96c042ca99f76a32373956ece70b37a218d2eb88d0abbba9 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.m68k id: auto-c06b343a139773c775ec6b4085c69336c6819510622a6e03d6c0e232e3e0bb19 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.231/bot.armv4l id: auto-f7108ebca14d752226e4e5073d0f9ebbdcb7971ab32127c070b15321474b41a7 status: experimental description: Detects traffic or activity related to http://176.65.132.231/bot.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.231/bot.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.24:81 id: auto-1a73d9553b0a11c2916920d87b30b3e44f2dc9e45fb876af0457005dfcfe9fb2 status: experimental description: Detects traffic or activity related to http://87.121.84.24:81 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.24:81*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/mipss id: auto-68d31c49b220e31ea7f5add06043744661f67056a3496dead205c45e17e981e8 status: experimental description: Detects traffic or activity related to http://158.94.210.68/mipss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/mipss*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/dvr.sh id: auto-10e62dd7b09415ea4f93ae3c4e9860ed98fe5db129751978c28ecb5e6dbd0105 status: experimental description: Detects traffic or activity related to http://158.94.210.68/dvr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/dvr.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.210.147.248:33276/bin.sh id: auto-91beb0a59af2f88d6d53b725629f0f2088943a2dc78354ae46c212a9ff0f8594 status: experimental description: Detects traffic or activity related to http://77.210.147.248:33276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.210.147.248:33276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.169.152:54763/i id: auto-5cbd5ae0b7b498dc91781c02d8d7bf5f18695d930399144f66b91610e966054f status: experimental description: Detects traffic or activity related to http://124.94.169.152:54763/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.169.152:54763/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.65.139:39131/bin.sh id: auto-230717af1d7e4cd9308a5baf990a2fdd17c54dbe9516639b7ab43332592e60d5 status: experimental description: Detects traffic or activity related to http://42.226.65.139:39131/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.65.139:39131/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.188:53126/bin.sh id: auto-25b50699d8305e587f23736613e952f640f713096bc1d15e48f5434e9d2ed40d status: experimental description: Detects traffic or activity related to http://110.39.229.188:53126/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.188:53126/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.154.209:36539/bin.sh id: auto-2d4c94ba5f8486cbb5cd4734c531b545bc828291a37035388928da39ade287df status: experimental description: Detects traffic or activity related to http://117.192.154.209:36539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.154.209:36539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.45.151:49208/i id: auto-8c46aa6ec409d8d11925b641674314ec8fcdbb0b7d151c3db7c5175c285b44ec status: experimental description: Detects traffic or activity related to http://42.55.45.151:49208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.45.151:49208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.115.85:57269/i id: auto-514cafe27cbf792c2d596e504b91942333fbb04fcfee876ccf30194c0cbd4bec status: experimental description: Detects traffic or activity related to http://115.52.115.85:57269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.115.85:57269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.100.124:46479/i id: auto-abde5b39f8644e8c4855b94d2b96978b4b759c2bb3ebcc38437f82ddae9d4ea0 status: experimental description: Detects traffic or activity related to http://61.52.100.124:46479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.100.124:46479/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.44:39458/i id: auto-3f2f27e4e9ade0bcd8bad1976e00313d939bef1e19b468064790c4e70cba4389 status: experimental description: Detects traffic or activity related to http://110.37.61.44:39458/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.44:39458/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:49974/i id: auto-8f6360de72cc4bc101690803d94acf8c65ba4a896b70ec92610bd5e3176584dc status: experimental description: Detects traffic or activity related to http://110.37.74.239:49974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:49974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.57.120:39949/i id: auto-8e912cb8ca607616de07cb3392693b974794dc3ad4c75a34a7fb8b1d6e49c81d status: experimental description: Detects traffic or activity related to http://175.175.57.120:39949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.57.120:39949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.234.107.107:44336/i id: auto-dd71d4394ffc305b2469388e551bbe485f7cc88deec95188f806dccaac507655 status: experimental description: Detects traffic or activity related to http://122.234.107.107:44336/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.234.107.107:44336/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.98.132:50756/i id: auto-8d7b2cf7f363ade44bb183dcb4deaf4b801d5a7a40c4a4d7b05b6883d8fea5d5 status: experimental description: Detects traffic or activity related to http://202.107.98.132:50756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.98.132:50756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.178:40472/bin.sh id: auto-5d11f6de6813f2d2db0207ccdd829d05f4202f212f9080633d9c2e6ad516207a status: experimental description: Detects traffic or activity related to http://59.97.250.178:40472/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.178:40472/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.35.134:52980/i id: auto-0954689e5a1059e0378557ec1671419d5dea71c08b79c00001648ae1036919c7 status: experimental description: Detects traffic or activity related to http://117.211.35.134:52980/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.35.134:52980/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.100.124:46479/bin.sh id: auto-6b34920983bb59cb029b3d1e865d84da01e9e41d3cb0f6f2be927caf110b2eb0 status: experimental description: Detects traffic or activity related to http://61.52.100.124:46479/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.100.124:46479/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.115.85:57269/bin.sh id: auto-57fdb454719d8e66308e72890086b086b985045d38389f90595b30e51867e65b status: experimental description: Detects traffic or activity related to http://115.52.115.85:57269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.115.85:57269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.44:39458/bin.sh id: auto-9331c7e50a5927a3b9d99a09ad758e641ea847fc20ee7389a605a92e726b498c status: experimental description: Detects traffic or activity related to http://110.37.61.44:39458/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.44:39458/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.215.152:44653/i id: auto-f581b7b7968fa2c7cbb8a98de4be48755f4cadad13b4daca5ec01d27548093c5 status: experimental description: Detects traffic or activity related to http://110.38.215.152:44653/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.215.152:44653/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.48.219:56002/i id: auto-3e3f79308438a9c3f417ec34ea7f3c810e5230b16567f25f08e6f385a47f9887 status: experimental description: Detects traffic or activity related to http://42.56.48.219:56002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.48.219:56002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.5:39269/i id: auto-4247079a2e20c92e5890ad3b6c760edb614375c32316c985bdf423f66ab3ad37 status: experimental description: Detects traffic or activity related to http://42.227.238.5:39269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.5:39269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.215.152:44653/bin.sh id: auto-426e4fa032db760b4b65d537227cd491d82733027f730c61f369c64f98e00edc status: experimental description: Detects traffic or activity related to http://110.38.215.152:44653/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.215.152:44653/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.57.120:39949/bin.sh id: auto-c8333968d408a77497f50846bc68badcf0d73773ce134554a279fd15ae5031b0 status: experimental description: Detects traffic or activity related to http://175.175.57.120:39949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.57.120:39949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.35.134:52980/bin.sh id: auto-145258bc6163ee2c4779e333c250f7a3cd0415d82ffe78117e281d712095233f status: experimental description: Detects traffic or activity related to http://117.211.35.134:52980/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.35.134:52980/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.4.209:51871/i id: auto-5c78e4e44149f8adc7c906db72d95d3bee06b41063d3c563f69f59461e312fae status: experimental description: Detects traffic or activity related to http://42.52.4.209:51871/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.4.209:51871/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/ppc id: auto-f3817aed71b33a9b11ab06bcf850c68109edd134c16c76189ee465df68b77f38 status: experimental description: Detects traffic or activity related to http://45.133.74.103/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/sh4 id: auto-187841f4680f421d11b44d33a7f953e6ad88789dead7a543e4c9b3f15d010d0a status: experimental description: Detects traffic or activity related to http://45.133.74.103/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/x86 id: auto-253e445e6f8c6440e2317907283a3cd4c9c98f5ba7f0e5dfa86d6223641ccbc6 status: experimental description: Detects traffic or activity related to http://45.133.74.103/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/mpsl id: auto-b7002c37dba2fd0bf15dab2bab505704e455ab291d713940d51b4d256395e644 status: experimental description: Detects traffic or activity related to http://45.133.74.103/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/mips id: auto-80b7eedcf11d6ffc6799eec98deb740292e59af487b4983c2525707d46c0cfea status: experimental description: Detects traffic or activity related to http://45.133.74.103/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/m68k id: auto-b8b2d9999f6cfdcfb528a6ca14d8d8e9d6576b22908c55cc7f08eed0a872e785 status: experimental description: Detects traffic or activity related to http://45.133.74.103/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/arm5 id: auto-bea703ef83b8eddb889b29b3dc588273d9eda0898f0f5789b96c7263d3a1708d status: experimental description: Detects traffic or activity related to http://45.133.74.103/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/arm6 id: auto-a5c41dd965e9a1b43421560aaf7dbdc28a37d0d22ebdd83abb75c6af96d46c1b status: experimental description: Detects traffic or activity related to http://45.133.74.103/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/arm7 id: auto-0462d346a7f728abd5ddda81e1a0bb15c468681ef45d06d6d26abe2029d093f4 status: experimental description: Detects traffic or activity related to http://45.133.74.103/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/payload.sh id: auto-87ea3bedcba210b6dd06ef2775504d16b96e1f03a9980cab2640cbe64a00ad01 status: experimental description: Detects traffic or activity related to http://45.133.74.103/payload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/payload.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.133.74.103/arm id: auto-ba197147f6007d3daa098f303c710767e9cb0dbfd3bb072f26dfe4e4b6ed4b29 status: experimental description: Detects traffic or activity related to http://45.133.74.103/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.133.74.103/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.190.66:34699/i id: auto-d9ed5d04dd7d998e8f2dace3b6e71202853f0d5de31e69025c2e2b2a9306177a status: experimental description: Detects traffic or activity related to http://27.207.190.66:34699/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.190.66:34699/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.48.219:56002/bin.sh id: auto-5d1ec29c2e93b29ee6a6b2abebf21a386a6520f1332adcce06b8a777c2fe29fc status: experimental description: Detects traffic or activity related to http://42.56.48.219:56002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.48.219:56002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.5:39269/bin.sh id: auto-ff4c12851a802150eccbda4076fab39bed4053795fd602647ebf22e9cc401fb5 status: experimental description: Detects traffic or activity related to http://42.227.238.5:39269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.5:39269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.4.209:51871/bin.sh id: auto-949a14d55319317cd05d39252fb8a50499d437dc2d81e77a8a8949772ca89b39 status: experimental description: Detects traffic or activity related to http://42.52.4.209:51871/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.4.209:51871/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandoras_Box/pandora.ppc id: auto-a91ab03b1dc54af3691167696892056ba7c9fc61a486e4a81b6d39e20f4c971e status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandora.sh id: auto-01cfe8529bb69de037efb5451ba9768b17e838be236ff8e3e11c92b60222b5af status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandoras_Box/pandora.mpsl id: auto-1eeb236c6d94a1adade0f835f35e9f2fe9bdb3a063803bcac5bb3b1926aefc75 status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandoras_Box/pandora.x86_64 id: auto-5e287df3ff0d5c9ff44f0ba6af952b0fe89fc8a35bc958692bc4b0515bcfd9a6 status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandoras_Box/pandora.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandoras_Box/pandora.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandoras_Box/pandora.arm id: auto-fb4ed702ca96a1eba91cb61d56a23ca3e0869322496f0f004a6918cce7471dc9 status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandoras_Box/pandora.aarch64 id: auto-554013931781025c75c2cb0a50ec405329d529be92e8bfdaf5f52787ad849fb5 status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandoras_Box/pandora.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandoras_Box/pandora.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.106.143.220/Pandoras_Box/pandora.arm7 id: auto-ccc145bf9644d486530692d08c31230ffdea8338ce6b63cd59462bae527dc707 status: experimental description: Detects traffic or activity related to http://87.106.143.220/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.106.143.220/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.112.65:33552/i id: auto-9626a05147fa074f98326364550f2977db77c9af97781d859de973c3251d6d46 status: experimental description: Detects traffic or activity related to http://123.9.112.65:33552/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.112.65:33552/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.250.17.150:41267/bin.sh id: auto-8357abf76fa76a6cfcbfc3081428f7777259bb3e21c61d5b9b2235496298c13f status: experimental description: Detects traffic or activity related to http://162.250.17.150:41267/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.250.17.150:41267/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.172:49663/bin.sh id: auto-215079cc6a537866c64e7ddd031094ad04c2fbb81d85305dc3c287c251b465a2 status: experimental description: Detects traffic or activity related to http://110.37.90.172:49663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.172:49663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.74.156:57764/i id: auto-353bd07dea7a249f66fc781007ceaaca82d63046eeb613d84224acbddecbacc6 status: experimental description: Detects traffic or activity related to http://42.6.74.156:57764/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.74.156:57764/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.214.82:33020/i id: auto-96c5cc5a714f86340f132f240a21f7dff5c501757f3cf910daade0e10ef7df00 status: experimental description: Detects traffic or activity related to http://42.236.214.82:33020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.214.82:33020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.85.206:41979/i id: auto-5e7b5a8d1d74a583b2673d0a4479fadeb0cbe8d08f263b0d7b410524a937a84c status: experimental description: Detects traffic or activity related to http://115.55.85.206:41979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.85.206:41979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.238.26:34225/i id: auto-1c7a483e08e016286eb830f9981235d3bff755d2b42fd857ae3ee8ea3c7812fe status: experimental description: Detects traffic or activity related to http://110.39.238.26:34225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.238.26:34225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.150.189:42706/i id: auto-0cc479b7bbf26f2d7326f136c746a3157ebb2022e40a21c19f491958eaab171b status: experimental description: Detects traffic or activity related to http://115.62.150.189:42706/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.150.189:42706/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.34.109.121:43105/i id: auto-3434191adcfd5bffb1442a42f97a7da56c4c5ba1e726b0f5d9f6802896f1351a status: experimental description: Detects traffic or activity related to http://118.34.109.121:43105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.34.109.121:43105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.77.41:60068/i id: auto-b66bc9a3257d39e48552fe0f58283da05e009147ebd4c69fb6939d55eec243a5 status: experimental description: Detects traffic or activity related to http://220.202.77.41:60068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.77.41:60068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.169.144:44981/i id: auto-a9c7261d5be6dff0bf3fb35f2f6fdae280469ab5c5ae063b75a02e9be8c8581a status: experimental description: Detects traffic or activity related to http://175.167.169.144:44981/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.169.144:44981/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.93.52:43194/i id: auto-b496271b8a5885ee37b2fed0e794edb40aeb760d889d60987c633a8f3eb1c61e status: experimental description: Detects traffic or activity related to http://182.116.93.52:43194/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.93.52:43194/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:35110/i id: auto-833ab0e8e5abf2cd7bed087703fa1876feedcdfef55ac6fbe5fd5446ce9d146e status: experimental description: Detects traffic or activity related to http://110.39.249.174:35110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:35110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/3q0SvDd.exe id: auto-101b98a18a06956db2f26c2524db40accd9934e701c816202b3b46cbd3833ca4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/3q0SvDd.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/3q0SvDd.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.93.52:43194/bin.sh id: auto-e5a196eb70d62e039df959b919f30c9c9979a9a4a8acbb9724a6e0df5376ab69 status: experimental description: Detects traffic or activity related to http://182.116.93.52:43194/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.93.52:43194/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.210.2:38521/i id: auto-229e018f53ef34af4bccc1484bbd6ae9d1a8f118fd27bec2c085e2200778365c status: experimental description: Detects traffic or activity related to http://117.215.210.2:38521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.210.2:38521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.201.71:33929/i id: auto-babc17ddf5e98fe3a9073b92597eeb6b505a75b7ea54835de0730e41e0b22638 status: experimental description: Detects traffic or activity related to http://182.121.201.71:33929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.201.71:33929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:35110/bin.sh id: auto-2aaaabe27a820c8fd61cca92b2c748e4424896e27f5282ebcbec122554ec2d40 status: experimental description: Detects traffic or activity related to http://110.39.249.174:35110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:35110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.142.97:58051/bin.sh id: auto-af5395760290d77e1a535d26e291b7b2a478a7b5151efd948466c43818e283e2 status: experimental description: Detects traffic or activity related to http://117.242.142.97:58051/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.142.97:58051/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.191.97:58644/bin.sh id: auto-1467032db8fac5c834f68bd7b1a262dccb3f15bcb81db4c7810aca996268f1c0 status: experimental description: Detects traffic or activity related to http://113.229.191.97:58644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.191.97:58644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.210.2:38521/bin.sh id: auto-8f973205256a1d853cf331cafcbf1cf8cfb62baf64b6a879dab70a00b921996f status: experimental description: Detects traffic or activity related to http://117.215.210.2:38521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.210.2:38521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8460986495/UMd3Upb.exe id: auto-f0eabd85fa95d7ac0f2618799243d315eb579bda3bcb042fac7eea54eca49c62 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8460986495/UMd3Upb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8460986495/UMd3Upb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.251.127:42786/bin.sh id: auto-a90c37298bbd6f8df05ea66a61ce32ecd593c549cb12dcb3c7ab24aeb2b5d734 status: experimental description: Detects traffic or activity related to http://110.39.251.127:42786/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.251.127:42786/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.193.242:47751/i id: auto-19ff43b4c603847eeed2900c4e24d69d7073234bdae3963811714cfa663068c9 status: experimental description: Detects traffic or activity related to http://123.12.193.242:47751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.193.242:47751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.115.242:35414/i id: auto-e21a3bafae0bd6c4343890f211f639e00ecfedeb757186cdacb14808fcd7f8e1 status: experimental description: Detects traffic or activity related to http://115.52.115.242:35414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.115.242:35414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.178.225:36145/i id: auto-5d7e7a2388b41cfd63a509c62b757f0192ee1806bcee8a951378c47f399d3104 status: experimental description: Detects traffic or activity related to http://119.117.178.225:36145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.178.225:36145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.115.242:35414/bin.sh id: auto-89052fd9977600a389db3b6c35c2cdfedfd5b5baba59e8acaece0021138a361d status: experimental description: Detects traffic or activity related to http://115.52.115.242:35414/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.115.242:35414/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.10.61.4:42971/i id: auto-da4e9642151f5dfb46ac7979ac01a2d1d225cc9e7e654ea382941470edb68068 status: experimental description: Detects traffic or activity related to http://27.10.61.4:42971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.10.61.4:42971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.253.128:39232/bin.sh id: auto-d7d579ccb89c810b826e1f47a39df5e3f531c141f190e0b4c8e1f74f821a1974 status: experimental description: Detects traffic or activity related to http://119.179.253.128:39232/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.253.128:39232/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.178.225:36145/bin.sh id: auto-c90bc743f60ee7429e73dd83155619836137cbc24cfb5ceceffadc24cf62e65d status: experimental description: Detects traffic or activity related to http://119.117.178.225:36145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.178.225:36145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.10.61.4:42971/bin.sh id: auto-51c5d908e8c89cce5bfbdc5aa584568b6d0b8f74576acd1e4b569ff224d5cd44 status: experimental description: Detects traffic or activity related to http://27.10.61.4:42971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.10.61.4:42971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.36.235:59268/i id: auto-0f4087744b2a503dc8c1c64b18e1925f634532af8a1c246ce40f157d62e3df65 status: experimental description: Detects traffic or activity related to http://39.74.36.235:59268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.36.235:59268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.86.12.39:50266/.i id: auto-8b8edb75bf3ead5c9b3cb75f42cfa8d52053a56e04e6a5b0c208e76d6d4c057d status: experimental description: Detects traffic or activity related to http://112.86.12.39:50266/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.86.12.39:50266/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.210.15:48963/i id: auto-e813ed15fdb2eb5b933a039f9a9ae34a264f16884dd808b4ef78bf7e48fb21cb status: experimental description: Detects traffic or activity related to http://27.202.210.15:48963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.210.15:48963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.28.119:43254/i id: auto-143127cb1164d9b6a20688d56214e77af81e2f62af0c52566693fd0e5b98518d status: experimental description: Detects traffic or activity related to http://110.37.28.119:43254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.28.119:43254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.243.187.129:58008/i id: auto-3f26603b911764fc90cf6942f9f5f9dcb4fdb44dd6da9d9f3f8dce66a920957f status: experimental description: Detects traffic or activity related to http://180.243.187.129:58008/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.243.187.129:58008/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.36.235:59268/bin.sh id: auto-4c55d2c5249ca12e60be23d7344f6b6dcbff6ec94b59b0ecb477d50fd8cc6b42 status: experimental description: Detects traffic or activity related to http://39.74.36.235:59268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.36.235:59268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.28.119:43254/bin.sh id: auto-2fe6e18c51527d5e0d95aa92f56543d035688ed80cfcba16819ac9d1a397728b status: experimental description: Detects traffic or activity related to http://110.37.28.119:43254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.28.119:43254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.106.34:51441/bin.sh id: auto-dadf70fc075dcba11c940984aa3e174b2ab35c4058a3db18fbf1fdd26090500e status: experimental description: Detects traffic or activity related to http://116.138.106.34:51441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.106.34:51441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.198.22:57084/i id: auto-46b1155a4dee600c406363994594c29a94d06ceba03f04be71ef59bbab4b98b6 status: experimental description: Detects traffic or activity related to http://175.147.198.22:57084/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.198.22:57084/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.254.0:59570/bin.sh id: auto-b13bc00272b340cb87e2980caa50b9b1926645721b6ef58d4b20040e8218d24c status: experimental description: Detects traffic or activity related to http://117.221.254.0:59570/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.254.0:59570/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.139:46685/i id: auto-de018848a26b85d170bffd14499a3ecb1b614187856e6bee509837cf58e4db16 status: experimental description: Detects traffic or activity related to http://117.209.94.139:46685/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.139:46685/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6382108206/AoA6ARH.exe id: auto-d03c88e1bc126fc699d6e2c09a72d3ebf5cbd79151e24e9cec90a1bcc5e93300 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6382108206/AoA6ARH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6382108206/AoA6ARH.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.191.14:37375/bin.sh id: auto-0bcac73ee47e8b1a71280f7d19d5ba795ae3f4b937fc1d065fee37544255461a status: experimental description: Detects traffic or activity related to http://115.54.191.14:37375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.191.14:37375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.94.225:57408/i id: auto-7a67508ec07e36241fc33b3489b7ab9bd6e108826fc54096606a1c0263674ec6 status: experimental description: Detects traffic or activity related to http://110.37.94.225:57408/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.94.225:57408/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.165.213.116:4307/i id: auto-fc64cab99fc42cd48921c79927bfce6379e1ed3f29f33a1116638530b82438c6 status: experimental description: Detects traffic or activity related to http://189.165.213.116:4307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.165.213.116:4307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.172:43557/bin.sh id: auto-ef19600425b55cd49db276422614d15efb49d2a43a9c6fd5e8cc6015363edf7e status: experimental description: Detects traffic or activity related to http://59.97.182.172:43557/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.172:43557/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.153:48341/bin.sh id: auto-c3aa048fa161bf9b45d41f553c3532325203122e11ea8640b56b4670ef62f7e6 status: experimental description: Detects traffic or activity related to http://110.39.235.153:48341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.153:48341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.151:50787/i id: auto-9dfba511ad0527ea77a287855a9831d76cdaa832abb6299f1c9329972a0978bc status: experimental description: Detects traffic or activity related to http://110.37.118.151:50787/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.151:50787/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.39.195:51440/bin.sh id: auto-532c1c3f4f2ec81cd541d28ed3438c40839ebce71375e95e43082733038f5b5b status: experimental description: Detects traffic or activity related to http://115.63.39.195:51440/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.39.195:51440/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.21.127:57730/bin.sh id: auto-88e5311a464140e2db3035ba48e298940d190d2d36f14ea255226a2d1513a9de status: experimental description: Detects traffic or activity related to http://123.12.21.127:57730/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.21.127:57730/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.94.225:57408/bin.sh id: auto-fa685d132ceeb4fe51c589ee7a09b61e2025e18f07ad9fb8637962bfd1431d3d status: experimental description: Detects traffic or activity related to http://110.37.94.225:57408/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.94.225:57408/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.165.213.116:4307/bin.sh id: auto-0ff6770f281ab443d7f402d409c513b4fb71879268008bf9cfcd0f3da5371f6a status: experimental description: Detects traffic or activity related to http://189.165.213.116:4307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.165.213.116:4307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.47:46427/bin.sh id: auto-3b32d174fa22ca55e589739122c98a08bd961e461d4b7986a6bc4ce3e5d4082b status: experimental description: Detects traffic or activity related to http://117.209.92.47:46427/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.47:46427/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.139:46685/bin.sh id: auto-20c9bfa8d5c34e27a65d4a919cb03690d335f65f5d43aa8eab08f7b1663d90ee status: experimental description: Detects traffic or activity related to http://117.209.94.139:46685/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.139:46685/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.212.209:60103/bin.sh id: auto-17d307696d57069a8dcccb0758bdae9e2799a5716cc21acc12438c2b97a0038a status: experimental description: Detects traffic or activity related to http://115.50.212.209:60103/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.212.209:60103/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.68.221:39432/i id: auto-d9d50bb7b0e259bd4adf086710adcfc225bcba4fa04cae80cbf8ec801aa9d9d3 status: experimental description: Detects traffic or activity related to http://117.206.68.221:39432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.68.221:39432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.4.81:37024/i id: auto-749c12e73c2ee04b6fe8ae5a2fdbb2e7513ab52b5ca8fc51152aa687060dc684 status: experimental description: Detects traffic or activity related to http://61.52.4.81:37024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.4.81:37024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7377994722/pwx8Qhg.exe id: auto-b7100f0abfca70c21630f47a07d80a75fac5d9a12d40ed8dd2447e6e744bfbb2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7377994722/pwx8Qhg.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7377994722/pwx8Qhg.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:49974/bin.sh id: auto-f988b7c6f369b5634498fc462c189f358fa269b4c66df2d0feac65a1cf0ba2dc status: experimental description: Detects traffic or activity related to http://110.37.74.239:49974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:49974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.151/Installer.exe id: auto-7cd2fd71911e828419fedb6e699859779c8294c24aebb583ccc3285d0b419562 status: experimental description: Detects traffic or activity related to http://45.93.20.151/Installer.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.151/Installer.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.219:41305/i id: auto-2bc68af5a377a6c89794f51763d053d3d84ff621dcad9517554b7892aa468c14 status: experimental description: Detects traffic or activity related to http://61.53.84.219:41305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.219:41305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.68.221:39432/bin.sh id: auto-c1456361273a821a03140c42910da49a0df8aa4a2e6d73a091013517feba29bd status: experimental description: Detects traffic or activity related to http://117.206.68.221:39432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.68.221:39432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.151:50787/bin.sh id: auto-8aa7398697c10430c50aa4bd4f25d31d5eacdf3d7018a4b365c034baa23db765 status: experimental description: Detects traffic or activity related to http://110.37.118.151:50787/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.151:50787/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.0.245:55934/i id: auto-4cfd1b4c4b902c84ee3ccd9e3dfda17e4d9055d5dc4c863cb8f9a5947030d604 status: experimental description: Detects traffic or activity related to http://115.56.0.245:55934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.0.245:55934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.141.117.6/bins/m1ps id: auto-088217c84559295a8120dc4017de1911bf346431c62988eeb4700dc76c8ce2c4 status: experimental description: Detects traffic or activity related to http://45.141.117.6/bins/m1ps which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.141.117.6/bins/m1ps*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7149178118/0WGZcWD.exe id: auto-00d22516b8b5a1982603cc9481168bce10c0305f586602d5f60acfac4145184c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7149178118/0WGZcWD.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7149178118/0WGZcWD.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8460986495/Rw2DC91.exe id: auto-bb5a07115542ad44e3eb4c3c8aca0169b95457dc1bf45603f169e250e28032fe status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8460986495/Rw2DC91.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8460986495/Rw2DC91.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.219:41305/bin.sh id: auto-47eb1041b4138d1d6b9086cff882b3241579132364b8302ad964dbe70dcb6089 status: experimental description: Detects traffic or activity related to http://61.53.84.219:41305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.219:41305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.109:34418/i id: auto-31642fc833a43dcc5e345c3ab51802e5bd99b354e8dcb4f356206a9e8aaefdae status: experimental description: Detects traffic or activity related to http://117.209.120.109:34418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.109:34418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.74.96:34316/i id: auto-f4a125a2d16f5d5d47675e20166d05d225c1709ef2973874830fbb9fdeb7969b status: experimental description: Detects traffic or activity related to http://42.226.74.96:34316/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.74.96:34316/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.230.193:57709/i id: auto-b9373a48fc13f476ca8dbe273c3c842baa6a5f682b70ab76c3f881f01cc906fa status: experimental description: Detects traffic or activity related to http://115.50.230.193:57709/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.230.193:57709/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.74:38260/i id: auto-222536737c0e63853c38c07bfac2afe598434b0d67967d218cd7f1c353fee246 status: experimental description: Detects traffic or activity related to http://110.36.29.74:38260/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.74:38260/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.109:34418/bin.sh id: auto-0ba6d129e03fa020d886286bbb2708bef47d43945b31c9966d2c67cda595b81c status: experimental description: Detects traffic or activity related to http://117.209.120.109:34418/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.109:34418/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.169.41:32978/i id: auto-b6819e36c50d1aad39ffaa90634718ef4dbfb61f26bf5f824aa499173d01428b status: experimental description: Detects traffic or activity related to http://42.58.169.41:32978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.169.41:32978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.90.185.76/f33.png id: auto-bae9de20279a781b6a9e11749b4c599fcc1ea5807946cb931dd14011f4c8fe60 status: experimental description: Detects traffic or activity related to http://77.90.185.76/f33.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.90.185.76/f33.png*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.230.193:57709/bin.sh id: auto-f8cb9cfa5342b037824c1bd97fe4f66c7c8c781a9aa653d203a3f52bbd5f636a status: experimental description: Detects traffic or activity related to http://115.50.230.193:57709/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.230.193:57709/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.191.214:54372/i id: auto-c38d3d1212b4e324a6c0da04f6d282df66bc174fa9759b1a32d541298354431c status: experimental description: Detects traffic or activity related to http://42.178.191.214:54372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.191.214:54372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.191.14:37375/i id: auto-21d102c4b613f3b10e228c529ba9d3a90741306a21db2391d288bd8373b72bfb status: experimental description: Detects traffic or activity related to http://115.54.191.14:37375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.191.14:37375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.228.194:53516/i id: auto-5786e9db25ccb8d370b034e1ff3b19ded7e01445a1e70da9fbcba7cbf6d4b366 status: experimental description: Detects traffic or activity related to http://42.225.228.194:53516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.228.194:53516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://elimnasir.com/private/callback-fetch.js id: auto-06703830db27268adb97409d392fe69abc150ded800b223873ca11d85b1d8eed status: experimental description: Detects traffic or activity related to https://elimnasir.com/private/callback-fetch.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://elimnasir.com/private/callback-fetch.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://elimnasir.com/private/profile-ajax.js id: auto-8c726de44f45f54f3a67034b0f32b73c71c92362ad83d0aca4dcba36ae4a03b0 status: experimental description: Detects traffic or activity related to https://elimnasir.com/private/profile-ajax.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://elimnasir.com/private/profile-ajax.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.155.154:60826/i id: auto-2a113ef2d0cb8d485dd4ef2ef858975adc054d31341cdc1a2cffef548a439232 status: experimental description: Detects traffic or activity related to http://115.56.155.154:60826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.155.154:60826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.79.85.69:9426/i id: auto-f4050decb4872874f79c22a09db2181fe2d5b59ee5d24d4337eb61e7cb81fce7 status: experimental description: Detects traffic or activity related to http://181.79.85.69:9426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.79.85.69:9426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.88:47673/i id: auto-3707ca13dcb6d06e2f55a5262bb9dc46146c7f5dc9f783bd897be245a529911c status: experimental description: Detects traffic or activity related to http://110.37.38.88:47673/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.88:47673/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.21.127:57730/i id: auto-6ef7882fd22555f0f77c8c28d9d5fd1f315e5440bcbb0b366972fb801d4560a4 status: experimental description: Detects traffic or activity related to http://123.12.21.127:57730/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.21.127:57730/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.61.32:34549/i id: auto-8803fb6cc32361d54632a7326778f7f66f81f100fa8fce62f78015c01ee3a704 status: experimental description: Detects traffic or activity related to http://112.242.61.32:34549/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.61.32:34549/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.73.162:57348/i id: auto-abacd80af65cfdd91f59b48c2bc7e7312881b8201b3a2a12f3cd2b442510a132 status: experimental description: Detects traffic or activity related to http://125.43.73.162:57348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.73.162:57348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.81.83:55404/i id: auto-19326d68fce30e82c5786e6bd0af8463245a4bf4e0b49b59153520153b087d80 status: experimental description: Detects traffic or activity related to http://61.53.81.83:55404/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.81.83:55404/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.94.220.166:57924/i id: auto-dd4bb74cf590bb6af2c26abf66603d3aa7c3027d0162c5aa9eaebfc4a750033c status: experimental description: Detects traffic or activity related to http://181.94.220.166:57924/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.94.220.166:57924/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.133.184:56969/i id: auto-04a3c8f47be346cd2bd9dea622a12fb0d36e4b87d5fece8f6baab8e4f65e90e5 status: experimental description: Detects traffic or activity related to http://115.62.133.184:56969/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.133.184:56969/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.68:46820/i id: auto-21acefad36b2857a15911edc41e203461dd520fd4a89f613ebb3c019debc4972 status: experimental description: Detects traffic or activity related to http://110.37.67.68:46820/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.68:46820/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.190:48925/i id: auto-2483ad0c582595b865c4142f494fc622826a61ab45ee37288a0eb642769694ca status: experimental description: Detects traffic or activity related to http://59.97.183.190:48925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.190:48925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.18.241:43244/i id: auto-792519eec8f21510c76468a65694611165ea283272956c5fece601c762c8450a status: experimental description: Detects traffic or activity related to http://42.57.18.241:43244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.18.241:43244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.116.51:32856/i id: auto-d8c3a24a2f832c92b40034106eeca6c207b44386faf0aced2ef3ed3122668b59 status: experimental description: Detects traffic or activity related to http://115.61.116.51:32856/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.116.51:32856/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.151/rkcvo.exe id: auto-7b143a117f8f9403e81d1625c0342b3c2f30a9a727786420cb860bca17d2455a status: experimental description: Detects traffic or activity related to http://45.93.20.151/rkcvo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.151/rkcvo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.116.51:32856/bin.sh id: auto-11a3f365e4cf97c7e8aff0b6cfa9dd304260fec12039f5aea57bcd33d212e901 status: experimental description: Detects traffic or activity related to http://115.61.116.51:32856/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.116.51:32856/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.191.214:54372/bin.sh id: auto-cd844c1429cf721cb87a6b29f3b5a2bf2983b615d7a80ed168998797a9c52c42 status: experimental description: Detects traffic or activity related to http://42.178.191.214:54372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.191.214:54372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.190:48925/bin.sh id: auto-97cb3377bf6284a9e5eac33fcba96d2e627c5a51240350bc7d14f0806ff67dae status: experimental description: Detects traffic or activity related to http://59.97.183.190:48925/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.190:48925/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.x86_64 id: auto-84f316ffeb4dae9b22258944d50868cf1d16a77591b3f2a356d8478d6e02d823 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.m68k id: auto-6c11921b662ab56eeda054e8aac406936a8fa12c1b235c8bfb8debfaccf0ea75 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.ppc id: auto-50d68bd82656afca7769d855f3a7f2f27fc669d00d4e2e4025c5b83e5bb40c4c status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.x86 id: auto-fefbe3fea0be0c65f8f0dd751f20b6aed43deb96dbe8a831ea70bde6cdce7c2e status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.sh4 id: auto-6edd39dab5617bb175f3d1074a9a44d935dc1384fdc55d97f11f3463a66a6dab status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.mpsl id: auto-7c6dd4bafa41b0a895caad392f254441a3ab18fbd872680b84f0a0a3341d1a0f status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.i686 id: auto-63de8a2ae30ceca68f15417f5b86655f5a79cd059b7427459b000d3ba721c064 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.arm6 id: auto-23cb5900e8ecdff253e06f8bf903bc57ae4d1a629a18558f0476cbdc77e15714 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.arm7 id: auto-263818ed4c3f317c7322d3f6206073875bee6f582123eb42fee9832ec2dc0e63 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.spc id: auto-eb8af23d505ad6bc091cb0813400237f1a82f13fc3ed6f74580a816d767dee73 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.arm5 id: auto-26690bc2d88c2f56f7070e2e0c7081f3d0314351a3111f81f1c646566ed6f105 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.mips id: auto-14854d92705bc60730441917fda73af9db63e9e6f99c260c8db28de599dda202 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.i468 id: auto-5b081784c44bfd7f09761c0dd4a66c3cdd4fe14688397f8e2b2e56fb317e5b40 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.arc id: auto-3b8a9e223b6e3ee488b1738161f0b3bfe1eb85ccc496626da2d4cb26d1c7ab6a status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.124.199/johenlastgen/johen.arm id: auto-89ebd4d1ee7518f418a4b7512a8c5554f1b4359a5ecffe2f23b548b5aa863552 status: experimental description: Detects traffic or activity related to http://162.243.124.199/johenlastgen/johen.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.124.199/johenlastgen/johen.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.241.217:46613/bin.sh id: auto-ed67e236b12bcf5be9754eb2dbaf159fd359a71d676e6380746250e2fc77595a status: experimental description: Detects traffic or activity related to http://42.7.241.217:46613/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.241.217:46613/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/mips id: auto-b4221ba22bf8af4646095b622b2db4d1237127611566c70c35906eb210cc7517 status: experimental description: Detects traffic or activity related to http://45.131.64.176/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/m68k id: auto-bb75f637f163dea426c9a8eaccf0fce0b3615122aa9bdaf9d383c24d92097fbd status: experimental description: Detects traffic or activity related to http://45.131.64.176/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/sh4 id: auto-18aa768d45c4dd64472b5380f19693358b19bb6473a4b6226e7e75b3e70a7d60 status: experimental description: Detects traffic or activity related to http://45.131.64.176/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/mpsl id: auto-9663c0ab1127795420473d010186c55b3131eca351bb221218e2d3c1a2751d54 status: experimental description: Detects traffic or activity related to http://45.131.64.176/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/x86 id: auto-7d2e721bb262bd398202f675a41625f2937445291eb3bafcf67e410c206671b8 status: experimental description: Detects traffic or activity related to http://45.131.64.176/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/ppc id: auto-61b6ed41e16c756c5383fadad442d62bf0e77319508479c6f1ade07144d8f141 status: experimental description: Detects traffic or activity related to http://45.131.64.176/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/arm5 id: auto-19004b13d23b2157b0b053d855ff746c9fefa151887e49da5f0fca7384328d78 status: experimental description: Detects traffic or activity related to http://45.131.64.176/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/payload.sh id: auto-55e2ae85598fd7a3f066b444828a29806a655392de0b66aab11207c115761c90 status: experimental description: Detects traffic or activity related to http://45.131.64.176/payload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/payload.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/arm7 id: auto-f87324d23e4fb1062bec573802fef76cf7f5aba04efed9022b4e772bd5c0962a status: experimental description: Detects traffic or activity related to http://45.131.64.176/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/arm id: auto-633218fbb15273bedfa3dcc5819b44922432f2ae889e27caae4718335f820813 status: experimental description: Detects traffic or activity related to http://45.131.64.176/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.131.64.176/arm6 id: auto-0dec59bd9e2e24279a4e5dc0326d782a2323c843650a54e5f98752f89cecd713 status: experimental description: Detects traffic or activity related to http://45.131.64.176/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.131.64.176/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.1.217/nuts/bolts id: auto-c1f25bd97496dadcd86d65db83ca10c141b4159b35b31e411c54696139e8e2a9 status: experimental description: Detects traffic or activity related to http://217.60.1.217/nuts/bolts which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.1.217/nuts/bolts*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.32.142:56894/i id: auto-433e3814618e2f787848a7cd41ff0fbb0046a5fbe0d65461e66b96443c488bbc status: experimental description: Detects traffic or activity related to http://123.4.32.142:56894/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.32.142:56894/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.1.217/nuts/poop id: auto-59635f94fd5fb5e15fd1fe9bd8b295c698cecf26e74934a227427cdb51de9ee3 status: experimental description: Detects traffic or activity related to http://217.60.1.217/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.1.217/nuts/poop*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.90.185.76/avx id: auto-622df8734d572df2a4c4979f69a77438c9475939223b5b29c16d05a34fc3eb21 status: experimental description: Detects traffic or activity related to http://77.90.185.76/avx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.90.185.76/avx*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.13.57:55320/i id: auto-32decd44d9e94d81f8505523beee19c85ffcc8878f14601a9fe4b74a826bb470 status: experimental description: Detects traffic or activity related to http://182.116.13.57:55320/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.13.57:55320/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7149178118/YTNlVXq.exe id: auto-ab81c1089ceb81c13b7b786e50f522f752e99b2dc33df9a4fbd649f8074eae52 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7149178118/YTNlVXq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7149178118/YTNlVXq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.193.149.180:44539/i id: auto-2d30c2089a9bfb51197a5a64d54993b71e33056864ec4e56b2e5a956d69a7d2a status: experimental description: Detects traffic or activity related to http://117.193.149.180:44539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.193.149.180:44539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.32.142:56894/bin.sh id: auto-f6cd2e8d7b14e82d83707a57d2f9358d78d6d2daff28f1dd7fa177288b13af17 status: experimental description: Detects traffic or activity related to http://123.4.32.142:56894/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.32.142:56894/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.13.57:55320/bin.sh id: auto-985aa4d0c5d4c753635ed1910d7d341b220607b33a6cc26c03e51f9a2174db9e status: experimental description: Detects traffic or activity related to http://182.116.13.57:55320/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.13.57:55320/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.59.246:56466/bin.sh id: auto-ed05ad9d0a722505df337c69a313b31461ea67888896f96fe3ec315c797714b1 status: experimental description: Detects traffic or activity related to http://175.175.59.246:56466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.59.246:56466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.5.163:40515/bin.sh id: auto-92d9e76e9c114e79138d9cf87e1bf574fc6cadc9daa17c77d76ad58ac335b3a7 status: experimental description: Detects traffic or activity related to http://123.188.5.163:40515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.5.163:40515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.98.61.207/x86_64 id: auto-0f55dbc5eebaa28fa49a8d570f29368eec64c5885d34263bc0df4936fec763a2 status: experimental description: Detects traffic or activity related to http://198.98.61.207/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.98.61.207/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.141:45498/bin.sh id: auto-4aeddf01c84c5b5ab5d2dcbaaa1ccd6808bc37bd832cc052a6ad1af55b86e9fe status: experimental description: Detects traffic or activity related to http://175.165.84.141:45498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.141:45498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.186.32:35709/i id: auto-abf4520307533a5b869cb991c008b077d5014aaf5b00c4694deab809ef01e737 status: experimental description: Detects traffic or activity related to http://182.118.186.32:35709/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.186.32:35709/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.193.149.180:44539/bin.sh id: auto-5698f78896006ef7dfb5188af4f918ac6309914a5d995afb8ba965c5973bf7d5 status: experimental description: Detects traffic or activity related to http://117.193.149.180:44539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.193.149.180:44539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.1.64:37538/i id: auto-2769d6c0a76a71e1fef9114263e994a7041560731a3df87c6c537f136d3c6a06 status: experimental description: Detects traffic or activity related to http://175.166.1.64:37538/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.1.64:37538/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.140.147:34258/i id: auto-058409d08965a53d20b2e9c4d8971ea2bec4db669998fe953ed39e7a0a171c9b status: experimental description: Detects traffic or activity related to http://42.87.140.147:34258/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.140.147:34258/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.2.243:48634/i id: auto-cf65ae98fd476fb968451c02999b343d0469cc1c352c0d7245da42b9308cf385 status: experimental description: Detects traffic or activity related to http://125.40.2.243:48634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.2.243:48634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.232.96:49255/i id: auto-ce2130d92dc365d2dbf58778fcdbd4d9976cfdb5a30512941a905702d2cdecab status: experimental description: Detects traffic or activity related to http://219.157.232.96:49255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.232.96:49255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.154.210:58052/i id: auto-20253dbb128b806b3451ca6625fa55c536f213ad9f4bffc8a9492908c083c663 status: experimental description: Detects traffic or activity related to http://117.192.154.210:58052/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.154.210:58052/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.2.243:48634/bin.sh id: auto-78cbf33348c851f15b0bcb01aec89bb85f04cc8afd6266675a727bc510341554 status: experimental description: Detects traffic or activity related to http://125.40.2.243:48634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.2.243:48634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.251.130:34174/i id: auto-9c51c76090e4f118a22ab78b433b094464751f0910cc781f01f3b015e51021a6 status: experimental description: Detects traffic or activity related to http://219.155.251.130:34174/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.251.130:34174/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.81.131:55872/i id: auto-f26b09c5540d57701392e05eeded3359a2169da16470a4a8100ef6b1df681340 status: experimental description: Detects traffic or activity related to http://61.53.81.131:55872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.81.131:55872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.232.96:49255/bin.sh id: auto-a4c4efe80086ed4947650c3557819cd86a4b842150ea1efd6d925da7bfb577e4 status: experimental description: Detects traffic or activity related to http://219.157.232.96:49255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.232.96:49255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.130.105:50811/i id: auto-731a8b4c7d249baee4d1eb980c5a8fc421fc63fa4149a54fabc20b0eedf003d3 status: experimental description: Detects traffic or activity related to http://42.227.130.105:50811/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.130.105:50811/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.251.130:34174/bin.sh id: auto-f6fc828c52e81e8974dc24c52e5e60d61eba7fbf4f10569ffc036a9a16db5bd7 status: experimental description: Detects traffic or activity related to http://219.155.251.130:34174/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.251.130:34174/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7730186811/C7OvZBU.msi id: auto-f7888359a58183a71cd6e98316723f580dde006d2aa069fdd3c06301364a551d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7730186811/C7OvZBU.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7730186811/C7OvZBU.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.210.173:48090/i id: auto-a5157d6a2becae6b5aaaff8e6e20dbdb3e60ef66e1a0934ba6e1bca39422b784 status: experimental description: Detects traffic or activity related to http://119.186.210.173:48090/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.210.173:48090/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.210.173:48090/bin.sh id: auto-b52c1491347f95205541b3fd3f0af4fb2e772f67371f98e3eb26ee4e926e18e9 status: experimental description: Detects traffic or activity related to http://119.186.210.173:48090/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.210.173:48090/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/xpUmjwb.exe id: auto-566b76db82fe2d3b695e88df5a3a435897bcd990f5a192922d19e417dea92c48 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/xpUmjwb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/xpUmjwb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.93.20.151/Bot.exe id: auto-e11c037c252b1e909843d95aac72cad1a8aa070db7c433a59aa173fc53d3373e status: experimental description: Detects traffic or activity related to http://45.93.20.151/Bot.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.93.20.151/Bot.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.154.210:58052/bin.sh id: auto-5abc94682a3199be74c0f9b3ce55107529fe3837bfb4cbb6f92ea056d42ad64e status: experimental description: Detects traffic or activity related to http://117.192.154.210:58052/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.154.210:58052/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.99.215:38324/bin.sh id: auto-3f64caad1c37252ce9a5d6103e68ddc305d006df97322d2b772efd9b6fe0e229 status: experimental description: Detects traffic or activity related to http://113.236.99.215:38324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.99.215:38324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/822916975/28MZ5hx.exe id: auto-eff4a4bf08935dc43d6d515ba08ba56d329d3fc95416fe395bc399f2ae681b56 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/822916975/28MZ5hx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/822916975/28MZ5hx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.24.54:58160/i id: auto-21a32ffc2410ff7181e98d11ec2a01ef4599a181246fe2df5ef800e19235b226 status: experimental description: Detects traffic or activity related to http://42.178.24.54:58160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.24.54:58160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.213.198:39206/i id: auto-feeb46cbbcc94e754df321b6ddd970f8a070ce9866be15949ef9539fcd0b87b4 status: experimental description: Detects traffic or activity related to http://115.57.213.198:39206/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.213.198:39206/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.247.113:42107/i id: auto-9598dea930248f4e2bd8a96e63924c5065ee7df6b5967b719e103779fcef3152 status: experimental description: Detects traffic or activity related to http://42.177.247.113:42107/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.247.113:42107/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.167:46938/bin.sh id: auto-4eb20643761147dcb91f13d45181d5d0ab39c97b7d93ef97a4e048a21ace77e6 status: experimental description: Detects traffic or activity related to http://117.209.21.167:46938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.167:46938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.190.66:34699/bin.sh id: auto-5e37c614a661188e2c9e7424494ece4cba27d289f0dfe905b58f3244c7720bcf status: experimental description: Detects traffic or activity related to http://27.207.190.66:34699/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.190.66:34699/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.55.154.4:443/02.08.2022.exe id: auto-d90c9a8adae01646fedff4d92fa37e187b0cb0075b3d2307d4fe54e46a785851 status: experimental description: Detects traffic or activity related to http://106.55.154.4:443/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.55.154.4:443/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.120.32.72:8075/02.08.2022.exe id: auto-a5cc5c2fb4dea244d93401e8a656a8797ad651147692fd3d932381275787abec status: experimental description: Detects traffic or activity related to http://47.120.32.72:8075/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.120.32.72:8075/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.210.125.140/02.08.2022.exe id: auto-120133d7c04d3d1cfd603c2f041ffa61f683eeb661907f8bc2e438d97bef3fc5 status: experimental description: Detects traffic or activity related to http://8.210.125.140/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.210.125.140/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.222.147.66:49502/i id: auto-033c3723667b31083d5f134594a66bd537dd1857edafa4d8661e882dfb4a2262 status: experimental description: Detects traffic or activity related to http://177.222.147.66:49502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.222.147.66:49502/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.163.117.220:38340/i id: auto-dc7892dc0363833a4d81dbe85403fe25a1e7cd259787b183749d0f337f9c2440 status: experimental description: Detects traffic or activity related to http://112.163.117.220:38340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.163.117.220:38340/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.113.38.99:33617/i id: auto-e3c0b4b91490c8d02e527207766001dc09c221ad2441531fae2b1b56543ddc25 status: experimental description: Detects traffic or activity related to http://37.113.38.99:33617/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.113.38.99:33617/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.251.254.221:24472/i id: auto-0075116c51d5ae578d6d99030aa4a647d1fff5ae3e1f6fa6fde360618d450f2e status: experimental description: Detects traffic or activity related to http://175.251.254.221:24472/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.251.254.221:24472/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.166.130/sshd id: auto-8d7de8b807ff74f6e2c83452b9fceb5a148fbe5fb4dfdf54992edbfc102e7384 status: experimental description: Detects traffic or activity related to http://83.224.166.130/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.166.130/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.233.148.188/sshd id: auto-6d860767f44c117e5e63248e7c12622aa32f76ea1dc53083387dfb28e7d71219 status: experimental description: Detects traffic or activity related to http://14.233.148.188/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.233.148.188/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://102.23.89.5:8082/sshd id: auto-2a4517b8078e33c9e60d1fa6fa129b530704c57b2d5ec745459dbb49c643dd65 status: experimental description: Detects traffic or activity related to http://102.23.89.5:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://102.23.89.5:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.246.149:85/sshd id: auto-5524a7e97d8d2e483aba632476c25a2563b1df17b3e9ea1ca753984a1f42ad50 status: experimental description: Detects traffic or activity related to http://120.157.246.149:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.246.149:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.119.154.173:8080/sshd id: auto-b54cac9f1afcea707d305e32252a8a36e8c8400d077b7723fd911058a20c4fb4 status: experimental description: Detects traffic or activity related to http://42.119.154.173:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.119.154.173:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.140.251/sshd id: auto-4c24bbef93adb71110bf16f2197948886346cb0983f48623912b304a551dd1c5 status: experimental description: Detects traffic or activity related to http://91.80.140.251/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.140.251/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.24.74.0:10072/sshd id: auto-796d6c94de0c8fa2b8d1e27d8c19e14f4729c6bcbefe778414759e30bf5d935b status: experimental description: Detects traffic or activity related to http://88.24.74.0:10072/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.24.74.0:10072/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.181.240.244:8080/sshd id: auto-8ceafafddcc131608d77eac97f070877ac5a7193b4a5ee21798b4eaffe043915 status: experimental description: Detects traffic or activity related to http://77.181.240.244:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.181.240.244:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.18.155.134:91/sshd id: auto-e4ba6c2e87d87db7898bbcec067c8baa77a81887b857d85d321eaea8ddb84284 status: experimental description: Detects traffic or activity related to http://88.18.155.134:91/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.18.155.134:91/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.200.169:54083/i id: auto-4f348dd21f25e414238cec44a0dfc831457772f21a88bbfeccfb130574d474db status: experimental description: Detects traffic or activity related to http://219.155.200.169:54083/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.200.169:54083/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.200.169:54083/bin.sh id: auto-d64a39c1ba4de93b7e8db6fc61c3cbd6006b0d1208986c6d561d7722464e4d10 status: experimental description: Detects traffic or activity related to http://219.155.200.169:54083/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.200.169:54083/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/ok id: auto-e505e8873acd65fdda6ce2fbeb626f5393a1acd9a993d36f70926a9501089a95 status: experimental description: Detects traffic or activity related to http://109.111.55.202/ok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/ok*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/ovh id: auto-a319d97a24f3e589e0682455dce74bac7d668e63bb69ed60b5be702b53790d6b status: experimental description: Detects traffic or activity related to http://109.111.55.202/ovh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/ovh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/bash id: auto-3dac4ccd05ad7cab5bd6d889ebf58103abb155a145b459ef9292c3a05c48f1f9 status: experimental description: Detects traffic or activity related to http://109.111.55.202/bash which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/bash*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://sharecodepro.com/uploads/e93d371c8a19cb07.msi id: auto-94b559caa1a478c99f3f5d163a6e2a496ee7a90535e03125c51bda3764a1717e status: experimental description: Detects traffic or activity related to http://sharecodepro.com/uploads/e93d371c8a19cb07.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://sharecodepro.com/uploads/e93d371c8a19cb07.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.22.30.124:48401/i id: auto-4a9fa7290c88ed252607c4db379d6fdd31afb1eb72b5ff5653f8a295070e3e56 status: experimental description: Detects traffic or activity related to http://113.22.30.124:48401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.22.30.124:48401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.243.187.129:58008/bin.sh id: auto-807a58eb20fd22be6fa309846f6e749eaf764240ae4f77f5b7d6eaa7c2e76687 status: experimental description: Detects traffic or activity related to http://180.243.187.129:58008/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.243.187.129:58008/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.189.162:57159/bin.sh id: auto-f8d2d47293839242878761905aa648b10cd68612ad20b075fba21eee842932bd status: experimental description: Detects traffic or activity related to http://61.176.189.162:57159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.189.162:57159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.13.104:56254/i id: auto-3bce84cad7018acec5713a6891fa1b9c86375ebfd2dccefed442e66b4015bf21 status: experimental description: Detects traffic or activity related to http://115.58.13.104:56254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.13.104:56254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.51.48:59593/i id: auto-70b7da9d9f8b607c55aa6421028ee8856977e56d49a2581808c3f1ddff9e36f1 status: experimental description: Detects traffic or activity related to http://175.166.51.48:59593/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.51.48:59593/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.163:54335/i id: auto-2550024f65c92a5ef03145f0064e4fbdbdc0b10797efece6d1c510ffb722b2d1 status: experimental description: Detects traffic or activity related to http://110.39.228.163:54335/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.163:54335/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.118.119:54569/i id: auto-78791aa37bb7aa345d7232d0ffeb7c249ad5f56b382f26dd6a98d5776789cc53 status: experimental description: Detects traffic or activity related to http://115.61.118.119:54569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.118.119:54569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.149.133:43192/i id: auto-7a06a5cd5653801d9d53a134b6b664f26ce4a4e94d545ef676cc963a263a2f22 status: experimental description: Detects traffic or activity related to http://123.5.149.133:43192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.149.133:43192/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.13.104:56254/bin.sh id: auto-607d57ed62819f62e86e9b26be657fab961b7d0443a966bb008e5dd447474c14 status: experimental description: Detects traffic or activity related to http://115.58.13.104:56254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.13.104:56254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.65.176:37910/i id: auto-f0b57ca2c5b86b340ed3bfb025476df6b04a3f41ef331da4dffef147e8fdc062 status: experimental description: Detects traffic or activity related to http://125.45.65.176:37910/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.65.176:37910/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.147.13.105:10002/down/arm id: auto-851b9136783fb029167dec272cab62586188e8e5323f743c61ab628927277fac status: experimental description: Detects traffic or activity related to http://83.147.13.105:10002/down/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.147.13.105:10002/down/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.163:54335/bin.sh id: auto-b6111b44ee26d0d3772357410ad219b7aa62e3f1ba74ce132131f332d1ffe365 status: experimental description: Detects traffic or activity related to http://110.39.228.163:54335/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.163:54335/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.51.48:59593/bin.sh id: auto-df64ad2c11f12899cc2a367b9c06c8ec5364b381ef9189f9e2c8307d7fde90da status: experimental description: Detects traffic or activity related to http://175.166.51.48:59593/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.51.48:59593/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.238.113:40324/i id: auto-990032ae0c59dad7e42e3c8f6a60e579fe68738845e49c7044914d16c82fd40a status: experimental description: Detects traffic or activity related to http://42.228.238.113:40324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.238.113:40324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.123.148:34633/i id: auto-fa868d568e25f83c702c484fa37fcf6216989d16e791d14a2eca51edcccf8b74 status: experimental description: Detects traffic or activity related to http://112.239.123.148:34633/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.123.148:34633/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.27.224.88:57604/Mozi.m id: auto-3a1274633593b8be07f54c307661658a4d4290623b80448113dc5a646c867b8c status: experimental description: Detects traffic or activity related to http://5.27.224.88:57604/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.27.224.88:57604/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.56.236:41814/i id: auto-941fe305de2777a6cd617c01e0e5cab8b820e1f7e24c953ffafc331df541db6d status: experimental description: Detects traffic or activity related to http://115.55.56.236:41814/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.56.236:41814/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.65.176:37910/bin.sh id: auto-13fc7313a14d77dd11937044b2dd0d7a62305c3313b09cccc2d6d6ab038771b8 status: experimental description: Detects traffic or activity related to http://125.45.65.176:37910/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.65.176:37910/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.149.133:43192/bin.sh id: auto-00c7ef17a026f15b40141b7254f4b325e5b777ca2e6bcb33aa8f80f283b43ef3 status: experimental description: Detects traffic or activity related to http://123.5.149.133:43192/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.149.133:43192/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.114:60226/i id: auto-68e10f78140b0a98a92229ae7317d7c7f133c3745ad69ef799ef9a0f72ee7d57 status: experimental description: Detects traffic or activity related to http://117.209.82.114:60226/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.114:60226/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.144.165:56085/i id: auto-6de1d3a32f8eecd10d2cea07b8265033c0ec48b36f64d01bc83984a6285e595f status: experimental description: Detects traffic or activity related to http://60.22.144.165:56085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.144.165:56085/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.66.230:57355/i id: auto-44b9856957e52ff5f36a397085c547c18477a0747398b225099ba5a1feda078e status: experimental description: Detects traffic or activity related to http://42.232.66.230:57355/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.66.230:57355/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.165.60.60:9090/yandex.exe id: auto-61c5a86aa8969beb28edcd57e43869cc8812890bd6f4235cf35d441d9cae92e4 status: experimental description: Detects traffic or activity related to http://213.165.60.60:9090/yandex.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.165.60.60:9090/yandex.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.165.60.60:9090/ssh2.exe id: auto-239a7ec1c021133d053b0f4098b6a35ec64956e58442c6e9ca16eb55a3c3f98c status: experimental description: Detects traffic or activity related to http://213.165.60.60:9090/ssh2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.165.60.60:9090/ssh2.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.165.60.60:9090/ssh.exe id: auto-cc3aa0f576caf5dde08dec42d541466e402fc0956f9029c5090c1a691a91c71e status: experimental description: Detects traffic or activity related to http://213.165.60.60:9090/ssh.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.165.60.60:9090/ssh.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.66.230:57355/bin.sh id: auto-414600dfdf956a940464c68b391bc74277a138a5bec9e4e183d0e1f4d21da06a status: experimental description: Detects traffic or activity related to http://42.232.66.230:57355/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.66.230:57355/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.144.165:56085/bin.sh id: auto-f3bdb557e269404beb8749bf48b5fafe8f3eb23459f298f7c2cf94fc80e441a5 status: experimental description: Detects traffic or activity related to http://60.22.144.165:56085/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.144.165:56085/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/c9r7n6.ps1 id: auto-2475a8d07e990a385a2e51fdcf369d4b6e9d1c79abbde414d174ada0417a1466 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/c9r7n6.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/c9r7n6.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5279938618/McZEgNt.exe id: auto-1307456fda3bebac1e524c3da96a694e0bcf57c0965b89494cbd44ce4a164384 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5279938618/McZEgNt.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5279938618/McZEgNt.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.153.118:34352/i id: auto-247cd64773a582499bc8f1545711874d5884a574f9ae756ab365a6af0d371cf6 status: experimental description: Detects traffic or activity related to http://115.54.153.118:34352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.153.118:34352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.199.6:37611/i id: auto-7ba231069f696549fd5b966943186e81f6ce8c2fe0f39814d94f53e747761c6c status: experimental description: Detects traffic or activity related to http://125.44.199.6:37611/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.199.6:37611/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.153.118:34352/bin.sh id: auto-a5c673519168b03682f815a1c39c27c77da9d86eacf475bb387679adcfe3ab5f status: experimental description: Detects traffic or activity related to http://115.54.153.118:34352/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.153.118:34352/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.225.240:44409/i id: auto-6175ce90dfb994e825ac5eb42d3e0d85ba1a00bb4d056fb48ed0595aefaf7510 status: experimental description: Detects traffic or activity related to http://27.207.225.240:44409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.225.240:44409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.118.119:54569/bin.sh id: auto-a3d582af5ce745f10381b7dea66105d47c309fb6b4639b7b31ec639a75628128 status: experimental description: Detects traffic or activity related to http://115.61.118.119:54569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.118.119:54569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.164.74.141:48242/i id: auto-ebc981fd37d223309c29176d0d15dfe739189fd2a17f76522b9b3d25ee23ebc9 status: experimental description: Detects traffic or activity related to http://119.164.74.141:48242/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.164.74.141:48242/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.252.196.136:57547/i id: auto-2d1eaca5aa8f6c796d2d221d35e3766a1c6c02b3e662370c52fc73d68d5eb1c3 status: experimental description: Detects traffic or activity related to http://112.252.196.136:57547/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.252.196.136:57547/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.199.6:37611/bin.sh id: auto-eea110ce4a3b99a391289630617cd308594a052e44d243cd55966e5435a8258c status: experimental description: Detects traffic or activity related to http://125.44.199.6:37611/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.199.6:37611/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.164.74.141:48242/bin.sh id: auto-509eb3a7b8583a16f3888baf95db33958218e5eac17a173e51407d4dac1bc276 status: experimental description: Detects traffic or activity related to http://119.164.74.141:48242/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.164.74.141:48242/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.252.200:39862/bin.sh id: auto-8b490ec954d704aeaac8506d5185440ba8dc504ad953569090e32a9429eeadf5 status: experimental description: Detects traffic or activity related to http://125.47.252.200:39862/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.252.200:39862/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.252.196.136:57547/bin.sh id: auto-9816ee303ef628c19a891012a27d3fd374bc84ad31ee460504f78c6501053f7e status: experimental description: Detects traffic or activity related to http://112.252.196.136:57547/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.252.196.136:57547/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.185.42:47327/bin.sh id: auto-0c1b78b6637c8bbe374369783b784a7a84b17586be218be80fe70d0447999fcc status: experimental description: Detects traffic or activity related to http://123.14.185.42:47327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.185.42:47327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.225.240:44409/bin.sh id: auto-fbdf044b159f6cc9f636da898ff490227d52f86bc6e611e9cd688a88af0cda39 status: experimental description: Detects traffic or activity related to http://27.207.225.240:44409/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.225.240:44409/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.85.58:50142/i id: auto-b1a2cc7ab462bb667bd8047e2378f41541b9913ba1bd333dc7ec59f1cbaee757 status: experimental description: Detects traffic or activity related to http://182.112.85.58:50142/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.85.58:50142/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://duhsv690.cinderpouch.ru/?=check&&actmn=eReMhziqrPGQJVHO id: auto-49732093330762f2298d044711c51ea774bcf087482bec309176d59d24f86542 status: experimental description: Detects traffic or activity related to https://duhsv690.cinderpouch.ru/?=check&&actmn=eReMhziqrPGQJVHO which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://duhsv690.cinderpouch.ru/?=check&&actmn=eReMhziqrPGQJVHO*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.85.58:50142/bin.sh id: auto-2b40927a920e82fe067dd268c4ce34d85a521ce7fef654c8f2e65c766728d42c status: experimental description: Detects traffic or activity related to http://182.112.85.58:50142/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.85.58:50142/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.221.167:50908/i id: auto-63fd78721dfa9800f342ca873df090ae65b18b7ef78543eacd30679d459876d1 status: experimental description: Detects traffic or activity related to http://219.155.221.167:50908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.221.167:50908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.252.200:39862/i id: auto-6d48a26f7db35694b377533b20dae4e2cb7a7d888426382b16132cf71cf50126 status: experimental description: Detects traffic or activity related to http://125.47.252.200:39862/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.252.200:39862/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.52.11:48565/i id: auto-6315ef594fd7887900a57f883582af843add0f975295b3cfbb534ea5d402e953 status: experimental description: Detects traffic or activity related to http://115.63.52.11:48565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.52.11:48565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.116.78:44228/i id: auto-a6368d5f10e004cca63981f28a50ef1f93aa8129362b62f4e1b023b8becfdd04 status: experimental description: Detects traffic or activity related to http://110.37.116.78:44228/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.116.78:44228/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.143.96:43906/i id: auto-c099ce3d59f7f18886d12fa9c1801d86d31d9b32636e9e42bf36436263a366ae status: experimental description: Detects traffic or activity related to http://42.180.143.96:43906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.143.96:43906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.52.11:48565/bin.sh id: auto-a9bce3e0be181183ef55d5eed7eecd95c9eb2558685c92ba02f0a34111f0ad56 status: experimental description: Detects traffic or activity related to http://115.63.52.11:48565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.52.11:48565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.106.11:55742/bin.sh id: auto-5b4293c011f24fb5fb148fac1c28155d5dc074f60ad9364ce3c933c3300b5f68 status: experimental description: Detects traffic or activity related to http://113.228.106.11:55742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.106.11:55742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.189.212:56823/bin.sh id: auto-1b1005bff01fc3bb712fe69421578901f96c225dbfc60216a6dce25f8454679f status: experimental description: Detects traffic or activity related to http://123.5.189.212:56823/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.189.212:56823/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.201.127:49120/bin.sh id: auto-82ea26ab5608275c3d1800d4029fdb79ac596ce3d191225cfa8bcfbd3ce3e513 status: experimental description: Detects traffic or activity related to http://116.139.201.127:49120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.201.127:49120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.116.78:44228/bin.sh id: auto-44aa25a2517c54ad5ff42cf170e9a43e90c147f02f7cafb034c0d59323228bb9 status: experimental description: Detects traffic or activity related to http://110.37.116.78:44228/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.116.78:44228/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.97.78:56559/i id: auto-87526bdf0705731c060d6a07cba8188c93836f93b48b25b7e7063ff29ce9dda8 status: experimental description: Detects traffic or activity related to http://222.141.97.78:56559/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.97.78:56559/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.150.69:55622/i id: auto-3b5065014851f85b563039a130a06a34b8d74cf8b356bfb5bf36f34092b5134f status: experimental description: Detects traffic or activity related to http://115.63.150.69:55622/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.150.69:55622/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.228.95.68:10081/.i id: auto-b8935c9e46730e955a250503175937acd5d4deec3d37d64905184e6d8356c761 status: experimental description: Detects traffic or activity related to http://114.228.95.68:10081/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.228.95.68:10081/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.35.78.2:55827/i id: auto-6b3f4b7e3cdd924557141687c8aa98995c6832049781cf3894e3c91b86102192 status: experimental description: Detects traffic or activity related to http://111.35.78.2:55827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.35.78.2:55827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.150.69:55622/bin.sh id: auto-6e7e49949bcf40ae74b05f04ae69d330030ceb9e64016a0b02554808d403899a status: experimental description: Detects traffic or activity related to http://115.63.150.69:55622/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.150.69:55622/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.236:44665/i id: auto-589ec32330d8f96bbac52c8ebb6912d3b9c90ea1a5c6bb6d551266e3f2dff74b status: experimental description: Detects traffic or activity related to http://110.37.53.236:44665/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.236:44665/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.97.78:56559/bin.sh id: auto-5a1a59d1f68c4fd580838c679c7cbd511857987fea603fe108ab7e8e44cd7206 status: experimental description: Detects traffic or activity related to http://222.141.97.78:56559/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.97.78:56559/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvarm6 id: auto-ad49d1f7cb92cb5759bb15682a82443b4ea4cbcac9b5d0e0ff1eb3b4825ec988 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvarm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvm68k id: auto-99640413ccc71aa98e274d28a89fd0bf9da9a2193d59218143aaf54cfb98cf97 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvspc id: auto-859726797c79b795608ce313dbb45038915481d3726f081be93b1baa157b5874 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvx64 id: auto-ecc969e83fe7093f84ba4c1af45a9a95de72f68b4ec5d475c3b3abf32586d0fb status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvx64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvx64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvx86 id: auto-6601e09975fc2a6d380ff8c58686cbb2eb944ad977b9f83452a203fee89f3271 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvppc id: auto-89ef36b69256ebdee7ec1bdd98e0ba4a596778be2d3e58255eb529a2565f5bd5 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvmpsl id: auto-ead7e68cf5fec2a360b8e47d95623c134c13df0429534ad141440db77f955135 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvmips id: auto-c8b3ee37e1a99a7730b25e6ec099945ce7c6607db32b67cd45437663a20eeee5 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvsh4 id: auto-24bc3dcf76886db200182ecee89be37c560a692b7aece74772b856ec92e8c370 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/SupplySrvarm id: auto-11e4cefd47bc6e0eb654b60ce9b899d7d0f5f84b5443131a6401ba8d09262df1 status: experimental description: Detects traffic or activity related to http://109.111.55.202/SupplySrvarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/SupplySrvarm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.111.55.202/docker id: auto-5c32a404e84accb615e76a1b6ab38ff9e041d1e4c7cfe68f850d47559d304669 status: experimental description: Detects traffic or activity related to http://109.111.55.202/docker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.111.55.202/docker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.236:44665/bin.sh id: auto-26d68f8fc0f61ba1bb42480df173a64991fdb2fd900ff6c75e7060de17be9c2f status: experimental description: Detects traffic or activity related to http://110.37.53.236:44665/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.236:44665/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.212.72:52528/i id: auto-9bfa1b186873a4cd95c51076135d12bfb73178e8cc2206a8c32e6a2277c5bfe8 status: experimental description: Detects traffic or activity related to http://123.14.212.72:52528/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.212.72:52528/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delwayne.alwaysdata.net/Windowsetup.msi id: auto-22c394052fb7fc29567c5d8a0e5358e2f8c394e1fd297c8cd29cb46c277e3009 status: experimental description: Detects traffic or activity related to http://delwayne.alwaysdata.net/Windowsetup.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delwayne.alwaysdata.net/Windowsetup.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.30.44:46001/bin.sh id: auto-a81526daf4d2ebe867f31e7faa6088994fb4d8b3734003cd70920289949f7378 status: experimental description: Detects traffic or activity related to http://182.127.30.44:46001/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.30.44:46001/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.184.210:49494/i id: auto-0508864542646297ded09e94d8c0b9a24c4627fcfadfaae1c87c56d5afaa3abd status: experimental description: Detects traffic or activity related to http://113.229.184.210:49494/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.184.210:49494/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.184.210:49494/bin.sh id: auto-4f1bc93e0686ad9e67f901b8808cc1012e721a6a5393333c70786dcefa3708d3 status: experimental description: Detects traffic or activity related to http://113.229.184.210:49494/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.184.210:49494/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.108.77:35941/bin.sh id: auto-538cacfe0398bdc0ce902fa892397523ce1603dd3634819dc8e8c9bf85a6903c status: experimental description: Detects traffic or activity related to http://27.217.108.77:35941/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.108.77:35941/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.212.72:52528/bin.sh id: auto-57fdc96b6d10d18e1018a741de3203f3184450225e80148808e18a84b8b83fb2 status: experimental description: Detects traffic or activity related to http://123.14.212.72:52528/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.212.72:52528/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.127.195:42065/i id: auto-55e57c9d3f23a9b0e1feec4c3a55055baf66f30b7ec0ca3438f0e3fdff112801 status: experimental description: Detects traffic or activity related to http://60.18.127.195:42065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.127.195:42065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.14.227:51140/bin.sh id: auto-ad2751513c2706b89034d5b5bce050ceb49dee0527bd56c4f3743943d1611007 status: experimental description: Detects traffic or activity related to http://115.63.14.227:51140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.14.227:51140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.44.19:34132/i id: auto-8eac5815fd9cc506a07f4d80df8c6d91248dac9bb8c18adc94d49d9766418a1e status: experimental description: Detects traffic or activity related to http://222.139.44.19:34132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.44.19:34132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.107.166:53687/bin.sh id: auto-7c11bc5f65a743615c47e8893ef46cbaa58ae05d88be9b260550aa7015cf8499 status: experimental description: Detects traffic or activity related to http://116.138.107.166:53687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.107.166:53687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7024015129/zrcKMfi.exe id: auto-a1b9cf62d202d941203a5ea8ef6e28b9ba5960aed9eaa2775fa500d63d523da8 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7024015129/zrcKMfi.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7024015129/zrcKMfi.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.208.153:60301/bin.sh id: auto-5940dca9340bb49e80e2ef780061d02024031cc0aa9ae7df127e133ad13183c2 status: experimental description: Detects traffic or activity related to http://175.149.208.153:60301/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.208.153:60301/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.13.232:50870/i id: auto-40e766b362c78f31883ed51833b2ad36450e21dd47a35fdcc2b3e11db9435e08 status: experimental description: Detects traffic or activity related to http://27.220.13.232:50870/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.13.232:50870/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5748594824/6qvQZq7.exe id: auto-d0826e4542220dd24bfcf840e69b9846b58a32ae758ffcb052d71a22a5541051 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5748594824/6qvQZq7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5748594824/6qvQZq7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.56.147:52101/i id: auto-b5470cf171d6dca306b5734070a5dd8f35a1d0a0904c2548054a60ad6c610549 status: experimental description: Detects traffic or activity related to http://219.155.56.147:52101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.56.147:52101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.236:49595/i id: auto-6ade39ed2da395c501c4bdf3aa9b6bf7db25bfdfefe5935bc86744b0e2bceee0 status: experimental description: Detects traffic or activity related to http://117.209.94.236:49595/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.236:49595/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.78.43:52115/bin.sh id: auto-329e0f9f999ad48fb54aed0e43b446ff558e7f1a8e32e33fb66698f2cb7b50dc status: experimental description: Detects traffic or activity related to http://120.61.78.43:52115/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.78.43:52115/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.44.19:34132/bin.sh id: auto-af66f7a97fc06d0c69328bcddd352fd30dd3ce154ea09baf6b4981056a8e6468 status: experimental description: Detects traffic or activity related to http://222.139.44.19:34132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.44.19:34132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/32.exe id: auto-38afef5a901f964e36c435ce05c9557b85019339ea58d839d4f277109de75cdf status: experimental description: Detects traffic or activity related to http://195.178.136.19/32.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/32.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.56.147:52101/bin.sh id: auto-0e45bb5a7c4a9740187baea76470a659232e14e8e0377880f4a105cf0d781393 status: experimental description: Detects traffic or activity related to http://219.155.56.147:52101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.56.147:52101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.62.45:58051/i id: auto-1ce8baf71fbdcbc8c57a920de639aacfe53caf64c51efa667995b540a57a0030 status: experimental description: Detects traffic or activity related to http://117.216.62.45:58051/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.62.45:58051/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.236:49595/bin.sh id: auto-59dc6c2e576edcd9f7e68348da7afb86831380e0b2ca0a7507dae1eaec80e1ba status: experimental description: Detects traffic or activity related to http://117.209.94.236:49595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.236:49595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.57.49:42804/i id: auto-a5d687691d313fe6850e4bf2b69990e418d5d09c729417419fee940d83454ad2 status: experimental description: Detects traffic or activity related to http://219.156.57.49:42804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.57.49:42804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.68.41:33613/i id: auto-a9d2218e2f30c418a323b2db8a47ef77c66ef50f107e5983c929a8feb4a1744b status: experimental description: Detects traffic or activity related to http://182.117.68.41:33613/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.68.41:33613/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.62.45:58051/bin.sh id: auto-678201c1c0d01e28eae1b51374c0a7e77833ad3305b7d97bb526786a7c3911b5 status: experimental description: Detects traffic or activity related to http://117.216.62.45:58051/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.62.45:58051/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.206.235:55353/i id: auto-e1d23d20d85df890c872d7bf9c4f71bfcb9ddafb1301537fab8b3e61a70d7c59 status: experimental description: Detects traffic or activity related to http://119.186.206.235:55353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.206.235:55353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.107.177:34351/i id: auto-9d0b54595b6e9c451d9f1d91648d887518125b40fab7791d4e1e51cef38ac2b0 status: experimental description: Detects traffic or activity related to http://112.248.107.177:34351/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.107.177:34351/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.189.212:56823/i id: auto-081afff1650270ba70face5ad42b306a62d08c5149c0c274e64c35cbf82bf156 status: experimental description: Detects traffic or activity related to http://123.5.189.212:56823/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.189.212:56823/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.223.195:37665/i id: auto-d84905929130c0c173e95746c0fcacbc140e65d529aa1156c640d14c11e0a078 status: experimental description: Detects traffic or activity related to http://42.236.223.195:37665/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.223.195:37665/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.148.227:43252/i id: auto-deacb9b2fa2e4aef3f6b270080b03cdbb98c39747fe25ac0d84fb17b1a5376dc status: experimental description: Detects traffic or activity related to http://117.200.148.227:43252/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.148.227:43252/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.252.200:42626/i id: auto-295a25715cf8446bb51bde619806fa0cba6f0b9bcda34df0d1dcc925da0cd81d status: experimental description: Detects traffic or activity related to http://119.115.252.200:42626/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.252.200:42626/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://alikaraw.com/bot.txt id: auto-be98134a98b6cc79a99ca6dd407cd6e518d6ba11bb1b6eb195c9e9d08b5400f7 status: experimental description: Detects traffic or activity related to https://alikaraw.com/bot.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://alikaraw.com/bot.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.66.28:43992/i id: auto-53ca6201b77d8500d2843c0cde7b936bea9bf779d50bc4672228774ca57878db status: experimental description: Detects traffic or activity related to http://27.215.66.28:43992/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.66.28:43992/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.57.49:42804/bin.sh id: auto-7147e7625471706878e6791274760efaa5cd0c11c1bb9ba19d95cb86dd663772 status: experimental description: Detects traffic or activity related to http://219.156.57.49:42804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.57.49:42804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.13.232:50870/bin.sh id: auto-294a69cb48d652d74648fdcc054f08760530b5881906f129ab2c304d9a05763d status: experimental description: Detects traffic or activity related to http://27.220.13.232:50870/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.13.232:50870/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.196.164:38144/i id: auto-07c51cb6032378219560f8698144fd435409b00d7fe0ab4103473a794d887c9a status: experimental description: Detects traffic or activity related to http://42.177.196.164:38144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.196.164:38144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.223.195:37665/bin.sh id: auto-dbe3c612e587ba91649861582f0d3cc07c9395580a3b425f15b89dcb55f5cd0b status: experimental description: Detects traffic or activity related to http://42.236.223.195:37665/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.223.195:37665/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.206.235:55353/bin.sh id: auto-5627c046374f2154273e595ef32c2321eab7e401a8cd8ada8b5d79b13b491e02 status: experimental description: Detects traffic or activity related to http://119.186.206.235:55353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.206.235:55353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.239.92:45714/i id: auto-ac0fcaae9dff230d54016501ba3f8b602f5d8231a9308d83363c0490b0510956 status: experimental description: Detects traffic or activity related to http://42.85.239.92:45714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.239.92:45714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.201.186:42988/i id: auto-25d355518043e319263b66b3a53de36e53f668dda43c086223dfc10bfb7d1d94 status: experimental description: Detects traffic or activity related to http://42.7.201.186:42988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.201.186:42988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.68.41:33613/bin.sh id: auto-f1c62c30017f78253998a3364136d78f461a8b951be9e3b27e3ae0f470d7b003 status: experimental description: Detects traffic or activity related to http://182.117.68.41:33613/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.68.41:33613/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.69.109:55228/i id: auto-81d29277ea33f01a3e37c890cbbaa6ff40436923d9438d2314648406d576287d status: experimental description: Detects traffic or activity related to http://59.182.69.109:55228/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.69.109:55228/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.91.224:56848/i id: auto-9a612353416f9fc4e33cb7a6b2f0e08392ffc2950a003c2e2b520ada44fa2ab1 status: experimental description: Detects traffic or activity related to http://117.205.91.224:56848/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.91.224:56848/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.91.224:56848/bin.sh id: auto-73e0895979fd817a8bd5c73ab10deb8f6d28da82b876e2ff34d53ad8be6a2ef6 status: experimental description: Detects traffic or activity related to http://117.205.91.224:56848/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.91.224:56848/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.201.186:42988/bin.sh id: auto-f5586d5dbe1950b3b88810955d93b17e1aed30bb03352b35a85333e9d4ec82c7 status: experimental description: Detects traffic or activity related to http://42.7.201.186:42988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.201.186:42988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.69.109:55228/bin.sh id: auto-b6ea672ee0fc90fef7abb70e8bb39b8e7e97f7cac4770a5dd7aba5ccb47b8c0e status: experimental description: Detects traffic or activity related to http://59.182.69.109:55228/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.69.109:55228/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.51.109:35953/i id: auto-3c15093e118c901cf263f44a5dbfc4eeca8c8edf96895a1f253a7b011ab325e3 status: experimental description: Detects traffic or activity related to http://182.114.51.109:35953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.51.109:35953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/arm5 id: auto-0ec7ddcd37e4c104d76dcb00917174cf08cb8aff494565c3b2045d13eb93022f status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/arm7 id: auto-aeb031806a255b2d59513bf28aa0c8b2ed0bc7a5ed26f0d857863267ea4c5d5d status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/mipsel id: auto-a8a406a219a47527992a1e40086d78a7e0fd4bc74b0dcc3e530a7026a948f94b status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr. id: auto-c26bfb5fbdcf14d8bb735efc0e22a4adc361bcc5e7b47c813d858945cad865c9 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr. which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/mipss id: auto-9f3065a8b5b9166f8d28f6766a1dc6630a189edaffafe0dbb8f2758bef3e9abe status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/mipss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/mipss*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/arm id: auto-99124df1564f564e54419c917524935cf845ea5a66afbde03ab3b48d9fb3de1b status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/x86_64 id: auto-a0dd3df8c327a3d4e77f084692e30fe0cc9e8effeac3c1e022823a0a6ed2cc19 status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr. id: auto-9d1710e69b81fd5b0df67d96cb8b8f43b0cf87e8150d9157934c8e799a822578 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr. which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr. id: auto-96de29d29550ad26facfb94d292272af7ccd090ee8dcb077a4cc394d2e2cebd4 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr. which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr. id: auto-37e063ad78cb96bbb208ebca0179903c45a8cd457b870198e8f1c3e251da1c1b status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr. which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr. id: auto-67ad7e6b9fc4b9d2beacdc3f83f062d0b9608cd62571b5e2a5da506c3564dae3 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr. which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.197.22:46402/i id: auto-abb88fb8e880bf5f68a1a0c14c2237999e884958f5d9c846c826986595a2ccba status: experimental description: Detects traffic or activity related to http://61.176.197.22:46402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.197.22:46402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.239.92:45714/bin.sh id: auto-302fba3ae350053b16d4a15e41f6e7cfb10fca4ab0a420390e1a3ee8fed567e6 status: experimental description: Detects traffic or activity related to http://42.85.239.92:45714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.239.92:45714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/ConvertacacacedFile.txt id: auto-6bdef974abbeb94cc7ec3b82283937be51d1a844c951cb61994efdfa5274e25f status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/ConvertacacacedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/ConvertacacacedFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/wetpussy.txt id: auto-29493b3070e1489c8008c157154f7ddcb436674f57f525ea6c786a15e3d3879d status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/wetpussy.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/wetpussy.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/lime.txt id: auto-8be4b315035d2bb173e3621b54df7b4523834b32102cbff205e1ee4fc5f90208 status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/lime.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/lime.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/dkar.txt id: auto-7fbc5bb12a0f759d85a55a007a38779bba2e6bdb698f00133b91824737139a97 status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/dkar.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/dkar.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/kante.txt id: auto-71c632a71df1a43f52822c23993102c57be8fb6c601a48865b3cdbb98c1ac330 status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/kante.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/kante.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/wzaq.txt id: auto-33260883ca1cb674e54a4c036bcdb32573d66a502e071d07f5cb718601f41a96 status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/wzaq.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/wzaq.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/stock2.txt id: auto-52f0d9aa4513804b2b8ddc9363a96e00ad285110d5004f14fd1d646788d78e10 status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/stock2.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/stock2.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/ConvertallllledFile.txt id: auto-f5cbe80ac4911d480ad0bfc12e40f17740998ee9f7e1048a5e9a899397b0317e status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/ConvertallllledFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/ConvertallllledFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.46.173.4/sampp/ConverasiaaaaatedFile.txt id: auto-bac46d9c89843a80e91a5247d8441319e08a9fe8c3c4114d378c4b1e1195bef9 status: experimental description: Detects traffic or activity related to http://198.46.173.4/sampp/ConverasiaaaaatedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.46.173.4/sampp/ConverasiaaaaatedFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://api.robquiz.com/luemi/SaintMario.ps1 id: auto-d51d92675b4e1a0124e200999959e7fea590d550cbee3e0a5f3a1637a0316706 status: experimental description: Detects traffic or activity related to https://api.robquiz.com/luemi/SaintMario.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://api.robquiz.com/luemi/SaintMario.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.12/public_files/9nGprmg.txt id: auto-40bb367b8f6cf70aa34c304098943374bf98fb381350de359026b352f5803ed1 status: experimental description: Detects traffic or activity related to http://196.251.107.12/public_files/9nGprmg.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.12/public_files/9nGprmg.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://maxbet-88.com/ProjectApplication.zip id: auto-8c7e88835ea636cdf63ade0beab554632abc8dcab3e798946d437f970fe725e9 status: experimental description: Detects traffic or activity related to https://maxbet-88.com/ProjectApplication.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://maxbet-88.com/ProjectApplication.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.12/public_files/yYZNrD0.txt id: auto-f8c5e95882c987f31c84a3604532ccc9c13ec0f8ffb75590243cc227bed8572d status: experimental description: Detects traffic or activity related to http://196.251.107.12/public_files/yYZNrD0.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.12/public_files/yYZNrD0.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.31.84.211:8000/52.exe id: auto-52046da99e5d2ead48ce5cb5f849dd775c832650fb6c319f20eb201cc2f0e896 status: experimental description: Detects traffic or activity related to http://144.31.84.211:8000/52.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.31.84.211:8000/52.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.28.11:56595/i id: auto-ddcb84804c340c69cea06b013454ff8223bc6012b66d8339b115f7e9dcb39f11 status: experimental description: Detects traffic or activity related to http://42.231.28.11:56595/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.28.11:56595/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.46.20:32991/i id: auto-82f334a51b4b18eb9212f5d3bb5005b38e91cb44482822b1febe222c817babb6 status: experimental description: Detects traffic or activity related to http://27.215.46.20:32991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.46.20:32991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.ppc id: auto-dc2d595c518d63915207720a04db2a9aff322b4c04eb5198762e146409a4b4a6 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.x86 id: auto-8721e7db9dc114d8d384fbeb32921226d4b91a1c2f05dfb93bedfc13c01a705f status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.mips id: auto-330aad9b9a86e7884b861b1743b19942115afd9f74e4af4ed13191442d2fd993 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.arm id: auto-60a4fbee8a66221c3671575ebcf66bf208bbe0ee1d1c169d85aae1eb849c25b9 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.arm id: auto-c3267ac6bd4d73910c96e60397b3ea43e6a55deda4091c2972fef562adb64ca5 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.mpsl id: auto-f3985e31cd8fa815cd420922982b641e9364277bb8e78e40572d8ddfb01f6901 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.sh4 id: auto-4d33778cb7dd4458c98cff6ec78b518ef8a8f4d91295f1369ac78cbb24d88ef7 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.arm7 id: auto-eadb42be3e140165566ef773768d0b0ade4254aeb5b39161efcad320fce8f48e status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.arm5 id: auto-1e1c51156af9b7183583e01d49ded9db106a318d1e0ff6262b77d8af6ade40ef status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.198.234.181/armv5l id: auto-527a35e11c12d5a66cbbc9464bea0695f10b3f89ce0ed8e20fd6189c73b4986d status: experimental description: Detects traffic or activity related to http://185.198.234.181/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.198.234.181/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.arm6 id: auto-5fb85809b72b1ae1306fa2b1c2fe7bc49a6492006ee18810f7ede14c10f72032 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.mips id: auto-882c40d5c92ac7ec445e4ca91b46624523d55ce610625a013aa7268ac01db3c8 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.arm6 id: auto-3583648d5fd507eae4c843da5ce4c855d80fa04640600303859d2323d808bc56 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.arm7 id: auto-9c9e09d5ebbbb78a441f686ef32c496b43058350d8f5eada9e45aa9114b0c698 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.arc id: auto-4149092b47e8326263f1f4bcb2d32bef45dc206e4fd22a29350519eab75a0bad status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.x86 id: auto-e83b47da26e377e62c5bacf34c3789b7f36a1522405c40445110c8006c3b2ca0 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.arm5 id: auto-34699ac4761f48f40ff872a8e6c8f5c1a18151a34fa118c151b907d52d4acd1a status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.m68k id: auto-73a71f72bba57ce6b8ca023f206750a636b6333b766ca267d1d229ad0c170295 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.m68k id: auto-78bdc718c9a11564f53ce309efca91b9320d2fea3fa8eb230d7184a483fd85a1 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.sh4 id: auto-3bef39024a4dd53b7e44862b57616c55f6472a735fb514fec4a95c5d84ed6194 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.88.164.167/hiddenbin/boatnet.ppc id: auto-eb46602849dd43b589956b743c9e606b327c4550db3467c83c60a874f9a32683 status: experimental description: Detects traffic or activity related to http://167.88.164.167/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.88.164.167/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.x86_64 id: auto-60c1096fcb1e2c06aebc3deb642bafcaeaa139bd3e814c49e9afd06e0dadb544 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.198.234.181/mips id: auto-b6fa0149dda77ed312ddd03c6d6dccbf8c6d1dbb71db3021056335a726e13d34 status: experimental description: Detects traffic or activity related to http://185.198.234.181/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.198.234.181/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.151.194/bot.mpsl id: auto-b4d1c93717751561a95a0e52e9962beeae8885f0bce058e84c31c4be5267db60 status: experimental description: Detects traffic or activity related to http://176.65.151.194/bot.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.151.194/bot.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.198.234.181/armv7l id: auto-2f831de1992af7de384fcb305a38c51400943a8ccabdfae69c33797ce4e283f2 status: experimental description: Detects traffic or activity related to http://185.198.234.181/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.198.234.181/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.198.234.181/x86_64 id: auto-3f5b968a7d24587d5f0d7ffb0209dbd46ebebe27dfa981adb6beec59e8881884 status: experimental description: Detects traffic or activity related to http://185.198.234.181/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.198.234.181/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.198.234.181/mipsel id: auto-c759464db6b54d2e31643701e1d6a76de6d1de5a0ba1455674cf71169b8ba3c3 status: experimental description: Detects traffic or activity related to http://185.198.234.181/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.198.234.181/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7435145147/KZA247N.exe id: auto-04665f50e70b233abfa3eb2d3703e3c4ad14694a208b938148b222dd09e2433c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7435145147/KZA247N.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7435145147/KZA247N.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.51.109:35953/bin.sh id: auto-415787568cbae546ce66f849fa6e93869558097e24ed36dc9e1fbc32337c7bd3 status: experimental description: Detects traffic or activity related to http://182.114.51.109:35953/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.51.109:35953/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.220.84:39131/i id: auto-02b967a9e5c17647fd394cbdff60bb94ba717188d16610a582e64394ab549a9c status: experimental description: Detects traffic or activity related to http://115.55.220.84:39131/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.220.84:39131/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.213.198:39206/bin.sh id: auto-043347d31601fd16d4452ab78f3b234e9949fde28898b784c19d06f4c41a240f status: experimental description: Detects traffic or activity related to http://115.57.213.198:39206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.213.198:39206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.143.180:50302/i id: auto-038b1e49b58276fdb323c876bb27ae31ce2f82314a6c03036a56359f934f0dd7 status: experimental description: Detects traffic or activity related to http://117.223.143.180:50302/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.143.180:50302/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.197.22:46402/bin.sh id: auto-8b97822f9641e3fe12a507eb667df2a01bc6f14c1fee604c9efe5d0f34a5beb6 status: experimental description: Detects traffic or activity related to http://61.176.197.22:46402/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.197.22:46402/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.46.20:32991/bin.sh id: auto-0d3b0b33ca0a925ba641a05691afe49cf73aa7e6a3e7e0d95e4bbd5dd076917b status: experimental description: Detects traffic or activity related to http://27.215.46.20:32991/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.46.20:32991/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.28.11:56595/bin.sh id: auto-3aae2aeae447f67004b396f56c584e570bf29779b523bfddafcdf47a93d4e0f2 status: experimental description: Detects traffic or activity related to http://42.231.28.11:56595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.28.11:56595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.102.180:53297/bin.sh id: auto-2ec43bd1ebf7a211ce3cfe2bb5d05696a7cdfafa3866d8c86b02802027559441 status: experimental description: Detects traffic or activity related to http://175.146.102.180:53297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.102.180:53297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.156.9:43113/i id: auto-25e4fa2cf2d14f262b5e461409f83eef627597d306fbc34ec51caf269fbdf92f status: experimental description: Detects traffic or activity related to http://61.52.156.9:43113/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.156.9:43113/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.230.141.123:44701/i id: auto-f0fd51fd8531a0c757e2f045dda04c57e8e91a0ef717cf6d2747df602d15ca35 status: experimental description: Detects traffic or activity related to http://94.230.141.123:44701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.230.141.123:44701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.127.195:42065/bin.sh id: auto-6a316970abf1068e2e41e43909b25f33bb6122f63e52de663ea82d0dbaeea1fc status: experimental description: Detects traffic or activity related to http://60.18.127.195:42065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.127.195:42065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.157.160:32887/i id: auto-dd16aa6dbc08f6a0477ef26a8d36ce57a4398fb9047fa6e8c304e7b7b3fc1a93 status: experimental description: Detects traffic or activity related to http://222.140.157.160:32887/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.157.160:32887/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.114.199.203:52253/i id: auto-1958363b00195a383a4a9938d8273a3febfa859617342ea72fb9a19f3c063ba0 status: experimental description: Detects traffic or activity related to http://188.114.199.203:52253/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.114.199.203:52253/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.201.34:56388/i id: auto-7421d9d32d1365909a2c7b909bcf1f16f4778d943b45b215406d06778216ce7d status: experimental description: Detects traffic or activity related to http://42.225.201.34:56388/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.201.34:56388/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.41.169:40827/i id: auto-449310a3b355253db2c4bfb4ff640d32e1bf3b572f30ee5aa65f2ee67c47a800 status: experimental description: Detects traffic or activity related to http://117.217.41.169:40827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.41.169:40827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.36.247:37273/i id: auto-994a194115d932406389a64a7ccd63519b4710294103c9ee91e6ac8f3212d57d status: experimental description: Detects traffic or activity related to http://123.8.36.247:37273/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.36.247:37273/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.220.84:39131/bin.sh id: auto-cbd36bdc584b0f95b2b42a304c3d546d95e039c581d63f95794d981e5a8e0769 status: experimental description: Detects traffic or activity related to http://115.55.220.84:39131/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.220.84:39131/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.41.169:40827/bin.sh id: auto-ab3a899c55e2696fda892da3e02819fdf560113261cdb11a0c981947ddc242ef status: experimental description: Detects traffic or activity related to http://117.217.41.169:40827/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.41.169:40827/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/40.exe id: auto-9bb592745abf9ee30dfc5cb5de53f2cc85e4acfc6c134c96063b8069617680e6 status: experimental description: Detects traffic or activity related to http://195.178.136.19/40.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/40.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/36.exe id: auto-82302b9fd72f24e95e3db7026b26a3084a1bf6ca023f67d3d58084bdbe451a14 status: experimental description: Detects traffic or activity related to http://195.178.136.19/36.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/36.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/37.exe id: auto-429e41535921e8f5d776b6d402b63199f82eeb77d1a4291b0f0a7bb7e550cb5b status: experimental description: Detects traffic or activity related to http://195.178.136.19/37.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/37.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/38.exe id: auto-d3077eb453bbd0b3e2be6086d02c7fd756693f596939f3b01f28e194325d2dc9 status: experimental description: Detects traffic or activity related to http://195.178.136.19/38.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/38.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/30.exe id: auto-7e85b418d32dbf5ff2753279911d8799b3d0359005ce1a4b47acdcaa2263873f status: experimental description: Detects traffic or activity related to http://195.178.136.19/30.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/30.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/29.exe id: auto-e3a980d86e8b2f33c5218dff61a579dfafe691084216c950d2a336552f28bc5a status: experimental description: Detects traffic or activity related to http://195.178.136.19/29.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/29.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/31.exe id: auto-45e1326dfc1569f39ab9f4843fa0de3621feef802b392ab8170f8a739580ca94 status: experimental description: Detects traffic or activity related to http://195.178.136.19/31.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/31.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/35.exe id: auto-c6cdd0411dd00fd8b4c2346fc26b7c54b9b31a62412fd46a9e7f1c8d5de2fb2c status: experimental description: Detects traffic or activity related to http://195.178.136.19/35.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/35.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/33.exe id: auto-83161725a366381568d32dcead014f8ae088df4eeb69fb66966a68b38688a521 status: experimental description: Detects traffic or activity related to http://195.178.136.19/33.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/33.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/39.exe id: auto-7e5eeb44881c8ee3fbfccf85698d4505cca737afc3d7024c2e848b38c7f5232e status: experimental description: Detects traffic or activity related to http://195.178.136.19/39.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/39.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/34.exe id: auto-843fa9a5c34ca1a9fb66fad3e34595fbae5317e03d43e6ce5b4600131ee33f65 status: experimental description: Detects traffic or activity related to http://195.178.136.19/34.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/34.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.143.180:50302/bin.sh id: auto-7f81b87dd23ccd4e8c73e1f6dc6f51e1b8f7947f00a87a95e4b67827029c33db status: experimental description: Detects traffic or activity related to http://117.223.143.180:50302/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.143.180:50302/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/19.exe id: auto-a5bcf8b412bb93300d272cf32f47878b8db43729b8da598ecd0c64936bd8981b status: experimental description: Detects traffic or activity related to http://195.178.136.19/19.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/19.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/28.exe id: auto-0f75b638ab769bbc73ea4dde5e8c8d6ff757a78d4f15fc058b3df516a4f01385 status: experimental description: Detects traffic or activity related to http://195.178.136.19/28.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/28.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/5.exe id: auto-80decc5f6fe4b7037c2f3cd402b5f6cc056491b7d7a442dcac800d1557f33510 status: experimental description: Detects traffic or activity related to http://195.178.136.19/5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/25.exe id: auto-3ced79864cf84cc810c80af06ab405423b0b3a06b74870a877b765151f963113 status: experimental description: Detects traffic or activity related to http://195.178.136.19/25.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/25.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/20.exe id: auto-32bca1753508fd7088662088388883843194157edefd469697c0d1f530e86af8 status: experimental description: Detects traffic or activity related to http://195.178.136.19/20.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/20.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/24.exe id: auto-786f466969694f88ca7390b45fdd69438bf17de997e50f11419d1440454c2df6 status: experimental description: Detects traffic or activity related to http://195.178.136.19/24.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/24.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/1.exe id: auto-3c98e9359eebc2b340197426117c4e2a711a7856bab4fbc0b179688300638bbc status: experimental description: Detects traffic or activity related to http://195.178.136.19/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/6.exe id: auto-935cdf7ef7ece168350cbd93004a9812eba927ba970596fdaca86a3676df785e status: experimental description: Detects traffic or activity related to http://195.178.136.19/6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/27.exe id: auto-8ec0fb5a26da7c1f7a0e1d6c082186ba0e44a0fd00019bab05bf75dc7339f08a status: experimental description: Detects traffic or activity related to http://195.178.136.19/27.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/27.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/22.exe id: auto-64df044d902e1dd7f8d5fc0b06cc817a8fff3bc5af5462b1bf0c10af3d7c666c status: experimental description: Detects traffic or activity related to http://195.178.136.19/22.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/22.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/23.exe id: auto-d45214c5c85b8d493f61a8dbb011d86452bbb7e5defdd5961ec076f01978cc50 status: experimental description: Detects traffic or activity related to http://195.178.136.19/23.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/23.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/21.exe id: auto-a5b64a20b279842612d4dcb8fd80223cc6187ff86a248d0f86c5f1c8a88fb964 status: experimental description: Detects traffic or activity related to http://195.178.136.19/21.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/21.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/26.exe id: auto-138a706b8d8e7078cd6a16d764af6bd6da294898eda35bc899740939471aa31a status: experimental description: Detects traffic or activity related to http://195.178.136.19/26.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/26.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/15.exe id: auto-d80ec839c2abba7e2f518ff9df92cd0755f2a5e07d4f20fceb455041e6f3f4b0 status: experimental description: Detects traffic or activity related to http://195.178.136.19/15.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/15.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/18.exe id: auto-223025593dae354a6c285523743cf91f142b35bbe34e9a6df709e50fab300f99 status: experimental description: Detects traffic or activity related to http://195.178.136.19/18.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/18.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/12.exe id: auto-20fbdd42cb2c04066d342cb8ce6d50a14b30c5b530c4209dda9a9d40f9ec0b8e status: experimental description: Detects traffic or activity related to http://195.178.136.19/12.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/12.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/11.exe id: auto-b9d44b2f5fbfc592cd933b3c506ad86eb6f9ed61a200e95cef1d55b80721b044 status: experimental description: Detects traffic or activity related to http://195.178.136.19/11.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/11.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/13.exe id: auto-ee4fb0d0c2985d73c9c218ad68d6f571a73e978a421a8de708fbf2f9152fef35 status: experimental description: Detects traffic or activity related to http://195.178.136.19/13.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/13.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/4.exe id: auto-db837ee2ff2f537a3a806b106beafeea20522fe97d136fb862ac7b5c0925eb89 status: experimental description: Detects traffic or activity related to http://195.178.136.19/4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/10.exe id: auto-0899fa5c74bdf4f0126067d2d2419b2687771e62085a3e6b32d579db2ac222d1 status: experimental description: Detects traffic or activity related to http://195.178.136.19/10.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/10.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/17.exe id: auto-6b60c0ff1f6416f82ba6c7a407dcb3186c4234ab789f54888386556b790d0296 status: experimental description: Detects traffic or activity related to http://195.178.136.19/17.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/17.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/14.exe id: auto-eab19e5cace857c7ba99522ef0999d6ac0cf63b73d54d6c5f4de8d13d6e1fd4d status: experimental description: Detects traffic or activity related to http://195.178.136.19/14.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/14.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/16.exe id: auto-fd4d54e5580471b31b7b9c2af2b3ed34f5a19e32474f7f5cf2834f5b952b44c8 status: experimental description: Detects traffic or activity related to http://195.178.136.19/16.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/16.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.156.9:43113/bin.sh id: auto-2341046d0ae5ecf825b42eed37e64219824b33b17107de9b3383b5fd52ab0c95 status: experimental description: Detects traffic or activity related to http://61.52.156.9:43113/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.156.9:43113/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/3.exe id: auto-5272d2e9da5aa80372778af8f46466c4860d017465491cb857f5a36deae45ae8 status: experimental description: Detects traffic or activity related to http://195.178.136.19/3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/7.exe id: auto-223419800e0322508ce2ee98f9ab5284adf32abeb68d77825bade7df3551e002 status: experimental description: Detects traffic or activity related to http://195.178.136.19/7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/2.exe id: auto-ffaaab0fd06d09d191b29d99421d6a928e443d456ccdf053a4dcb59982c49892 status: experimental description: Detects traffic or activity related to http://195.178.136.19/2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/2.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/9.exe id: auto-90c7edee56e8dfb33ad9e59382205afb5867aeee592e43889e8d4cae9b94a6dd status: experimental description: Detects traffic or activity related to http://195.178.136.19/9.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/9.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/8.exe id: auto-84c895a2d0577622c88e86a914c6c06266f98ecb86a0f1d1310b40912e6b3324 status: experimental description: Detects traffic or activity related to http://195.178.136.19/8.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/8.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.24/nuts/poop id: auto-11e3983a024d6c3d97d637a8a1f306312c1c09c332b0562f5e7bf5ef95d455d3 status: experimental description: Detects traffic or activity related to http://87.121.84.24/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.24/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.24/nuts/bolts id: auto-80032d2fe9d061d8d41f5888880631d349130e295b0fffe400e19b26091a326f status: experimental description: Detects traffic or activity related to http://87.121.84.24/nuts/bolts which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.24/nuts/bolts*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.222.165.236:35038/bin.sh id: auto-85d7e5c3298082405d637d0f0593e46cfc4031613888628dfe93e023b73a5270 status: experimental description: Detects traffic or activity related to http://117.222.165.236:35038/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.222.165.236:35038/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.190:52003/i id: auto-503fc245417773bfcde7048975ecaf03114287ae30618e9dfdf20fcadcd72bc6 status: experimental description: Detects traffic or activity related to http://110.36.15.190:52003/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.190:52003/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.201.205:58179/i id: auto-133ae7fe4fc4cfc0e582313736b7d4e783a5824a54ed8c4ddbb940b2ad97c143 status: experimental description: Detects traffic or activity related to http://115.49.201.205:58179/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.201.205:58179/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.157.160:32887/bin.sh id: auto-b79c9de3a2528a242bdc9c8c78c83b11b3e5e6612208ca15d9e24d718da3c96c status: experimental description: Detects traffic or activity related to http://222.140.157.160:32887/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.157.160:32887/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.114.199.203:52253/bin.sh id: auto-4a4592fb3811eff5e056c1987d51ff71ede27a2fc62fa2005eb652a54becc23b status: experimental description: Detects traffic or activity related to http://188.114.199.203:52253/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.114.199.203:52253/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.1.64:37538/bin.sh id: auto-bc10a3f9c2ca62d9e19f84c4480cf7e90fdb7a41c10354f28352e7a3e89aeae3 status: experimental description: Detects traffic or activity related to http://175.166.1.64:37538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.1.64:37538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.201.205:58179/bin.sh id: auto-2304890b071814d26d1b7c253d27871d038acda96974803180e31dab112315e7 status: experimental description: Detects traffic or activity related to http://115.49.201.205:58179/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.201.205:58179/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.154.84.222:43765/bin.sh id: auto-40c12f99cd8409ac7fae425a23dc6bcb0a7877fc95c1282aff7f94e516c4ce0e status: experimental description: Detects traffic or activity related to http://177.154.84.222:43765/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.154.84.222:43765/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.190:52003/bin.sh id: auto-1bfe6460527263cb0bbdfbe8017818b443bcca343dc48dda397f0992dbc1edf4 status: experimental description: Detects traffic or activity related to http://110.36.15.190:52003/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.190:52003/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.132.107:58974/i id: auto-578256ba21d25cc688d1b7c9e22eab6c86cf6da00f87e237d3d3f0211af965e2 status: experimental description: Detects traffic or activity related to http://222.140.132.107:58974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.132.107:58974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.141.9:35746/i id: auto-6ded9362b5612760f3c00293f5d1d62f5347f468d226348ba5b261aca28679d3 status: experimental description: Detects traffic or activity related to http://124.131.141.9:35746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.141.9:35746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.176.17.70:48429/i id: auto-08eb7472ebbd92c514836baca55d0296cc749c6c7d6548efb2c034789a7259a4 status: experimental description: Detects traffic or activity related to http://59.176.17.70:48429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.176.17.70:48429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.204:43343/i id: auto-cbc7d437ade96d129c1a2cebf6d299a90c45224dfde8cdc81ff5e04dc3b18b8a status: experimental description: Detects traffic or activity related to http://117.209.80.204:43343/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.204:43343/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7958327382/TVStKQL.exe id: auto-3ba52ec9290d37317fa9462d713ba85c90b36e77b7aa3f1466611719c08658f2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7958327382/TVStKQL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7958327382/TVStKQL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.230.141.123:44701/bin.sh id: auto-714dc8796ad01da57e44a2e233e9247388cf7c4ac8bd793f077accdbf2667f30 status: experimental description: Detects traffic or activity related to http://94.230.141.123:44701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.230.141.123:44701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.109.219:35008/i id: auto-062e5be1234dbd915c28ee1acbf4d2bcc1d401f5d89780af0b54ddbf904c8748 status: experimental description: Detects traffic or activity related to http://61.3.109.219:35008/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.109.219:35008/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.155.243.196:38537/i id: auto-adb48074491955a434c03ec953c4dbdffeade158f39b7d13f4e002aac20d076e status: experimental description: Detects traffic or activity related to http://95.155.243.196:38537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.155.243.196:38537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.30.44:46001/i id: auto-04bd7f79da8cf32d9709c837fcca106d0ab5750814f1fd209c0f13b967bc2e1a status: experimental description: Detects traffic or activity related to http://182.127.30.44:46001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.30.44:46001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.176.17.70:48429/bin.sh id: auto-0874aa137dbf9cadc36adc9a4f1eac948712d7dd1a6982eb8cc76a7117c14596 status: experimental description: Detects traffic or activity related to http://59.176.17.70:48429/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.176.17.70:48429/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.141.9:35746/bin.sh id: auto-850648a91556b3e50dea458d6fcf3db231fd43b4510f20323d57b396ffa2d58a status: experimental description: Detects traffic or activity related to http://124.131.141.9:35746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.141.9:35746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.113.97:44175/i id: auto-6775193e67d12d9a56a5dab06fc3c16b6695a1c215735bb60d9d0a4c949b8534 status: experimental description: Detects traffic or activity related to http://27.37.113.97:44175/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.113.97:44175/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.149.161:48530/bin.sh id: auto-d64d91ce65e138849c29f07c68a782fc2b34495a43aac75b807d03f0622fae15 status: experimental description: Detects traffic or activity related to http://113.236.149.161:48530/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.149.161:48530/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.132.107:58974/bin.sh id: auto-de96fc2d5478c0dba3c09ddc8e95d988c313c3f148b588650d5745ca274d1e4d status: experimental description: Detects traffic or activity related to http://222.140.132.107:58974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.132.107:58974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.201.34:56388/bin.sh id: auto-52b1cb9e845757b1095735fa83c0a7ba69d4f3da8f66bc7e4ed7cdc35da1d67b status: experimental description: Detects traffic or activity related to http://42.225.201.34:56388/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.201.34:56388/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.211.148:43245/i id: auto-db22111d3368f9a43e96a2780632c6bbccff9bce4b23feebb525481695a33328 status: experimental description: Detects traffic or activity related to http://222.142.211.148:43245/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.211.148:43245/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.109.219:35008/bin.sh id: auto-2742f612ce48569c762d1a99eecc29d7129bb542edde337695032f88f4db4677 status: experimental description: Detects traffic or activity related to http://61.3.109.219:35008/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.109.219:35008/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.60.173:35219/bin.sh id: auto-2df272528bf49a56ce04da9c479a8a77a7386b56d651862fe2e0717b377b572b status: experimental description: Detects traffic or activity related to http://42.86.60.173:35219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.60.173:35219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.253.128:39232/i id: auto-5526a2d4ae43b6efd3e388ca6ec37f93d5b814ab97b42b1a91bb623528e3e50d status: experimental description: Detects traffic or activity related to http://119.179.253.128:39232/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.253.128:39232/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.155.243.196:38537/bin.sh id: auto-996cfa39c8f73aaaccfd9677886558003dc6ede83af43e9e1c45030dbbf3d99f status: experimental description: Detects traffic or activity related to http://95.155.243.196:38537/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.155.243.196:38537/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.184.52:40382/bin.sh id: auto-7452c3a587d29171e9114487ccd5abcef99b6a6d820ad87a5f10315398928b4e status: experimental description: Detects traffic or activity related to http://123.5.184.52:40382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.184.52:40382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.204:43343/bin.sh id: auto-b245562a5d6fb62c74f440d76ee558ce36e42ba621c0b97b26a4610660e723ab status: experimental description: Detects traffic or activity related to http://117.209.80.204:43343/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.204:43343/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.184.52:40382/i id: auto-b81212fc085de398a2b758fe2d2cbcc54925d33153f8183f61afb2dab9da2bcb status: experimental description: Detects traffic or activity related to http://123.5.184.52:40382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.184.52:40382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.88:47673/bin.sh id: auto-485ada8da697c7526baacf97c33f4fa5d8b0d9f4db94843636eab9e8efa9b863 status: experimental description: Detects traffic or activity related to http://110.37.38.88:47673/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.88:47673/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.133:54197/i id: auto-542328637c32810a32044ab3c966caece387fe41cd8e78b651e3cda0ef95b48a status: experimental description: Detects traffic or activity related to http://115.55.51.133:54197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.133:54197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.59.246:56466/i id: auto-1ff15a08b5577d1bba36655231259cbfddf1eadd3fb4757c64da6479f48736e9 status: experimental description: Detects traffic or activity related to http://175.175.59.246:56466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.59.246:56466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.31.6:51010/i id: auto-40e43cbacc78dff89cafc3b5cb68fa34c6a06eea2724766fd43cd61bd1282b0f status: experimental description: Detects traffic or activity related to http://182.124.31.6:51010/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.31.6:51010/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/pwn.xml id: auto-6b80e0430f0d9bb3a08e3842ce54af94bc2478c0e3e5c6da13e530d104c16638 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/pwn.xml which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/pwn.xml*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.220.195:49242/i id: auto-c16c8674d2083c3901e7daed5e3f5505a4e861a48ca24f2f6748fb51be7edf50 status: experimental description: Detects traffic or activity related to http://61.1.220.195:49242/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.220.195:49242/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.133:54197/bin.sh id: auto-29372913725001e21111b3f2be160670d1fb152fd4207ffac7605836aa98ca80 status: experimental description: Detects traffic or activity related to http://115.55.51.133:54197/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.133:54197/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.149.199:53485/i id: auto-7a0005cbebdfbae2129494cc626c5a366a351e6389d90559fb9480f67bc489a7 status: experimental description: Detects traffic or activity related to http://61.52.149.199:53485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.149.199:53485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.149.199:53485/bin.sh id: auto-c9856f346eebc11d063a34083957bbde633e9408a86615c7f2c8531023ca0616 status: experimental description: Detects traffic or activity related to http://61.52.149.199:53485/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.149.199:53485/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.215.187:52861/i id: auto-3b001ad13cb6a8342a5256d27e3eef92a9d0a65f4ea2341dc85cc2e69b0c24f0 status: experimental description: Detects traffic or activity related to http://27.215.215.187:52861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.215.187:52861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.31.6:51010/bin.sh id: auto-9bfbe0c3d4e5e3f18f6d6901b413a2ebc63bf6d9db7c67757ee5fc203b2c86dc status: experimental description: Detects traffic or activity related to http://182.124.31.6:51010/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.31.6:51010/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.236.70.50:45012/bin.sh id: auto-30b673fa72933803a9a759129bdf30930274c1e44f7a9b6aa80c74e5f45c2ac0 status: experimental description: Detects traffic or activity related to http://178.236.70.50:45012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.236.70.50:45012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.220.195:49242/bin.sh id: auto-63cfd2bef80148a740bdf8ec42a2090f68fd48781134ee9888462219f4a9cdd5 status: experimental description: Detects traffic or activity related to http://61.1.220.195:49242/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.220.195:49242/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.99.62.82:50478/i id: auto-1310ba825470d6518821485ccca645760cb9550bb4754dd10cdf0ea0942092c4 status: experimental description: Detects traffic or activity related to http://181.99.62.82:50478/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.99.62.82:50478/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.187.0:34063/bin.sh id: auto-7693c1c196258887974d92e78f96d47d99b87ae01c2ddbe9b61e179d4f1bbd07 status: experimental description: Detects traffic or activity related to http://182.124.187.0:34063/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.187.0:34063/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.36.247:37273/bin.sh id: auto-dd1350462412a19f5a5298b13fa396fa5b75f50b1b4cbd27c846bee0e7ab841c status: experimental description: Detects traffic or activity related to http://123.8.36.247:37273/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.36.247:37273/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.99.62.82:50478/bin.sh id: auto-02ca74195c40ad8b57e8b99124a01ec71ce1e4c6495534d996adf7d4ae88a3c6 status: experimental description: Detects traffic or activity related to http://181.99.62.82:50478/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.99.62.82:50478/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.193.229:53441/i id: auto-8f937c49fc23711b61821f0967780efdf1045c9722fe8668fe9a9073c7d9fa02 status: experimental description: Detects traffic or activity related to http://175.168.193.229:53441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.193.229:53441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.215.187:52861/bin.sh id: auto-84c5fe9eeaa4df31f360b719dcc527504aae782087e88c4998912ecb1926b403 status: experimental description: Detects traffic or activity related to http://27.215.215.187:52861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.215.187:52861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.247.195:34324/bin.sh id: auto-d572a6161878a6e3474f1f2d13f493cfb6dd5d790b4d91ef5a25b7076f74e529 status: experimental description: Detects traffic or activity related to http://42.59.247.195:34324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.247.195:34324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.196:35269/i id: auto-8c399386cd2c2f93b49441f86a5ca65ea97b73a3d3a73545595fbfc184bbba4b status: experimental description: Detects traffic or activity related to http://110.36.0.196:35269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.196:35269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.123.120:52264/i id: auto-6abe8c10d63ba9335086758c19ff0941eb80cf431a71cebe341199d95a1ed873 status: experimental description: Detects traffic or activity related to http://182.116.123.120:52264/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.123.120:52264/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.42.118:36843/i id: auto-d020758d80f3d71140ed8f6a14975eb4c37ac93c7cafb1ce32280d2ba52e8d00 status: experimental description: Detects traffic or activity related to http://222.141.42.118:36843/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.42.118:36843/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.196:35269/bin.sh id: auto-36e058399915b43cbea013c2cff14e9d08640b130d6cb7efe5ece6d4cde290e3 status: experimental description: Detects traffic or activity related to http://110.36.0.196:35269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.196:35269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.77.127:43707/i id: auto-56dbe7ea65d135697635c1cf5f0efa2b2f15985c93bd0902d53ff090edfe0cad status: experimental description: Detects traffic or activity related to http://182.124.77.127:43707/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.77.127:43707/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.211.50:33021/bin.sh id: auto-95cd6480bedf0e1ee04755100880fa1deadc02ea47fde42c7fc79fdc365eafa3 status: experimental description: Detects traffic or activity related to http://182.123.211.50:33021/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.211.50:33021/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.254.95:42292/i id: auto-81221c35e54ef0cfab524c19fa692e6d3ba84d41b57070e6fe416a689692bb32 status: experimental description: Detects traffic or activity related to http://218.60.254.95:42292/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.254.95:42292/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.50.58:38549/i id: auto-13cf0df33bebe9c46f6fb4f2aa358a41e6b97ae728c70b77676f58d9bb56468f status: experimental description: Detects traffic or activity related to http://182.119.50.58:38549/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.50.58:38549/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.127.22:35566/i id: auto-1507f5669c3004963ad222e46ce5b935119d887be87213c23ac9700dc93bbb6e status: experimental description: Detects traffic or activity related to http://175.165.127.22:35566/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.127.22:35566/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.216.248:59549/bin.sh id: auto-58deb7fe598d85304da48c58c853cc73ef51a42cc5045252ab27c05d58efe201 status: experimental description: Detects traffic or activity related to http://60.19.216.248:59549/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.216.248:59549/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.0.245:55934/bin.sh id: auto-978b47ec99c88c05ac2a57392424a8d977441045391887b44d18ebf64af7503f status: experimental description: Detects traffic or activity related to http://115.56.0.245:55934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.0.245:55934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.110.52:49322/i id: auto-51335a29eb1448a71c9654764702174faa133619279b769c4da547282b94f472 status: experimental description: Detects traffic or activity related to http://113.238.110.52:49322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.110.52:49322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.11.105:55990/i id: auto-6c80276de8c61ebd81b8ba2e5d9e0a52fedef9b5b2595a1d580c5dd75097e9f6 status: experimental description: Detects traffic or activity related to http://117.198.11.105:55990/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.11.105:55990/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.230.86:45185/bin.sh id: auto-b98f589578dc4eaa09672651d4a9122cfc7063828edc5018f0162fea4a43a71d status: experimental description: Detects traffic or activity related to http://123.10.230.86:45185/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.230.86:45185/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.53:55581/i id: auto-2f726395929464675fe43ca852c92cac9c0e1f09418fce7e1494229d808414af status: experimental description: Detects traffic or activity related to http://117.209.30.53:55581/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.53:55581/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.190.172:38391/i id: auto-1d291c3cff6e8f765489955187e43a7f63c6c7809645a572a1d9e5d5d1cbe0cb status: experimental description: Detects traffic or activity related to http://113.229.190.172:38391/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.190.172:38391/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.36.133:57573/i id: auto-dc9ef258241a27a57befe3ccd7de527ea6f380a163b230244dbefebfa41d6847 status: experimental description: Detects traffic or activity related to http://42.227.36.133:57573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.36.133:57573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.36.133:57573/bin.sh id: auto-23503a9ff810dfb65124791237e28f2f8b0996bae988b8708629fe2ba899fcc3 status: experimental description: Detects traffic or activity related to http://42.227.36.133:57573/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.36.133:57573/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.77.127:43707/bin.sh id: auto-ccf0265325b2010c2f851a2ef2beeee92d9d0820c7ab03d9e064666ebcd88c48 status: experimental description: Detects traffic or activity related to http://182.124.77.127:43707/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.77.127:43707/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.85:53446/i id: auto-c15d3dff56b79db400f39c935f3ed97066a70b9b4612f6917fadce700819c648 status: experimental description: Detects traffic or activity related to http://59.96.136.85:53446/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.85:53446/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.9.180:33814/i id: auto-483d579dc516ba935e277ca8770438cfd3aee6c77c7215504369feac49770af1 status: experimental description: Detects traffic or activity related to http://115.57.9.180:33814/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.9.180:33814/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.50.58:38549/bin.sh id: auto-e6def29be2e7e7a42952eded4841de06c82568f1ee404710337ab8870e63103c status: experimental description: Detects traffic or activity related to http://182.119.50.58:38549/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.50.58:38549/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.190.172:38391/bin.sh id: auto-1f4a84043db270b81e1818d045cb726f58c8d4c5b93ad5593910336a374ee1c7 status: experimental description: Detects traffic or activity related to http://113.229.190.172:38391/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.190.172:38391/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.168.61:44062/bin.sh id: auto-865b46f612876944e5afdaa4263f4c8bc37d556f70ba82a6730c8e4095048c30 status: experimental description: Detects traffic or activity related to http://119.116.168.61:44062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.168.61:44062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.85:53446/bin.sh id: auto-d6984d21835173a878f9ee847905b403d271eaa617af42d888025097200e71b5 status: experimental description: Detects traffic or activity related to http://59.96.136.85:53446/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.85:53446/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.9.180:33814/bin.sh id: auto-99079ab84938733942ce288cc9cbe55d4d213663c4dbd22507793772cf115f82 status: experimental description: Detects traffic or activity related to http://115.57.9.180:33814/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.9.180:33814/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.174.220:35660/i id: auto-fb5a23fd718783a4904872ffc1634d914f15ef5dad3e5d5940d2a20cebe97bc3 status: experimental description: Detects traffic or activity related to http://175.167.174.220:35660/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.174.220:35660/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.177.32.125:33213/i id: auto-e0ba337322b25efcfff7b12445ad8b39f28bb9a256580fc6c5e6ac748652d222 status: experimental description: Detects traffic or activity related to http://160.177.32.125:33213/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.177.32.125:33213/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.243.94:42303/bin.sh id: auto-fe88bd83e4ac8fdead45baf8ab86f549b782edf10108ec8317356e4bd27d3c1c status: experimental description: Detects traffic or activity related to http://110.39.243.94:42303/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.243.94:42303/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.12.224:43530/i id: auto-41e5051bed25251025accafe11485d7aa9a357417a19c60773e20b874112170d status: experimental description: Detects traffic or activity related to http://115.61.12.224:43530/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.12.224:43530/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.201.200:56179/bin.sh id: auto-24850aca0dc2b096ee1cdef7d59a2f3ae2a60a8af0589d4809bede5e7d10dfeb status: experimental description: Detects traffic or activity related to http://117.200.201.200:56179/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.201.200:56179/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.214.74:41044/i id: auto-60138e95caf9ea2394c06c6db37799ade1754524557f2db1ce01aec9aeff1a45 status: experimental description: Detects traffic or activity related to http://27.215.214.74:41044/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.214.74:41044/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.217.238:39554/i id: auto-882f8e4503e2240a38df0d54a6ef7f4800c7c508689bf5dfb010812f599bb16a status: experimental description: Detects traffic or activity related to http://42.228.217.238:39554/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.217.238:39554/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.195.143:39297/i id: auto-1083274ef2764892c459322700a830cb15f70fa95e18de6753a2010b3530f2ab status: experimental description: Detects traffic or activity related to http://182.123.195.143:39297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.195.143:39297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.214.218:34742/i id: auto-3e343539228bee534b7fb58a069aa7c923d8ad6d783aea9d38ea9d64c1e4bb63 status: experimental description: Detects traffic or activity related to http://219.157.214.218:34742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.214.218:34742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.185.221.169:50220/i id: auto-c98db8f5a843c56acf7b147709cfb6d1b179c5ba31b720b2081b94cdf9510691 status: experimental description: Detects traffic or activity related to http://39.185.221.169:50220/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.185.221.169:50220/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.233:57312/i id: auto-63ced6a24517f561bc227313762160e2eb4916921eb81f440ee8fd0e31a5dc0b status: experimental description: Detects traffic or activity related to http://123.12.225.233:57312/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.233:57312/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.12.224:43530/bin.sh id: auto-7493419bfd2f3deb5f6bc942c1a8653adc301c20f6823b411f53b45f4a95aed6 status: experimental description: Detects traffic or activity related to http://115.61.12.224:43530/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.12.224:43530/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.105.215:45320/bin.sh id: auto-6da93138ae23260e006b0afaf2685b6b2c26a7cd3a59a8434564ad50baf98c17 status: experimental description: Detects traffic or activity related to http://117.221.105.215:45320/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.105.215:45320/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.174.220:35660/bin.sh id: auto-9d5eae9bee7cbc364ddcba7529b1d9dc238ff138c888d174abc287f8ea39e1e5 status: experimental description: Detects traffic or activity related to http://175.167.174.220:35660/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.174.220:35660/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.195.143:39297/bin.sh id: auto-aee67cc6f2592a3d88dd9e601d6433c8d5f04450dc25ebd780f986bdac2a680b status: experimental description: Detects traffic or activity related to http://182.123.195.143:39297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.195.143:39297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.179.92:38749/bin.sh id: auto-44e0d9a2c58c3c1f414b52e2c4175f754cc1c92aa065d99e37cb52efdfd0ddd7 status: experimental description: Detects traffic or activity related to http://219.157.179.92:38749/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.179.92:38749/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.233:57312/bin.sh id: auto-e8768a6d2aca8049e24a656b52600f5a37963fe4db628e28fa22a96d1ad01b39 status: experimental description: Detects traffic or activity related to http://123.12.225.233:57312/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.233:57312/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.190:49979/i id: auto-408d62a8b7182f1050cbefbb72e5d436239e6b2edb6b979620d27e1e7b6eb7d7 status: experimental description: Detects traffic or activity related to http://117.209.93.190:49979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.190:49979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.210.121:35859/i id: auto-dc78af0539c414f6d73364419afee73d80a65bace6b6a8296ee990bcf6b76978 status: experimental description: Detects traffic or activity related to http://175.148.210.121:35859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.210.121:35859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.217:59604/i id: auto-37d3d28e7bb3f972f14d1e08ce49053da371941f27e0df6ea6d1bb0b4aa19416 status: experimental description: Detects traffic or activity related to http://59.97.252.217:59604/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.217:59604/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.190:49979/bin.sh id: auto-76f2a02f1fa83943a3ed55099fe73136da1337aff7a44918503260702f87f373 status: experimental description: Detects traffic or activity related to http://117.209.93.190:49979/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.190:49979/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.48.162:50350/i id: auto-9925f10550a6095b39ca51229192b55c08a70a40ffb2639d13432d37c05f4f2d status: experimental description: Detects traffic or activity related to http://123.11.48.162:50350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.48.162:50350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.88.7.70:33708/bin.sh id: auto-ec6bb09cd0b01c841f8cee48da43bda49b79d56f18dc6639a4e648f9a4e19356 status: experimental description: Detects traffic or activity related to http://39.88.7.70:33708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.88.7.70:33708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.123.120:52264/bin.sh id: auto-b777a1d3129560627bcf92115376b0ec036477509cdddbcf49e6439e0e5caa90 status: experimental description: Detects traffic or activity related to http://182.116.123.120:52264/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.123.120:52264/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.160.225:53600/i id: auto-5712821a41f3e13370a82bbe7df235316d233a0deed11f55649f6ec8f5e5f062 status: experimental description: Detects traffic or activity related to http://115.56.160.225:53600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.160.225:53600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.217:59604/bin.sh id: auto-b5ec0ff08e4f8b65426bc0a73973622d7ed002c36ce67754e7f51c373bedd5bf status: experimental description: Detects traffic or activity related to http://59.97.252.217:59604/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.217:59604/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.187.108:48939/i id: auto-1271905911f3a5042fbf23476a9cc5c6bf3e16c08a8773e1f4e62116977dce7c status: experimental description: Detects traffic or activity related to http://221.15.187.108:48939/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.187.108:48939/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.240.191:35943/i id: auto-6f37c9701f23e8479c57d7e53807e3cde488b405ac67816a17e6863673068a9b status: experimental description: Detects traffic or activity related to http://123.12.240.191:35943/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.240.191:35943/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/o.xml id: auto-ff2fedf1a4f7846e0b9dc1f4cb3f0933d62f7b421bde866c7007f40f47371b21 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/o.xml which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/o.xml*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.160.225:53600/bin.sh id: auto-e9ac9df7ff2b0a2d769182a76179bbff88b4fd66206e6141a64ad7a672a39609 status: experimental description: Detects traffic or activity related to http://115.56.160.225:53600/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.160.225:53600/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.108.47:52386/i id: auto-d68ea49666a7e26743b5aad54c1191eb42f698f3ec8620285c2e9e7a610eb61e status: experimental description: Detects traffic or activity related to http://112.248.108.47:52386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.108.47:52386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.187.108:48939/bin.sh id: auto-7816bba4bb4923b4e204fe52b8b7fa68829f38aee330b9eda8a56522425d8f53 status: experimental description: Detects traffic or activity related to http://221.15.187.108:48939/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.187.108:48939/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.246.199:57958/i id: auto-5b996c6e5292dbaabc5b261f48f0fb360804ff90b6bf54308a6a5b37c69e2c9e status: experimental description: Detects traffic or activity related to http://124.94.246.199:57958/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.246.199:57958/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.119.71:39487/bin.sh id: auto-53d183952497be2a69d8e150570c1156b36b0579086936f576b8e0c9451e6fd4 status: experimental description: Detects traffic or activity related to http://42.235.119.71:39487/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.119.71:39487/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7377994722/py23YWN.exe id: auto-540da0cb0715ab21ea580dc94444c30bb74b1e9c87718922dc699e1384202c24 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7377994722/py23YWN.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7377994722/py23YWN.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.214.23:45297/i id: auto-70ebda036653ed520d1790f04b2d5c960bf1a56270c09d42c88f3362f90acfc1 status: experimental description: Detects traffic or activity related to http://123.4.214.23:45297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.214.23:45297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/m.sh id: auto-72de437b382e96211e1ab338430186a0e44c6b8ddee6be032026ebdcb2967a69 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/m.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/m.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.74.96:34316/bin.sh id: auto-cdd8da645c185ae1193a1f61e3644f8297dc868663529cf7d88f0742e7fb0c2f status: experimental description: Detects traffic or activity related to http://42.226.74.96:34316/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.74.96:34316/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.52.183:38114/i id: auto-56644cd07e80589c7350ebacc31cd711640b717f6f99e5675182e983a769707e status: experimental description: Detects traffic or activity related to http://125.44.52.183:38114/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.52.183:38114/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.61/Loader.exe id: auto-90394667f51daaecb572cd2af91f0bdc6dd0ad9df6bbc059c1efa7c5d0332db2 status: experimental description: Detects traffic or activity related to http://196.251.107.61/Loader.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.61/Loader.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.7.180:34188/i id: auto-626738072c6bb7349b057783ed800e159c1db1fc8457a268065ea9bc7f8f71b0 status: experimental description: Detects traffic or activity related to http://59.88.7.180:34188/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.7.180:34188/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.218.152:57397/i id: auto-9fc50fb2f2dcca0cf0ebcb15b48dc7a406283be0dd897397533fd03f36ce2a14 status: experimental description: Detects traffic or activity related to http://117.245.218.152:57397/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.218.152:57397/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.246.199:57958/bin.sh id: auto-2dc54cba648c8bbf33b79cb183d9b679b98b4da3b2c2a795bd66f1ced96aa018 status: experimental description: Detects traffic or activity related to http://124.94.246.199:57958/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.246.199:57958/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.214.23:45297/bin.sh id: auto-b5d0f90584fd53710a755861341cc0623bade0ce3861782bc9c4df639d7de1fc status: experimental description: Detects traffic or activity related to http://123.4.214.23:45297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.214.23:45297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh id: auto-61e5b14a2164bce75a6a1f187d1eedc80379982e2b793d93f4e9fc97ac1b8b1e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/sim-ws-dlt-xchg/repl-rt-msh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.218.152:57397/bin.sh id: auto-1451b353dcbe19014434acff44bfa898b814d3b6754eb02d97949a00734ba76e status: experimental description: Detects traffic or activity related to http://117.245.218.152:57397/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.218.152:57397/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.7.180:34188/bin.sh id: auto-1e013a6c7daa0a42d4142f422c9306a5533ca9f88fe419707190886ae32936bd status: experimental description: Detects traffic or activity related to http://59.88.7.180:34188/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.7.180:34188/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.29.209:60805/i id: auto-e7db75e6f792b4c67cb95913d1bd1fb7b8db296a2dfab1b1ece0ca6d7d4eea48 status: experimental description: Detects traffic or activity related to http://117.221.29.209:60805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.29.209:60805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.52.183:38114/bin.sh id: auto-fbfd43acf76f5131da626133fe86ad7ed76446ad3a016cc43b8c81db8e22ffad status: experimental description: Detects traffic or activity related to http://125.44.52.183:38114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.52.183:38114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.222.165.242:33170/i id: auto-8f1fdcff83d28501d70c6362917411a2851d27b952a87414358166aac6dcc4e3 status: experimental description: Detects traffic or activity related to http://117.222.165.242:33170/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.222.165.242:33170/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.47.107:59934/i id: auto-bba62648eba0a1eedc9dd04d4ae2c25b3304b88af208b44ccaea0f93d23614be status: experimental description: Detects traffic or activity related to http://182.113.47.107:59934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.47.107:59934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/636745510/lsYPqWQ.exe id: auto-d4c3395aa5691fd97ba739ddcbb99f35957741bd59c8a237e3378d19c6ba9bef status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/636745510/lsYPqWQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/636745510/lsYPqWQ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.29.209:60805/bin.sh id: auto-40e0a39dc39e66f091bf9d0dc7a3fe2826074ad8810f419e94b412a3cab648a8 status: experimental description: Detects traffic or activity related to http://117.221.29.209:60805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.29.209:60805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.241.89:34310/i id: auto-f6b16bf9b549c36e83755b813bcbd3323d9071ebe0f99889ca286edb9776922b status: experimental description: Detects traffic or activity related to http://125.46.241.89:34310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.241.89:34310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.69.165:43753/Mozi.m id: auto-9d31aeb12b8d5ad12eb0f3665b80bc2a5b5df4e3cc448e42fb71ac64e10655f0 status: experimental description: Detects traffic or activity related to http://59.94.69.165:43753/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.69.165:43753/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.222.165.242:33170/bin.sh id: auto-cd8b90576f55ca8ac87f42bfacce23e7b3022f7e09ec96e4f5a79cdee7fd24bb status: experimental description: Detects traffic or activity related to http://117.222.165.242:33170/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.222.165.242:33170/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.166.208.141:58626/i id: auto-5a14d55c074e329573fa74aaf815fa6944e78a7f198284e2db8d234cd959ea29 status: experimental description: Detects traffic or activity related to http://78.166.208.141:58626/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.166.208.141:58626/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.47.107:59934/bin.sh id: auto-964694c0ddf6d9e28b7c52c58a0ec22964dc6f56a9ce1841a85fc5dc589eb0a4 status: experimental description: Detects traffic or activity related to http://182.113.47.107:59934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.47.107:59934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.134.15:52511/i id: auto-9266d85651e0873d9b82403a337eac34ac9e937a8068b44520c17bd79d38b178 status: experimental description: Detects traffic or activity related to http://123.129.134.15:52511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.134.15:52511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.241.89:34310/bin.sh id: auto-91a30fa96e009ed0cf6e574411d97f4ac3faab83701b55fce3f1f61002c0af32 status: experimental description: Detects traffic or activity related to http://125.46.241.89:34310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.241.89:34310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.228.187:60068/i id: auto-d792b58e8cf5c3c83dc16f3619c85edfb8c97b6c1667788af5504435e0221249 status: experimental description: Detects traffic or activity related to http://115.57.228.187:60068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.228.187:60068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.130:60242/i id: auto-0d85a1fa25dcce428bf274c2688aee0e380f80c6268c0b7052b9580fd25950f7 status: experimental description: Detects traffic or activity related to http://117.198.12.130:60242/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.130:60242/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vFKuC8uq id: auto-4c8012d17bbd6b213f28a2b139a57a7818d4bf900aea084f7efc2e1e088531ea status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vFKuC8uq which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/29vFKuC8uq*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8249811944/aPQsYFI.exe id: auto-daae26cc5870b0294c87da0c8dc5945bfc626dbce50fbc0e5fb4f5bfd1e63dae status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8249811944/aPQsYFI.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8249811944/aPQsYFI.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.25.130/arm id: auto-ec4648ad3ff9ba2ffc78f2afec65ec3f247ac7d4a2045934342d580f646d7538 status: experimental description: Detects traffic or activity related to http://162.243.25.130/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.25.130/arm*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.25.130/linux id: auto-a353dfe5565cd889fbac4541d0b6b409316295f5e1e9e91f9f4c866c25abbd21 status: experimental description: Detects traffic or activity related to http://162.243.25.130/linux which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.25.130/linux*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.74.195:39786/bin.sh id: auto-bb8b51c8e5c90ccbb09f067a7cc3e2f093c4d55c3d15334e64b956aa5ba15fe9 status: experimental description: Detects traffic or activity related to http://125.47.74.195:39786/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.74.195:39786/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.242.252:34527/i id: auto-4359763eb232286aaaa49f38a652ab630897a73b17b34f66995da14ba0dcdaf3 status: experimental description: Detects traffic or activity related to http://123.9.242.252:34527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.242.252:34527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.134.15:52511/bin.sh id: auto-4fd812b9eee5b88ea8c51b69240100a6785ebf48d704de212e309dc7faee1ee2 status: experimental description: Detects traffic or activity related to http://123.129.134.15:52511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.134.15:52511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.45.88:38885/i id: auto-a69b52e84d2cc15d4238dbd26b53cc75c0ac9a82a3ef9ef08e0bc239ce83508c status: experimental description: Detects traffic or activity related to http://182.121.45.88:38885/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.45.88:38885/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.m68k id: auto-4fb1f6336d9db0defdeadfbeed80de80266ebd7c5b933cfed4664a25c683f487 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.ppc440 id: auto-59d70e706e0c2e4e43c33c6f07789d083b9b2d0282ec01da3053aed989a3438a status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.ppc440*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.mipsl id: auto-437379dc4181779bfb803b4bdeaed711c88fe6c4a12fa5f0b5bdbdc3b69f1af7 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.mipsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.arc id: auto-d6175b61a0c1f7c71402d04c44a49c91f519785585aafbea172e9d2486fcd348 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.mips id: auto-8628cacd10cfa94c8f1f466baaabbc125ae6c99823b716c58b05cba91e666491 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.x86_32 id: auto-0cfe99c724d3dda506a03397ca0fe86b794f9bec980f3bbe4c5d7e968722e835 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.x86_32*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.x86_64 id: auto-ecbfc777b6d4ab4c8647e056efcb618172f161f1ff024c5436e835422bde03d2 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.arm5 id: auto-0c8be0dc8e2c39989f29ee864076a47a7e0a49091c0e43e42972a381b822ae95 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.arm6 id: auto-df131bd316d53790976a806d6ec79292cb9d9ad6c4295976924302a2a41347d7 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.i486 id: auto-1beb599bdeaf5923555b746677eb902f78fea9ae63cdb7c74ded98eaaf9c59b5 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.arm7 id: auto-a1a4e6c51b2f5db4c37228382eef10c0d71c03a983b460887ad50ef56dbe58b0 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.spc id: auto-ed7e92b5361ccff03a78751cba579cdb0a395a24839ad382faf98f21920f4ef8 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.arm id: auto-f42d94ef6f87fc66448e6001d41cdc60fe63cb3f64052376ce523a667e346200 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.sh4 id: auto-28256856fb5fe45f699b9c3b901f03ee23389d4168acfcc2e639a3540cc523cb status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.ppc id: auto-5f745a9177b90172c67cf71d1f17200165d9643a78e1960872feed71c505b540 status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/bins/titanjr.i686 id: auto-049e4f6fd20b247097fa1d4117be6170884e3eff3351275fbffa3592663ec16e status: experimental description: Detects traffic or activity related to http://103.130.215.40/bins/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/bins/titanjr.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.sh4 id: auto-b82b0b96dc2588da1d751f41b22b9629e4bc13dba58645023e599ef7f4fcafc7 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.spc id: auto-58c198fa20cba1f690e1020d65be087a3a1f80cd5ba966dee3edefc15c55b4ba status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.i686 id: auto-43db201ace21e28376d9dc8cfd5899e4145438adb4410f66abae2c4239228150 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.arm id: auto-1f284fe1b0fffcfef57d12a7e274d12c39cd61500b61d57937c53716d190332d status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.arm6 id: auto-aaecd7466e9e9d4041e0e4e4184e70b863c8ad5f199e484d01a6ceef26d8163c status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.x86_32 id: auto-cc03b98b4013b7df32c86b3f4779561e8bf32bfeab87a6b29f6175684bd95477 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.x86_32*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.i486 id: auto-43801c6c9806b8e86d321f51a1d0b4f4f624092981ec365e489cb2c7e99046dc status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.mipsl id: auto-a712166f592c75c15c24c4c67e196b7a2d138e448dab23406124904824b35fb8 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.mipsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.arm5 id: auto-ede5ce02e655212067e67cde87653ee12d35c78d3d6e754752dd2445547ebec5 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.mips id: auto-7a8cdc6416fa52a917f088627a0d0643885db59089e45b6dab0bfb03377536a5 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.ppc id: auto-fd76acba1065112e4029039ae8a0a909022f31bad4619efbc42090146fd44fbe status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.arc id: auto-57696c4f80941879fd3cb17b1397f3edba57590b8120bb416e7ff11df3aeb77a status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.m68k id: auto-6165513562cf30b40bd83af27877d94e49057f4e4c7b71c7f315457dcd3180cd status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.ppc440 id: auto-d140f0a64a7fae708113a13b1f250d2502667c91b4b377c8971d1add9b471082 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.ppc440*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.210.199.232:59103/bin.sh id: auto-1c10d7da690e3b226b0e0dad13139412f29f35f6fa061093bf94472c38944060 status: experimental description: Detects traffic or activity related to http://117.210.199.232:59103/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.210.199.232:59103/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.242.252:34527/bin.sh id: auto-47b2fa3666101560caa368b4a78c4d09bd61a2b91e86f2b05f3e7a2b70851aba status: experimental description: Detects traffic or activity related to http://123.9.242.252:34527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.242.252:34527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.240.191:35943/bin.sh id: auto-b61f65142b9b5cc0173248a684a9a015674c1554bff24e5e21819b29a64f7528 status: experimental description: Detects traffic or activity related to http://123.12.240.191:35943/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.240.191:35943/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.130:60242/bin.sh id: auto-2561b4b4eac2981ff7c5146a095ed0a8413ba1d419fe2545a8ffa54fe2e49c91 status: experimental description: Detects traffic or activity related to http://117.198.12.130:60242/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.130:60242/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.228.187:60068/bin.sh id: auto-6fda212bf6dd371039b1830495f55276f56fb7486d762b44329e3c8a132a7a13 status: experimental description: Detects traffic or activity related to http://115.57.228.187:60068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.228.187:60068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.243.25.130/xx.sh id: auto-0967a66fe87c2a3012cb4b7dcdcace4c3fd95e4950d65e8da4d07eb56fbe6b82 status: experimental description: Detects traffic or activity related to http://162.243.25.130/xx.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.243.25.130/xx.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.166.208.141:58626/bin.sh id: auto-7f8a60b59276143aa00b98702ceb42f132d9a8263d993a8cce52405d09905a09 status: experimental description: Detects traffic or activity related to http://78.166.208.141:58626/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.166.208.141:58626/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.45.88:38885/bin.sh id: auto-207e4a19ddb57de5f769b075e8d1464ce7205bdf38e904c6828eef2a9e1919ff status: experimental description: Detects traffic or activity related to http://182.121.45.88:38885/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.45.88:38885/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.208.44:37691/i id: auto-8cacea63fbaf80a6daf5c88f4891ba68a1707386b5f5012978202005facf817c status: experimental description: Detects traffic or activity related to http://117.245.208.44:37691/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.208.44:37691/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.193.250:51490/bin.sh id: auto-36bd3d65134d8df717909fa577d5298a6deb72cb6d3b530845b6ffbbf5354325 status: experimental description: Detects traffic or activity related to http://42.59.193.250:51490/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.193.250:51490/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.spc id: auto-f70c615bb832ebfad82ff39ba8a88a5a20875fe7f024e031ae6fb6c62f143c15 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.74.195:39786/i id: auto-b9aa946f1ebb7028afdac65828f6ffd8d703cffb20e9f589ffc98c8a4df59734 status: experimental description: Detects traffic or activity related to http://125.47.74.195:39786/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.74.195:39786/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.sh4 id: auto-180155ccdea98d5c09546566dd4d7f65946eb82b014101358e3e4419bd15d7cd status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.arm id: auto-0941cb4354d2d6f9cb6d4454968e6acf3b441e372709ab47a406f02469dc3f50 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.arm6 id: auto-03c38c265fef65c6c8afd3b38c2c8148d9040720018641bb961db5280a706e65 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.arm6 id: auto-3bfac3a002b6e3ac2e5a77e4dec9c4f29cc698942518056a5c8533d1a9de65a8 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.arm7 id: auto-28f30308b6e7096768eff8b482e8f0356db27a1646a90f3a738c0828c0ef8435 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.i686 id: auto-c3a9f75055ae56f99a4b7df3ddeec6ea56705b36f5d4d11389b19c7640fc9b6f status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.x86_32 id: auto-7bd096e66618a6372c615e7e6d2e0e4019ecdd2ddb9aaae21aa4d1f477984c1f status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.arc id: auto-b71f4f13a0812b78c015916dcbe2e2cce773d888a0156b6ee61f316e8366fec6 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.i686 id: auto-a663b35f9ef758ae552e5a1b75de86176bdc2c8808cfc682b4f77811d67e3e7e status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.mipsl id: auto-9b6f80f82d86d95472f0b2a67c02cb2fc01de4112c8731b4e8291c7904b599e0 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.arc id: auto-3c7829fc69dfb525a756a9fdc559e5d65431a7548f9df86c6894c54827a823c4 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.x86_64 id: auto-2d102d0b7b1d6b67bb16e7ea9f9348d739d1566e963a1b37040da780d78a8396 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.m68k id: auto-e539fa78934df12292bd97e3ffb9fb7c5883092b8006db776b82cb0b38468d32 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.x86_32 id: auto-ca9945c65f99d212262ed496fe352c7a17fef53a28ed21ec660c53a0d8597d99 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.sh4 id: auto-090c31853c1dedcbabfce91918761b519e55798323391347b1949d6c0b6591ac status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.ppc id: auto-1e35c94ca4c2efccbf128dbd40b331bb5f1dcaebd750532a73118c8a47bf457e status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.ppc id: auto-61dda8695ebb04fb3a8cabaf0dff4af7d2b26120515a6fc2849c2bc968676222 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.arm5 id: auto-8e083518012d1f268f46e0d4bbbdc7a05433d8ac72ac6c0e6bb9171a3c50cca0 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.ppc440 id: auto-aa424021cfad5388ffba96b4147f6641d01484d0db1f765207f4c2457abd583c status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.ppc id: auto-cda0365d54f837bdf832b312cca0e038c9828a21267b12c8abb33e54bbdad2ce status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.arm5 id: auto-97bea097945fb08d36088984222290ae331f4a706df06576c099b1280f560336 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.m68k id: auto-6cd37dc83c3d1942013b6ac03233144764300e203d7288d67ccc04edf792d48b status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.ppc440 id: auto-a66a5e026de2003f5fdbf10769c6ab6c9bae5865a66c5417ed631a46b56a4dc9 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.i486 id: auto-1f46f78f1260697c93a84ba67f14df66755781237a0c8cc89003ea49c6f2345a status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.mips id: auto-d9b7a423b71b644e463737d12fa83b1446fc09e9b5eae9d31e9a73b2d0311406 status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.m68k id: auto-36efe8abd89bf2f2e294e4bcc75fc40ddda54990b212a46ee03d62085252c635 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.sh4 id: auto-ba02cef5d94bd63b056eeab34f5e0d114c6cd5d71e1ee6809b0df313bf03bcc0 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.x86_64 id: auto-7a2a50668b786295bad6196bd72dfd2f69fb809f8583d228bcd9800cc82118c1 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.mipsl id: auto-926ac62a1af7ce757402999fb4148dffce66e0a770f20352264e61c6bab6b3f4 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.arm id: auto-c8458c27d9e86b8ac2c69d7c3a826f84cf04f9c5302dad24af9670be2118d064 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.arm7 id: auto-c498f9732135ab3da51dd4aa30af5479460fab6f126e5674071607a052ff7ce9 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.mips id: auto-1858b2f4fd0b67057326a682aece37cf873cf925fa155025369e79928c6db885 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.x86_32 id: auto-b5f858fd2a79db90228e0c0a39852ba8e25c098bb5759615d5db09979d03dbe6 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.i686 id: auto-ec11d4ef748f5967985b319ee5e51c5c221a5c3272caecd9f81e50554bc22e5f status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.i486 id: auto-2e93ffb974c9386d0f28fa8d94e739af727cf2791955187ba6ef8da633196c66 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/huhu/titanjr.arc id: auto-502ef9dc31506830a4ddd9952dfb431be50dc01ba1660f69f9341aea77170fb9 status: experimental description: Detects traffic or activity related to http://144.172.115.193/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.mips id: auto-242c67dfcf754edd2fc06484070ab851862a3fa391a3c0b7fbaf051e167efac8 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.i486 id: auto-3d0837d413ec6deb9149ddc61561b3da3db7d48e08206a4c2c4cfea2306334c4 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.mipsl id: auto-618216a97e0cc2a47ab64ae9baf5a9a3bb36d7459adae5f1d7743e18f152d25a status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.arm6 id: auto-b0a2f2c2973bb6451070f4d6c4e3eae56765c4069fde056077f7ab71ff844425 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.ppc440 id: auto-f99e3cd8673c7ea4b33aec1762b563fcee0d4c872c8e5778bbbb53e97f9cd27c status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.arm5 id: auto-f7675729ad99578a0e78ce83b492ae535a7405c29028b63832eed29659c2b195 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/huhu/titanjr.arm id: auto-6adfd9b7a9be7a98e20b5bbf0db846e76c8c3b55882ba1fe63b62df6454df1a8 status: experimental description: Detects traffic or activity related to http://172.234.99.70/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/all.sh id: auto-1ea885fbdb6dade545b8a3429d818d63b8e64d719a8a788b323d0b6015226574 status: experimental description: Detects traffic or activity related to http://103.130.215.40/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/all.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.234.99.70/all.sh id: auto-37dbb90bda36f382fe3904fad800331fbe834609a6d46e22ab69e303ffe32aed status: experimental description: Detects traffic or activity related to http://172.234.99.70/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.234.99.70/all.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.115.193/all.sh id: auto-7026e285f58c60afd06af035b04d048506e24393ee648796f2b403ede7145b74 status: experimental description: Detects traffic or activity related to http://144.172.115.193/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.115.193/all.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.x86_64 id: auto-c92c0f5778983fdd8009ccc43c1fe2ddb1fb2a01661a521d4254aca8f48fd34d status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.x86_64 id: auto-7aefe822572d4e74aa82d4902e721a9a7bae29a908ee82dea3ad7ce1dc9c768c status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/huhu/titanjr.arm7 id: auto-b75d8879338ca6f23c74c1f74db6f179af789bdfe335e7b021dd13807d4fc77a status: experimental description: Detects traffic or activity related to http://103.130.215.40/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.130.215.40/titanjr.arm7 id: auto-2a236124b5a500ba2dc6348ae5671d6e2918870604182ad4762a9b9f7c492921 status: experimental description: Detects traffic or activity related to http://103.130.215.40/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.130.215.40/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.120.94:52903/i id: auto-47cd33a1b6a0d2d4d2bd95aa38efafeb0185e32f9806692d3cd73eef9ddac489 status: experimental description: Detects traffic or activity related to http://112.239.120.94:52903/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.120.94:52903/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.x86_32 id: auto-21f8d7a27d2b535cb75c3359fbadf7391f4eb4736ca2959bd79f16d9a1236fc6 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip id: auto-33f370a305cafd1dd126447716edf9a1ccb0fadcb5c00fe8bb87d8381d731eda status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/hamzaabiadi/cracked-tab-organizer-extension/main/altisonous/cracked-tab-organizer-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.208.44:37691/bin.sh id: auto-abf37ba82274c82f8ae32def8c014dc67365c06f1007dc198dae2f02c68f884e status: experimental description: Detects traffic or activity related to http://117.245.208.44:37691/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.208.44:37691/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.ppc440 id: auto-c6e55587ed0335f2c3238e391496ef37fb79800c1b2d51c9bbeac4f9689b00ec status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm7 id: auto-b0bf20b21a502b5d97d17de1b5b2c20c0d65fe8512d1babe83d892be6105e673 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.ppc id: auto-7186de3bbff56886c113cdaf78edede0ff8c08eca523c28df835b5cbb3d85052 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.x86_64 id: auto-3481a5afd889fbce780401c44febab72d2296c847ab69d410a1f2455305586f3 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.i686 id: auto-e884a53082cd36b470d298ec2b4c8e28e276bfd026655c486ffd898c290b231e status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.i486 id: auto-8db721a1fb3d5f50e269f19e2186b89fcebc04fcecff1d956a7b3271a0e64a22 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.m68k id: auto-fc65fe3de38907d59750ab40a898a2e9cc4c93af8b06d1d8bb9eec37a17a9bad status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.sh4 id: auto-02a8c7f9b9bd05ff2fb4f43107468d37929c09a5bd14064863b84dac09cf3703 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.mips id: auto-9b683cd5fd9920b6782056f49bd0634591eab97a8ee8a05fba6cdb0898720825 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.mipsl id: auto-22bdc51926daf0ff048ded9d3d50e91555189e150542c25fb7c69d84d3758fb0 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.sh4 id: auto-e495bf367de0d3c311b6b188c4bd6ec63f3972a0abad9cfc413cfa514e41aee7 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.arm6 id: auto-7010316d80b4f3b05eb1f1152dd54def027a80384cb44dad65d2c37057ba19e2 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.arm7 id: auto-e1915e429340a4479333b798db4573b84cb6e994c850c888411b08afdac0e737 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.mipsl id: auto-b9a939a006c81cfd12b2f7d07ecd797777c6ee3d3ea325583f3d8a772ec234d7 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.arc id: auto-2fb7f394bc405020f675d9debd52db5f8939b0e7c47d13445d49e10142d9df49 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.i686 id: auto-f8ccdc2020bddc238bba57aa2edb5ac6ae02c26d0dfd068aa0b086d734445fa0 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.arm id: auto-b529355104ea4154390b2b35216292abeb387ea6baaea1b08ae89efb01407cf8 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.i486 id: auto-f170f39b580a1c673f414bb2015eac8659cfb12fdb97b477e91997b72e160fa6 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.m68k id: auto-cfc2f4ca14f62e0c974d4c0a5807434a5a6fbc04a83ed1f141965862540b1b39 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm6 id: auto-5b9999eba49c2fa024f8019d413660c4da55c704958a043881163f4f73ca0668 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm5 id: auto-e0c3994ca8f848f6b1517b5bea30a04c05c453ac9a5e5f5445521c93d8fab1d2 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.x86_32 id: auto-55a76ef6a69cadacc4460c85070ae6e32cb6228b8b174b1a6f41ba4326cd13ee status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.arm5 id: auto-15697dbdd5d4c1edc534f9160de326bdf32186b22f9a596279a9755a3aba00dd status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.x86_64 id: auto-ec4bcb116ee7e10272c96f2db00408d4efde44769726414b4b6a4cd5b941e38f status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.mips id: auto-dd64d73f478ce36d96faa9dcba238da4983418567faece686e060d0c3ee8adbb status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.ppc id: auto-7bd731c3496f75317a3a4d60d4b26806288a3614c45e13ad4dd2e5d708089edc status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/huhu/titanjr.ppc440 id: auto-a886f5eba04b872db9e8c25de24648fb1d2bfe1dad07436183724727d023e947 status: experimental description: Detects traffic or activity related to http://159.223.9.29/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm id: auto-c412c6e653baa9f09ea5b4019579ad0a6cc172011a1c9b9c538391bf2012649a status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/oDYyebDqpkjUj/titanjr.arc id: auto-c1130e419b4a489cf8b9906188addd09a20c2081fada13711c52fb9ebb1dc643 status: experimental description: Detects traffic or activity related to http://87.121.79.9/oDYyebDqpkjUj/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/oDYyebDqpkjUj/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.213.129:42119/i id: auto-00ab03c6d3fd1dca005d4672c58a766cdc53db5bad0aa03e8de5b06d0a646100 status: experimental description: Detects traffic or activity related to http://120.84.213.129:42119/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.213.129:42119/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.203.23:39684/i id: auto-fdecd07b1e14d9da233ea07af73e1dff1a109b91cb7f927110b3103e37fabce6 status: experimental description: Detects traffic or activity related to http://42.225.203.23:39684/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.203.23:39684/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.15.193:47751/i id: auto-155c26f8c3ac0b1da95e85d0b8f25c824fc6323ce0c1343ada569c9082bf3730 status: experimental description: Detects traffic or activity related to http://115.61.15.193:47751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.15.193:47751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.203.193:38175/bin.sh id: auto-635a5b5fc803a924f4d7da3e3be6535bd4a451e73df18c9844fbe17afd2649fa status: experimental description: Detects traffic or activity related to http://120.61.203.193:38175/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.203.193:38175/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.194.119:50386/i id: auto-d9945d5a6f641e913b6a606cae2a9b63999da88faad9de38c2996e15a5eb0214 status: experimental description: Detects traffic or activity related to http://182.113.194.119:50386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.194.119:50386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.120.94:52903/bin.sh id: auto-f790586cce00ee5d87fe9d9fbee64108c1cc93b9c0856653bca3929df4ff4d01 status: experimental description: Detects traffic or activity related to http://112.239.120.94:52903/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.120.94:52903/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.224:51105/i id: auto-57caec5df97aba6e5a863e99841b79ce2d09388d3eb521613fd926d287d8836e status: experimental description: Detects traffic or activity related to http://117.209.31.224:51105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.224:51105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.136.202:43501/i id: auto-22b4bcdf3dee195f63af191f545e0ade0735abcfd495002e7e620a5c8d9ef796 status: experimental description: Detects traffic or activity related to http://36.88.136.202:43501/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.136.202:43501/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.74.209:42738/i id: auto-e8efdb9c552cae722859b81abadc0c499579b0abc495146a2e58c1e259c2eb99 status: experimental description: Detects traffic or activity related to http://61.53.74.209:42738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.74.209:42738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.82.225:33767/i id: auto-fbea1bd14d9b24916291acb141dc7848393db3584294ee693f4becc7542f59d8 status: experimental description: Detects traffic or activity related to http://175.173.82.225:33767/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.82.225:33767/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.6.73:57730/i id: auto-d92fc18faffe18d30e206787eff865602ce1a218da92b96c7c3473c73f94b56b status: experimental description: Detects traffic or activity related to http://115.55.6.73:57730/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.6.73:57730/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.35.140.111:50160/i id: auto-6ab610318f470bd4652c49749553908db97333930c88ced48c10da4c2f2d167c status: experimental description: Detects traffic or activity related to http://106.35.140.111:50160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.35.140.111:50160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.224:51105/bin.sh id: auto-2ad8bc310338aee996dd9d292f48cd47f34ad68bb0c94cbf0ea07688bfc37676 status: experimental description: Detects traffic or activity related to http://117.209.31.224:51105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.224:51105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.238.113:40324/bin.sh id: auto-e448bc3d457e6fd964ea0c1830048580d2a00a2afc147bec84971bddf1114440 status: experimental description: Detects traffic or activity related to http://42.228.238.113:40324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.238.113:40324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.137.88:36070/i id: auto-e97936f17a4b76430ce9454761d2a82aa3beb32711e79dac49e9088dc3a4f18d status: experimental description: Detects traffic or activity related to http://27.215.137.88:36070/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.137.88:36070/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.6.73:57730/bin.sh id: auto-9eec6d7dace835f179af571262fa6f4725af1c817338752e7d0346dab2a2d527 status: experimental description: Detects traffic or activity related to http://115.55.6.73:57730/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.6.73:57730/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://talatis.com/adobe/sc.msi id: auto-81058db8952fe7ac4318969b774369f4ede34d73f290af6f2c0c7cd40cfa2a60 status: experimental description: Detects traffic or activity related to https://talatis.com/adobe/sc.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://talatis.com/adobe/sc.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.9.29/all.sh id: auto-f77606f6a4925586603bf48fdea9afeba76736865301f5c7f3747709844d2ce4 status: experimental description: Detects traffic or activity related to http://159.223.9.29/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.9.29/all.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://98.142.251.63/con id: auto-d9998bcd5e599b0a16fe48094c8a0746f9d1a0237ec6d68a95dc18ac5aa527b1 status: experimental description: Detects traffic or activity related to http://98.142.251.63/con which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://98.142.251.63/con*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/JtOYEvL.sh id: auto-345485465f1e4a6ea652fd481957152b103fef35bdbe622d6b9ed963865ca7de status: experimental description: Detects traffic or activity related to http://87.121.79.9/JtOYEvL.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/JtOYEvL.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8428202012/guOuqJC.exe id: auto-d03c13e4fadb63a1a967f7f4322a71254b428577ccca92403831f1fcd9caff9c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8428202012/guOuqJC.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8428202012/guOuqJC.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.113.55.216:44245/i id: auto-91558b63c8cd9300d0f461643799b7d54619255c6b4aa8e28f1707b55066db3d status: experimental description: Detects traffic or activity related to http://118.113.55.216:44245/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.113.55.216:44245/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.82.225:33767/bin.sh id: auto-ee5056bd747ea6c906cf34b1a955e78feae2f7209a9d9eaf3a5a4966dd9e9f40 status: experimental description: Detects traffic or activity related to http://175.173.82.225:33767/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.82.225:33767/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.3.96:48327/bin.sh id: auto-1e6ab0463c5a9aa8023e58059637fe933c9dfc237308430d039c4c7273aa8fca status: experimental description: Detects traffic or activity related to http://125.41.3.96:48327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.3.96:48327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.214.31:59623/bin.sh id: auto-c1bfe7339a1ce99f0912c71d7e2089b9ea9d762a1163a3390ff686ea72855cfd status: experimental description: Detects traffic or activity related to http://123.14.214.31:59623/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.214.31:59623/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.194.119:50386/bin.sh id: auto-7cad1afdea3f51be62753eacfaa70b6bb478be40aabd8b4caac2965ff5e8d316 status: experimental description: Detects traffic or activity related to http://182.113.194.119:50386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.194.119:50386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.i686 id: auto-711e07c576661348636a7b57d034a3ece0c616910d7c2307e93b41a648c0045d status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.i686 id: auto-c52bc8d5cd0ab3deac87ece31a3a9af11b96549e1ff4f94371318823a27a43c9 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.x86_64 id: auto-732c0ab9f79671e081897aed34848a588347834458f6e442f5ce16b00524670a status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.i468 id: auto-f50326a386957f66e2203f6853489ee62441f3a488486ebc3f4a97a06759ed3f status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.x86_64 id: auto-9282ebf84377300fcc7c479e8824a44e069af56ac9102939f44c9a93513c2f48 status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.i468 id: auto-7663436792a71d19e03c0eaf6adc2b63a491a851d6e88217da3d107a45a2666e status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/mpsl id: auto-5c9f39d2659932e4026f40c7759b87b9fa696883fa8dcc1c2040e84e7819bca0 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/m68k id: auto-e2b8751c8596c76af05f60fb5f4b14a454619f9f4c1d726c25097fde8df862a3 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/x86 id: auto-67ca3d305677b7b640264abd1f048ea57e89b3d3068e54b61e52c01a5ae11130 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/arm5 id: auto-5c6a0396e759c0364d604ec669dccff897dc4851ddb3a8e76c54ea0a3f1711c4 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/ppc id: auto-fd4b0a36f8a636473b65e9f0e03b73a9c3d04a6cef0cbf3b3b9bbec4e0d43384 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/mips id: auto-9c4c575ae311e5b80371db3733eae9240c55a25127b15efc4b2d602aa4b1e54f status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/arm4 id: auto-50107f60cd6396a7b139ac181ebc44f5cc634dabd92b6e80fe01eac2ac3f9cbc status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/sh4 id: auto-5822daf6137d5898d108b2eab9f807e3ed1c716c81ba1bd7bda012dd2ba176ee status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/arm6 id: auto-5925c476aa10200a54e1912194b89a460d44756e1302c750e8ea3c4dd8b19b58 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/arm7 id: auto-d8deeca738077ff29816a3d15953c198f261906d4418a05d248ae406aa0d3ba9 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.108.178:48527/i id: auto-12b93f9d34b83c10435571898ff687f29d9b023addf3834e15e9501096c3cf0f status: experimental description: Detects traffic or activity related to http://182.126.108.178:48527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.108.178:48527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.128:35386/i id: auto-9bf9c605813f45243446dcedab2cab43f9dc2c28251e6092eff2e1d9dbfa2584 status: experimental description: Detects traffic or activity related to http://117.198.12.128:35386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.128:35386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.113.55.216:44245/bin.sh id: auto-a76db9973f04f9bae13b9932cc4876c5d0eec93f0640711f6076b2330488d1a3 status: experimental description: Detects traffic or activity related to http://118.113.55.216:44245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.113.55.216:44245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.108.178:48527/bin.sh id: auto-9303683912b60c20ff3d64728d54c289a5074ed48a11ba4a11792dc049ff001c status: experimental description: Detects traffic or activity related to http://182.126.108.178:48527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.108.178:48527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.115.233:41529/i id: auto-3b445c32421899decff8faa1dfebcabc439d128f8cbb187aaf65f7d1278eef83 status: experimental description: Detects traffic or activity related to http://42.59.115.233:41529/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.115.233:41529/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.32.46:42904/i id: auto-13f3af2fbda62dd75d39c2c95b0bdefeb52a823e6e1498f7738a0004d753ed49 status: experimental description: Detects traffic or activity related to http://182.116.32.46:42904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.32.46:42904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.128:35386/bin.sh id: auto-135b1c1029fcd2df02cf3fc71cb60027373c7539553031a52081ee0df1f328ae status: experimental description: Detects traffic or activity related to http://117.198.12.128:35386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.128:35386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.115.233:41529/bin.sh id: auto-f06cdd9cd2eadfb4e86109cc3df22dd8a020304856771998b3740fc0ae75272f status: experimental description: Detects traffic or activity related to http://42.59.115.233:41529/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.115.233:41529/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7341237233/RmRhk8a.exe id: auto-f7164044c17b7721065fb288711679785e3ffb5b49ad2b35c8cc06d421b8ad0f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7341237233/RmRhk8a.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7341237233/RmRhk8a.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.187.0:34063/i id: auto-7e2699ece4ce6213f1934541d10e794de8b0cf337aa9736e8500933d0b244e8f status: experimental description: Detects traffic or activity related to http://182.124.187.0:34063/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.187.0:34063/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.32.46:42904/bin.sh id: auto-5e9bfe86bc6869ae155cdf798e9067e1e9ca309c8d2879323ebfb011e98cb76a status: experimental description: Detects traffic or activity related to http://182.116.32.46:42904/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.32.46:42904/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.4.92.72:5000/02.08.2022.exe id: auto-375445344682036fa679a9f79ccd7858785cd923867aacc6deebf35560113a3d status: experimental description: Detects traffic or activity related to http://121.4.92.72:5000/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.4.92.72:5000/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.152.255.172:81/sshd id: auto-259761846bf9a4eef452bdf3d7d39aedf6b520a32efc1b7a60f872cb4815d7ac status: experimental description: Detects traffic or activity related to http://81.152.255.172:81/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.152.255.172:81/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://52.151.31.52:4444/02.08.2022.exe id: auto-175e953e242cb3c138415259cd92597461c24642ef2ae52eb21787ed93ae24ba status: experimental description: Detects traffic or activity related to http://52.151.31.52:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://52.151.31.52:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.24.32:2000/sshd id: auto-800428e78a9c1f2cd72519350aa27e6a692f392e54f3e0ea7e5ecd32bf457387 status: experimental description: Detects traffic or activity related to http://117.216.24.32:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.24.32:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.73.167.167:10605/i id: auto-222c9186cda181d45b4a14dc75db8186d4c389f231524e7ed3e762a446fc936c status: experimental description: Detects traffic or activity related to http://200.73.167.167:10605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.73.167.167:10605/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.166.60.174:8081/sshd id: auto-8f608d66fa15a2b9a8c66f2841d8c67510ce51adfc0a203f6dc44adce6bb568f status: experimental description: Detects traffic or activity related to http://113.166.60.174:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.166.60.174:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.166.60.174:8082/sshd id: auto-4f01f188c35f0deec8998c45b1609b1c2b98a5328bd1d1571b980f1bf3c1424d status: experimental description: Detects traffic or activity related to http://113.166.60.174:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.166.60.174:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.73.162.110:8082/sshd id: auto-225b9ad896d6c6fe5b55530032980f3e92a2e63ad00daf2b54caec80bcf7cfb4 status: experimental description: Detects traffic or activity related to http://121.73.162.110:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.73.162.110:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.95.203.38:11112/i id: auto-2010e6eb28720e40a3da08da597604fd2f03f4570b29d8ebb995a9d69bd6417f status: experimental description: Detects traffic or activity related to http://177.95.203.38:11112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.95.203.38:11112/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.152.255.172:82/sshd id: auto-aae7eca89130e1abb5cc48afb1d539e8f1fecbb9720d974b6df60bde58eb1617 status: experimental description: Detects traffic or activity related to http://81.152.255.172:82/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.152.255.172:82/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.192.23.231:28774/i id: auto-925c5de6b049504edf3452d980754786835e93e30ce4b3effcdf66d0cc874d4d status: experimental description: Detects traffic or activity related to http://91.192.23.231:28774/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.192.23.231:28774/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.235.89.207:91/sshd id: auto-be5dd36018f1b6ff22d07a715f28098e296aa85ffb574c0e25eee95215e5ac88 status: experimental description: Detects traffic or activity related to http://93.235.89.207:91/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.235.89.207:91/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.212.165.228:55071/i id: auto-3d3d46cbb5f244d601fc81c5beb4ac41c80f7e7a2d0fcdc7e2d5e909120ed064 status: experimental description: Detects traffic or activity related to http://176.212.165.228:55071/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.212.165.228:55071/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.173.223.102:8080/sshd id: auto-a7eecb4395de0fd8f0a4d178b8ce522c477254d7fd51b94e0aee1dfcf8099485 status: experimental description: Detects traffic or activity related to http://152.173.223.102:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.173.223.102:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.123.95:5268/i id: auto-2e309b799d77f1ff273745b23c10567989769d2df13c98b82f084672895c3224 status: experimental description: Detects traffic or activity related to http://58.47.123.95:5268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.123.95:5268/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://102.23.89.5:8083/sshd id: auto-855e446243888a0971b9fd7c945ba716a9b34c9c680e55fc90ca9597d002df63 status: experimental description: Detects traffic or activity related to http://102.23.89.5:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://102.23.89.5:8083/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.223.126:50227/i id: auto-c00bc64fd920d8b0754ac31b64ca5d8e3b452ad29e4592458a073737710fef27 status: experimental description: Detects traffic or activity related to http://123.9.223.126:50227/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.223.126:50227/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.153.155.97:8080/download/dvmw.pdf id: auto-964a486e262951465fd463fef2cc4b85d07bf0ada08db0687f453acfb41db24c status: experimental description: Detects traffic or activity related to http://78.153.155.97:8080/download/dvmw.pdf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.153.155.97:8080/download/dvmw.pdf*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.62.231.174:8443/rec.bat id: auto-46f2ab21f655843e1be88f68d8cf60a6bb4d640b40856b88a12e20e1e4b8f2cb status: experimental description: Detects traffic or activity related to http://162.62.231.174:8443/rec.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.62.231.174:8443/rec.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.62.231.174:8443/ent/pun.py id: auto-a55d491f24e831bd6f436dbf48065fc0b0b05d3081e3c9ac0ef422b05d870082 status: experimental description: Detects traffic or activity related to http://162.62.231.174:8443/ent/pun.py which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.62.231.174:8443/ent/pun.py*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.62.231.174:8443/rec.wsf id: auto-a368f901ccb8d41885f87c8b8f232f4df47e9d4f140bb90491b2cee6553af8f6 status: experimental description: Detects traffic or activity related to http://162.62.231.174:8443/rec.wsf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.62.231.174:8443/rec.wsf*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.219.246:60929/i id: auto-76137b9015f0842c693bb5a419fcb5b0a202c0d307fe2b68aebd874eae16ef22 status: experimental description: Detects traffic or activity related to http://115.55.219.246:60929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.219.246:60929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7799503374/aQ3x09Z.exe id: auto-f483910b7926e43c6d37df7d578003daf0c8849c934e03f655e2376016aa3a31 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7799503374/aQ3x09Z.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7799503374/aQ3x09Z.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.37.212.117:56375/i id: auto-a6c34d11c95f76d4bf444afb598c7bb5c5da8dd87063e1a5504a227687a105fe status: experimental description: Detects traffic or activity related to http://120.37.212.117:56375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.37.212.117:56375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.223.126:50227/bin.sh id: auto-703ce1ae9f42ea4bba8c3de3b8bdfadf14d5148d6498a8bc77dbaf680b1314e8 status: experimental description: Detects traffic or activity related to http://123.9.223.126:50227/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.223.126:50227/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.219.246:60929/bin.sh id: auto-79a4b0028231951d6ac561b53739f3462fa5f74f877e1119caf62216497a860e status: experimental description: Detects traffic or activity related to http://115.55.219.246:60929/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.219.246:60929/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/mub/kj.bin id: auto-ffdea22a18f9e5ef33b663f3d3c2ef6fb8213ab5d4fb2403b9a5bae6f00f7bb9 status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/mub/kj.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/mub/kj.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/mub/mubi.py id: auto-0a2468be40e803e6f22bf7554fc52d9ec3f6bfa538d0d644a70e01ec5a738f5c status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/mub/mubi.py which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/mub/mubi.py*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/modules/Photo.scr id: auto-4c78778a27fe690771899b2e5121f7515161fbd4a4bd775a8de4e203d1128b63 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/modules/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/modules/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/Photo.scr id: auto-126a03a3af92f9836a892ee34a4ddff38ea857391b4084eeac6965d87b8f47f3 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/modules/Video.scr id: auto-84e1aff5976d081cad6dce87c7f899e611b59cc110fd39402c70dc1c0fe3ab70 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/modules/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/modules/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/Video.scr id: auto-a35aa1ed464cda133db3858acc80f6f7ef8aceb451bd2ae3f9c79c4017c6cd26 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/Photo.scr id: auto-2c5ea7eb96623720f8d3a5c394a185acb6aa62c58aa8f6e0dd2819f118ba7e15 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/images/Video.scr id: auto-6fe073db0804d38bffc796320dd5750f35e0714fa7e1b53a73f584c5fbc3f2f8 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/images/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/images/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/images/Photo.scr id: auto-f7ccc1ff5ec46a5296c10da4d8491a929db66d499e8db6b6a7e9479bd2363ef0 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/images/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/images/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.116.148.78:9980/Photo.scr id: auto-d7c441609cd64a37f38d62cfba115549c33863de82f57d8b5517b5725911b278 status: experimental description: Detects traffic or activity related to http://113.116.148.78:9980/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.116.148.78:9980/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.30.204.225:2213/Photo.scr id: auto-de7442da58a30befcb3832bf24c8eef00ca2b7e80d266fe038dcfca9bfabe613 status: experimental description: Detects traffic or activity related to http://183.30.204.225:2213/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.30.204.225:2213/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.30.204.225:2213/Video.scr id: auto-386f5f73798b14e8905f08a72a79fd7e4a9afad61da1d2c36110d5c8c6eef739 status: experimental description: Detects traffic or activity related to http://183.30.204.225:2213/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.30.204.225:2213/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.30.204.225:2213/AV.scr id: auto-2d113385fea939997bf2d8ab772341e722624f09e8d56fc94cb44624c6aec592 status: experimental description: Detects traffic or activity related to http://183.30.204.225:2213/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.30.204.225:2213/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.116.148.78:9980/Video.scr id: auto-a43f4d6fc2e027f57352218631dcd1bdf018ad89f3d3ad3a7b9dfc36c5ac666b status: experimental description: Detects traffic or activity related to http://113.116.148.78:9980/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.116.148.78:9980/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.54.220.107:8080/AV.scr id: auto-23cdd839816e14091623fc78a3055d54b770167692b9fd341dac251227372782 status: experimental description: Detects traffic or activity related to http://106.54.220.107:8080/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.54.220.107:8080/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/Video.lnk id: auto-9d905e503348e4f75ee59b3997b5a82e0b40e52607a32fcb7dba127daa5a1070 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/images/Photo.lnk id: auto-fb30934582d116b03cca7fe662b45479aab38bbf2e80ebd855550dad0fb39d06 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/images/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/images/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/Video.lnk id: auto-03851395e6326d9a62e04f9beb3f5e0056e8a6aca3d854c4f5c67d394e3344e0 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/images/Video.lnk id: auto-214d78cc5b33d0b76ae1b76d0d58d598c6b6d4cd930124a9dd8fb959f048f730 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/images/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/images/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.54.220.107:8080/Video.lnk id: auto-6eeeb43bb5bb9ed7b75be4cf03f25b4765bc4b4e1e9052c3cf5b37ddd8d0b6a7 status: experimental description: Detects traffic or activity related to http://106.54.220.107:8080/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.54.220.107:8080/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.54.220.107:8080/Photo.lnk id: auto-1ea2a9002bdf95fcbd534d0581d94bf5013e59321d9fc075c6248668beefcddd status: experimental description: Detects traffic or activity related to http://106.54.220.107:8080/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.54.220.107:8080/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.30.204.225:2213/Video.lnk id: auto-822bf4a2470237d1ba97c50536db9faffdb28cb6ad4b92b5b2b750f6a3a5b076 status: experimental description: Detects traffic or activity related to http://183.30.204.225:2213/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.30.204.225:2213/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/modules/Video.lnk id: auto-efde13ce9f5d567ad007231c45f544ba66e61acde5962f04598d64b77bebeaac status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/modules/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/modules/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/Photo.lnk id: auto-7debf2341daa5523c9bbb15cd95cdccf4401434700d3a41faf15a3a262756c5c status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/modules/Photo.lnk id: auto-420ad48ca0f3323c8dce0037dbc7b0eabfb87969ed25ede7cea0d5047e518690 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/modules/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/modules/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.28:46666/bin.sh id: auto-8f6b7fd967c1404250de6b91741975e9c96e7d323c18575fa9779764232037e9 status: experimental description: Detects traffic or activity related to http://117.209.18.28:46666/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.28:46666/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115 id: auto-0ca04fb7782a843f28a4d90ccae01b0151ea69d68198006c48ed3cd887bc4b67 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/input-678-recon-exp/mp-rt-115*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.37.212.117:56375/bin.sh id: auto-4dcb0741923c4b8b36085466fc50410598b02d3ba126f97ba3a11fbf2798e53f status: experimental description: Detects traffic or activity related to http://120.37.212.117:56375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.37.212.117:56375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.91.87/download/update.exe id: auto-8075d1d1974a56b1c7f4b42d2ad53715f73a73b78f28889d34d535a122d11be9 status: experimental description: Detects traffic or activity related to http://144.172.91.87/download/update.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.91.87/download/update.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.111.218:54866/i id: auto-e9f286bacf33c7948137e31e08bde10cac97203c090b0f9d0ab7ac7bbb80dcd4 status: experimental description: Detects traffic or activity related to http://112.248.111.218:54866/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.111.218:54866/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.193.250:51490/i id: auto-8583feffc89f550fbfe509c6960903a534fcd31777b350bb6f7ccefb41f9d30a status: experimental description: Detects traffic or activity related to http://42.59.193.250:51490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.193.250:51490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/mipsel id: auto-488bfe8b5ac7d857d0f5a240969375043db27e0180d9586c3abd0405098ee331 status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.185.105:36495/i id: auto-7c1fda632fc2a547afb34c6de7ca568d7695bee0135392ff4f4bbc4eacac766d status: experimental description: Detects traffic or activity related to http://61.52.185.105:36495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.185.105:36495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/x86_64 id: auto-e56d31180405aae0ec116782196bfbfab298e0588f9d66b4c19d16449b66f9a9 status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/arm5 id: auto-a9cde634d4272899f7d4152903c9f744a34d3a74181f3e13b69440a29dc65d69 status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/mips id: auto-3d8ea37f79e59ff2ee77bc15cae9f538fda7ee49def7bece61ae97d58770579a status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/bins.sh id: auto-5b8b08fd7797ab5852de1269b84fa4e0db8e0df95b52a4f6ed8caa9924d383d6 status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/arm id: auto-e4c0b08087bc14a3df476aedbf6eaceeeb35d014df8342db123f631e85ca3fac status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141-98-10-64.cprapid.com/arm7 id: auto-59cde598846cb28307675d7fed2d2baf11e762a7e3f7a4a62209c618d647de85 status: experimental description: Detects traffic or activity related to http://141-98-10-64.cprapid.com/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141-98-10-64.cprapid.com/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/bins.sh id: auto-ed5ec9c231255a286fd925fc3ae2ed9ae0cf1ec201c44667656d24a19e1e9d22 status: experimental description: Detects traffic or activity related to http://141.98.10.64/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.9.22:48241/i id: auto-9ddf8259b4ea07b5517db16cb48925c5ea8d22c0d265d240310eda21541b16b4 status: experimental description: Detects traffic or activity related to http://219.155.9.22:48241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.9.22:48241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/master/random.exe id: auto-2412ece5388622ac00494baee8f16e8abf2a5d6c3232a43a5e63b7e6d8394781 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/master/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/master/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/mipsel id: auto-284a0a5a332ac46b46d03cd70b015def04d034fb7c7e19cccff6df88f213bad6 status: experimental description: Detects traffic or activity related to http://141.98.10.64/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.162.76:53177/bin.sh id: auto-230ea699d1d81b04505fe43c0afe9fc61fcff104c3529fb0d10408d62f382196 status: experimental description: Detects traffic or activity related to http://119.185.162.76:53177/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.162.76:53177/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.162.76:53177/i id: auto-f736bc7fb12960e1bc8ba77bbdffb5ea2e5bb21f7e1b306548dac448367abdc9 status: experimental description: Detects traffic or activity related to http://119.185.162.76:53177/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.162.76:53177/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.157.199:46135/i id: auto-dffd44f322038c3d61b37100c157590c79b19b6b2aa91d8a7fab03bf151811ef status: experimental description: Detects traffic or activity related to http://61.52.157.199:46135/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.157.199:46135/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.3.12:34374/i id: auto-b42933b39d08eb54c3b9459d3b6ea4325196a63900165c28c716a01086417d7b status: experimental description: Detects traffic or activity related to http://123.13.3.12:34374/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.3.12:34374/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.236.127:49806/i id: auto-d7af7ac119b9a9b13aaa0047ab2792937ff296f26f7ec5a42c56f0f54190df66 status: experimental description: Detects traffic or activity related to http://219.155.236.127:49806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.236.127:49806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.9.22:48241/bin.sh id: auto-59008c0215fd0211b32955977045406a8d2fce5129fa84b0658b29abd7236a42 status: experimental description: Detects traffic or activity related to http://219.155.9.22:48241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.9.22:48241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7359455182/PuQtjLO.exe id: auto-4c2fe479e89a82407c59576fa2c4791c934bf6aa1ea04ef7fdb4f61d4755c1e5 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7359455182/PuQtjLO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7359455182/PuQtjLO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.111.218:54866/bin.sh id: auto-fa5d1c7e45cf5ee1eaff092d486b5fd2688faa43b5b187aa3f77dcd91432698a status: experimental description: Detects traffic or activity related to http://112.248.111.218:54866/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.111.218:54866/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.156.222:60739/i id: auto-18619c815cd63fcd18f633a13b1f210615cb24db6a77fa8b9837e7fb56ec9c19 status: experimental description: Detects traffic or activity related to http://222.140.156.222:60739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.156.222:60739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.107.166:53687/i id: auto-6a11030118ec63ef2a5a146b44d9931738f78a55038e1c683d694c939e9ebfb1 status: experimental description: Detects traffic or activity related to http://116.138.107.166:53687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.107.166:53687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8428202012/5w6TCr8.exe id: auto-d67812d7a9bf886267244a978c64adef82d9b11ebc40e840a52e1be7f431cf89 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8428202012/5w6TCr8.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8428202012/5w6TCr8.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.156.222:60739/bin.sh id: auto-cc8b9f57575c5af34617a867e020d8b8cc9bd5b47effdb7a4d06a3e606769d4a status: experimental description: Detects traffic or activity related to http://222.140.156.222:60739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.156.222:60739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.59.170:37778/bin.sh id: auto-d8473c0f9be7ffca6a195505fae60929ca8a83c5cdbac6473cdb2e192297a4fa status: experimental description: Detects traffic or activity related to http://27.202.59.170:37778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.59.170:37778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.187/botpilled/rbot id: auto-95b2f2d3e6df5d4f28aa47db9a36245f69d8656a4e4a6699db33f66cc9df93cb status: experimental description: Detects traffic or activity related to http://158.94.210.187/botpilled/rbot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.187/botpilled/rbot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.124:55524/i id: auto-0ffc5518bdaa814dc74c1d32e961cf6b3fce19001a9c2408c3e2dadc1a7a5ebe status: experimental description: Detects traffic or activity related to http://117.209.92.124:55524/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.124:55524/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.110.16.154:38848/bin.sh id: auto-1c9ea69702b69be95b9b184967e7e842e30bd8f5b163f3ac15b651f7c0d0b465 status: experimental description: Detects traffic or activity related to http://202.110.16.154:38848/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.110.16.154:38848/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.93:36798/i id: auto-7f23541a6f6565b16fe3d6018ec2ef7e94b22945ea7cecf1f8f582aec4d0fe3d status: experimental description: Detects traffic or activity related to http://181.103.0.93:36798/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.93:36798/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.102.66:38449/i id: auto-bbbd9da0797f813b9e09d427666f6220123df99f1f23896479ecb0471205bb65 status: experimental description: Detects traffic or activity related to http://119.117.102.66:38449/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.102.66:38449/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.74.178:41339/i id: auto-568524cbf528566154078db4adc3ea64f082b99a4746ddf2432958048c03e1e6 status: experimental description: Detects traffic or activity related to http://42.59.74.178:41339/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.74.178:41339/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.3.89:55134/i id: auto-a351c2c8cefe4278ad819a7e77efd898ca6135eb1fd48c4a6a818c72c9e69d76 status: experimental description: Detects traffic or activity related to http://115.49.3.89:55134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.3.89:55134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.221.16:50908/bin.sh id: auto-3b46f50f77bedcb42006e76a3f9c6e3aa116dd433fc6adec7e2353f20055e817 status: experimental description: Detects traffic or activity related to http://219.155.221.16:50908/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.221.16:50908/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6021162326/TC9VOYs.exe id: auto-8bf87f57cc39b503ed88e41d76f700257c25da01d1aa5e703bbf38548711376a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6021162326/TC9VOYs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6021162326/TC9VOYs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.252.125:52173/i id: auto-352756953233acab1817b877d12e6bbb1ca244f4f42d61a428edfadbdd384835 status: experimental description: Detects traffic or activity related to http://59.184.252.125:52173/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.252.125:52173/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.199.4:52342/i id: auto-038a2ba6240ec66f629e2ecc3e60563ba170732ddfaff0b56721f904df88a459 status: experimental description: Detects traffic or activity related to http://61.176.199.4:52342/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.199.4:52342/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.74.178:41339/bin.sh id: auto-9faf5ae1282f906e89bc5dd85332ebb413f454db74f814ce27eaa170b536ed16 status: experimental description: Detects traffic or activity related to http://42.59.74.178:41339/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.74.178:41339/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.93:36798/bin.sh id: auto-05f276739a00de71fbb4c10c90bf8a490f3aeb7907d22e3cec5185fda8a37d78 status: experimental description: Detects traffic or activity related to http://181.103.0.93:36798/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.93:36798/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.111.189:36999/bin.sh id: auto-121e75c797ed16f92626f6ac0c7240f64b6aa895568a99edb2011716a2e39369 status: experimental description: Detects traffic or activity related to http://27.37.111.189:36999/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.111.189:36999/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.3.89:55134/bin.sh id: auto-b463fe98a67b2fff8a7f4b945f594d07841882c166292b5781cb8eea36feb362 status: experimental description: Detects traffic or activity related to http://115.49.3.89:55134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.3.89:55134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://enable-rest.data-api-access-install.in.net/dock-ned78 id: auto-e535f0430c53c6cb29569eda8bda122e4149c18e67d2ee0ab4d9eb5741701362 status: experimental description: Detects traffic or activity related to https://enable-rest.data-api-access-install.in.net/dock-ned78 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://enable-rest.data-api-access-install.in.net/dock-ned78*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.252.125:52173/bin.sh id: auto-b9d5892d143e1d31831b69c91004c357aaf7b1e6ebf43bb3c0f19a88512f1515 status: experimental description: Detects traffic or activity related to http://59.184.252.125:52173/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.252.125:52173/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.224:58246/bin.sh id: auto-8bece17f8ca8a7d0a687aee5c55b51b81d3204be03f76a26e953e0f77f9a37e1 status: experimental description: Detects traffic or activity related to http://117.209.84.224:58246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.224:58246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.193:41305/i id: auto-b9dba6f47795c3cc14767ede591f2384bf8b7d28529653a5de4697dccad1b6c6 status: experimental description: Detects traffic or activity related to http://61.53.126.193:41305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.193:41305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/c.sh id: auto-dc1c0df08fe595f773b1f433b78eb940c5ab2c27227772bfc0459b4de3d2b75f status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/w.sh id: auto-e827f4de4345bbe896328dfb2180284197bd8945d353b68ff7810a92b4be7379 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://170.246.163.25:51497/i id: auto-22c09d9d253381820d1d5a5d46ac43f85ec74c0f2b27ea5ae6970948f0310931 status: experimental description: Detects traffic or activity related to http://170.246.163.25:51497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://170.246.163.25:51497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://98.128.185.13:53571/.i id: auto-39074d41f86fda17fd073e31f9402386fd5e7110dd6d50e10ae7ccaf6317d415 status: experimental description: Detects traffic or activity related to http://98.128.185.13:53571/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://98.128.185.13:53571/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5876083921/QZJvwnx.exe id: auto-4f7d34707cdfb6fbe4c9e33a54ec7c1d22c1e5fdce2af9afd9d2dbf3bce89737 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5876083921/QZJvwnx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5876083921/QZJvwnx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.0.99:45716/bin.sh id: auto-50f7092290874036592b84d3e5d319c56371190288470620efd27bef2cbdf403 status: experimental description: Detects traffic or activity related to http://42.235.0.99:45716/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.0.99:45716/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.193:41305/bin.sh id: auto-2920a79e4d83305477a122c8cb3c5df72637dcf0c32608e6940f754cb6d5b4ea status: experimental description: Detects traffic or activity related to http://61.53.126.193:41305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.193:41305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.47.95:59005/i id: auto-32a42b0957e988eb7ca586ecc7ce236b226ffbbbf63f8d6550c53376ec546685 status: experimental description: Detects traffic or activity related to http://42.231.47.95:59005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.47.95:59005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.88.7.70:33708/i id: auto-bca3665d51222e8b96f0899c24011d3955ca5181e08cab5132d516f79dfd9dbb status: experimental description: Detects traffic or activity related to http://39.88.7.70:33708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.88.7.70:33708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.29.45:51945/bin.sh id: auto-fff257344ac322fd2927ecf90ac87b34c97949140dbde41f0b28b48496e362e1 status: experimental description: Detects traffic or activity related to http://42.230.29.45:51945/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.29.45:51945/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:45955/i id: auto-504760458f5669c1030c56c80b7be51e72da7425451344778e712d0e7fa259da status: experimental description: Detects traffic or activity related to http://110.36.15.184:45955/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:45955/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.35/nuts/bolts id: auto-67498f745d9f6646fb5ab4fab14b67d3246f75149d08f8820da50a0cd122098f status: experimental description: Detects traffic or activity related to http://45.194.92.35/nuts/bolts which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.35/nuts/bolts*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.35/nuts/poop id: auto-42647de35f848bd4168b36df1f86811626421ec3d259b21d1c35fb192f00bf72 status: experimental description: Detects traffic or activity related to http://45.194.92.35/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.35/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.arm7 id: auto-de7b74b9cba850dd58886a25e06c9285c384c114d368a0f052ac2e4233eae5f1 status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.sh4 id: auto-5c65573bc290632e8465b0410c6c05442b4f19897ec30922df24f225abe2f52f status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.mips id: auto-8a91008ef360209ef5d8a0791652fabc94f4c11288eb54dccd392a504217a41d status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.arc id: auto-8a059a9c468bfea9dd242e6ecc9f5f73c76f0720c20ed8e16d650b9e6eb5c8da status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.m68k id: auto-920d041e7ba5bc6cbba14888fa264af6d9d16f3a9b3bafdf2d1b0ec3114cbc5a status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.spc id: auto-bfbe19c22ed7f8c284bf0750c258316507db44b5beb7ddd861f4383975aefe4a status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.arm id: auto-0a13c3a3d2c00fac44f52554835def7e3bc416f4309db76773af651883b01123 status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.ppc id: auto-07264c31a90ee916704e3e20d50567af7a88299c428de3e42e58e34840612a4f status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.arm5 id: auto-261f23f8483c32557eb42a8a0052cb2ab6906b95bb21f2ba20a78e3d1986a1ce status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.147.202.53:9635/.i id: auto-7eeff3c7d9bd4078dc39b949a804bd505af4fc28685b6995748e17c384fde909 status: experimental description: Detects traffic or activity related to http://45.147.202.53:9635/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.147.202.53:9635/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.mpsl id: auto-6c239187688a01e0c077fa7558dabd911d5940c5ac9f45edb6b98530b1bd5161 status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.arm6 id: auto-f590cd0df10e814fb6dd50c449e44dd9f9d3fe000e868fd49779417d949de67b status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/hiddenbin/boatnet.x86 id: auto-b0dfe01c3c0b9d43581507c5bd0e48465321461e9ad59369d4eaded290261296 status: experimental description: Detects traffic or activity related to http://45.137.70.87/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.137.70.87/ohshit.sh id: auto-6edaaa78ee06feb9ec546463d14577019ff1a4dfd74cb8fba05bf7cb5af64f51 status: experimental description: Detects traffic or activity related to http://45.137.70.87/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.137.70.87/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.68.36:42211/bin.sh id: auto-9b1d6eba19d32067fb626a67e5304ebb5a16ac3ea1795f658f2226239614abd7 status: experimental description: Detects traffic or activity related to http://117.216.68.36:42211/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.68.36:42211/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:45955/bin.sh id: auto-e139cb646c75cc18fe776474f468af190fe5b7d54e0ccc9432dfd9ac46b63109 status: experimental description: Detects traffic or activity related to http://110.36.15.184:45955/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:45955/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.157.253.209:40893/i id: auto-9a95e8ee97152175f37e71e42c0bdf3aea21883ec7b3d52b8f0f4057f6132418 status: experimental description: Detects traffic or activity related to http://93.157.253.209:40893/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.157.253.209:40893/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/repoz id: auto-2c0fc965aa2bb99aedc886cec1e208e81f6b5b45222b3893c07c9152ac576006 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/repoz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/repoz*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/gran2 id: auto-758a51b62bc4bc75cc4f03eefdcb0b08af4d84a818d82715f6c5ab3c9429339c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/gran2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/vigilant-adventure/gran2*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/s1ash id: auto-c3752bf07791f0631acb48ab231cb7fd6bf26a41fd3374bd745df24da982c327 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/s1ash which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/s1ash*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.178.17:49908/i id: auto-96cefae43608794d159ea4d800657b1ca35d4835c8eaa0d63f4c0943cf8bc2a3 status: experimental description: Detects traffic or activity related to http://222.140.178.17:49908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.178.17:49908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.157.253.209:40893/bin.sh id: auto-adc7ff5d3685450dceb7c94723a5c23d24550f7fe212219f2fce8db90a6ad0e7 status: experimental description: Detects traffic or activity related to http://93.157.253.209:40893/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.157.253.209:40893/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/gamb1t id: auto-b7b0aa57552d085d8b401773a7ae7b475ef8ef226bad0c5010fbc3ab1002443d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/gamb1t which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/mobility-5tarlit-venue/triangle-0verbook-sh/gamb1t*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/bins.sh id: auto-0aaa58e260f7546eea7c2d283280841b3c1c2ba180173f6b835ac516a3955647 status: experimental description: Detects traffic or activity related to http://158.94.210.68/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.26.64:37375/bin.sh id: auto-2b28c941c79e6dcebfb849a45641467e01ea6588ec72ded3eeb941ec069e9054 status: experimental description: Detects traffic or activity related to http://115.59.26.64:37375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.26.64:37375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.119.71:39487/i id: auto-12c3aff7ba8eb08c060cce36b030b08d49637fb0940d2cddfaddafbb4eefd063 status: experimental description: Detects traffic or activity related to http://42.235.119.71:39487/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.119.71:39487/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.152.53:55125/i id: auto-05a49c7bc3edbe719501fc53d3366808e71f7666de4dc8365c538017417593ff status: experimental description: Detects traffic or activity related to http://123.5.152.53:55125/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.152.53:55125/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.194.122:60310/i id: auto-30684b5dda8f83de87b51a8eb0374b0c4df75a458206e7c9bcf8a6361afb4b76 status: experimental description: Detects traffic or activity related to http://27.204.194.122:60310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.194.122:60310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.102:36099/bin.sh id: auto-fc29639360e1b05ccb9ff3653dadedbf0a458e35a9dfecb228f17931b948b225 status: experimental description: Detects traffic or activity related to http://181.103.0.102:36099/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.102:36099/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/mpsl id: auto-d43d157a5d7a0224875e577e727c3c841cdd0d89e333e6cd271b0cffd4519c09 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/debug id: auto-c17cd49a7758b754f8598f2adeae185def04ee6fbca7e14391d0012dec19811b status: experimental description: Detects traffic or activity related to http://assets.gametools.win/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/debug*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.10.50:56642/i id: auto-e99f4a5ea8e253d75c29ee9d79e7fd5af1d5fe58fa2dad044968d3b453a514f0 status: experimental description: Detects traffic or activity related to http://222.141.10.50:56642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.10.50:56642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/bin id: auto-bf0d58342b55bd4b930a4fdd321e40c2da4787a5d985f6e7e324724e78b47c5d status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/bin*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/pay id: auto-f1a22ab91381943789ea33d8a2b1e7624436e8a92b8d704946360f751a3195fe status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/pay which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/pay*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.ppc id: auto-6bfae94b2e6914abe2a4a2ca3c557755fc101072290164684224f3b839f9a913 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.arm id: auto-9c1373d8a82b909f4f1e6ecbc3ec660dc1be0eb2198dd62e1bdc87b9f70b6ba3 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.arm5 id: auto-74617a9549528aa2c4baf04e90b56e897b8c76173974a4ba39153fe90ce02796 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.sh4 id: auto-8b3c0c2eee04bbcdb4e283a36fbd7b762450869e6f957e1cb31307451bf74877 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.arm6 id: auto-73e0d062e9f4a2e97c1f9c3c4f4474a82a2ed2cfed4de709dcf2fa4297d3dd52 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.mpsl id: auto-9fa8c3cb320663edff1d04da8dc99ee0409ef0130ced5d34350c1cbbd6810c28 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.m68k id: auto-c24c7c510bd76d37bf70ba666abfdefee22bc80a7070b465da3d5b93cad99f34 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.spc id: auto-522b4147cc1ac2eb24a63178dd10a74d3e0a8775a064c6a7718e63be74a91ef7 status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.218.50.158/bins/arm64 id: auto-95cebab0c06494e1d413386832258e2612430975cf652b5af45f6f7a960f7821 status: experimental description: Detects traffic or activity related to http://104.218.50.158/bins/arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.218.50.158/bins/arm64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.218.50.158/bins/amd64 id: auto-89751a9b052e89e63252f06ee523d3037b21652ed514700a8841d1c9a31ccc00 status: experimental description: Detects traffic or activity related to http://104.218.50.158/bins/amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.218.50.158/bins/amd64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/yarn id: auto-477590923f6c1e3705870630af602222a75b1c4807d361b0024ec4cd78999682 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/yarn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/yarn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/arm6 id: auto-e9fd8a74d77076e7cbc7c6b8dcc6c528d6e6af5485675d8d0fb4925a89540a08 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.x86 id: auto-058392492acc4efd1983af2d34958b2f7d2e7041bed078696ef196991f62c9e8 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.ppc id: auto-9b0591b64e14e54cb56aedb450d5d39d89bfe4c7b561219d84f227b3bb147808 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.arm4 id: auto-cc48cb34bef94cb84ea146512a409a4df0e7e0d8aca12227570cbe89abaaec41 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.218.50.158/bins/arm7 id: auto-9eff9ee688b556c38ebe52e288197d69cd2cc6d2ab5b1d93d33ebeac31cfcbf9 status: experimental description: Detects traffic or activity related to http://104.218.50.158/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.218.50.158/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.93.131:56656/i id: auto-d28d24a73f0ea35af5bbd64054c1c7a42d5f8c0e091761bab14a096ea86348c4 status: experimental description: Detects traffic or activity related to http://182.126.93.131:56656/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.93.131:56656/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.247.2:45901/i id: auto-3c8c38ab34247042eb23d551622e3726046fddf24ddff5786e237a210f86c05a status: experimental description: Detects traffic or activity related to http://42.6.247.2:45901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.247.2:45901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.218.50.158/bins/x86 id: auto-973d614f47817cb74d1fab7e9b8b6e01aae0fc92bc993608f9cb89e1ee35b810 status: experimental description: Detects traffic or activity related to http://104.218.50.158/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.218.50.158/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/kla.sh id: auto-25821be418d2c24bdb13933917ac6f4771d64d4f11356b0f9cbb23a3d4cdb41e status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/kla.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/kla.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/arm5 id: auto-619d5477cdd7839efd2d3c8c57ef658c00d92ea8fb6cc3c70fd80c955808cb72 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/mips id: auto-636f23cc5b87741ee46a86240d0f6982724a7a78f8ce8404e8ecb1525c93640f status: experimental description: Detects traffic or activity related to http://assets.gametools.win/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/x86 id: auto-c956bd709402e069608383ed4acae595eebf0cf0b621ba2ea929f0d20937b3d2 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/i686 id: auto-d0c810c09ce264893fc6aa02426d079b8d3d9ea4a7410e3905b8aef830c8dec5 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/arm4 id: auto-2cfec91edb673ab83df31779cd16b2406f477a31c663d8dd88b9aa8ed9456078 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/ppc id: auto-b191132b035caf3549159097acb54868722553eeba2f26a744962931ae09b622 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.arm5 id: auto-0f3ad79c0387846572ee0de09b739cf7117575d7ad49d69a62a98a333c2823fe status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.i686 id: auto-262307ff3797d2b48b67f2a75495bf68dbdaac1367ce776c725128bca188db55 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.mpsl id: auto-669bac3116dd4bdfe4581e1d07fa6766be9ad01c629e2413d8e2aa3002f40ee5 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.arm7 id: auto-27793e63ca0457cc302af098171683d1cb75dc761032bb31af3d5eaa4c803135 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.arm6 id: auto-a91eb3206f12f1d678640f5f55fbb55bdbf9d45fc907a480b4689c58d1dd5b6b status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.x86_64 id: auto-be6a2556f33c16164e6485d2772d642053651cafa7c0246c9459c67cb8af5441 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.m68k id: auto-7c3ffc58f6a17a3b8a087fd0f6c02584f52b3427f1bc398db63d3046901fed77 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.95.240:60827/i id: auto-0c87b07ce7ee167cf03bd1634225c08bbf0e3a5ee5eb2598f6fda0d5965e41bd status: experimental description: Detects traffic or activity related to http://42.235.95.240:60827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.95.240:60827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.dbg id: auto-42cc49b8c829e8d4c2dd7c14e5b8be386737456132a73e6ba8e6136b6052df6e status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/sh4 id: auto-138eadc237515c871326a2a798e5b681d2ed5b8e5cd13c6e58007530f6c4840d status: experimental description: Detects traffic or activity related to http://assets.gametools.win/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/arm7 id: auto-48954239d6afc32d00d6f2be80523a68f71d92fcc265c609a4cb7dab93478562 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/m68k id: auto-6e882d1dd9a8504e7b510e9358d8be890ba47b9612a2f7b1a1e783cb0f8a87d9 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.sh4 id: auto-cdcde70409a797cea4b6c81db158eb7f1a311296a4ef1d1771b7a63f2c8b81a8 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/no_killer/Aqua.mips id: auto-2605e2dab282798e4009b8e161e562cd2155355bcb01e4110b5329b8e1eba8e5 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/no_killer/Aqua.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/no_killer/Aqua.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://assets.gametools.win/x86_64 id: auto-9de7dd6c8b2f1530fc771e75116810a7ab821f7e8ef2de69ca9a9f93ea816486 status: experimental description: Detects traffic or activity related to http://assets.gametools.win/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://assets.gametools.win/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/ohshit.sh id: auto-c08d5d649adad3b8febf6a15d5f2d879c51963b676519f81f07a04da25e92cb7 status: experimental description: Detects traffic or activity related to http://45.144.54.79/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.arm7 id: auto-a94d27f0a7e287e991ff5f093ba97e31730dfb79739187d53e02af0066bb408a status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.40.135.122/bins/vcimanagement.x86 id: auto-ba36fed69a82b3b5996e24b6155e0a1aea96031838132481af57377e6dfcf57f status: experimental description: Detects traffic or activity related to http://169.40.135.122/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.40.135.122/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.42.89.1:56735/i id: auto-1f4a4416a19a6dd449e51a2c12e575c12aca76aadd2662ea2bae2671dbd63446 status: experimental description: Detects traffic or activity related to http://59.42.89.1:56735/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.42.89.1:56735/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.14.227:51140/i id: auto-f2fc3737408546cfc711439d6ceb086b22c144934d95ff1d9d2f75e354829326 status: experimental description: Detects traffic or activity related to http://115.63.14.227:51140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.14.227:51140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.ppc id: auto-d67bd17c320afdb886710d6723734d83a0cb2050f72fb38ddbd131b1b6510591 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.x86_64 id: auto-38d8f77bbc301ecb69ef1393e2acd415ec2417e0b3c1648b028f99f357fc35cf status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.x86 id: auto-786f5c751bda0f3309eb6664e095e270712610d8dce0e93205fb0babefcce619 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.sh4 id: auto-b5bb5960d4b1ecf71e27de4e9aae2f436537647c0be0f2ea8f895324312d2d1d status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.mpsl id: auto-51ad2f57f73a7ebb6b3383d3c2201a0970b74e44d5f0b27e508410f98164c0df status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.arm7 id: auto-b70e3f1db06af72a988931ea2a554ccd8277056e832f280ac17a34d3a37bc4b5 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.dbg id: auto-9b49f3ad7924bcee681aa1960bf23c36cbb54624f90254cd4fd9bf8e6d54de30 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.i686 id: auto-015df10c0172d3b072d91f476e0e55ac94d8a3c10704c914c1e97ea1cce1e251 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.arm6 id: auto-d86506515388ef21359b4ffd393c1c8dde3755292262b42fe3561a9b2d375ed3 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.arm5 id: auto-7259acc57ab1fe03375e81de8dcf31a6cdbcacb97f798139e12883f4506acb7b status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.m68k id: auto-f3bb848b37188388e5f6d52391eea9031a7d89840d3921f80564ca7ec638b869 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/debug id: auto-de69b5f38349e91c7f7844a0d5ba6ae4436d02698410734a4abfcaf492d69049 status: experimental description: Detects traffic or activity related to http://193.233.248.201/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/debug*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.arm4 id: auto-8b99889e37675ab7209a6a76f3fb324142049c843609780661f1d85f52c41467 status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/no_killer/Aqua.mips id: auto-c8a4fa677f8a7d21d9cb6dfbb68aa83ea405af58c4a38b5809a9d4ce5376da3c status: experimental description: Detects traffic or activity related to http://193.233.248.201/no_killer/Aqua.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/no_killer/Aqua.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.179.92:38749/i id: auto-b243f28257c2b34d901b6c187446bbc207307676d1087193e9b58c0706086c4f status: experimental description: Detects traffic or activity related to http://219.157.179.92:38749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.179.92:38749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.218.50.158/bins/mips id: auto-3a23326bfb5020167451a4721146f9c452d3d732fde93bf9562cbecc954ffc2c status: experimental description: Detects traffic or activity related to http://104.218.50.158/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.218.50.158/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.187.137.7:43789/i id: auto-1cd75b33d5d6e27116c2547c598a84b6db655b8eb5fa51914a2d3d910bd1afba status: experimental description: Detects traffic or activity related to http://182.187.137.7:43789/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.187.137.7:43789/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.113:50638/i id: auto-292a43df0bb9daa4c6e185f3818e22ac97d1e8b11b6a76ce5d0d7b8d5926c83a status: experimental description: Detects traffic or activity related to http://110.37.5.113:50638/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.113:50638/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7154003499/qyCgDyM.exe id: auto-639fa0def2da1bdb1118e2ee4b56330bca3036cd4509e59424142b863ce1518d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7154003499/qyCgDyM.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7154003499/qyCgDyM.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.10.50:56642/bin.sh id: auto-c3075d011b144e9f66115da06f6cbba916cea4a7629841816eae98e88789b378 status: experimental description: Detects traffic or activity related to http://222.141.10.50:56642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.10.50:56642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8434554557/QKTi8Lo.exe id: auto-69ab266761cdf4f93b35fa0dcba4649c4cc08ee7d219654da0c4c9dd9bbc0f3e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8434554557/QKTi8Lo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8434554557/QKTi8Lo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7024015129/4RIbt3N.exe id: auto-694dc3cd77279918629101f13c4a48a59d5de09666835ff6405968ab206b6396 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7024015129/4RIbt3N.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7024015129/4RIbt3N.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.84.233:41979/bin.sh id: auto-865691aebbe3247d44410b633347505cb4657f552c7ee7166b15f9bb468dde34 status: experimental description: Detects traffic or activity related to http://115.55.84.233:41979/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.84.233:41979/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.152.53:55125/bin.sh id: auto-968b6ddf0b11217b2853653ca09a4305aaf6e42bc1ed2238d3a37b8dbc07fa00 status: experimental description: Detects traffic or activity related to http://123.5.152.53:55125/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.152.53:55125/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.24.237:46502/bin.sh id: auto-f011a983be7c0ace16e077d00efb3c0a9f481259e93c1a11a8e6f8f5859d1bb2 status: experimental description: Detects traffic or activity related to http://42.224.24.237:46502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.24.237:46502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://170.246.163.25:51497/bin.sh id: auto-ce8bd1b55bd6083a14d9185863028d7765fb2bb8156d55063dbc06f6fcde8c5f status: experimental description: Detects traffic or activity related to http://170.246.163.25:51497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://170.246.163.25:51497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.54.103:34953/i id: auto-e0457c1f9e0135b550e4b996b845a199ca4566aa83ad4871f18227731cada8fb status: experimental description: Detects traffic or activity related to http://115.55.54.103:34953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.54.103:34953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.arm7 id: auto-e44cf297dbfe6245e7f469b01164e66e7025502b18775155a48a349e5c58f5fa status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.mips id: auto-9d0e125a1e0654045f2e3d8770699ba77f8f74abe17ce8405e2c3584dcf1c338 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.ppc id: auto-3b9b6c41f63e13bfe67d855c58e54a30015225b10d4697315c1363b3af8cc830 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.i468 id: auto-ce2c0accb37cce4ddf780670cbdbf71e971905c3e927ad3a88d266a6c979555e status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/arms id: auto-296cb418f1a0ab406c272eee18429038bd564dfa1d3794b478077ad121f629b0 status: experimental description: Detects traffic or activity related to http://158.94.208.27/arms which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/arms*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/4rm4 id: auto-d4627be44139f1d9f9bc05bf025143ae012687173788210c44b181d7ea34302b status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/4rm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/4rm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/tplink id: auto-e05d6a202af28d568e2655c14d25ca1ecd7f22ede2376f21b9c00c68598f482c status: experimental description: Detects traffic or activity related to http://158.94.208.27/tplink which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/tplink*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/arm id: auto-1d8429ff628c467b9e81855c09b856a97bc9d6a227c127f76831391484876d09 status: experimental description: Detects traffic or activity related to http://158.94.208.27/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/npc id: auto-28babbd20b25aba680ec392c2969aa7f474508e7676cdcb93d359b22591ec506 status: experimental description: Detects traffic or activity related to http://158.94.208.27/npc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/npc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.m68k id: auto-30c046d2180a876a148aa17e14a81cfe7db4e9cf6471294e43c4cb1f6f5716b2 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.x86_64 id: auto-8e79defd58ec2536601d20a608f8eec1b471b9259a9af2751f5e4d105f2586f8 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.mpsl id: auto-f0c82a98e91a1baa2efdbbc6032cadb92bdce78add4f73abeb8d26be195ec31e status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.arm6 id: auto-86e6ba8b671886bc6145477b360e34a2d17fc3122e557973feacd414b9ffc569 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.i686 id: auto-aa96e76d9e26b79d4f92a58c1af6c12a355e41d3806ead5fd75f5e6395ffe2ac status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.spc id: auto-7dd4150571a53d1042750b30a69f90658102ee6308dfe87142d0aff04d26e19a status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.arm id: auto-a75a8d151a43860649d49aa16a51e737b9b498ce881ed6acbae9dcd5e0c96b14 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.x86 id: auto-14dc15f130e3d25c6bdc411682f6b134803b71abfdca48b4196e4b7ef79e226c status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.arm5 id: auto-a42644174ba3c9d1ba809e259d73a1153569c98a17a53872888dce3365a4b766 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.arc id: auto-5dceac2c1ff17b482f15943e92a2f5dc74d59e81c7e24a5917736588b467465a status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/windyloveyou/windy.sh4 id: auto-93b3d8f8ab87b17ac5d6f5eae0219c036e023d07dbda3aabedb57d3b9c26c401 status: experimental description: Detects traffic or activity related to http://103.67.244.205/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8020066796/UORUneg.exe id: auto-7061000c73df2e6e3d019253b22960845b10e7a8c2d289e34f59abcddf2663f5 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8020066796/UORUneg.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8020066796/UORUneg.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/x86_64 id: auto-52ef9b54cae24620814028ef437afce4093b9626d7d8bdba6d12b671ae692151 status: experimental description: Detects traffic or activity related to http://141.98.10.64/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/mips id: auto-ce7ad0ec99185d5e9b5d052fe9d6ae65ba177387e8369ae1741b298a6d2da2d9 status: experimental description: Detects traffic or activity related to http://141.98.10.64/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/arm5 id: auto-6f531aefebfca6f9c8038732dd6804b29caf22c15b24ecee28a31b73cb151543 status: experimental description: Detects traffic or activity related to http://141.98.10.64/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/arm id: auto-2aec42787c304f597cd520fa91a1d30009247cf06e8844cf385b37b51b39b13a status: experimental description: Detects traffic or activity related to http://141.98.10.64/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.98.10.64/arm7 id: auto-77e0b10c8dcb416bef717cb9af7f1bd6993ae7019b9fdc9d7f6e22afbb588316 status: experimental description: Detects traffic or activity related to http://141.98.10.64/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.98.10.64/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/caio-arc/links/raw/refs/heads/main/Application.zip id: auto-b2a88ed82a93fca6f8634f96c4439ce1c7e1bc8cbf297eb32bf02a106e3ef7de status: experimental description: Detects traffic or activity related to https://github.com/caio-arc/links/raw/refs/heads/main/Application.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/caio-arc/links/raw/refs/heads/main/Application.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8463396948/JmwzITx.msi id: auto-613c1bdb39c8f67464ca35909f0f97f8ef727b2f948867a451cab7c212caaeff status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8463396948/JmwzITx.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8463396948/JmwzITx.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Keyur-m/hometask/raw/refs/heads/main/Application.zip id: auto-cc47470603f3500c235372ef7282e17f7a9774ef57819e0fafa9d4a6d12bd56f status: experimental description: Detects traffic or activity related to https://github.com/Keyur-m/hometask/raw/refs/heads/main/Application.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Keyur-m/hometask/raw/refs/heads/main/Application.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://betbobgunceladres.com id: auto-a4df1d8c362468ed4c043e359bb36fa93d03fea7e8ad9bf01a9e6df4104e1b01 status: experimental description: Detects traffic or activity related to http://betbobgunceladres.com which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://betbobgunceladres.com*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.97.194:39565/i id: auto-3dafebff2920bd6f57f2d92b6beb44bed4e809be900954d20cda55163320b407 status: experimental description: Detects traffic or activity related to http://59.177.97.194:39565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.97.194:39565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.202.71:33194/i id: auto-fb0ffd4b91f563f20c57b40c6e47946bef3e04c1e6e5512c6fc5bcf961d7832c status: experimental description: Detects traffic or activity related to http://61.54.202.71:33194/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.202.71:33194/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:59163/i id: auto-af02782101be86f8676e5153329b6b85f98804a4d91bced34fad93956079d7ac status: experimental description: Detects traffic or activity related to http://110.36.16.78:59163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:59163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://olekndx.hoyenoy.com/google12.3.zip id: auto-49a2ed78a2febee4efd9efb3633c6e34ab0d64afa90016472a1af35c363fab16 status: experimental description: Detects traffic or activity related to https://olekndx.hoyenoy.com/google12.3.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://olekndx.hoyenoy.com/google12.3.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.198.234.72/gisl.odd id: auto-00b820fe85e0e31a99399fc92a43d19ff3fb3c3e037a4a36265520649f7c7619 status: experimental description: Detects traffic or activity related to http://185.198.234.72/gisl.odd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.198.234.72/gisl.odd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://chrome.download-google-chrome.top/download/Chromeab-x64.zip id: auto-2f2000838ac3aa5ae07609318b2154d2fa170fd3f19766c6a1d95d246ca83149 status: experimental description: Detects traffic or activity related to https://chrome.download-google-chrome.top/download/Chromeab-x64.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://chrome.download-google-chrome.top/download/Chromeab-x64.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://googdownload.googcdngoogleownload.top/google/download/Chrome.zip id: auto-8d5588899a8586e9b64b6426c875c83c36cf89787b8b446db02617b37e438ef3 status: experimental description: Detects traffic or activity related to https://googdownload.googcdngoogleownload.top/google/download/Chrome.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://googdownload.googcdngoogleownload.top/google/download/Chrome.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.0xC6.234.72/gisl.odd id: auto-f73fda7c8bd85d122ac9762e9a6da7cea1e59b2b84ec8c264b504907e88a56de status: experimental description: Detects traffic or activity related to http://185.0xC6.234.72/gisl.odd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.0xC6.234.72/gisl.odd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/meech/random.msi id: auto-ce65173eb0daebbc420a108c77d8674b2eb9b8cdcc10e4d5179dab6178b80d8f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/meech/random.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/meech/random.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.236.219:34942/i id: auto-8fe4e8677e2c633f280b989378ae1dc4795e2ecf013d19a5b30e52baa86e406e status: experimental description: Detects traffic or activity related to http://219.157.236.219:34942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.236.219:34942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.97.194:39565/bin.sh id: auto-582aec56d44fe44e163fc23b9faf30f1fed6f6311c687d4fcffdd34d6c6c2d84 status: experimental description: Detects traffic or activity related to http://59.177.97.194:39565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.97.194:39565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/moha-create/cracked-tab-scheduler-extension/main/Helenus/cracked-tab-scheduler-extension.zip id: auto-66b4fbef3b6a3528d4153938ff8f0f599fdb0c17bf820b89b9fdd8ab146b5740 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/moha-create/cracked-tab-scheduler-extension/main/Helenus/cracked-tab-scheduler-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/moha-create/cracked-tab-scheduler-extension/main/Helenus/cracked-tab-scheduler-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.21.96:48185/i id: auto-602edf9c0625bc7160b6150bef6a60098ed9c2610246158b4ce50bbb0d7ba8b1 status: experimental description: Detects traffic or activity related to http://123.190.21.96:48185/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.21.96:48185/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.170.65:52999/i id: auto-07e454b0a552c0c9aa4f1d2716543c172373cb1d651ac90c7988b35c9c27bc11 status: experimental description: Detects traffic or activity related to http://115.54.170.65:52999/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.170.65:52999/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/TeeeeeeeeeellKall/cracked-tab-groups-extension/main/clackety/cracked-tab-groups-extension.zip id: auto-36ed7351a1d5ecf59108adb805555f2f406affb63fc313b814251cb659256f13 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/TeeeeeeeeeellKall/cracked-tab-groups-extension/main/clackety/cracked-tab-groups-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/TeeeeeeeeeellKall/cracked-tab-groups-extension/main/clackety/cracked-tab-groups-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/teskkkkk/cracked-todoist-for-chrome/main/fieldworker/cracked-todoist-for-chrome.zip id: auto-cb0baa617f21fe44c881b30dac87dccd392b4bd649fd900d8898bdd76a167515 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/teskkkkk/cracked-todoist-for-chrome/main/fieldworker/cracked-todoist-for-chrome.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/teskkkkk/cracked-todoist-for-chrome/main/fieldworker/cracked-todoist-for-chrome.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/kukil-saikia/cracked-save-to-smartsheet-extension/main/syrtic/cracked-save-to-smartsheet-extension.zip id: auto-05a3e191d27d6a2113af56adeef70a46db753c388ac717ce834a37dcaee6859f status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/kukil-saikia/cracked-save-to-smartsheet-extension/main/syrtic/cracked-save-to-smartsheet-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/kukil-saikia/cracked-save-to-smartsheet-extension/main/syrtic/cracked-save-to-smartsheet-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip id: auto-bfb522ee452f28e4b333445248c394c9c56514af643c6d7e7cc46cf4addb92ff status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/class1k/cracked-save-to-mondaycom-extension/main/textbookless/cracked-save-to-mondaycom-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/znrril/cracked-save-to-basecamp-extension/main/larker/cracked-save-to-basecamp-extension.zip id: auto-fed8ea0e48ed06c02b017ad48595dd939738fbf5baa55a24a7d02d008d244149 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/znrril/cracked-save-to-basecamp-extension/main/larker/cracked-save-to-basecamp-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/znrril/cracked-save-to-basecamp-extension/main/larker/cracked-save-to-basecamp-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/jsm2raj/cracked-webpage-highlighter-extension/main/innkeeper/cracked-webpage-highlighter-extension.zip id: auto-3f53f6520ded598dba41f000e0d0c1752b2b7cfada1dacd9152ee86616ef3cad status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/jsm2raj/cracked-webpage-highlighter-extension/main/innkeeper/cracked-webpage-highlighter-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/jsm2raj/cracked-webpage-highlighter-extension/main/innkeeper/cracked-webpage-highlighter-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/ShifaIshfaque/cracked-save-to-click-up-extension/raw/refs/heads/main/doddart/cracked-save-to-click-up-extension.zip id: auto-1eb48a9bf4b2683bb903c184f8230ece057120216b56e20a5fdd21b96b04ced5 status: experimental description: Detects traffic or activity related to https://github.com/ShifaIshfaque/cracked-save-to-click-up-extension/raw/refs/heads/main/doddart/cracked-save-to-click-up-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/ShifaIshfaque/cracked-save-to-click-up-extension/raw/refs/heads/main/doddart/cracked-save-to-click-up-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/p4blo3d/cracked-enhancer-for-dropbox-extension/main/conferee/cracked-enhancer-for-dropbox-extension.zip id: auto-f186a9d97e4cdb9af6d66f8fa38e8f8caa1a7c8231c3a318b41fd1e7ce452951 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/p4blo3d/cracked-enhancer-for-dropbox-extension/main/conferee/cracked-enhancer-for-dropbox-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/p4blo3d/cracked-enhancer-for-dropbox-extension/main/conferee/cracked-enhancer-for-dropbox-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/lazzydave/cracked-webpage-snapshot-extension/main/sketchiness/cracked-webpage-snapshot-extension.zip id: auto-91d5046644dfee6a95c8972829e8519e3e978ad1118e7638885ea01189a0dd12 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/lazzydave/cracked-webpage-snapshot-extension/main/sketchiness/cracked-webpage-snapshot-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/lazzydave/cracked-webpage-snapshot-extension/main/sketchiness/cracked-webpage-snapshot-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.236.219:34942/bin.sh id: auto-9d967cef35e119203c3fb633d2ed3d54649f89793089a63a4d38ec0d9d839f6c status: experimental description: Detects traffic or activity related to http://219.157.236.219:34942/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.236.219:34942/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/LucasRafael-S/cracked-tab-grouping-assistant-extension/main/jogglety/cracked-tab-grouping-assistant-extension.zip id: auto-d9b93c8458491f84bb5e7a17335aba6eb5db00b546bc33a3055cb33b13e0f0a7 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/LucasRafael-S/cracked-tab-grouping-assistant-extension/main/jogglety/cracked-tab-grouping-assistant-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/LucasRafael-S/cracked-tab-grouping-assistant-extension/main/jogglety/cracked-tab-grouping-assistant-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/Furinini/cracked-webpage-bookmark-manager-extension/main/Rajput/cracked-webpage-bookmark-manager-extension.zip id: auto-74c43d333609fa5b4122099ac6aee8822ba9a0551f48b84ae2719f4991bac080 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/Furinini/cracked-webpage-bookmark-manager-extension/main/Rajput/cracked-webpage-bookmark-manager-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/Furinini/cracked-webpage-bookmark-manager-extension/main/Rajput/cracked-webpage-bookmark-manager-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/GaBrieLPaRRa-Dev/cracked-save-to-podio-extension/main/coronate/cracked-save-to-podio-extension.zip id: auto-d0620c67934ffbe6a9ba74e063bed4e783d26c308d432d3349e9bd3b1b5eaa4a status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/GaBrieLPaRRa-Dev/cracked-save-to-podio-extension/main/coronate/cracked-save-to-podio-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/GaBrieLPaRRa-Dev/cracked-save-to-podio-extension/main/coronate/cracked-save-to-podio-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/bomm010/cracked-webpage-commenter-extension/raw/refs/heads/main/Iliadic/cracked-webpage-commenter-extension.zip id: auto-0e349fc610da03f4fddfc32879566fcf5f23616927eb80d3485cfb55ef1c097d status: experimental description: Detects traffic or activity related to https://github.com/bomm010/cracked-webpage-commenter-extension/raw/refs/heads/main/Iliadic/cracked-webpage-commenter-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/bomm010/cracked-webpage-commenter-extension/raw/refs/heads/main/Iliadic/cracked-webpage-commenter-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip id: auto-fc26a4587c38887871b740406df9afec9a03be5ad45021b8281ea156a77d76ac status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/bibabiboreal/cracked-save-to-airtable-base-extension/main/rectifiable/cracked-save-to-airtable-base-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/Ek2025/cracked-save-to-trello-board-extension/main/gudewife/cracked-save-to-trello-board-extension.zip id: auto-9032c610204d15f6900595c2ac966a3edf8275828b9140801ca8bb509fae7e3a status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/Ek2025/cracked-save-to-trello-board-extension/main/gudewife/cracked-save-to-trello-board-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/Ek2025/cracked-save-to-trello-board-extension/main/gudewife/cracked-save-to-trello-board-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/Caeserondijo/cracked-enhancer-for-figma-extension/main/amidofluorid/cracked-enhancer-for-figma-extension.zip id: auto-f37978dc93ce00399d27d9e78a3727f0429183b095258dec49ff678bdf0d39c7 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/Caeserondijo/cracked-enhancer-for-figma-extension/main/amidofluorid/cracked-enhancer-for-figma-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/Caeserondijo/cracked-enhancer-for-figma-extension/main/amidofluorid/cracked-enhancer-for-figma-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip id: auto-cc23e859574c9d101a5a1c9f766dee7f7920b84ef8aa94c7b14da3a6c837f595 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/kayraizm3131/cracked-webpage-tag-manager-extension/main/pteroclomorphic/cracked-webpage-tag-manager-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/Pollob99/cracked-tab-session-saver-extension/main/gastrodidymus/cracked-tab-session-saver-extension.zip id: auto-846cfbd60018dca5384add706666aa1dd071ab7ec2eac95b5092ffb8602d4b5b status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/Pollob99/cracked-tab-session-saver-extension/main/gastrodidymus/cracked-tab-session-saver-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/Pollob99/cracked-tab-session-saver-extension/main/gastrodidymus/cracked-tab-session-saver-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/kbusweaty/cracked-enhancer-for-notion-extension/main/isocheim/cracked-enhancer-for-notion-extension.zip id: auto-c81a4e9d2843d814800812cb85555462a8a9f609bbbb281cc9671da1f12eac79 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/kbusweaty/cracked-enhancer-for-notion-extension/main/isocheim/cracked-enhancer-for-notion-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/kbusweaty/cracked-enhancer-for-notion-extension/main/isocheim/cracked-enhancer-for-notion-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/igoralways/cracked-enhancer-for-google-meet-extension/main/josh/cracked-enhancer-for-google-meet-extension.zip id: auto-11acd69444f6f097df274ada3503755cb312e2c15d7f035b9f1ddf783a1b8418 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/igoralways/cracked-enhancer-for-google-meet-extension/main/josh/cracked-enhancer-for-google-meet-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/igoralways/cracked-enhancer-for-google-meet-extension/main/josh/cracked-enhancer-for-google-meet-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/y4CEENE/cracked-save-to-jira-work-management-extension/main/squashy/cracked-save-to-jira-work-management-extension.zip id: auto-a59a6bdc0aee82bab3e6a206d1a86a86137446b0eb0d7e209d6b3bdb308cb84a status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/y4CEENE/cracked-save-to-jira-work-management-extension/main/squashy/cracked-save-to-jira-work-management-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/y4CEENE/cracked-save-to-jira-work-management-extension/main/squashy/cracked-save-to-jira-work-management-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.232.89:45131/i id: auto-83e97e2e5dc741d3162e8b18cef4931b5236cb394b28ead13fccd9ef452e7ba5 status: experimental description: Detects traffic or activity related to http://59.88.232.89:45131/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.232.89:45131/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.74.253:47923/i id: auto-9ae0bddce3a894655d6beed688f98aa99d88bbf10db484a4ec7560f011b28f87 status: experimental description: Detects traffic or activity related to http://125.41.74.253:47923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.74.253:47923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.21.96:48185/bin.sh id: auto-9033f6ae13f28effd8575aac858ca1da3176c5568f0b38cf94c27aaaac10a608 status: experimental description: Detects traffic or activity related to http://123.190.21.96:48185/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.21.96:48185/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.150.72:49815/i id: auto-fd5f319a69a6afa5011d17b0e627e9710c443c54ea88ba0e9ba69b4f919627c7 status: experimental description: Detects traffic or activity related to http://115.48.150.72:49815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.150.72:49815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/Hvc3Er/cracked-save-to-asana-extension/main/exclusivist/cracked-save-to-asana-extension.zip id: auto-07ee937e7fa85673e27e27b838f422a6e9befb7064d71fe7d1c23e28831315a6 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/Hvc3Er/cracked-save-to-asana-extension/main/exclusivist/cracked-save-to-asana-extension.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/Hvc3Er/cracked-save-to-asana-extension/main/exclusivist/cracked-save-to-asana-extension.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.170.65:52999/bin.sh id: auto-ce7a1cd2886d732ced2f4088050f0b6dd52d8b6ba7aec96150b3aa2d817c0bfb status: experimental description: Detects traffic or activity related to http://115.54.170.65:52999/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.170.65:52999/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.6.200:59386/bin.sh id: auto-6f69c2d402f880ec28b7ebae0f19739dcd633a40368e0247445eda9e3a4f7f3c status: experimental description: Detects traffic or activity related to http://182.117.6.200:59386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.6.200:59386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/crandd1/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-16c1171363f76e25e774d4777b1ae0837f4b2a9e3ceab86b2ca264978bb81b91 status: experimental description: Detects traffic or activity related to https://github.com/crandd1/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/crandd1/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/f1vteen/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-4f1d332f07de1a693621f3d48a71053ce2b2234c047e44ffc508e161efc96247 status: experimental description: Detects traffic or activity related to https://github.com/f1vteen/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/f1vteen/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.74.253:47923/bin.sh id: auto-f0dfa5933877aedca140b37b53500e1ea2e84c6b0367fe89a8980183f5436226 status: experimental description: Detects traffic or activity related to http://125.41.74.253:47923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.74.253:47923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.150.72:49815/bin.sh id: auto-55e30343883f7be653e97f0ecbb4356656d5b5354d16964d59646fab9054ff58 status: experimental description: Detects traffic or activity related to http://115.48.150.72:49815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.150.72:49815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/barryleth/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-91d85d0fa58c24d685bcd2fd62104d14cf88714dcb2c489b33c9d0daa7498a06 status: experimental description: Detects traffic or activity related to https://github.com/barryleth/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/barryleth/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.31.95:37519/i id: auto-d6b25ab161434c9d3a82c5f4a27c2d0c4a895fe054d25f2f60ecc6db9bc5690b status: experimental description: Detects traffic or activity related to http://112.242.31.95:37519/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.31.95:37519/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.31.95:37519/bin.sh id: auto-3fa99c671df067905b8abc550f36e4c4e52a9a1ba58a08c0ca0c9d6b49bc270d status: experimental description: Detects traffic or activity related to http://112.242.31.95:37519/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.31.95:37519/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.82.213:54072/i id: auto-c37189f2d94b7d88b7f938602f61ab717d399b073544e52874f33e2337866867 status: experimental description: Detects traffic or activity related to http://115.57.82.213:54072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.82.213:54072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/mips id: auto-a7db0914566d1edf08ee39b1a9456959eef8fff6524c6cc46e7140f960177926 status: experimental description: Detects traffic or activity related to http://103.28.38.18/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/arm6 id: auto-b1d49bde8a96fc776a36a4d64732903023ca515fa59fe428122a5537c1bd1483 status: experimental description: Detects traffic or activity related to http://103.28.38.18/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/arm5 id: auto-7f899c69da3227822d991f61bd99ba730a2ae2c6d57daef7da9d8986794180b4 status: experimental description: Detects traffic or activity related to http://103.28.38.18/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/arm id: auto-07c630f7972f362066a35ca905cff661287bc97b50883b5e1035cf0edb0fcd27 status: experimental description: Detects traffic or activity related to http://103.28.38.18/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/x86 id: auto-f257d0c1b7fe0329f21bd272bed37576d7c3858c02df3d3b4f880946e0c93a08 status: experimental description: Detects traffic or activity related to http://103.28.38.18/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/mpsl id: auto-990c5fc106ecd90015ad8505ceb03385f91144896d5e38644ea23220acbef5dc status: experimental description: Detects traffic or activity related to http://103.28.38.18/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/sh4 id: auto-6baaa4e03331b9cb0cb6dce89c863ff84bd176380613c821918136226be88077 status: experimental description: Detects traffic or activity related to http://103.28.38.18/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/ppc id: auto-b2c073c9ebfc3f6bea594953b6eda4942d878e0424c716c0309e422b0e08b143 status: experimental description: Detects traffic or activity related to http://103.28.38.18/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/x86_64 id: auto-bd9aee79771c483712a6203ab7b28cff12bff0e763e20afa1e78bfac73f51173 status: experimental description: Detects traffic or activity related to http://103.28.38.18/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/m68k id: auto-7945914022ef074fa13cdd02635e27150b83d29fd2a1ef606cf5dfe0aee86dda status: experimental description: Detects traffic or activity related to http://103.28.38.18/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/arm7 id: auto-62e31353db7f61ef5120eeebf57c4765493fe18b91388b6e409533f4182a8213 status: experimental description: Detects traffic or activity related to http://103.28.38.18/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/w.sh id: auto-5e1b4ead9774d8c3640f125323937089957706b5f703a2e88cc36f948e080f7a status: experimental description: Detects traffic or activity related to http://103.28.38.18/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/w.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/wget.sh id: auto-0d41c20c5b4f2cb8a9b7753622c27ef9e2d6d5006ff04e471c61a9fd0cc23a36 status: experimental description: Detects traffic or activity related to http://103.28.38.18/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/wget.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.28.38.18/c.sh id: auto-5f8f228c98054609a1be7b3466657cb25dd19f12b6f7bef3939e1ca6d32a7054 status: experimental description: Detects traffic or activity related to http://103.28.38.18/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.28.38.18/c.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.146.154:53919/bin.sh id: auto-5f509fa8c7b344a8de937310cdb1e8a051b69552f5a1ac89acf4bd93b356dd0a status: experimental description: Detects traffic or activity related to http://42.229.146.154:53919/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.146.154:53919/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.188.251:46163/i id: auto-f12618d83ea0f7bc4036d08965814456675ad5bd8c2849f9ebefa07e40a2baa7 status: experimental description: Detects traffic or activity related to http://42.239.188.251:46163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.188.251:46163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.200:33170/i id: auto-8c6928e6d60ad744e65f56a703831d86ab706c6fb69f9c756ccc6130c0215c04 status: experimental description: Detects traffic or activity related to http://110.37.97.200:33170/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.200:33170/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.m68k id: auto-17a0452cff91469ab1bbefd4a60b1db0f2da43b5b6d3ffe865e2c92029fa8b9d status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.arm7 id: auto-3bedf7535bc1e0b2e4d1873b572782dcfe1c7baf5e2a67620862ba2c47a88502 status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.arm6 id: auto-33efd3b87b14ab311d6e7433137f672521efde829e00a748a596e170d4b90b7f status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.arm id: auto-fb3918bb419d8a4291640e23997bef7496c6e7b13a9f43e1f4cb5a8ef80dcbe8 status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.mips id: auto-60716ef50a81ac0901547c196b3d4329c59914ac37ac21162b87e14279949cd4 status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.sh4 id: auto-6411ce62e616816f11993ce5d4deb83aa983254ec7a55b940bd1667e9a8cafb4 status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.spc id: auto-1456712e4acd57c1dfd1a0bf0379f9ca8b94b727c39fa0c1ff92798eebd5837d status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.x86 id: auto-889384b1b9726e5a779c75401e89b4209ec510816e9c6b2675761e2fd810d9da status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.ppc id: auto-2e6cd987c5bc82be85d698afbc6dad525140878ce79a46b11fe88ccfa7a3328f status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.mpsl id: auto-3410e033dc74db75381bc54e7c0549408cf576d8b84fe89daac6f60e7182f8a5 status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.10.175/bins/sdxkzX_UXA229x.arm5 id: auto-2b934b3c1979161cb51dce08b476fb9002b161efef82b34cb2c15fb53ed81d0c status: experimental description: Detects traffic or activity related to http://172.245.10.175/bins/sdxkzX_UXA229x.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.10.175/bins/sdxkzX_UXA229x.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.215.194:58216/i id: auto-e988732e4c4b15bb98841159ace9219f0895243fcdcb2926357301e0ac34a465 status: experimental description: Detects traffic or activity related to http://182.121.215.194:58216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.215.194:58216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.82.213:54072/bin.sh id: auto-968eb8ff74f91fe624e9a10e32a6acd10c863c7ebab091ab69df52080ecf3c50 status: experimental description: Detects traffic or activity related to http://115.57.82.213:54072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.82.213:54072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.91:38900/bin.sh id: auto-eb44e617a6734f028c0baeea0a99c37e98bb2a50282c4bd1aceb762119acfe65 status: experimental description: Detects traffic or activity related to http://59.97.253.91:38900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.91:38900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.51.69:47507/bin.sh id: auto-80e5340641bf1626351f3dddff86c951d014f10461ca9fee59eebcc05693303a status: experimental description: Detects traffic or activity related to http://42.235.51.69:47507/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.51.69:47507/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.11:33834/i id: auto-3a5b6e403f7b5f664eb6d37b50a45fee911d206adff4ccd6416f110cd4d09c14 status: experimental description: Detects traffic or activity related to http://60.23.238.11:33834/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.11:33834/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.208.243:49255/bin.sh id: auto-24bd898d63fd3a1a3393cdb0ab63266991fb3ed8e302743e1ec1882c3fb75d77 status: experimental description: Detects traffic or activity related to http://219.157.208.243:49255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.208.243:49255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.215.194:58216/bin.sh id: auto-b37018fbafb737f5af0c83e0494de2ad30928c8b7c5581a4cd6b7f66c02691d6 status: experimental description: Detects traffic or activity related to http://182.121.215.194:58216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.215.194:58216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.175.194:52944/i id: auto-8ad5bfc03860f5e5b58781f33aa02aa7213aa062fce82b211e34f672d684221d status: experimental description: Detects traffic or activity related to http://125.41.175.194:52944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.175.194:52944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.19.169:60633/i id: auto-6e38728f75271feb57ba72d06731a1b402b3402b0f3d7e3f48f421584150dbd7 status: experimental description: Detects traffic or activity related to http://175.173.19.169:60633/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.19.169:60633/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.11:33834/bin.sh id: auto-6efc2406ff5d17424d3af687d8720507c2ad65c20199488853abe571b8e9ee75 status: experimental description: Detects traffic or activity related to http://60.23.238.11:33834/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.11:33834/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.220.152:43261/i id: auto-3ab1d34c3b0c58de3d097694b8b72ad46287f69570891c2af2a0f915fd44b458 status: experimental description: Detects traffic or activity related to http://115.55.220.152:43261/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.220.152:43261/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.219.52:40150/i id: auto-dff54b285c90254e2256083ba42d527bafd923e7cef26a168bad2a8c15ff9b00 status: experimental description: Detects traffic or activity related to http://117.215.219.52:40150/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.219.52:40150/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.252.195:42115/i id: auto-30a7942823a796dfc90bfc6ee3015637026d382613120e8bfe7472c909d7aa23 status: experimental description: Detects traffic or activity related to http://123.14.252.195:42115/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.252.195:42115/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.210.121:35859/bin.sh id: auto-b05640d8acc69e7d8f5a832c5c258c4ccb35934f9202c15ad72ecb3b45fb3ed3 status: experimental description: Detects traffic or activity related to http://175.148.210.121:35859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.210.121:35859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.247.2:45901/bin.sh id: auto-274372b5a7d30c35b1ec98a632dec21cf774fb3062692aacc38b489de0a6e479 status: experimental description: Detects traffic or activity related to http://42.6.247.2:45901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.247.2:45901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.133.130:45392/i id: auto-d3750943d6dd67be996f59446abe6b72611810f37bca61181a732f53a7e009b3 status: experimental description: Detects traffic or activity related to http://182.121.133.130:45392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.133.130:45392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.185.42:47327/i id: auto-3ae4a9867d99bb722edb3dab2dc6487a84b788ced4b0577ea19229daeec508ef status: experimental description: Detects traffic or activity related to http://123.14.185.42:47327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.185.42:47327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:59454/bin.sh id: auto-6b28201b52a99b7ed24412274f0180df50f619934aa8faf12ad9ea89bdfeb385 status: experimental description: Detects traffic or activity related to http://110.37.73.233:59454/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:59454/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.219.52:40150/bin.sh id: auto-7a5cc3ce08c6aabd77bc382fe9e195d5dfc71b239b704a2720dde2513d6b8dc4 status: experimental description: Detects traffic or activity related to http://117.215.219.52:40150/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.219.52:40150/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.133.130:45392/bin.sh id: auto-5e0d859eda07caed1e851abf904aa1a9eda8adb941dbc55e6c0832bb13f2a6e9 status: experimental description: Detects traffic or activity related to http://182.121.133.130:45392/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.133.130:45392/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.30.124:55118/i id: auto-58c70948059c3a1818682c3204d75b2055ffe7111dc79e55ecf54687d46c0e51 status: experimental description: Detects traffic or activity related to http://42.230.30.124:55118/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.30.124:55118/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.236.83:49825/bin.sh id: auto-6fec0b85a9bd55103f2917b3396a8c948b7e8942d87ee58d1ba60731f36f4468 status: experimental description: Detects traffic or activity related to http://42.227.236.83:49825/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.236.83:49825/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.220.152:43261/bin.sh id: auto-27abcff5e8e186d115db8ff2c7ad08b3413afd95866f25f9bb1370cb033466cf status: experimental description: Detects traffic or activity related to http://115.55.220.152:43261/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.220.152:43261/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.211.148:43245/bin.sh id: auto-01b829e9aa2b962b7df209313ef5fbc3903bc70017d325c0891e8af6bad673f7 status: experimental description: Detects traffic or activity related to http://222.142.211.148:43245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.211.148:43245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/m68k id: auto-1ce0d3ffe577819486927ca8949690ac72bd07d9badbf681187f03e8efb4f4a9 status: experimental description: Detects traffic or activity related to http://46.38.156.31/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/mips id: auto-0deda53c1cfffdc185c44954235b01e1c09dd4c8202e20176b540bab2f7a0684 status: experimental description: Detects traffic or activity related to http://46.38.156.31/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/sh4 id: auto-07e75378139d09168b851eb928add7c2bf5a45a019537bb4eeaf861abe2c8a5c status: experimental description: Detects traffic or activity related to http://46.38.156.31/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/mpsl id: auto-6e48146f8fa223d51a998bc48046b74af5d0feb8b1bf3813b96ca6cfec6042a1 status: experimental description: Detects traffic or activity related to http://46.38.156.31/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/ppc id: auto-15867314124e906e533b7e435040d77e946babf6b0e67d18ded2a20f225f61d6 status: experimental description: Detects traffic or activity related to http://46.38.156.31/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/x86 id: auto-ca680efbe216e3fa287fb00c72412586c5511d3e11a57b6161e0b2f77e9d8622 status: experimental description: Detects traffic or activity related to http://46.38.156.31/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/payload.sh id: auto-ad4d42d38c1708894e8d84bc1751609232fea1dcbe887d3fbdc252c0f2dc7946 status: experimental description: Detects traffic or activity related to http://46.38.156.31/payload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/payload.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/arm7 id: auto-dc56d4587adac352dfe60454f4d8f6de1ea3f64560e9658d7f046a7d68f1ba2c status: experimental description: Detects traffic or activity related to http://46.38.156.31/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/arm6 id: auto-c3da5ffddc41d861447a73cc0a14315217049a777bd02b7ebcad7776cb546aee status: experimental description: Detects traffic or activity related to http://46.38.156.31/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/arm5 id: auto-33989b05c82cad778e0a56c4a101c94a88d877edb6da6ae4e557b3a735de35c0 status: experimental description: Detects traffic or activity related to http://46.38.156.31/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.217.238:39554/bin.sh id: auto-f91f222668fb388d78abd1f0fa04ecaa4b56c2e253f0adbbeddbb13fcdf54420 status: experimental description: Detects traffic or activity related to http://42.228.217.238:39554/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.217.238:39554/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.252.195:42115/bin.sh id: auto-ae38fb51d6365c2e6e96b42d4077a828494d0363d32ad2ad247331fb6ea66ce2 status: experimental description: Detects traffic or activity related to http://123.14.252.195:42115/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.252.195:42115/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.212.72:60785/i id: auto-2ae92b3fc15731413e4f3f1fafeedfea00b4039316f41c0ab5f719f0fa0d2c89 status: experimental description: Detects traffic or activity related to http://123.14.212.72:60785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.212.72:60785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.243.25:42136/bin.sh id: auto-abf897eac8a9bd68c8629f296d6541addd4bba188ef861d161b776d5b11add54 status: experimental description: Detects traffic or activity related to http://120.61.243.25:42136/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.243.25:42136/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.30.124:55118/bin.sh id: auto-2452d488f8042212bf92fc4a8a242cc30bd08b40923f1858fb096425bb151c8f status: experimental description: Detects traffic or activity related to http://42.230.30.124:55118/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.30.124:55118/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.60.254:37666/bin.sh id: auto-9b0dde56135855f2ceb8b8a87c25f24b2f6399e1011ba5abbb1ccf252456767d status: experimental description: Detects traffic or activity related to http://125.45.60.254:37666/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.60.254:37666/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/k1pTjin.exe id: auto-7306ef8abdef1a29d3e63fe77e15a45339667b1e49fef93dd6161267452e3f5f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/k1pTjin.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/k1pTjin.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.220.124:59013/i id: auto-2a31ce2da70d813dd681cdaf5d8200f80b680da9a53987f44df7b418b3604698 status: experimental description: Detects traffic or activity related to http://115.55.220.124:59013/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.220.124:59013/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.87.158:47418/i id: auto-b3db9695f62764be9ff75da191cb096d434641c91cd4f1e7478cd8fca26e67e7 status: experimental description: Detects traffic or activity related to http://117.241.87.158:47418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.87.158:47418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.5.163:40515/i id: auto-d09ce8298c5b53fc476d4b7a40eddca2ec58dc9756135cb0b0ff0ace43f0f92f status: experimental description: Detects traffic or activity related to http://123.188.5.163:40515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.5.163:40515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.243.95.50:42140/bin.sh id: auto-904326dcd6eeb57e338978902b2696c5674cdb27c1ed635c80dce5346787eefb status: experimental description: Detects traffic or activity related to http://222.243.95.50:42140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.243.95.50:42140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.6.200:59386/i id: auto-26d576c01e81a1edc8f970796e2fe48177df6d224ac5840570233f7079ecf151 status: experimental description: Detects traffic or activity related to http://182.117.6.200:59386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.6.200:59386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.80.33:59536/i id: auto-b31ed9bbc052524d3025867ef6a4195ef385dc431768d54ff78324ad79f2308a status: experimental description: Detects traffic or activity related to http://117.205.80.33:59536/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.80.33:59536/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.38.156.31/arm id: auto-e93840776bd1d4af57004adc9193df87edec7303ffc62246da1e9b08476ebeef status: experimental description: Detects traffic or activity related to http://46.38.156.31/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.38.156.31/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.212.72:60785/bin.sh id: auto-cb10490f460d133192c3f94a22dc35b4d1cb06fb32109ca3bf6bd8ddff837d56 status: experimental description: Detects traffic or activity related to http://123.14.212.72:60785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.212.72:60785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.252:55413/i id: auto-e0139dab506386e9364d59d00cf8dd0de52b9132b79bd270df3e49a2a1a67216 status: experimental description: Detects traffic or activity related to http://60.23.239.252:55413/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.252:55413/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.210.147.248:33276/i id: auto-018e96e3b412c2cd445dcf21b6b02b344015732805227740ca1497a740740261 status: experimental description: Detects traffic or activity related to http://77.210.147.248:33276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.210.147.248:33276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.116:32804/i id: auto-8121ca1b3e804cf76b9be3ee065fc05c938d65c49a480b17bd303d47326b6e4e status: experimental description: Detects traffic or activity related to http://115.56.146.116:32804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.116:32804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.96.149:50724/i id: auto-2ec535868119bcb65241279be01a2a6a2921b62cb9e508bf15b0953e6edf79db status: experimental description: Detects traffic or activity related to http://117.235.96.149:50724/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.96.149:50724/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.2.87:46670/i id: auto-4ab31095b05f4758410b7a7fe5b7057e1f00f16940b034fd30331fe19b839ab8 status: experimental description: Detects traffic or activity related to http://42.5.2.87:46670/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.2.87:46670/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.252:55413/bin.sh id: auto-0f58befba2c86726f3a60e411a1b8af01188e37dd016ab3441ca4976411ea5a2 status: experimental description: Detects traffic or activity related to http://60.23.239.252:55413/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.252:55413/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.116:32804/bin.sh id: auto-013b2d9c497c4fb0379a6530ea220bb4a276c6a693c28c87422f9421ab23d965 status: experimental description: Detects traffic or activity related to http://115.56.146.116:32804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.116:32804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.96.149:50724/bin.sh id: auto-51f7538aa39d378aaf1cc7525c22b1c0e2e9f42cd1481bccdcd5280868549972 status: experimental description: Detects traffic or activity related to http://117.235.96.149:50724/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.96.149:50724/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.99.51:44240/i id: auto-b74964d49a84f744f90b8bdca942d1795105fc73f13c7fd4a12e7d152fbf6bbb status: experimental description: Detects traffic or activity related to http://110.37.99.51:44240/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.99.51:44240/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.3.96:48327/i id: auto-d792cce071b8e63c10a7639f0ac3d1f662df1888a248603ba1b6fcce4b6d0541 status: experimental description: Detects traffic or activity related to http://125.41.3.96:48327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.3.96:48327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.214.31:59623/i id: auto-4dd194c1c4a77f2a4e71d423358f2da538e28fe28df3ee7d8d4016ee30bfd3e3 status: experimental description: Detects traffic or activity related to http://123.14.214.31:59623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.214.31:59623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.2.87:46670/bin.sh id: auto-f30a0b7c76b4c8ae44ccc312533060105f53f2d65f945d87bb1987cedb01c55b status: experimental description: Detects traffic or activity related to http://42.5.2.87:46670/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.2.87:46670/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.253.42:56520/bin.sh id: auto-b24382e8bf5466ba3d12bf063d7ec472dec69f1b5dcca254b0b621bab97d86e5 status: experimental description: Detects traffic or activity related to http://61.54.253.42:56520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.253.42:56520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.202.57:55942/i id: auto-1a27689d82c1921237daa3bc96971a2351e3ab726d60455730e5b5b302b92e50 status: experimental description: Detects traffic or activity related to http://42.225.202.57:55942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.202.57:55942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.99.51:44240/bin.sh id: auto-0372bd62e82631db907e24b67c28cc63f0bb17262b911d1469edb696378b717c status: experimental description: Detects traffic or activity related to http://110.37.99.51:44240/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.99.51:44240/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.139.144:34672/bin.sh id: auto-f3ec4816cf43d7a8f434940e0275146c260042512b2b5d05bf13b41034ed07e3 status: experimental description: Detects traffic or activity related to http://59.96.139.144:34672/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.139.144:34672/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.245.131:52565/i id: auto-c1a831512833fcb1af48577f2bb324b6133495ded7195a721ed0d0413d88446d status: experimental description: Detects traffic or activity related to http://124.94.245.131:52565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.245.131:52565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.57.185:45424/i id: auto-a579110b2f806fe803cd9b5a8aae3581b81e40cd4836946e9bcac1c0b35d6840 status: experimental description: Detects traffic or activity related to http://182.119.57.185:45424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.57.185:45424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.208.243:49255/i id: auto-75b781904e04362559da7f6831ae575b6d35f21e0243b2468b2e2a8eb8a0f94c status: experimental description: Detects traffic or activity related to http://219.157.208.243:49255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.208.243:49255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.57.185:45424/bin.sh id: auto-c23d172ac6bc4f15fb6868f4cd0b80f58553452f966b249462ace79db037044e status: experimental description: Detects traffic or activity related to http://182.119.57.185:45424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.57.185:45424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/mq.xml id: auto-a478c6f859982a886ebc735e3cc03e957daa6cd0501d98eb97497f9836382eaa status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/mq.xml which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/mq.xml*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.mips id: auto-d3314482d2d6f7e4f61882752f8f3c95563eea7afc53a543d99f6804fee7bca8 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.ppc id: auto-1a90468f84c0022ac616415aa33ad032d85acde92be86b69fe9543feb81dcc34 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.arm id: auto-9ca38dd96661de00bb2d6d894098fd320a65898c9c030aab40965094be66b125 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.arm6 id: auto-959635cc3cbe8a3c29e273e84bc2754de81c12937c47abca9838079d51907deb status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.arc id: auto-f5fcbfb3148b94f14c92f1ff4422d6e1e5a4e55173529510467274f124f7e6f2 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.mpsl id: auto-09d28f2e1d08502ea5154a319e20a574299743bb5d72fad281333eaa11ed20e1 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.sh4 id: auto-3487afdeb6dc95e1654c7d5071eb5032a5e47c1a2e9ea25a6f3976d527224724 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.x86 id: auto-29a4e48126afc85f69df546fa93c2d3cd5319b52a120d868db3a9f4ca3d31169 status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.arm5 id: auto-ffeb9ea1248b5724bbe3f36a2bf5aa840d1145f45841bdebc8f69b17f872729b status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/i686 id: auto-6435a6c31e480c605984f299ec61705b4225f90b059a592d17da056958070d92 status: experimental description: Detects traffic or activity related to http://193.233.248.201/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/m68k id: auto-7685dd11d06b8c59cfff0f8012d499f83880430d660f782014a16f38e2453b74 status: experimental description: Detects traffic or activity related to http://193.233.248.201/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/arm6 id: auto-39cf55dd5ce119d29ccc321e8656c20ce8a5e168766b186e5b08f0841f6c5a30 status: experimental description: Detects traffic or activity related to http://193.233.248.201/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/sh4 id: auto-702a062491a6c3c634b0cd30fd392b82212a1664fcb6810f6659227be0c12dfb status: experimental description: Detects traffic or activity related to http://193.233.248.201/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/arm4 id: auto-d615e044a824c06983d2027948c9626947f8e7a5981c8186b817415d1dff7f83 status: experimental description: Detects traffic or activity related to http://193.233.248.201/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/mips id: auto-8a7066fce817ab535ea596b5ce92bd8570fdececa3805be5c7ed57f480cf8116 status: experimental description: Detects traffic or activity related to http://193.233.248.201/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/arm5 id: auto-3cafeec5b7b2dafec304bc29cd3f4726478486b69533eb84b9aa27ad89fa574f status: experimental description: Detects traffic or activity related to http://193.233.248.201/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/arm7 id: auto-451557996ba2d20ec0acdbc1d279c98f3829aa409e406685b7ae3a193aab5c33 status: experimental description: Detects traffic or activity related to http://193.233.248.201/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.spc id: auto-e51eb0d9441e52463f9d2bf7480e3082bab8de625b4b0f35b5064732dd2a0a8c status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.arm7 id: auto-0f48b651507e93d3d04c223c26e248e3c9a627c47eaf078d4984855187e1d9ad status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.54.79/hiddenbin/boatnet.m68k id: auto-66237b34ea4af186e208ca2ebf8bb878821c40cd480767f6c5422be40195aa6a status: experimental description: Detects traffic or activity related to http://45.144.54.79/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.54.79/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/x86_64 id: auto-9cff5219c5305d3e1e06c083dfd0676d25758f5e8d2010ac675e0011d7f7932c status: experimental description: Detects traffic or activity related to http://193.233.248.201/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/ppc id: auto-8d2bda1db544f4ad8fcd9967851bcebc38b7b3ad1d407510642d9cc6d19b4a56 status: experimental description: Detects traffic or activity related to http://193.233.248.201/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/mpsl id: auto-ab57a9499585338b91ff4a526e2e652a4c58fcf618ffe1aadfcf954fe7335b40 status: experimental description: Detects traffic or activity related to http://193.233.248.201/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.233.248.201/x86 id: auto-33d6aa6f19996282c72b02dc765021cbca546302ad4b5b349c626c7ec2cb7720 status: experimental description: Detects traffic or activity related to http://193.233.248.201/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.233.248.201/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.231.129:49437/bin.sh id: auto-0d4ae7c51529233eff2c7b8088c2f9ae55204159692a0da4a477bb234596cb95 status: experimental description: Detects traffic or activity related to http://113.229.231.129:49437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.231.129:49437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.235:34240/i id: auto-937c5e2b6fb4b815d71f3c2a6f45f58b1d99a2a83c58865557c8c817b04ab4c3 status: experimental description: Detects traffic or activity related to http://58.255.46.235:34240/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.235:34240/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.27:55820/i id: auto-99352dc81118399178588fdc6e48c418286f27f749068a668fe741e09bca1c62 status: experimental description: Detects traffic or activity related to http://110.37.5.27:55820/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.27:55820/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.146.154:53919/i id: auto-45e4fed63da3cbec9b603556c081eaaf81c6c4a7355d5dbc4608e4c5a3eaf235 status: experimental description: Detects traffic or activity related to http://42.229.146.154:53919/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.146.154:53919/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/ppc id: auto-38cf5d7e934148a5ea5a6845f3f36052002d4dbc028db68a2d14c6db2e6dcb5d status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/x86 id: auto-4f0c99e1065795e01f9c861b89c4d5143a07b01ba183be9c3c8d64b598240c51 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/spc id: auto-5f280edccecdb5ac50f53ae584f8ade6dd950a46c67a83859f4c8a066599af4b status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/x86_32 id: auto-be603c510e375543f39648f3902bf688bf65a17150b51ab81267bbc29e749cb7 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/x86_64 id: auto-4c5f7d3bf74d322e3ea714be8c720d890c0ec8d5afcc2021ee3d66c2364f31df status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/m68k id: auto-da67cde30dc4692098b710ac241ebc59bb18273f058b17acdc0880ed16ea9521 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/mpsl id: auto-d7a4efc9bf743a3547d5062150e067d9dfd880ff858489a4a43a944b3e92e7b1 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/arc id: auto-a0338bbce0ba92a50c0956ce7de178f4f1e43974352170b258cd49350bac5d68 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/sh4 id: auto-0537ed7896fe545b9c7335bd4160098d1e4f04a70577c808c04e21efbdc099b9 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/mips id: auto-6081a787210c79436b907a87e0bac9ea90b4aaa7b0d51c98783a31f005b73564 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/arm5 id: auto-b413a6ed07b5429a8ba03f0b6ceabe8c577795552792847be4361518910854ad status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/w.sh id: auto-b984e1aabbd6f9fa2998d8ca5b58eab66bf757e1ab9e457fd8cf8f8cedcb4e58 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/w.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/arm7 id: auto-bf83787fc3da82249558db1026898ccccddbf952a2187c0f74dfa9ece5aa0eda status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/c.sh id: auto-a8f86b24a186a9c4c10bebb5a9534b12c0e387f0b4165f4b69ecc86c31e45448 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/c.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/arm id: auto-0732bfa6a50152970d9809080910de41a3d7aae971a728a1f8afd9d3fba57eab status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/wget.sh id: auto-ee15d2fbcfeada36fc59fc4482c0865ea1f8eb276d2055079f925f40ab7a8ca9 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/wget.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3032137.contaboserver.net/systemcl/arm6 id: auto-a23f640d4b815906e57afb7dfa1d798117977f4b3a31665b3f0fb878f37dd056 status: experimental description: Detects traffic or activity related to http://vmi3032137.contaboserver.net/systemcl/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3032137.contaboserver.net/systemcl/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.31:55650/bin.sh id: auto-5ffab9b4d326675327cd47e15613822342fb930e7b1a9582cd2f7a89a2c25583 status: experimental description: Detects traffic or activity related to http://125.41.6.31:55650/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.31:55650/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.61/core_90.63.0_INSTALL.exe id: auto-457be5677990244afe9ff412ed287a054d45f97fffbeb26508b0c231f1df6f04 status: experimental description: Detects traffic or activity related to http://196.251.107.61/core_90.63.0_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.61/core_90.63.0_INSTALL.exe*' condition: selection level: high tags: - attack.t1588.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.61/ziobxq.exe id: auto-65a770e16b6f9bced70c07660741b6000c34c476ba159945c43ce63ef6ff645b status: experimental description: Detects traffic or activity related to http://196.251.107.61/ziobxq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.61/ziobxq.exe*' condition: selection level: high tags: - attack.t1588.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/strm-asset-cache28/scene id: auto-267ef284f12e986339e33681ac597116f05e23b375ae12e844581860e8e4aba7 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/strm-asset-cache28/scene which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/strm-asset-cache28/scene*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.153.214:51200/bin.sh id: auto-9212c917dd7a0a2739d21b8048725126bbb55ce12ba5c9a042fc0130be1f277c status: experimental description: Detects traffic or activity related to http://175.148.153.214:51200/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.153.214:51200/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.27:55820/bin.sh id: auto-c9d28fa7ac26566b565c1f01f7fabce8a3ae33feeec1fabcaa67025613e8b991 status: experimental description: Detects traffic or activity related to http://110.37.5.27:55820/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.27:55820/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.175.194:52944/bin.sh id: auto-e377db9367ef4878c0b1191560301a52cf0469200c848cea1dde27d5e99e9622 status: experimental description: Detects traffic or activity related to http://125.41.175.194:52944/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.175.194:52944/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.61/Organized_2012.109_INSTALL.exe id: auto-673d7b5a14d50a9f2baadfe7b3940894e46e77c298e899b44f25a8e43fdbbf61 status: experimental description: Detects traffic or activity related to http://196.251.107.61/Organized_2012.109_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.61/Organized_2012.109_INSTALL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.61/build.exe id: auto-568a65fb2a4e52fd7f6e801ce9f101be61d553f091648836f3eba5593bb27339 status: experimental description: Detects traffic or activity related to http://196.251.107.61/build.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.61/build.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.184.72:41962/i id: auto-eec19b5dab0686a016bac6127c294fcef32a3248fc0788c6a4d8ad21025785fb status: experimental description: Detects traffic or activity related to http://42.55.184.72:41962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.184.72:41962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.177.30:38035/bin.sh id: auto-cdd1496b7257356a736694ddb52348cf0d94b33bb98d929d00e360bc7040f7e7 status: experimental description: Detects traffic or activity related to http://118.81.177.30:38035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.177.30:38035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.135.185:40473/i id: auto-706b94b64df472acfb6918defbc0775d3ac97a63a1c002070ea7f8e6fb9a0b22 status: experimental description: Detects traffic or activity related to http://61.53.135.185:40473/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.135.185:40473/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.184.72:41962/bin.sh id: auto-2dd59b8561fc31d41c8ca5272f8716f998e265f7b8c433b3acbca1b50b15a49c status: experimental description: Detects traffic or activity related to http://42.55.184.72:41962/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.184.72:41962/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bigbins.rebirth.st/mips id: auto-190a16bde6913c455c3e535340c6ec309c2fc0d9460cf6e4f47af0e442f23446 status: experimental description: Detects traffic or activity related to http://bigbins.rebirth.st/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bigbins.rebirth.st/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.53.124:54871/i id: auto-386a9312a0eb2bfd183333aa6bfd8c06c0b16237abedcc180aed4f27036718fc status: experimental description: Detects traffic or activity related to http://115.48.53.124:54871/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.53.124:54871/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/x861 id: auto-6f8b1fbecc3065849d21764a5ac2e70c851fae136341effc1a673afe5b399c76 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/x861 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/x861*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/x86_64 id: auto-242d8d6aead9f223b1ebfdc69d1432d51003cc597cdeddb48699fcb9c7684d99 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/spc id: auto-8bd347237a9bce5114a666c378ca688c9c971f9155b025f100a0f05c78b3be13 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/sh4 id: auto-204a8aa19d6930f824fb1ddb6415cf2605f5d9a82ded20a419c667e5d604beb8 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/m1ps id: auto-624098c4f0ca6105bca0bc3532125b9b426a71bd1beebd701a5e6614b600af33 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/m1ps which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/m1ps*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/m1ps3l id: auto-105953425d4dd487ebb233de6dd4e1f33f6f62b5f87520eedd9fd5995493ea8d status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/m1ps3l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/m1ps3l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/ppc id: auto-ec6e21ca566ecdb5acbdf5d0f110f2a3a68e5c7b0d77c3521167509fdf99ca53 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/m68k id: auto-b7b747ec8378fc31e8e0230a0118d61678bfbf1cc7305e9ac1788fca4402d34f status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/a.sh id: auto-26ea51a08e54692f890038e6f218af7ae2eefba385b3787f7d7a0f7df3e13815 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/a.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/a.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/4rm5 id: auto-ebd6051405331564e6358cd0a096057592a5409a81638ebeaf96fcd8024e6035 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/4rm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/4rm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/4rm6 id: auto-75b81d8b358fa28b11231d5eae90f39b5794b84ff9e102fc3c4814ec2dc2f908 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/4rm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/4rm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/4rm id: auto-1c46e7e65e1e3d8b449830f9f3b312277133ae20d03289436190a655096448e1 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/4rm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/4rm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/wget.sh id: auto-bc6bc878d7c27a4da8890a07f194c6588f25118898c113aa733da7113a11ddb0 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/wget.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.82/bins/4rm7 id: auto-4c01a1cf39f8f125b32858562a8b8922eb0a8427d7a8cd0deb4e78f4c68e6bd8 status: experimental description: Detects traffic or activity related to http://82.23.183.82/bins/4rm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.82/bins/4rm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.191.18:43567/i id: auto-ea5f9f1232dc13c933c139970819d0169ff2a5e8eb86edea9437c94797f88be1 status: experimental description: Detects traffic or activity related to http://36.64.191.18:43567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.191.18:43567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.9.20:59586/i id: auto-653873a936467020f70bdf3b5c9b06826c4c020867f4ff4dc2794c21a58c5863 status: experimental description: Detects traffic or activity related to http://117.209.9.20:59586/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.9.20:59586/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.53.124:54871/bin.sh id: auto-88096d0a43a66f916576a86d06f5ded11accb4753f25643d5ae7b29d67d1f9cd status: experimental description: Detects traffic or activity related to http://115.48.53.124:54871/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.53.124:54871/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.191.18:43567/bin.sh id: auto-e5ef916af4a3ddfe58ea761c6846a8c22bfa8563daab540143277f90e1a88028 status: experimental description: Detects traffic or activity related to http://36.64.191.18:43567/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.191.18:43567/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.158.180.155:53907/i id: auto-0c123d4b73d01a58e7a340a9b09730aaa555df5c53c70239c9ab49e1f6f7c9a5 status: experimental description: Detects traffic or activity related to http://95.158.180.155:53907/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.158.180.155:53907/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.85.231:54920/i id: auto-83951868ea8f13224e0669ee38512048e3252608de260acbdb4c0147b0aef802 status: experimental description: Detects traffic or activity related to http://42.228.85.231:54920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.85.231:54920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/meech1/random.exe id: auto-a5a4590c4a5c95b5218ee7d7c81d1e2ef0aa1db99654c10e53ad4264123126d1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/meech1/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/meech1/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.197.83:60476/bin.sh id: auto-18de8d645de36128a99550f0aeb469efa59e74bee8e7401ba949fea18dfc4fbb status: experimental description: Detects traffic or activity related to http://42.227.197.83:60476/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.197.83:60476/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.12.179:53462/i id: auto-f50e9058a8f9a62ffd39c967426d9381e7d4a5ada43568a577b09a330fa0802c status: experimental description: Detects traffic or activity related to http://115.63.12.179:53462/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.12.179:53462/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.17.68:59065/bin.sh id: auto-28a9615b318ea6dcd0e5aad0c5c6905cfe17922b6fee284155fdb5dbc4abcd0e status: experimental description: Detects traffic or activity related to http://42.53.17.68:59065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.17.68:59065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.85.231:54920/bin.sh id: auto-2575e98dafc16ed11b2b94b82ff3a48692d0c25f0390b16e5ca7650c52e9d6e4 status: experimental description: Detects traffic or activity related to http://42.228.85.231:54920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.85.231:54920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.202.51:59222/i id: auto-e73fa7f5193770d529befc15fe503518134ceb4359dd379d8fd706999ae0d5ee status: experimental description: Detects traffic or activity related to http://115.50.202.51:59222/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.202.51:59222/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7955629260/o1PhU3h.exe id: auto-d0acfd33121ebaa5b222488f99a9d3e36e3a1b0a3093cab82557ab7995f94ca9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7955629260/o1PhU3h.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7955629260/o1PhU3h.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.158.180.155:53907/bin.sh id: auto-cd662c9acd50736120719a18ce4598db53fd2aa377e65775862cc801efe6edff status: experimental description: Detects traffic or activity related to http://95.158.180.155:53907/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.158.180.155:53907/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.82.39:52385/bin.sh id: auto-d3593917ad7c58c1d50136825bbcd69ba548998cec6f9f762fc62dcfd4cbd563 status: experimental description: Detects traffic or activity related to http://117.205.82.39:52385/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.82.39:52385/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:59454/i id: auto-24a54e939d65bafc57edc07ee9803ffbd1d77b90c6087202aa0bfaa7e8168886 status: experimental description: Detects traffic or activity related to http://110.37.73.233:59454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:59454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.26.64:37375/i id: auto-979de805b76640cbf59edc6996e8deeeef2f91ba1be670e9577254bdbdf76c96 status: experimental description: Detects traffic or activity related to http://115.59.26.64:37375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.26.64:37375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.188.251:40970/i id: auto-0d2e65f67978a86c1c71c52fe70cff2de302e911d95c37e45f4617a26888a1f9 status: experimental description: Detects traffic or activity related to http://222.141.188.251:40970/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.188.251:40970/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.140.93:59328/i id: auto-fd20261f5a0c198767b6802d500573eea2c2d79ba8727fb49b7e8b62bdb1332d status: experimental description: Detects traffic or activity related to http://61.53.140.93:59328/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.140.93:59328/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.193.137.100:44539/i id: auto-71475e88758967231cb02a44d08b4128d48fe10f738971847f44be594a74693c status: experimental description: Detects traffic or activity related to http://117.193.137.100:44539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.193.137.100:44539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.5.182:36572/bin.sh id: auto-0d0a695fe58d226d6739c765d0088fb8818a2f286ba4199e1eb0f7b295c05203 status: experimental description: Detects traffic or activity related to http://125.41.5.182:36572/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.5.182:36572/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.5.182:36572/i id: auto-04aec3d32d63200d78137637264707e58bc47a7ed949f7a24eba4149bd13043b status: experimental description: Detects traffic or activity related to http://125.41.5.182:36572/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.5.182:36572/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.167.25.248:47924/i id: auto-4c3b0dc66c1447e748af6b74acaacb069a8c2e9664eff64c3691392e38065288 status: experimental description: Detects traffic or activity related to http://119.167.25.248:47924/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.167.25.248:47924/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.239.109:58403/i id: auto-675ac3ec1f46b124d453ddd8ba25c7adea3a57c301971fe96c586f80afa4f067 status: experimental description: Detects traffic or activity related to http://119.179.239.109:58403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.239.109:58403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.139.72:37742/i id: auto-febc93f6d174f0fb9482f77611e165493454733eacd4bb719c2cfad95878412d status: experimental description: Detects traffic or activity related to http://60.23.139.72:37742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.139.72:37742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.86.87:40653/i id: auto-29c883969e9c7ac61faa037fc9151da2d562231a1b94c096be0a1bcf8f8adc28 status: experimental description: Detects traffic or activity related to http://182.126.86.87:40653/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.86.87:40653/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.197.223:47467/bin.sh id: auto-32dcd405fd687a3a9688b7960dc9caabd50efaccf7d5282def2d999aab614740 status: experimental description: Detects traffic or activity related to http://221.15.197.223:47467/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.197.223:47467/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.124:51298/i id: auto-96472d3281c39ad95b504d067399f793d37ee9a391b8372242396ff6d572d539 status: experimental description: Detects traffic or activity related to http://61.53.126.124:51298/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.124:51298/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.197.223:47467/i id: auto-4bc1b51224a0a9b01e3550233365aea96c8672c238284201bc2ba7a95c004477 status: experimental description: Detects traffic or activity related to http://221.15.197.223:47467/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.197.223:47467/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.191.169:36980/i id: auto-9290f42b75bc4a77b7131e91e343dbe042a6baa44487f0df6a6376259f36400c status: experimental description: Detects traffic or activity related to http://221.15.191.169:36980/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.191.169:36980/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.43.206:59492/i id: auto-747db61f58add0389ff4dee5baca1cc589053a2524ef012641b980ad351780ba status: experimental description: Detects traffic or activity related to http://182.117.43.206:59492/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.43.206:59492/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.202.51:59222/bin.sh id: auto-9726b909092c94f4bff62646ba1d86933982f810246d3143626eed8ed67147a9 status: experimental description: Detects traffic or activity related to http://115.50.202.51:59222/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.202.51:59222/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.221.27:38492/i id: auto-634dae66abf076a5c425ff3e2ea11d9c7378b71b4f44aec39d07c12b061ee660 status: experimental description: Detects traffic or activity related to http://42.225.221.27:38492/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.221.27:38492/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.221.27:38492/bin.sh id: auto-9f9229205cf77c70a92addd354d4c8f3f757da569ff3df92bcb9f4984e2e9490 status: experimental description: Detects traffic or activity related to http://42.225.221.27:38492/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.221.27:38492/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.224.167:40007/i id: auto-3aab6d6caa29b5ee932fd02a99c9833304a9478edfa1267ee41b8a32d926b624 status: experimental description: Detects traffic or activity related to http://115.55.224.167:40007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.224.167:40007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.43.206:59492/bin.sh id: auto-59bb18159c6be9ffb292a112efbb8f26a5f53a906790293912f8902439bb98e7 status: experimental description: Detects traffic or activity related to http://182.117.43.206:59492/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.43.206:59492/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.213.159:43810/bin.sh id: auto-ebac88cb1c761ee5d323c367bd8d325c8440267e9611ef2b15d8b1d13fa60af9 status: experimental description: Detects traffic or activity related to http://120.84.213.159:43810/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.213.159:43810/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.224.167:40007/bin.sh id: auto-1d68f2f901f67a3e9088c23657ed23484348c6fd571bf485fa77525885510eef status: experimental description: Detects traffic or activity related to http://115.55.224.167:40007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.224.167:40007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.48.188:38074/i id: auto-d239ded520dacae961bd5c66d65d60ab516ab47c9e83a9f921cee003d05d7929 status: experimental description: Detects traffic or activity related to http://175.146.48.188:38074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.48.188:38074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.220.69.49:54617/bin.sh id: auto-2cdf3904d78d7696abf1db083d02ce53925cdb33fa488a932fbdf9e7a08d1c8b status: experimental description: Detects traffic or activity related to http://91.220.69.49:54617/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.220.69.49:54617/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.22/file/data.mips-uclibc id: auto-ca5fbafd8839c8f4e8badf9091e0c01b46988ba7e14a9563ff7ad31b75355b3c status: experimental description: Detects traffic or activity related to http://130.12.180.22/file/data.mips-uclibc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.22/file/data.mips-uclibc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.48.188:38074/bin.sh id: auto-8755628e0358e443ef0fe8ae94cab48926a777f5798fa4df67738db735d0f100 status: experimental description: Detects traffic or activity related to http://175.146.48.188:38074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.48.188:38074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.62.114:51876/bin.sh id: auto-ac0652c10ad2b7222d9695ac1511cdcaa90fb1e82116ec1989c3eeca7ffc1b10 status: experimental description: Detects traffic or activity related to http://117.212.62.114:51876/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.62.114:51876/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.60.254:37666/i id: auto-325db87fb6486604fa6bddf80c80a46dad89ceece3797c6e95647ee34656a984 status: experimental description: Detects traffic or activity related to http://125.45.60.254:37666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.60.254:37666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.253.0:38791/i id: auto-d27dfddf62732e6d477ad71bedc011ecdf2bb01054864f1946e4861e0bd3fca3 status: experimental description: Detects traffic or activity related to http://123.14.253.0:38791/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.253.0:38791/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.172:53941/i id: auto-a079491984e308621203471a848fefccdf2283c48f2b261e513d2f3f7c9e85e4 status: experimental description: Detects traffic or activity related to http://175.165.84.172:53941/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.172:53941/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.64.186.6:36836/bin.sh id: auto-3d9220ab4c5393bbe74fd7a0db2d53f0cf029370e800c553ef117c2d50996bb6 status: experimental description: Detects traffic or activity related to http://39.64.186.6:36836/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.64.186.6:36836/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.221.158:54993/i id: auto-9ef9fabee9eb540ae51963045f21e0ac9ef6c5ff1a9eec9ad4ef589e3c12320c status: experimental description: Detects traffic or activity related to http://117.245.221.158:54993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.221.158:54993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.189.210:59827/i id: auto-a29e91bb06115403c56e51546ddac4a1ac7878a6f1ab8afbf77ae9ce600955bd status: experimental description: Detects traffic or activity related to http://116.140.189.210:59827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.189.210:59827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.24.237:46502/i id: auto-b9fcaec29bf37fc462dc8734d76e5cbb7ece1eb79896443734285e95d8e088dc status: experimental description: Detects traffic or activity related to http://42.224.24.237:46502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.24.237:46502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/arm7 id: auto-bad6432fcdf8ab4a0a5cfc72546ea8c8c5f5ab9e2d7825a2eb1dbbec42daa67b status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/arm5 id: auto-e98ffb8e961c9ef6ae6718b3eb14dcf4d27fc8ee5cddad16dfbb3bae794106f4 status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/mips id: auto-efd1c561e3ad30c0ad791d36caffaed5fa93e29802b33017d12d3a66df8a7eb8 status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/ppc id: auto-cc68cda8b625f2e28c13da89c186d682836d90513423fc8f600bb6fc8fe9e39e status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/mpsl id: auto-ef4c8d7b3df2d363c5bb18f0626cf36450f19463b47a28a6acf730032a3688a6 status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/x86 id: auto-4c3c6063e51bba99d8e34773ceec7397c47cab6be1fcb7b158c419d6aea26a5f status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/m68k id: auto-0bf941606924f7d3ee32e800076e4b57a4afb53c59f97b2409992dde16c7ea28 status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/arc id: auto-feb8a3664151db1082e7405f95539e66b78adaf96511a1937800553a7a33d9dd status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/x86_32 id: auto-7338971a2cf57e1f0be8cc8859d5e64d21ff58ebfcc886b415179248c09e004f status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/arm id: auto-abe542419ceb110a674ae52382ee0c9959a0c33a9b12fd80e09c8c9e6367e4c5 status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/arm6 id: auto-b9203ddeb7458084c807979046504ba8ec23fbe1a94d9f4e0924b283a19feb0f status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/x86_64 id: auto-d5554d2beb40331848a58df65986067c99addf58393f485c7245555ce499c5be status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/spc id: auto-5f17bc28f9e56232c19c472cf00bace685aceb7b17c70cd6f29821a8ab080c20 status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://161.97.112.116/systemcl/sh4 id: auto-3ea32b67bf9dc3d31067d1e91463c6d98bf803c98c572be52df2c97ca8222f7f status: experimental description: Detects traffic or activity related to http://161.97.112.116/systemcl/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://161.97.112.116/systemcl/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.253.0:38791/bin.sh id: auto-169b45d80570d9e754fe945d82b249a779086171109b0e00ed99eafcdf1ba6a5 status: experimental description: Detects traffic or activity related to http://123.14.253.0:38791/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.253.0:38791/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.189.162:57159/i id: auto-d19f8366a2eeae55872bb4db803024318e74b7b720dc49b08955bd183faa47e9 status: experimental description: Detects traffic or activity related to http://61.176.189.162:57159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.189.162:57159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.177.67:36684/i id: auto-194eec45041378f3c2888b502988fcf2ccb94691d82331c175e9c987b1b88a77 status: experimental description: Detects traffic or activity related to http://219.157.177.67:36684/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.177.67:36684/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.172:53941/bin.sh id: auto-63f98f240c8fd40d7f32a8fed9d623e2f3a24cf2284e9217870bd88eb778e78c status: experimental description: Detects traffic or activity related to http://175.165.84.172:53941/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.172:53941/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.141.9:45077/i id: auto-217a79de255e4102646d76ec6f7dc780071bb6c0e8245c7bc93259db91357d7d status: experimental description: Detects traffic or activity related to http://42.87.141.9:45077/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.141.9:45077/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.250.87:60163/bin.sh id: auto-f5c60d27ce86c189efe87bebe08aefda8d92902e96f5f7f6b1263c9ecf39a029 status: experimental description: Detects traffic or activity related to http://182.121.250.87:60163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.250.87:60163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.8.145:34316/i id: auto-e8ecf537f102caeee160d042d19c0d49c25b1c44fbb314e8ab71629cfe6fa65e status: experimental description: Detects traffic or activity related to http://182.113.8.145:34316/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.8.145:34316/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.166.147:51738/i id: auto-21e6540b26e094d23dd74b6741ee7e45c14bde84a29968842a757785e3e86189 status: experimental description: Detects traffic or activity related to http://42.235.166.147:51738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.166.147:51738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.12.179:53462/bin.sh id: auto-125fd7c8874e7a8e9776c7df91fbffa43f0539616840b21201049a4c2863b59d status: experimental description: Detects traffic or activity related to http://115.63.12.179:53462/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.12.179:53462/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.124.82:56528/i id: auto-aa295a8c29b9054182059a196c889647cd032f30b784caffe4f42c800e718c4c status: experimental description: Detects traffic or activity related to http://125.43.124.82:56528/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.124.82:56528/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/meech/random.exe id: auto-5f727f7c8f23def658c31459854955e32eaf691c8260d561891bec219467c7cf status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/meech/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/meech/random.exe*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.75:44601/i id: auto-3b2af3f68b6035f142aba82c43c71610d316e82d677b95bac20c251772dc7823 status: experimental description: Detects traffic or activity related to http://115.55.51.75:44601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.75:44601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.75:44601/bin.sh id: auto-a5dbc93331088bb528da91390da2cc35439a712c0414e7fc2140d185f096d035 status: experimental description: Detects traffic or activity related to http://115.55.51.75:44601/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.75:44601/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.177.67:36684/bin.sh id: auto-e9cd5b5c5487c2d1d6d5dd35ea46c5e854ae812efef1e336ceb8023f71cba504 status: experimental description: Detects traffic or activity related to http://219.157.177.67:36684/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.177.67:36684/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.141.9:45077/bin.sh id: auto-6a7c62d579dde4c5846ba3ed6b419c81caa8cc68cf0e0dbda24c0a06f3bd492b status: experimental description: Detects traffic or activity related to http://42.87.141.9:45077/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.141.9:45077/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.164.55.32/index.js id: auto-496f1935d714542d385f9f5a8c344c638466396a5fb438b44da20e29323aaf8c status: experimental description: Detects traffic or activity related to http://95.164.55.32/index.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.164.55.32/index.js*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.124.82:56528/bin.sh id: auto-5d22d58c77d1a8b973af07a508d8fc97e594ca09876b6e19f670c44754fba1a2 status: experimental description: Detects traffic or activity related to http://125.43.124.82:56528/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.124.82:56528/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.253.249.145/m.GRE id: auto-e45c9e77499e4de6e477d8c1ab3722e852750604a4b9f1e30712b6010f9379dc status: experimental description: Detects traffic or activity related to http://80.253.249.145/m.GRE which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.253.249.145/m.GRE*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.253.249.145/Y.GRE id: auto-eddc98873acf681f9cf2012b725dfdb930bf448be9a496bec9a663d756eddec1 status: experimental description: Detects traffic or activity related to http://80.253.249.145/Y.GRE which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.253.249.145/Y.GRE*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.166.147:51738/bin.sh id: auto-a1e83660a7af1811a78210839fa99fbc97de6f723f74603e0df0ead2c23760e9 status: experimental description: Detects traffic or activity related to http://42.235.166.147:51738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.166.147:51738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.8.145:34316/bin.sh id: auto-85e9687f60761eec4259a213d2c938fad3532e4fdd8da8b674d9631b93e9931e status: experimental description: Detects traffic or activity related to http://182.113.8.145:34316/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.8.145:34316/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.112.110:37114/i id: auto-4afaf7e86e362023a162ac8fb7ef660ebde9202704468001f74edd2d40cfeb18 status: experimental description: Detects traffic or activity related to http://125.40.112.110:37114/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.112.110:37114/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:38471/i id: auto-44546fa8a61f272794639f26ee1a9f0856aced07fcd7ded326c6f5a8c35a6147 status: experimental description: Detects traffic or activity related to http://110.36.29.76:38471/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:38471/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.220.69.49:54617/i id: auto-4fa532bd64b175e9a51801874f9defb37acdc0b6f4560cd5acf709680b0d20e9 status: experimental description: Detects traffic or activity related to http://91.220.69.49:54617/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.220.69.49:54617/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.87.214:40288/bin.sh id: auto-3085d61b1803210ebe0f124b7927da029c06b22adf5f4d8854b850e9b40d2f47 status: experimental description: Detects traffic or activity related to http://175.165.87.214:40288/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.87.214:40288/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.200.90:60823/bin.sh id: auto-7d8ce7dfeed163d7d33557274e5182658a95bd5007b53ea83bdf3b9a1b1a2bd3 status: experimental description: Detects traffic or activity related to http://60.23.200.90:60823/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.200.90:60823/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.112.110:37114/bin.sh id: auto-19b1443142f053bf29874725f6c2133a13c8197db29d758668f824b5d4cac86b status: experimental description: Detects traffic or activity related to http://125.40.112.110:37114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.112.110:37114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.106.145:54104/bin.sh id: auto-8fd15dc0f743048d19043c513d62ca7f90f65dbc10678dd5cd9c8160be4155fe status: experimental description: Detects traffic or activity related to http://175.173.106.145:54104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.106.145:54104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.246.114:36519/i id: auto-a905efd2a7f14e4c85dfbd190ad59cf9b1207bcdc69432ef9f2c494858e4cc25 status: experimental description: Detects traffic or activity related to http://59.184.246.114:36519/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.246.114:36519/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.138.214:34258/bin.sh id: auto-5264677e8d41ccbf15deb30fdedf26975c5d386709907f3fe7c2660c68e32a4f status: experimental description: Detects traffic or activity related to http://42.87.138.214:34258/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.138.214:34258/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm6 id: auto-04e8d2def4a0e28df332903eea47be46d849ea3787ada95d280dbaa863bc59b7 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/fernisafuckingddosbossfuckkrebsandshitlabs.sh id: auto-73b0f64684161abcf4c7e0a6c0f6904f79418a9b21ba10c287cf84b8ff0c0680 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/fernisafuckingddosbossfuckkrebsandshitlabs.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/fernisafuckingddosbossfuckkrebsandshitlabs.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/wget.sh id: auto-e38ce609c7675c6f0498e7b56ae13db19475b6601e4378e1cc264f0e55477fb4 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm7 id: auto-8a2637e741a56bea093be2c5dfd39a6f215881752d1c197c0065cc0d129f5254 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/tplink.sh id: auto-d5ced6631fac77043a8f8350a6e0a9c604145954824f1df98872861221a6419f status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/tplink.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/tplink.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.mips id: auto-060690e21dfc3535d00b0c44186b6b85c6b8a022bdd6d99d090c643d34b923c5 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/x86 id: auto-217ac657da59b9c038255c5eab85cc6b115c7941cc3d1b2bc4f6a3dbc66fbecf status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/sh4 id: auto-519da39a4cd5b41cd999bc626cdf8411daa909448ad959cb229ef87455c4853d status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm5 id: auto-bdb069602973e08c27a9e5e1832be52c9783c68882ffb60952ff2eda5d3bb9d5 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/mpsl id: auto-5c37b40b46fb89381d1f8343de8e024e10c1187a50717a230c07b4aab6a26dfc status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/lalala.zip id: auto-37e37815851950939f7d41aadd94c2d8caca38265b7a06cac834273d9eb3756e status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/lalala.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/lalala.zip*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/sparc id: auto-d3b737d858c4ce8dcb2286d6d200cc6537222746187276519ae3c91840ec5b55 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/sparc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/x86_64 id: auto-882ca396b22159802725d918f8ca4cc90b5bf87402924d79a4e8d49095355845 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/c.sh id: auto-4f02ef7b723d34c6fb797f5e75bd1a08dad346140306299180e88535e2ad9d4a status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/react.sh id: auto-71b2f341414ae0c894c5b5b11465b3ae8b68ae5ff79ccdd4047e26b0889470e1 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/react.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/react.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.m68k id: auto-c5591cc1353d56fcbc19b7a29f5063a189900dca3535a8612eb171e20a1588b3 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.ppc id: auto-16f4d4e1bc1e8ce4c060c9d0abfec2a1d6c98eda32de2a57de819d89f65f2994 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.x86 id: auto-48fd8c776d63a3733afcf8ab20a73fc873b44a2c2dadb6c07a6899e2c7210fae status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/m68k id: auto-fbfaee78c09ef89a450afd63e72e64454eb52d00def68f72dc46bffbb1b76f27 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.mpsl id: auto-1540922c8b351b97c8b0b1a5b93b45f9326d85ef476de9dad7fc431ef5425aeb status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/mips id: auto-47708a7f81989abfa155a673e17a903dc3f7ee4a943c0d66092dca60a86bd71f status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/arm7 id: auto-59743a801cb40b92cb77c667706e705a0a31964936bea0971cc144e886858435 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/i486 id: auto-0c53581b8560cd0addce50e62a1704c17974211a01b7e70afe153e34a44363a5 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/i486*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.sh4 id: auto-e6a7cc501ed5db4d297f362e868e32e0ed06b18426c6f30362c59af7f14ebd5f status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/ll.sh id: auto-f27562a24482cae32dc03d41495cb665b8dbbe467160bf53512959c47a231ad3 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/ll.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/ll.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/StormStresser.x86 id: auto-b6c1e529479e4e7255980466a516cbe62224cbc2fd1f1ce8a22c4d72ddad8e4c status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/StormStresser.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/StormStresser.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm id: auto-b31ace4a6a9789883ac73a7102c7ebcd87ece2b357534ffd6bfeb0ce8c39b2fd status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/ppc id: auto-b1d3c553cd1f9c2b7130949740a575b4eba84cd59257e47fc11cd4294d3266d3 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.spc id: auto-c74102a7bf62bb5f5550acfbaa7a80f13c072541da04c3417b7e7ff415795315 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/morebins/StormStresser.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/arm4 id: auto-7ddc4557f7ffdd495e8a079d0ed64dfabc56ec70a92a4115489f009e68fc5665 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/arm4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/react.o id: auto-a82a60fd2733b50bfbd96773e96acdea3f1223d64530f59dae54b95b47187db3 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/react.o which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/react.o*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/arm6 id: auto-b2c6b7cd0881f738adb5cf5bec0e7cdf50a063b03e5546d3ddca55e70847bc5e status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/react id: auto-2d238e52db754efe92708ee6736c14b694e21386b3f9780eed7c1c6d09455307 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/react which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/react*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/w.sh id: auto-d7787e5d3a0a9a250ce040882bbebdbd1963d1b46a636595bea5ec30f8892558 status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.52m3kn4.secured-dns.cc/arm5 id: auto-8feac31c48fb50092015291cb1d73662fd346880390f62cf63721de2f62be8ee status: experimental description: Detects traffic or activity related to http://ns2.52m3kn4.secured-dns.cc/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.52m3kn4.secured-dns.cc/arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/react.o id: auto-71c799d948536b4975efc66518d9be21ec65eecc918198ea418140e6a2982b75 status: experimental description: Detects traffic or activity related to http://158.94.208.251/react.o which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/react.o*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.arm7 id: auto-df05383ae0acb3a9715077ceae923c819babbeba8cbba70767966b4babd933bb status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.mips id: auto-62ae0c25910352b8cfee9aa12ab262dd59c0e0b136f4c722b4a8933dfc9a97e4 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/fernisafuckingddosbossfuckkrebsandshitlabs.sh id: auto-8feeb930fb8f08128b46dd3e7dd0bb2d33cf5d79f06d1c00532588cf1f35b4d9 status: experimental description: Detects traffic or activity related to http://158.94.208.251/fernisafuckingddosbossfuckkrebsandshitlabs.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/fernisafuckingddosbossfuckkrebsandshitlabs.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.m68k id: auto-9380152c093966cfe7681882b5369ff692f4b6e344c0723ab3f5bdc822893498 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.spc id: auto-2d1b9135ae16e50342eee8e460b66703ade4a84c2e5a568d185f585c5ec34805 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/react id: auto-6c97fb2411b21c0510b71668d189b646fb682d2c6f1d866b1e7be3c5627265d3 status: experimental description: Detects traffic or activity related to http://158.94.208.251/react which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/react*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.arm6 id: auto-a80f8f2661e833c7c2f509e1622b7046583578c7bb7165f13a3a8cd32d71e038 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/tplink.sh id: auto-b84144e3ed7c0b2c9224e6dff5a04b9e2361a0351ade7e6c928f9e74150d9b64 status: experimental description: Detects traffic or activity related to http://158.94.208.251/tplink.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/tplink.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.mpsl id: auto-34f6e732032498b70c6fa2ef0c22780fb3e502fc4d8f7e47dd11ba7decf5d42c status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/w.sh id: auto-488c50255b72412751b7ccf07c8bd5faf6622f8373d121bddc7e64b3db07c75b status: experimental description: Detects traffic or activity related to http://158.94.208.251/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/wget.sh id: auto-3978f2a07909e0767c41930b0527edc9cf37b676d49e191420683f57a627b3e9 status: experimental description: Detects traffic or activity related to http://158.94.208.251/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/c.sh id: auto-b65431f9ddd5a3dac86114fddfe053ce475b80bc9ca9cacea9a3d8a2241f6d2b status: experimental description: Detects traffic or activity related to http://158.94.208.251/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/ll.sh id: auto-92626d9a0fde05eb921aeb0f501673ed001f9f3d662d66e28db444ac786b0f93 status: experimental description: Detects traffic or activity related to http://158.94.208.251/ll.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/ll.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.arm id: auto-9c017d49f5afe3fc0ecd918d7f8de5d5a05bb94204ab8ffee0c8e75a4fbffcfe status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.x86 id: auto-d97751c0912a912bf22d24e5b5b2f90a082e5b04110478b4471af0ab09250eda status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/react.sh id: auto-117ee66e64da64fa6e26c13db940088fc4625c0fbd092cb03b5087a9eb694d21 status: experimental description: Detects traffic or activity related to http://158.94.208.251/react.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/react.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/lalala.zip id: auto-58f0a18a71c16ee4f61d8d593045152ed083246cbeb8efbf2da6ee11ecf41f40 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/lalala.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/lalala.zip*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.arm5 id: auto-206a96b13c2e3f8183adef0e3cacea847da17c52153936ffcd1ffa2d014d46fa status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.sh4 id: auto-2f5955f0f7ddc0b941f77e8e4de33b9745a936f8f1741f62a4862101957cfc96 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/morebins/StormStresser.ppc id: auto-a055fc7f3826fa124582605675023f3f98e8ad070388c43632a0a849001cfc08 status: experimental description: Detects traffic or activity related to http://158.94.208.251/morebins/StormStresser.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/morebins/StormStresser.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/StormStresser.x86 id: auto-6ca27970cd2b48e7c316574f69c3e387d0523fbbc49d9a737d348f5c4f244d42 status: experimental description: Detects traffic or activity related to http://158.94.208.251/StormStresser.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/StormStresser.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.244.205/1.sh id: auto-220cf3a57c9e9634b327977181978a0f78bd2ea2fd005219ea91433626f9737f status: experimental description: Detects traffic or activity related to http://103.67.244.205/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.244.205/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.sh4 id: auto-442e233d5bf2cdbfe7c44abd5da8d782a8753c4742dc7f169ec553469ca46e02 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.spc id: auto-991f1c3fe24d6106f7664ab861f6f19594b68fdfe8395995c977d7a58a45bd44 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.arm id: auto-7abf06d8a36afb31e7da661532c9a658faa365613c81a42cadcd85b78f841d4a status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.i686 id: auto-301b0807010fbd298d05fd94fd559248cd5438f55e2c462fa6ec53027c54406b status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.arc id: auto-a27da31f30daee8c182bcd758d7ebb53b7ea9d28562de52d0d52907761ebabd4 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.ppc440 id: auto-adda7d816d81ba5fda5e22095d7ef013c369c1520f02f54a915f06c2d9c3d704 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.mipsl id: auto-422bc5ed1400cd52a02429413319fc28a988a10b6ba37a6262fe1a080f41dc45 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.x86_32 id: auto-d29b1097af008ef360a43d14f37f7e70c92cfcc2bb2c1d2df3c4f0805c003518 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.ppc id: auto-aa53ea334b94e941b6a749d2bca9a2b599652171d061715458171e10e17dcfbc status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.x86_64 id: auto-1f66e7203a0d4e2579c7ad5d8d9c03e6d2df0d6ed6af43642d4c033cc6e0398e status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.mips id: auto-ae15e4d4a33037664f6c3c840e1c7ff98ec43fd2e91a0c1b0ff947d17a5a6038 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.arm5 id: auto-b8ea121943478d509e25369b79d3345f79d88e8a0e6db1d360f31e31b4e62295 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.m68k id: auto-2ad29e7e495bb3df4080871009ddedf0cb792d31bcd2253c0f9dd8ad444166c5 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/all.sh id: auto-872b4fc482b25cf21aaac8bedc848c19007b1cc291419890dc098c6ecd460c7b status: experimental description: Detects traffic or activity related to http://87.121.79.9/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/all.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.arm7 id: auto-63da1ca46313cffb2818e885285d6da9c53f9a302224fc9044ee33279aec0499 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.arm6 id: auto-24c3adf97583318a6aefd349e3633163674296d030b75286b2fef5f51ab406a7 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.79.9/huhu/titanjr.i486 id: auto-dfe49fc5a5e844513c8046a07aa16ae0603609f78c2b71328fbaff528eea2551 status: experimental description: Detects traffic or activity related to http://87.121.79.9/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.79.9/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/BF/bill.bat id: auto-15733e0d7d54a585b0bf17e7dbfcdaff4f69dddeb2817c652578c5d40d41b577 status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/BF/bill.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/BF/bill.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/bill.wsf id: auto-232ef2d5d090731ab25afc386fd0bd7bab5f2387f86cbba3ca68c152abd094ef status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/bill.wsf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/bill.wsf*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/mub/19.bin id: auto-c06c660676c874dfd4814c788f6c21b83f7063b8db0cc088773ef43a9d357366 status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/mub/19.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/mub/19.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/mub/payload.bin id: auto-55b5d547a11c6dfd0bc68e2d5c54e2e3ddf95ae1516e6e9488301a130b74553b status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/mub/payload.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/mub/payload.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/DE/datev-rechnung.lnk id: auto-11e804a150644840dcf410ad194b5ee2a9a78eb726b81e29f2f14cd597615b14 status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/DE/datev-rechnung.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/DE/datev-rechnung.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.249:5000/mub/k.bin id: auto-08256534db770734a69d104eae19857ff4c0720b7e1728ca56e5688038ff5d42 status: experimental description: Detects traffic or activity related to http://91.92.242.249:5000/mub/k.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.249:5000/mub/k.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.221.182:49182/i id: auto-9188ad3815a07d297ddda233b7d4d0889961c9d6d4532118851ec8a8a24dac5b status: experimental description: Detects traffic or activity related to http://110.38.221.182:49182/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.221.182:49182/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.221.182:49182/bin.sh id: auto-17a6357cb004880ec2748eda7993cec6048fc371ef108c0c7488a8193f9e7ff2 status: experimental description: Detects traffic or activity related to http://110.38.221.182:49182/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.221.182:49182/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.32.161:34324/i id: auto-883b03e6aa3028ff4f4bf353ea0709058df60361b0ab5d61348167439811e427 status: experimental description: Detects traffic or activity related to http://125.42.32.161:34324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.32.161:34324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.93.211:59112/i id: auto-219682769faa49ae43c5a39f891094a359425ade309ca1dbcc1ca9dc9ac9c527 status: experimental description: Detects traffic or activity related to http://103.93.93.211:59112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.93.211:59112/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.236.74.65:39590/i id: auto-d57621c8acb046ea655a677be400cc917dd600781e7a5130542232130eb288c9 status: experimental description: Detects traffic or activity related to http://77.236.74.65:39590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.236.74.65:39590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.29.191:7001/i id: auto-f9ec106b1d782748324d59f1f16e7393122e877885b9ee56edd3248e4e655363 status: experimental description: Detects traffic or activity related to http://182.127.29.191:7001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.29.191:7001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.135.90.46:25440/.i id: auto-cad72ca8b5272e714cb958ddec3c682e28fa28600b667cf433dabc5b3f8cac5b status: experimental description: Detects traffic or activity related to http://88.135.90.46:25440/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.135.90.46:25440/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:52627/i id: auto-2d4ce8c611b28566fa50394d1fae26bedc9a9d89a55a4e36ca227243f7a229a6 status: experimental description: Detects traffic or activity related to http://173.28.101.7:52627/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:52627/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.6.171:55753/bin.sh id: auto-02813ccbb179ebca7636ddb87a41574e8d5fb8e94805a824dda580fe6cd26712 status: experimental description: Detects traffic or activity related to http://123.11.6.171:55753/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.6.171:55753/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.6.171:55753/i id: auto-b9b13cdb1e4d3981c89dfde243c19b979c769aa648824f47d2ed7f01fbd1863c status: experimental description: Detects traffic or activity related to http://123.11.6.171:55753/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.6.171:55753/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.236.74.65:7001/i id: auto-d4e7a56901b573e4651e6c62c56df653939e6b4c187664a78634581a79b22364 status: experimental description: Detects traffic or activity related to http://77.236.74.65:7001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.236.74.65:7001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.60.7.4:49570/bin.sh id: auto-da4dbd9991d3e5ed7635873527c5a6cc146e97d72120f44f33700746e7a1391a status: experimental description: Detects traffic or activity related to http://182.60.7.4:49570/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.60.7.4:49570/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.92.130.154:50424/i id: auto-b8f90803c368d3733cf8f0862db5d401df36755586e01ed93ca1d8bda8b5f8b1 status: experimental description: Detects traffic or activity related to http://23.92.130.154:50424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.92.130.154:50424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.3.136.228/233/sd9898f9d89g89349894389df8g98df9g839493499g348989d8fg98d.txt id: auto-f103a05afcc3b62c0b8e650c2924dbf81b01ec3e1d9554c08788ce9b35a2fcd2 status: experimental description: Detects traffic or activity related to http://192.3.136.228/233/sd9898f9d89g89349894389df8g98df9g839493499g348989d8fg98d.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.3.136.228/233/sd9898f9d89g89349894389df8g98df9g839493499g348989d8fg98d.txt*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.3.136.228/arquivo_20260119170904.txt id: auto-c66ae30fb2a7537097be80d3d94c39e273ef3a83d568527339734dba802c0806 status: experimental description: Detects traffic or activity related to http://192.3.136.228/arquivo_20260119170904.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.3.136.228/arquivo_20260119170904.txt*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.174.33.21/img/optimized_MSI.png id: auto-35f3c1d1795166fb92644bd02e8a9220354ab720737b38ec0421c4370dac9981 status: experimental description: Detects traffic or activity related to http://107.174.33.21/img/optimized_MSI.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.174.33.21/img/optimized_MSI.png*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.174.33.21/185/f98fdg98x9c89ds9f89899298989f89g89df9g9899fd9cxv989d9dfg98.hta id: auto-54a152ccd50ba76e7f5309a41bcc97ef9e7c8788b31646fc4b1f9a172c525b77 status: experimental description: Detects traffic or activity related to http://107.174.33.21/185/f98fdg98x9c89ds9f89899298989f89g89df9g9899fd9cxv989d9dfg98.hta which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.174.33.21/185/f98fdg98x9c89ds9f89899298989f89g89df9g9899fd9cxv989d9dfg98.hta*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.174.33.21/186/xcv99sdf89sdf9ds9f89899298989f89g89df9g9899fd9cxv989d9dfg98.hta id: auto-ffb6216cba08877d97b3c04f54912e0c51ab694834a32c04e69164f7acbb4815 status: experimental description: Detects traffic or activity related to http://107.174.33.21/186/xcv99sdf89sdf9ds9f89899298989f89g89df9g9899fd9cxv989d9dfg98.hta which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.174.33.21/186/xcv99sdf89sdf9ds9f89899298989f89g89df9g9899fd9cxv989d9dfg98.hta*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/4rm id: auto-728a1992e97213cc0b71bc895a2ddcc91a3e0da718c875bba8d5578941f559d9 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/4rm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/4rm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/m1ps3l id: auto-6e48aaeb8fb41d7862d0fbb4af404dd38af9d7a5f6fc6c17acd17cf5b810855d status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/m1ps3l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/m1ps3l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/spc id: auto-4a65d7c782bbe64bb2f980957ae1b060edbe32b2ba2909b7d908c65211c5ca65 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/x861 id: auto-dc2e5ec6765f8c019f10395916eae926a17c5b86180039a12d89365711a1004a status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/x861 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/x861*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/t.sh id: auto-c8fbd1bbcbc061ab01f7cc29b12d04fb40848573230cf0981efc0292d6f88556 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/t.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/t.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/m68k id: auto-be54cb6a7f4c7b54491e8861e08580585fc6e74e5a38c8bd7eb4b62ec3d9185c status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/m1ps id: auto-6272582fd7e5be9ce68af104600e70b0518bb36a8bd7660970c9871b7d1ab82c status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/m1ps which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/m1ps*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/wget.sh id: auto-0284820c3fafc386dbd5c0663a5ede2b170047bcd8656f17da9fbdd33b156099 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/4rm5 id: auto-4c8cd827f8b8dcc4bebc83895ef406532d4cac11266d761bba02bb2ba5438921 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/4rm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/4rm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/s.sh id: auto-dcaf59792dd7062b233eda88ee12d928f775c89bb4ba40966e218128ccdad0c2 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/s.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/s.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/sh4 id: auto-3042a031d8335ead11c0d98831450c5aae886b9e5d9c53949bd0e49e78a10b30 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/4rm7 id: auto-f0a47fed0a777832eca834b99c7b4e955a9aa39e3cb676505db41d1b2983af62 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/4rm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/4rm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/ppc id: auto-75fb259c66c67583db03a24eaade860632360b6b3cc54695e8d729091164830f status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/x86_64 id: auto-22e32a4e74e210f8e01a864a342f981f9db51bc3c054b92f0590de46c30e0d20 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.152.67/bins/4rm6 id: auto-80b8c6f0359e37f99dbe776c737e91d6ab1310521956aa2e42d6b137cdabe661 status: experimental description: Detects traffic or activity related to http://94.156.152.67/bins/4rm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.152.67/bins/4rm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.144.238:41012/bin.sh id: auto-f93930011ba700864d9444665ce0478914ec6cb225ac6e3d3f7c5a67fa20aa56 status: experimental description: Detects traffic or activity related to http://115.56.144.238:41012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.144.238:41012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.182.169:41856/bin.sh id: auto-f56a44518dadb9d3a928f980b89701cf95abc9acf64f7ed7d91377b4bd47e7c1 status: experimental description: Detects traffic or activity related to http://117.254.182.169:41856/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.182.169:41856/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.39.208.185/Documents/moco.pdf.lnk id: auto-6a1f1ab9534594a60922d2abfa7392223c24048861be1d285f826fcbb75efb6c status: experimental description: Detects traffic or activity related to http://193.39.208.185/Documents/moco.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.39.208.185/Documents/moco.pdf.lnk*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.39.208.185/Documents/moco22.pdf.lnk id: auto-2780bf2bed7a7f5e448f766cf7e7636561482cce7ee450b53786a548f8ccc981 status: experimental description: Detects traffic or activity related to http://193.39.208.185/Documents/moco22.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.39.208.185/Documents/moco22.pdf.lnk*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.39.208.185/Documents/Document.pdf.lnk id: auto-ff2b95d94c1b1854eb6fc36ab1f34a1328901e7c646a991815eedbf19baaa057 status: experimental description: Detects traffic or activity related to http://193.39.208.185/Documents/Document.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.39.208.185/Documents/Document.pdf.lnk*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://securityfax.servemp3.com/az.txt id: auto-8d9b7c4f1594c85efeda92c439f08aff6ea757d05d1f95f08ab10109f90abcc1 status: experimental description: Detects traffic or activity related to http://securityfax.servemp3.com/az.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://securityfax.servemp3.com/az.txt*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/ppc id: auto-57b04662bc4a90ad49be440f24dac18776bb346eb6d2e6c9f1ba2c9c402c3963 status: experimental description: Detects traffic or activity related to http://45.156.87.107/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/sh4 id: auto-f4afef595bf048a147fdb306d3e16ae17cfa45576247f9499d7c615bd0ef2104 status: experimental description: Detects traffic or activity related to http://45.156.87.107/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/i686 id: auto-70d4fca50db923e8f4836edb863717214c7042301d488cffdc9b461187687234 status: experimental description: Detects traffic or activity related to http://45.156.87.107/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/586 id: auto-fcb6357ee291ade6f582320f7193d5c69121caf2172342b861144948d1f3a635 status: experimental description: Detects traffic or activity related to http://45.156.87.107/586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/m68k id: auto-b78d5ec49bccf16eaea67c012f17ded925729dd905bb401b1a00e587b18aabbd status: experimental description: Detects traffic or activity related to http://45.156.87.107/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/x86 id: auto-eb35431993f2a11378d6232f02d05d234f2e3f66b416bc67f688eb669343c92b status: experimental description: Detects traffic or activity related to http://45.156.87.107/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/mipsel id: auto-f03ee28525a0ca46e867d63404988620a2e55b869f41816e4b0d1ae4ba77a372 status: experimental description: Detects traffic or activity related to http://45.156.87.107/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.107/mips id: auto-27e80eeb93fce1e156bb4fc7f2064631ed766ce4e9b394d93959c49ce0b4d3ba status: experimental description: Detects traffic or activity related to http://45.156.87.107/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.107/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.103.175.50:6666/02.08.2022.exe id: auto-ad88f9670694bc9d70440c0a9fae7e7d7c369179d781ae415ac744f60d5a1644 status: experimental description: Detects traffic or activity related to http://14.103.175.50:6666/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.103.175.50:6666/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.86.60.178/02.08.2022.exe id: auto-59bebdc1122e524c602e690e004eb6311c18e59ac6a892d205a42e897cb54d59 status: experimental description: Detects traffic or activity related to http://47.86.60.178/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.86.60.178/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.124.36.95/02.08.2022.exe id: auto-485b4bc651127cfb735fb27b1984027dbd5fe150f5d9c6a312d42c161d45804c status: experimental description: Detects traffic or activity related to http://112.124.36.95/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.124.36.95/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.168.94.108:20080/02.08.2022.exe id: auto-7adc37a8c41539656c40426df634b40eb052a815d01e33381dfbb059f128d1ba status: experimental description: Detects traffic or activity related to http://104.168.94.108:20080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.168.94.108:20080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.136.159.25/02.08.2022.exe id: auto-458ec277b280964e230632084a16d55ae796e4b93fb3821e6f3e2c100ae3d91b status: experimental description: Detects traffic or activity related to http://152.136.159.25/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.136.159.25/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.110.66.57:8086/02.08.2022.exe id: auto-cc00d2e594ddfb0e22bdb4dc21095175811b211ad341c16998692e7231aa88ac status: experimental description: Detects traffic or activity related to http://47.110.66.57:8086/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.110.66.57:8086/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.117.123.110:32100/i id: auto-3d1f3e05f70875d9700af60984e528f061631468ca391d663c3d7f6c610339e0 status: experimental description: Detects traffic or activity related to http://42.117.123.110:32100/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.117.123.110:32100/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.108.228.116:17873/i id: auto-ad562655831427ac4ed45880d953c549795e1245b2dde2fd5c2648a8dba483c3 status: experimental description: Detects traffic or activity related to http://190.108.228.116:17873/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.108.228.116:17873/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.97.180.71:2628/i id: auto-e6122a36a8b505e5dce7e9274eb624a5ab6902a52605022f77ba53872219049c status: experimental description: Detects traffic or activity related to http://138.97.180.71:2628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.97.180.71:2628/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.187.237.98:10001/i id: auto-95dda22d0717abdc33a1e8fd49667eb9051f3afd1a7cfcc504c2ced5777796c6 status: experimental description: Detects traffic or activity related to http://85.187.237.98:10001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.187.237.98:10001/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.97.195:2004/sshd id: auto-895c27452a0991a126f07f2c8c4bb46b74eb8dd5578277c6c41fc3ffd07ffa9c status: experimental description: Detects traffic or activity related to http://61.3.97.195:2004/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.97.195:2004/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.168.174.117:1733/i id: auto-3a3f0ced3b09babdef961a1fc447493952333bdf27e22a0a8e05c8cc68b5b324 status: experimental description: Detects traffic or activity related to http://185.168.174.117:1733/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.168.174.117:1733/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.235.89.207:92/sshd id: auto-c0e36487991e7e07637a17b06bba9b6b8bf0ec9ee29cfb2e805de89e4ed06d82 status: experimental description: Detects traffic or activity related to http://93.235.89.207:92/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.235.89.207:92/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.235.89.207:90/sshd id: auto-9f2a2a12036168a01adbf34927a457376014282a73779e90467b73140449207d status: experimental description: Detects traffic or activity related to http://93.235.89.207:90/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.235.89.207:90/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.41.144.12:8082/sshd id: auto-6f8eb5f7dc08e8127f8708aee9e7c88e6edc0c857724454c874007cfce2c9ce6 status: experimental description: Detects traffic or activity related to http://92.41.144.12:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.41.144.12:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.11.172:30214/i id: auto-902a30a3214f8c18a695069881b3789ad1eeb170fd968edb67fc8604c8ed7ee8 status: experimental description: Detects traffic or activity related to http://113.221.11.172:30214/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.11.172:30214/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.189.92.174:8080/sshd id: auto-eec942ac1b31258c5bc064420da1dc4107efa8796c4ee0e491090fbed6f4a526 status: experimental description: Detects traffic or activity related to http://77.189.92.174:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.189.92.174:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.92.130.154:50424/bin.sh id: auto-7fc39fe52914fafbd10cc98486f25c99ff6e70fdac0df28043fee34fc2562616 status: experimental description: Detects traffic or activity related to http://23.92.130.154:50424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.92.130.154:50424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.4.220:46507/i id: auto-c047eb82a7e2706443185eda8cf44e7ec3ca53cb94289b916964fd162b492c2b status: experimental description: Detects traffic or activity related to http://42.224.4.220:46507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.4.220:46507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.60.223/love.pdf id: auto-848a9f8bec3fa12592ad771c74577342608bc94617d9e6881ffe5929ae45eb67 status: experimental description: Detects traffic or activity related to http://89.125.60.223/love.pdf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.60.223/love.pdf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.244/save.pdf id: auto-ca57f4545f4e040c9df137141356c2bbdd52b30e8c4ac4cec5e803c8518c3db5 status: experimental description: Detects traffic or activity related to http://192.177.26.244/save.pdf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.244/save.pdf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://105.158.29.81:33213/i id: auto-bb3e730c742068d3b109c6bf44271608bb325e85da54a598669ad591254f6860 status: experimental description: Detects traffic or activity related to http://105.158.29.81:33213/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://105.158.29.81:33213/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:43347/i id: auto-f99ea59f40b63102ce23cde2e37fdcf9f2ad1ff2d57e48890dfa881b2aecf2d3 status: experimental description: Detects traffic or activity related to http://118.232.137.101:43347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:43347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.106.179:46385/i id: auto-ea427fa0700c0c36d936bd3c7732578a2f8f0ef3bbc568006c4954d79a31429e status: experimental description: Detects traffic or activity related to http://116.139.106.179:46385/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.106.179:46385/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.83.161:60234/i id: auto-be96649d7ef6ff8ab1970e8c4417737d6390bacc1d96983195ec9f0cd201a385 status: experimental description: Detects traffic or activity related to http://39.86.83.161:60234/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.83.161:60234/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:43347/bin.sh id: auto-639a89f69222f5db2e8bf3dbc1bc26718ee8e2c060009bdf18c56ee7e3926553 status: experimental description: Detects traffic or activity related to http://118.232.137.101:43347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:43347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.64:33989/i id: auto-a8121891d345dada76c852a2c11a5d5a857ca43a0dd018beaefae4afbc99da64 status: experimental description: Detects traffic or activity related to http://60.23.238.64:33989/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.64:33989/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.83.161:60234/bin.sh id: auto-0c9d907839b05eedcb2bdeebb9a59d730cdadbd6c166f98de03f0aac58dc5b4a status: experimental description: Detects traffic or activity related to http://39.86.83.161:60234/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.83.161:60234/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.250.87:60163/i id: auto-a314c20c6b9b3de393eee81a5fd06aeb80288e49ed5586d51a5b243b70a434ce status: experimental description: Detects traffic or activity related to http://182.121.250.87:60163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.250.87:60163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.10.122:53059/i id: auto-93fd7b69a6130e6a1dcbcac3fd9cd1db97a1da01cfc2528fa05f7c6f76ebecbc status: experimental description: Detects traffic or activity related to http://42.225.10.122:53059/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.10.122:53059/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/dThzC1u.exe id: auto-6f82a2e16f20b59c4162d708b7fbecdf7c0bdc8b961704bb9a292d4615561693 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/dThzC1u.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/dThzC1u.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://almacensantangel.com/ENCRYPTED.ps1 id: auto-8740fd0ae668a89e18e0258ef5b6020c4ed8edece6abca80e7297220818c7559 status: experimental description: Detects traffic or activity related to https://almacensantangel.com/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://almacensantangel.com/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.96:57630/i id: auto-9e8e33273fe9b337802544222e15f06bad02657b0190ae97c480ab4f8a15b459 status: experimental description: Detects traffic or activity related to http://110.37.104.96:57630/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.96:57630/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.140.0:34508/i id: auto-e2d1c248434bdc124abeb9d97faaac915e99f5c4b09bb6c2eeb94e92392d4152 status: experimental description: Detects traffic or activity related to http://123.190.140.0:34508/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.140.0:34508/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.59.244:39808/i id: auto-41f59b1f29473d3daf412ff407f7428465ac3815e59f58c5e9541f08eb09ab63 status: experimental description: Detects traffic or activity related to http://27.215.59.244:39808/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.59.244:39808/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.232.240:43467/i id: auto-014f133e024f47c3f953c7115dd994de8b1af39db2db950265ed49a783e793d9 status: experimental description: Detects traffic or activity related to http://61.54.232.240:43467/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.232.240:43467/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cold8.gofile.io/download/direct/958997aa-34be-4088-9ce2-a371badd6936/Final%20Document%20.msi id: auto-39c663230675a32b3e4db4fcd97ab66697639387d092036263cf5861e69f0507 status: experimental description: Detects traffic or activity related to https://cold8.gofile.io/download/direct/958997aa-34be-4088-9ce2-a371badd6936/Final%20Document%20.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cold8.gofile.io/download/direct/958997aa-34be-4088-9ce2-a371badd6936/Final%20Document%20.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.163.117.220:38340/.i id: auto-b0a64c988d29ac702171da0953f094becdbc3f4573ba07cafd6c6e0844f4af36 status: experimental description: Detects traffic or activity related to http://112.163.117.220:38340/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.163.117.220:38340/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/sh4 id: auto-ab0ad2088256003f6b36a726eac7d7ff4818f8e26ca1b9bf7d6d45964c9e29f5 status: experimental description: Detects traffic or activity related to http://160.30.173.101/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/x86_64 id: auto-5df4ba27e6021e86f5f8ecf6fdfa97bfefa4a4480b60887d028ce54bde061d60 status: experimental description: Detects traffic or activity related to http://160.30.173.101/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.10.122:53059/bin.sh id: auto-7888d806a473e7727b30305a494173d82760db2249660e3e153c9080dac3cf8b status: experimental description: Detects traffic or activity related to http://42.225.10.122:53059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.10.122:53059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/arm7 id: auto-8ad427da6f400db77eedbe6d354dff24af4c7ef68b28ffea5e2d5f73c78f13da status: experimental description: Detects traffic or activity related to http://160.30.173.101/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/m68k id: auto-dc9e9e175d2d6fb24131b727cc55ea2901265a83cbe161315349c5e33fde2bf1 status: experimental description: Detects traffic or activity related to http://160.30.173.101/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/arm5 id: auto-8b6c7619015b82aa16ee65ee89fa0cf490c493e60fe773f401d5a571770d2fd3 status: experimental description: Detects traffic or activity related to http://160.30.173.101/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/ppc id: auto-c294ad823592283a8e53d51d419ff3db9f7f93e4024e87637188fb3a0fa3e4b5 status: experimental description: Detects traffic or activity related to http://160.30.173.101/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/arm id: auto-e3c949e5406aa3287300c3644c5a94a5dd5ed03b15b6615c37d7070b0db4b6ba status: experimental description: Detects traffic or activity related to http://160.30.173.101/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/arm6 id: auto-5c8257dfe293316300f66a0337832ad659d57f8721e9b348fdb036b98f57b6e8 status: experimental description: Detects traffic or activity related to http://160.30.173.101/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/mpsl id: auto-1d39f29f08837dadca2f94e85722bb3816d2ab231354888ad54ef64b460e28b2 status: experimental description: Detects traffic or activity related to http://160.30.173.101/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.182.113:60144/i id: auto-23ebd431e8d9498e23130d5cfe684a8d4f1d625125d96133c686be642c18be0d status: experimental description: Detects traffic or activity related to http://27.215.182.113:60144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.182.113:60144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.115.161:40545/bin.sh id: auto-6b06b4c9ddf1659a33fb8fb2d1a24faba0804d0a893c07d341c77a6f83023b55 status: experimental description: Detects traffic or activity related to http://123.5.115.161:40545/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.115.161:40545/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.140.0:34508/bin.sh id: auto-de48d2622a18973a1c2a006bf05b55dc21c086245b0a268cc3a39bf8331823d0 status: experimental description: Detects traffic or activity related to http://123.190.140.0:34508/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.140.0:34508/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.197.129:39841/i id: auto-34bfc82c57048afab52d5f7d48d34f293dd97e63fec2d593feaa63ef4b04e883 status: experimental description: Detects traffic or activity related to http://42.177.197.129:39841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.197.129:39841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.197.129:39841/bin.sh id: auto-573c034abec35eab997649678947e31e763a5b8aa7e7cfd4507d89ff80281193 status: experimental description: Detects traffic or activity related to http://42.177.197.129:39841/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.197.129:39841/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.92.93:47246/i id: auto-2ef43e62bf5f893ebc6856f6e1d221a08c10ee530e9ffa9905329e0f488cbfd9 status: experimental description: Detects traffic or activity related to http://182.116.92.93:47246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.92.93:47246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.164.121:48350/i id: auto-2d10f8362bbef4b9420f01c8b973e697fdfca804b16faa6ed607f12dec0e641c status: experimental description: Detects traffic or activity related to http://213.43.164.121:48350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.164.121:48350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6891704441/vo50Yss.exe id: auto-733d5306e42d674eca7e5c95e24df7ee892a3dfc553c2eb338fe0152f475c1f6 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6891704441/vo50Yss.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6891704441/vo50Yss.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.197.83:60476/i id: auto-581445f70a68b734275b155ba8d370799b90fece62c6fe60cfbb7c6774866719 status: experimental description: Detects traffic or activity related to http://42.227.197.83:60476/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.197.83:60476/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.243.94:42303/i id: auto-39bf64811bfddf1e483fc20a0eec65f86f96f43cb4e09e24e3cab7fd0c7baa1e status: experimental description: Detects traffic or activity related to http://110.39.243.94:42303/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.243.94:42303/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/mips id: auto-01a954f1e37f60ad8c46051dab940f3f57d82390b2d5f8f3d931e69f039f9ee8 status: experimental description: Detects traffic or activity related to http://160.30.173.101/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.106.145:54104/i id: auto-f7d4e1dfb9bcdf039cc06982e9d6771cd383e018a6baa917692f299da756be67 status: experimental description: Detects traffic or activity related to http://175.173.106.145:54104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.106.145:54104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.164.121:48350/bin.sh id: auto-8523249ea342ebfd450292516594d7cbfbbc37fe96d9334c9c399f69e80ae22e status: experimental description: Detects traffic or activity related to http://213.43.164.121:48350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.164.121:48350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.165.181:47625/i id: auto-489190403ea341a4c957384492600219cf0d02b5479f13ed2f7762165cc7993c status: experimental description: Detects traffic or activity related to http://27.217.165.181:47625/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.165.181:47625/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://160.30.173.101/x86 id: auto-317d8b3117b67aa67fcaa14a6ede066fc454a5e3d542856220f99746af1123e3 status: experimental description: Detects traffic or activity related to http://160.30.173.101/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://160.30.173.101/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.214.225.67:40085/i id: auto-e03caf0a40d2024d4fa9a8c360beb7bf106f7c5c29c219e21094bf19ba4eac55 status: experimental description: Detects traffic or activity related to http://117.214.225.67:40085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.214.225.67:40085/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.214.225.67:40085/bin.sh id: auto-9966c1bc4b5531bdc95ac85613f8dacce7b7fbce64c671bc800a4255f27930aa status: experimental description: Detects traffic or activity related to http://117.214.225.67:40085/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.214.225.67:40085/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.185.105:36495/bin.sh id: auto-452c2a1c437dd725eefefaa96fad88df78b71d3a68cdcd873f3cd7341a23fd53 status: experimental description: Detects traffic or activity related to http://61.52.185.105:36495/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.185.105:36495/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.124.3:55042/i id: auto-a96b7215d888ab6354af20fd5a37f7ace38057c1deb58fc3f6e6153a869c02dc status: experimental description: Detects traffic or activity related to http://182.126.124.3:55042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.124.3:55042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.123.151:40737/i id: auto-ac0f77615c64ed7af1f29db287944f2ec55aa218815edb248b131a8c916e938f status: experimental description: Detects traffic or activity related to http://112.239.123.151:40737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.123.151:40737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.77.169:58618/i id: auto-b83d9fca1dbf6e84025817d336eb5360f74cc50a8f4705988d4630c65fe85c1b status: experimental description: Detects traffic or activity related to http://182.112.77.169:58618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.77.169:58618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.24.17:59225/i id: auto-b0ebf097b4d217bfae9165253e6f15fc2df01e06b1954236eb77872d1cdd13e8 status: experimental description: Detects traffic or activity related to http://175.175.24.17:59225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.24.17:59225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.124.3:55042/bin.sh id: auto-85570d471b5b3e181ff0c388580d673d089fb9d46e2ad2b11ac2374f07910e29 status: experimental description: Detects traffic or activity related to http://182.126.124.3:55042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.124.3:55042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.66.246.189:44166/i id: auto-88d7949e617fdc04da7eda9f77a77dba062d0eb58a87150661b535de8f5d06f5 status: experimental description: Detects traffic or activity related to http://146.66.246.189:44166/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.66.246.189:44166/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.66.246.189:44166/bin.sh id: auto-5274742cfbc56e9dc26b544e3f99ac93117b9c1ad6774e689a004910cc940eed status: experimental description: Detects traffic or activity related to http://146.66.246.189:44166/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.66.246.189:44166/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.96:57630/bin.sh id: auto-f8e9af34f75e5ec0febbda32e5dab97e304255f136e7937b56831960549ee615 status: experimental description: Detects traffic or activity related to http://110.37.104.96:57630/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.96:57630/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.139.115:43569/i id: auto-dcf25f065348002cd8056d09393e8e263c30fccacfba1b773907a19b1bfdfff5 status: experimental description: Detects traffic or activity related to http://113.236.139.115:43569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.139.115:43569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.81.108:50785/i id: auto-d54d2d5205aac09c55d0248f5476a6b0d4f5fdffb01710ec8fa312c35b7605f2 status: experimental description: Detects traffic or activity related to http://27.37.81.108:50785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.81.108:50785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.239.220:52332/i id: auto-d2387125949c36c55715db59076ae9f7f7e224e0d2d9e65871f9164db7c53cdc status: experimental description: Detects traffic or activity related to http://115.52.239.220:52332/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.239.220:52332/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.144.198:52054/bin.sh id: auto-5dbf8dce243a4ac1c702abda2f6c91083fec23a1f401f892b39f5c27ba06840c status: experimental description: Detects traffic or activity related to http://123.4.144.198:52054/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.144.198:52054/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.47.149:46541/i id: auto-458c52ae1ed3de526909416126f99f3a44ab4a9f5ae2d4f9cbefee7f2066162d status: experimental description: Detects traffic or activity related to http://42.228.47.149:46541/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.47.149:46541/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.81.191:60739/i id: auto-c9d25b7089cbdc2b8e03cf0ead440f71ad3ab28a1194c1dc8f393bb9cb726460 status: experimental description: Detects traffic or activity related to http://182.121.81.191:60739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.81.191:60739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.239.220:52332/bin.sh id: auto-f969d0286bffbcbd058c4b24edbe7e269ddfb89a668f05d6652bffccd2b0f086 status: experimental description: Detects traffic or activity related to http://115.52.239.220:52332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.239.220:52332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.47.149:46541/bin.sh id: auto-add815768e2efaefe4502a8fa5f1fef09f1a146ed8456aea241d543edb339fc2 status: experimental description: Detects traffic or activity related to http://42.228.47.149:46541/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.47.149:46541/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7916673853/dyPLWzb.exe id: auto-76afcd5200d46ccf84ff56bb5601ba1306eaa587fbe99fd173b8766e3c8a0624 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7916673853/dyPLWzb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7916673853/dyPLWzb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.103.58:47776/i id: auto-43ccca1c44c86d2c3c9cd65594d1fcfd8acc9358e3c91a3abf55b01d5ccd256c status: experimental description: Detects traffic or activity related to http://42.54.103.58:47776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.103.58:47776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.154.105:37782/i id: auto-4d14f88659ee085077a17be240e29d7254704a5f9ec8b54b211db248df109ada status: experimental description: Detects traffic or activity related to http://222.127.154.105:37782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.154.105:37782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.81.191:60739/bin.sh id: auto-e65066545c7f1501dc6cedbfd15c565e21e4093544936b98b38b03192a4b23df status: experimental description: Detects traffic or activity related to http://182.121.81.191:60739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.81.191:60739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/done id: auto-07fb72fea6aaf0629d038f7e80799492f1524f023cd44bc47a0c2fc0ce943ac5 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/done which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/done*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.163.184.136:37956/i id: auto-c63b45761c1b8fb16db0aed5cffad63e9c0439a48eaf4ffb92262481752a679c status: experimental description: Detects traffic or activity related to http://46.163.184.136:37956/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.163.184.136:37956/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.8.23:55681/i id: auto-97d8c87335149be86ee70445365f3c240db04c76ca2e7e85d326260ddeb0d4a8 status: experimental description: Detects traffic or activity related to http://125.43.8.23:55681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.8.23:55681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.162:40755/i id: auto-ed4e8bed7d14ab513cff35d1c7ccc9172f16e0c7451a9a664b27d44c46d7cedd status: experimental description: Detects traffic or activity related to http://110.37.1.162:40755/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.162:40755/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.154.105:37782/bin.sh id: auto-3309226b8918217595335adc933d2933e3d00d870d86352cfaccfc8c50e87da2 status: experimental description: Detects traffic or activity related to http://222.127.154.105:37782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.154.105:37782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.38.251:59091/i id: auto-4272eea04c4bd0abf58b3d8d4d5fbce5f5b88545135f9c35f3b81ee192834cc6 status: experimental description: Detects traffic or activity related to http://117.211.38.251:59091/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.38.251:59091/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.135:37228/i id: auto-486169c9b9471b0a09f34847d6db9d32fc3b5da09e193aa96fbc258f55c95170 status: experimental description: Detects traffic or activity related to http://117.209.31.135:37228/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.135:37228/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.189.139:33268/i id: auto-b7b6d9bbad0664f76d60ff928408a45c0f18e8733ec708c0725d64d63cf668f9 status: experimental description: Detects traffic or activity related to http://42.234.189.139:33268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.189.139:33268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.59.244:39808/bin.sh id: auto-b3e15d74d449ef93ef70bb38894c3d491e3cb2632fc59455915acee1ef22a936 status: experimental description: Detects traffic or activity related to http://27.215.59.244:39808/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.59.244:39808/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.38.251:59091/bin.sh id: auto-3b39624f95b731df3da302554b068dfcd64f4f7fc483f7ca9feaa11504e53f9b status: experimental description: Detects traffic or activity related to http://117.211.38.251:59091/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.38.251:59091/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.162:40755/bin.sh id: auto-e0291972fcb13d85d384500c463c11507bf9dfce6ecb9f6dcd0a3b4159c34ddd status: experimental description: Detects traffic or activity related to http://110.37.1.162:40755/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.162:40755/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life.arm id: auto-53ea8f8d884acb760c9b91a543df8e1f4b456e17ae647f4d0a9788a08da51f17 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/loader.sh id: auto-80fe76b3cd19e2bf230a60638a1c1ffb02527cd49d2164510b0c7113f89dd137 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/loader.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/loader.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/kk.x86 id: auto-8bd2e12e31d412d8d86046f43857d12417e640713e032bbdf806cf9a39476d4c status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/kk.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/kk.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/plasma.arm7 id: auto-77bc9bd435c5aceaa4bd1332bbae9cd11f54fc12c6f8333884a693b57bdc9f13 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/plasma.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/plasma.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.ppc id: auto-450a22f86d0d5263a65cbab4711ac3883fe30af321431fff63d3a27596ec61fd status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/kk.mips id: auto-c18b98bed1897a69828149ef6b62832ba2d8ba7cbcd66b4b038ed5be635c04cf status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/kk.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/kk.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life5.x64 id: auto-05581eb598d467d13d772c9780426a8fc140b7e4241a9a5a27178b9882a03ce6 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life5.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life5.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.sh4 id: auto-4a9d86211bb1e7ce2db92ad2d9b347a7831f16c092a14dfdb61811c7d8f92d44 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/sos.mpsl id: auto-48a6bff751b023a4903d484b301892a61124d4e90046404ddb60d04787ac983d status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/sos.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/sos.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life.mpsl id: auto-1afa43de210a98e33987ee98fb97adebc9d963818193d566a9fe538d01353c3a status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/plasma.x64 id: auto-3515e96594cfc68fd1a6f98ada5af4015921571bba8eaf920e3b1d26347f7e2b status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/plasma.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/plasma.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life.mips id: auto-a93e01e8b466a1bd40d6fdad6a0c62da6c582d140e02c77134412e8dc596c697 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life5.x86 id: auto-02046f3dc8c0d105ce77c80898401a179fe00761aa8c8bca613e970842a85673 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life5.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life5.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life5.arm7 id: auto-8dfda3ea421415ee8251a245b1d53a78302044d42d792c55c2a3adeaec3b59c6 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life5.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life5.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/sos.arm id: auto-61a23516e80bb08e30bc878f3a45d5d82cf8424e2ec520edf8b5d12ac6a1084c status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/sos.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/sos.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/kk.arm7 id: auto-ce42de4da08f83c4c2c9247aa418a1a7cbb8737477eef3651d74946c9e4013a9 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/kk.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/kk.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/plasma.x86 id: auto-3a85ce87e8d85670d6c46a608dceac0a3c04e84ac5720015e480c8357f4a367f status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/plasma.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/plasma.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.mips id: auto-af3a1723618328e446a6525efa498c05cd4ec36eba528d7428cc0f6834d47e5c status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/plasma.mips id: auto-af4f517dabdae77fb3621db926a210562543a7a3aece5e2a7b816c81b3e991c4 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/plasma.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/plasma.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/sos.arm7 id: auto-d89b723b9e04530069a49262f7618044f073d67142cc72638d30c60ebbcbc362 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/sos.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/sos.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life.x64 id: auto-9d4c3e45283671f402661bd94a4a3bd910a8664a22857ec6ad2311e11a3f7399 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/sos.x64 id: auto-165aa5b075ec4dbef80a784638a3d2907a4e8c85d2d8d5c1ad6f2b75a1a01ab0 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/sos.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/sos.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life.x86 id: auto-ab3e13932d65d71de476e5a79cd21e62fbfca1ca1b5e497d294853743746718b status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.arm7 id: auto-a9ad69c88d7d8b17880faa358433fc8de36458abb5546e85ba20e9e7b9caaeb0 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life5.mpsl id: auto-59ac19023fc2d9e31f5a28f2a80259b101ab68b08351db91bb4834ebbe00cd7c status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life5.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life5.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life5.arm id: auto-2f581899daa0f1ba600c39632d582935953fc9811a12a26b341c699bab6412df status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life5.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life5.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life.arm7 id: auto-ad92aa07ada66fe072b9d2f47f65b781f1bb46967a5c2eec211fc737f12b23fc status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/sos.x86 id: auto-cbbad6c4e0eb16ed592bd1d271619a028a69dfa1a0bc077b39bd084ef1dc81db status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/sos.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/sos.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/plasma.mpsl id: auto-3bc44b75b9a7064a96cca42143e94cb0acd4c0be61e1099310658f4e77bdd3c8 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/plasma.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/plasma.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.x64 id: auto-11f06385c1848d6d95ec222a2a9f65e520c7d0fa886b451c5ba3bc2e738c51da status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/kk.arm id: auto-c411e70c4ef766a1b49acc826b0474fb86d94e7cab96ed9744a015776be5dc43 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/kk.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/kk.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/plasma.arm id: auto-2bd18942fc2504484de0eb346f8eef9026f0652c8de1c0a69c090c6626887e89 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/plasma.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/plasma.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/kk.x64 id: auto-7b5b810e395eb50072e2e2b02844cf86e9eba537ff477fb63d153b7d1aab49af status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/kk.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/kk.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.arm id: auto-6c1490d5adc3c6946b3987707f288444051cff8cf9993adfb6b64f876ad06e9d status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/kk.mpsl id: auto-1449c1ba1f69856cc7a013898763c19850c6929f3900de391c282b87f7071c8f status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/kk.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/kk.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.x86 id: auto-f1ea876ce56e549cc402c5e53539e1cfc9f1005d442d4c44998992eb7da73027 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.mpsl id: auto-ac7cea17c876d0f407dc32b4dfa0131bea219c8a55ae95002115cab2b03aa12c status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/titan.x86_64 id: auto-b4908a51c1f927d6bfd32136e2e9579ad2ad58aa3426f47724f1d4ddb63714d9 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/titan.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/titan.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/sos.mips id: auto-7dbcf9264a0db72486b6957f7b0c0ba09d96c8262f72c8c4eed84ac3835773f2 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/sos.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/sos.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.158.234.23/bins/life5.mips id: auto-d5289fc0a31d0e4a63c0553e9df9b3c6798277cd7260dc9317fec9ceca89a924 status: experimental description: Detects traffic or activity related to http://220.158.234.23/bins/life5.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.158.234.23/bins/life5.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.163.184.136:37956/bin.sh id: auto-c1f501fb9418abcbec8b87c66e95473ad496ae21da2db9313c1d7cb55ed2bc26 status: experimental description: Detects traffic or activity related to http://46.163.184.136:37956/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.163.184.136:37956/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.8.23:55681/bin.sh id: auto-a646e2a3a2956090cfa49319ebd3e53da82b8331dcc38167e3ed86745f036758 status: experimental description: Detects traffic or activity related to http://125.43.8.23:55681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.8.23:55681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.135:37228/bin.sh id: auto-2d1b8a141443ebfa095a34428c24701c45beff32f5386c6d49994598a5360b8e status: experimental description: Detects traffic or activity related to http://117.209.31.135:37228/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.135:37228/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.i686 id: auto-a17beb8be27a00595a19d9c6d2c7d5e83e9215250f37b6afccb5cad9366d5d81 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.i486 id: auto-6352e3aba9c499a4406df28ee4f9a781907543b9d3bfd053eee29ebcb1d0d681 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.arm5 id: auto-d905f842124409d0f5ba435327e596eb61f37b00b6321687a1652071373d9239 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.mips id: auto-5fcf935eb96e1fe9a22d2452a0eb321fe2fa2f884982f38acf8a38e384791005 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.ppc id: auto-8b77ea317458f5a4ece776838f284d56ad9089e7f1eca03ba1950e6b60912c13 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.arm4 id: auto-5c99251d26c11b2ab37d3741f9df64a754245e6e75fefb4e1a0d7771116d4009 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.mpsl id: auto-0b10693eaff257217af5bbfb26fde1f157f61ea2eb97a9b90f015131d286b906 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.x86_64 id: auto-2222bc58ad146d54a6dc7f8b99d69546fbc0b1f68fde0d5f0c9b6cd09a71c3f6 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.arm6 id: auto-80a2f8d324d740aa0e090a41ffb4c6207e84d7441fd2d252aa25880a22f2c227 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.x86 id: auto-f93b46fcf3e127dece0844a310d0785a90875145063d7a9fd2b979c725da9ec4 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/wget.sh id: auto-a4e25b012b4861c776a7721acdd9a58b0cca958d09a4d0c7c47ca11fedc3bf71 status: experimental description: Detects traffic or activity related to http://94.156.170.95/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.arm7 id: auto-2b70dd3b620e405f37e0626d0a24cc73747e094c4abb1382933136c25c834d6d status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.170.95/goon.dbg id: auto-e508619ba2ed75afa856e4a07420b5cbd320880bcfc564643741604b44abc263 status: experimental description: Detects traffic or activity related to http://94.156.170.95/goon.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.170.95/goon.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.218.212:59132/i id: auto-148f19744ce95bcd50d3048e286a7edf90f21ea46b0fb7e46220695babc84e2f status: experimental description: Detects traffic or activity related to http://115.55.218.212:59132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.218.212:59132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm7 id: auto-c7af101e15a38fae29183c0a7c81959a745498ba1dfaa696ba0cfc7606b4db04 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.m68k id: auto-5e2ee08adbe9a15881b33dd1bb0790b133ea3dc4b0e68a33c5fb405569682e1e status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.mips id: auto-4487647c7aeb89536979f91a6a28db7f942da97563dc330a494ad8011e5b7bb8 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.spc id: auto-71d68bfaab951fd9472510576852408a7b30b8eef9984e793da527c302f20068 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.mpsl id: auto-c2558b3910ae7b1125f99335b0b8cdceca94df08b7a1dabd4b6108680a006a30 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm6 id: auto-0ebaa5222d81dbf85ab935f0551bb6b1c4c9dc884a7abde51b5c78eea38c4635 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm id: auto-65805d8f08d47c2dba0eab975057007de8b0c3e1de38a6b265497c13eae0db45 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.x86 id: auto-aff7ab7deaefbb3a3f19aeaa02e3f5d908e2348a062f9d7d41bab0356eb3420b status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.sh4 id: auto-ff2f12e2ecd2e15a9f9bdd1e1ecb63bfcb2eadac730426dd123c500e733ed95a status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm5 id: auto-beb78e9f2d2a19dee1eec2ccee64208998a90d41bb3411f3170079c38866f556 status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.ppc id: auto-55d4aaa6cbf061621d1db2e9c6aa9f0210ac8328cb0dc760843e4da514b5c95d status: experimental description: Detects traffic or activity related to http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://unruffled-chaum.185-36-205-153.plesk.page/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.101:40841/i id: auto-4ff4cc2fd5014cb07578e72e2f93568080e2ce25c9d636989c06f3ed30fd2982 status: experimental description: Detects traffic or activity related to http://60.23.236.101:40841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.101:40841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.124.229:45182/i id: auto-87e6610d18913f92919bdfc35e5dac87636e7887ea9adab0e9073d62d1323873 status: experimental description: Detects traffic or activity related to http://110.37.124.229:45182/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.124.229:45182/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.ppc id: auto-620b31ea022c0d9f272c3f0d5b43e644a3b6370859b5e8a66125e16e6ac134d2 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.115.161:40545/i id: auto-33428b5231e4468095084e66dd9b2400ea40e5b9ad7f3e1908a08c727d2efba4 status: experimental description: Detects traffic or activity related to http://123.5.115.161:40545/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.115.161:40545/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.x86 id: auto-b6759be15fcca2295e6aebea6fe90ef501105c510ac1854700aa26294d9f13c2 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.mpsl id: auto-9e2b3a69e196eea7f35606776d16f501df50f03dd7e0e18815e4e1b976db4ce7 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.arm id: auto-26754e8f0cf39cd82c13bac939661c3ed7b951cf7eba529fc3b996f288a47477 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.mips id: auto-c8919e4578da31da12af62c850fb42d2584c040149dce9f3b3991ff92c480f90 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.sh4 id: auto-bf4c1da58b70307b05eb7539143d80cad6d867fa330f2a8933211a6a2adc7002 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.arm7 id: auto-611adc2d63a374e80a4927f5af986da62ef439e9ee16b2cca1b05ff1bbdce641 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.m68k id: auto-fb9296ff3716de4ecc0673d7ad791f0d740d6eb6b96dc57d84f6c3a0d01f9d94 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.spc id: auto-e4036eb135e8a05a58b0afcde3d2077667c138c6b70d0db8fb79b46c4c2d6d25 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.arm6 id: auto-eee2b143b53cc73187b6b24d3699ede48719a5103f862852fe0458e61a6c6a13 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.36.205.153/bins/UnHAnaAW.arm5 id: auto-8be2e56c4b01d5bec67bee1d3aa6a8a2f7e28cfc07d3ca69a8c40d3589b60456 status: experimental description: Detects traffic or activity related to http://185.36.205.153/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.36.205.153/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.218.212:59132/bin.sh id: auto-ac8c87ccfbf4382b0524264f6dd934d34a60c84624f35b65a40b1c85dc67c92a status: experimental description: Detects traffic or activity related to http://115.55.218.212:59132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.218.212:59132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.151.197:38502/i id: auto-ba5e07dddfbff335526b771c4d80c6a6a6cacd5e7cf04ec6f40f56496fbe1233 status: experimental description: Detects traffic or activity related to http://108.170.151.197:38502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.151.197:38502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.186.242:50904/i id: auto-dbbe80467012eaab97f9f073e3e5f8cbe4f139bddd335092c4bd235a5d840123 status: experimental description: Detects traffic or activity related to http://42.87.186.242:50904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.186.242:50904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.151.197:38502/bin.sh id: auto-749f818eb72be3893ab8df11118e941d631cbc854abfbf401904975c74949d83 status: experimental description: Detects traffic or activity related to http://108.170.151.197:38502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.151.197:38502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5869237291/COLMcRa.exe id: auto-d8e8beed2333e6eab5092961b8a166e1d3a29f0d00224ebef4153da60eccbdd9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5869237291/COLMcRa.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5869237291/COLMcRa.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.124.229:45182/bin.sh id: auto-67e2dd1c445aebc9b2c50db0492401705ae3753701125aa7c8e67fdd8185da73 status: experimental description: Detects traffic or activity related to http://110.37.124.229:45182/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.124.229:45182/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.139.0:46715/i id: auto-22eba403d5f308f78796dd4f2898ed92a675c80bdbab2108d052beaf8d16a8d7 status: experimental description: Detects traffic or activity related to http://125.41.139.0:46715/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.139.0:46715/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.59.170:37778/i id: auto-c225a9dc3806383e4ce605f0b3e91ec913262658ef1d842837da2d6c023db82b status: experimental description: Detects traffic or activity related to http://27.202.59.170:37778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.59.170:37778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.51.69:47507/i id: auto-440a3531a9cc380bcc01bbc13be62217b4f8343bdee7adc90194b73d74c3ab76 status: experimental description: Detects traffic or activity related to http://42.235.51.69:47507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.51.69:47507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.189.139:33268/bin.sh id: auto-0e45e0fcb92f0c259246423122f6227279073f37e6ba629eeecb9b77c166239d status: experimental description: Detects traffic or activity related to http://42.234.189.139:33268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.189.139:33268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.186.242:50904/bin.sh id: auto-7371102e845e4f6755325bffa4c563ffd44abaa70e3a8aa299fe78b37e60464e status: experimental description: Detects traffic or activity related to http://42.87.186.242:50904/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.186.242:50904/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.178.17:49908/bin.sh id: auto-6f0ec2d69712a8be7cd670ccfebc8ffa2acc1306d203657b10db758aaeb7342e status: experimental description: Detects traffic or activity related to http://222.140.178.17:49908/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.178.17:49908/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.34.116:36746/i id: auto-7fe45e4379b7d9918a15d888e914d86d07a4b7bb14aef3ff5c18dd675ef5322b status: experimental description: Detects traffic or activity related to http://119.116.34.116:36746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.34.116:36746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.72:53560/i id: auto-d3cd3b9bd91e5d57562777f8f677bce29df257ac4a4fed2f76354c014fe76e64 status: experimental description: Detects traffic or activity related to http://117.209.26.72:53560/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.72:53560/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/Bbuo98p.exe id: auto-ecdb2060c1ad00caa2360b3f8f92f8e5bea8db5591147792edf5134feefd1d24 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/Bbuo98p.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/Bbuo98p.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.169.22:35210/bin.sh id: auto-cc0125caad270f7647ad0874202df5803e958c83697caf00aed93547fcef0614 status: experimental description: Detects traffic or activity related to http://42.178.169.22:35210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.169.22:35210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.34.109.121:50406/bin.sh id: auto-a41233102f279c9bd7dd51a4a6ab6ffc64d84c980c0703b27dc05ca7b0b7b683 status: experimental description: Detects traffic or activity related to http://118.34.109.121:50406/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.34.109.121:50406/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.72:53560/bin.sh id: auto-1389359b93c62d05cb07f870fd0881bed0c1b28d73ceb1da3ce859f98b6d9c29 status: experimental description: Detects traffic or activity related to http://117.209.26.72:53560/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.72:53560/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/alex37891r-sketch/ffff/main/AssetReup.dat id: auto-4dfd31a52ec7622ab413530f95db2e55d2430ce42e047d8bb3b78c69e20a3202 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/alex37891r-sketch/ffff/main/AssetReup.dat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/alex37891r-sketch/ffff/main/AssetReup.dat*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.34.116:36746/bin.sh id: auto-edc558352c9bf2bdb10a4301b54dfa6b31c2bf72251b1cde5050eebe813cc585 status: experimental description: Detects traffic or activity related to http://119.116.34.116:36746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.34.116:36746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.66.105:39272/i id: auto-f904ed0512dd43d97b476da6acedb53d83eec45a8ab6069a27cc09f760c025db status: experimental description: Detects traffic or activity related to http://39.187.66.105:39272/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.66.105:39272/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.226.234:52986/i id: auto-ae6bf3180373b28d0ddafbee01e9a0249cc47c9e56d8407bd5af914db5eadc2a status: experimental description: Detects traffic or activity related to http://125.43.226.234:52986/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.226.234:52986/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.231.103:53983/bin.sh id: auto-df5e7f585493212b32d224204ec7ed947ca87a9155c36205f88ee74adef0ea5f status: experimental description: Detects traffic or activity related to http://124.94.231.103:53983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.231.103:53983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.54.88.94:45915/i id: auto-0199c483cb34064805bbdff2b806e6836d8559aa21ba188740e0a8b9a363b508 status: experimental description: Detects traffic or activity related to http://59.54.88.94:45915/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.54.88.94:45915/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.45.221:51643/bin.sh id: auto-5467a7e2a58c17218991cd7a5276485275302de2936b390c5c367c4a251859f8 status: experimental description: Detects traffic or activity related to http://59.88.45.221:51643/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.45.221:51643/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7024015129/cOOxaul.exe id: auto-f7dd2e57ad8ad7d19a2cabcd7863b4506dfca0bf88d5ed0128bfbea09f6b4235 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7024015129/cOOxaul.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7024015129/cOOxaul.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.94.190:45384/i id: auto-581f1fead4363fc3cd91afda0b6386cae0b91cbe5494c9846ec227061456611d status: experimental description: Detects traffic or activity related to http://115.58.94.190:45384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.94.190:45384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.66.105:39272/bin.sh id: auto-17af1880cd6c302a6c2758e11cdef43e5cc59f73327820fa2c8546e7bcb0a0f3 status: experimental description: Detects traffic or activity related to http://39.187.66.105:39272/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.66.105:39272/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.226.234:52986/bin.sh id: auto-695d679a79e0797fa332a65c2bc8c930ce7085f776a5a8f5c952ae3289881a65 status: experimental description: Detects traffic or activity related to http://125.43.226.234:52986/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.226.234:52986/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.54.88.94:45915/bin.sh id: auto-5bbd3c1f8b46b9ce261c9f04060947f95d08af7d37a6567c70dc068cd5fd0a0e status: experimental description: Detects traffic or activity related to http://59.54.88.94:45915/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.54.88.94:45915/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.94.190:45384/bin.sh id: auto-e0891d229df0c5d1cfde564d024d3b48b31a68cb79451377e761f9687b68445c status: experimental description: Detects traffic or activity related to http://115.58.94.190:45384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.94.190:45384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.29.45:51945/i id: auto-0161dba95cead7e59564a26bab39a462a096242d1bf68f9db09fa200bad3fa1d status: experimental description: Detects traffic or activity related to http://42.230.29.45:51945/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.29.45:51945/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.61.181:43607/i id: auto-3539edf66a6fba29f8c1569caa27e9ea26d73bf29445fa8564df7a264be1b066 status: experimental description: Detects traffic or activity related to http://42.177.61.181:43607/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.61.181:43607/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.193.153.13:52695/bin.sh id: auto-2dab633032594fe3512b7466eb610fac6c9cf2e487a6d510c9b8036d36066d8f status: experimental description: Detects traffic or activity related to http://117.193.153.13:52695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.193.153.13:52695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.39.143:47181/i id: auto-33ac78f238d799f853844fdbd1ad8e1afa1af3bbf641e315e51b8ea144b1c007 status: experimental description: Detects traffic or activity related to http://182.113.39.143:47181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.39.143:47181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.129:55363/i id: auto-7035f7033ea6eb5ed84e472204fc10486596c0ca916116034a625d6bca72e2e5 status: experimental description: Detects traffic or activity related to http://60.23.235.129:55363/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.129:55363/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.129:55363/bin.sh id: auto-ed5f4c7d8650238c63fd41c5978dccdc2ea40e98c675851dfc0d97c6292d9a6a status: experimental description: Detects traffic or activity related to http://60.23.235.129:55363/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.129:55363/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.104.40:59084/i id: auto-816e61dd5da32776bc86d8f59cf0b4e6fe407beac11786295287038c4ae82395 status: experimental description: Detects traffic or activity related to http://27.37.104.40:59084/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.104.40:59084/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.mips id: auto-2c5b7fcfe90511017460f31333d6c05ee5cbbb0d0c8d0603a8ef23b4426f7327 status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.arm6 id: auto-851f1105ba7ce7bcbbb54e4daa63a329ce7cb042baf7c85bdaefdef608b8ba4e status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.ppc id: auto-d6f3e1bbd3fd82f2c2b3aa690c5fde61be2a7227d4d7fa47982a981c7be56992 status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.mpsl id: auto-281ef67f8d82848cb9fc9bed42284eac58e221f837a2508fabcf1e907f119135 status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.arm4 id: auto-072ddb73d9388a11325fa9f4cfe99ba7b4bc31fc80b2f514237ceca265aa7b51 status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.sh4 id: auto-f9223b45e40b67213e62b0fa550a55225ef23b92a24070c13324cefcd874025e status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.m68k id: auto-a6e5eda790211b0f2ff2464102201caa49a1b744dd500b04f5f2fd225f37f9b7 status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.arm5 id: auto-2005460a7b45a4170bd3393c3a09b6ec8eb7ab0ff67782750e4ca8cacaed9a06 status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/arc id: auto-b40bf0214fb8f10e852bb0d58237d552f66221008546d21957db938d942a392b status: experimental description: Detects traffic or activity related to http://103.124.93.149/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.164.201:58428/i id: auto-9a44b87f26aaf6b7baca7282533ee4eb3c71d30c8126c82c35820be876a0cb9c status: experimental description: Detects traffic or activity related to http://182.127.164.201:58428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.164.201:58428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.139.0:46715/bin.sh id: auto-8fe62555b30b80085e9f9780c22434df42e63fc49d85b7d77e340167ff93df8d status: experimental description: Detects traffic or activity related to http://125.41.139.0:46715/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.139.0:46715/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.251.93.254:33213/i id: auto-9a11603fef5cef62c778fe22ddc4a21ffd2037a340ef405bf11c74f104c105fe status: experimental description: Detects traffic or activity related to http://41.251.93.254:33213/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.251.93.254:33213/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.104.40:59084/bin.sh id: auto-45ec62153e93830c5f7b18c6899bb59f66f6ffb00e8ef0a3c4a9c547d583540e status: experimental description: Detects traffic or activity related to http://27.37.104.40:59084/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.104.40:59084/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.164.201:58428/bin.sh id: auto-bfc77c111b749919ba4b6ecf6e7604fcb1b8c6fd6ac9153b8a75e04460cbd43f status: experimental description: Detects traffic or activity related to http://182.127.164.201:58428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.164.201:58428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.149.161:48530/i id: auto-37ea1670d3453b9fe5bcdece51a4995c13cfeb2d659907901696aea8ab527ee5 status: experimental description: Detects traffic or activity related to http://113.236.149.161:48530/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.149.161:48530/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.32.195:41294/i id: auto-4c52e1ae02146daf44b70cea0e92b8c0b074d68b773ffdb2612132ac102d8c49 status: experimental description: Detects traffic or activity related to http://182.114.32.195:41294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.32.195:41294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.45:43523/i id: auto-b5d99bd9698dd9cd88607eee78c631941f8d179e9e706d3b2fb2e918fa7ce9b5 status: experimental description: Detects traffic or activity related to http://117.209.87.45:43523/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.45:43523/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.22.60:56076/i id: auto-9678359897e01b04acb05c22cad678a804bc4e225bd91de4516edc893815b753 status: experimental description: Detects traffic or activity related to http://123.12.22.60:56076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.22.60:56076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.12.54:57194/i id: auto-e96d2db7bb88afbeb461e0c6054c704a52471c01bdbf92e3cc9e086f5fbd2f02 status: experimental description: Detects traffic or activity related to http://221.15.12.54:57194/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.12.54:57194/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.22.60:56076/bin.sh id: auto-807b0d60063a6d3b4e4ca1efecd22c749c4fc6885046a283a4b3cfab25da3da0 status: experimental description: Detects traffic or activity related to http://123.12.22.60:56076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.22.60:56076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.132.50:40120/i id: auto-117a012036d50916574545a547ac22ff8f6071adb802083ad1803f5706573e5a status: experimental description: Detects traffic or activity related to http://116.140.132.50:40120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.132.50:40120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.32.195:41294/bin.sh id: auto-e560f6d27d9a364906739358466ba3ad569496c8137a79a5b6254ef0a0096251 status: experimental description: Detects traffic or activity related to http://182.114.32.195:41294/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.32.195:41294/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gl1g7tts-5500.euw.devtunnels.ms/64/64th%20Services.exe id: auto-3376f6408649bf6f75c3591164573b8f928bf1e622b4c95d1e1d1a8cc2fe8716 status: experimental description: Detects traffic or activity related to https://gl1g7tts-5500.euw.devtunnels.ms/64/64th%20Services.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gl1g7tts-5500.euw.devtunnels.ms/64/64th%20Services.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gl1g7tts-5500.euw.devtunnels.ms/1.pdb id: auto-1d2b146491f2e0fd6f02fdaad74e1cf9221bcc585c5addcf13956c7efe87621b status: experimental description: Detects traffic or activity related to https://gl1g7tts-5500.euw.devtunnels.ms/1.pdb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gl1g7tts-5500.euw.devtunnels.ms/1.pdb*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gl1g7tts-5500.euw.devtunnels.ms/64/loader.exe id: auto-742215a1550e80793ed77a6106a81e098ec4bd6c5d9da8dff6b95bff14675bdc status: experimental description: Detects traffic or activity related to https://gl1g7tts-5500.euw.devtunnels.ms/64/loader.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gl1g7tts-5500.euw.devtunnels.ms/64/loader.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://wilknnson.com/6j6s.js id: auto-35cd823fb1c05a7f984f0616cbc6d01d4ddead64ca7042c626e775f90069a098 status: experimental description: Detects traffic or activity related to https://wilknnson.com/6j6s.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://wilknnson.com/6j6s.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7717526653/hqAJhdS.ps1 id: auto-1529213b7e5d6b944ebb28d019b0201fb13fb1c6480a674f0bf4184aeca0db4e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7717526653/hqAJhdS.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7717526653/hqAJhdS.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.82.36:43175/bin.sh id: auto-958e55a31f2666408659fbb2e559daf364906e5cefc8ff71dc62326baf2f17c5 status: experimental description: Detects traffic or activity related to http://175.165.82.36:43175/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.82.36:43175/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.229.33:37455/i id: auto-45ad5a374a0f06888f636ee705232cdf8ff82e6f5702d9922f0510fedf038978 status: experimental description: Detects traffic or activity related to http://42.226.229.33:37455/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.229.33:37455/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.12.54:57194/bin.sh id: auto-1fe5c25eae306a549e6455d66fecf7fa6442be646be50c6fed90a4f7933fe692 status: experimental description: Detects traffic or activity related to http://221.15.12.54:57194/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.12.54:57194/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.52.221:33689/i id: auto-653f2b8445ca13755cb992b8ffff51039781bd325fb8d9df6127903a5aa35b07 status: experimental description: Detects traffic or activity related to http://117.215.52.221:33689/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.52.221:33689/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.45:43523/bin.sh id: auto-a7fe2094bd4af6e9c7cf06194d7d0bcb4d4ca3d883509b265500876fa94a70c9 status: experimental description: Detects traffic or activity related to http://117.209.87.45:43523/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.45:43523/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.105.6:47305/i id: auto-56bda14f3e1c4e3a9ee9dacfb4474cee5ace5e31944dfa4c18d9f7bca22ab65e status: experimental description: Detects traffic or activity related to http://59.96.105.6:47305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.105.6:47305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/dare id: auto-5353524119ea91d883fcd0c5e7842ff5e781e50eb45555c21a5434efe2e159d6 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/dare which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/brush-tablet-win7/tg-sector-add/dare*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.155.44:59321/bin.sh id: auto-dea211cd4a03242203166b9e893d34f433c6b5e52c71211c5149eba3ead22abe status: experimental description: Detects traffic or activity related to http://115.56.155.44:59321/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.155.44:59321/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.229.33:37455/bin.sh id: auto-1749b58b753f4aaec1dd085c72c854e23697dbc7d0bea9bc7cdcc834fd5fae5d status: experimental description: Detects traffic or activity related to http://42.226.229.33:37455/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.229.33:37455/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.97.113.40:55396/i id: auto-fb4b8cd4a96a3908586e39f9ae345e4e03b9ae3ae965ca7f8b9388aff42032f2 status: experimental description: Detects traffic or activity related to http://185.97.113.40:55396/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.97.113.40:55396/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.132.50:40120/bin.sh id: auto-fea22efb0a832fa5b322bb91e4522903c7e586e29fdd26977986f3ed5756fe8a status: experimental description: Detects traffic or activity related to http://116.140.132.50:40120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.132.50:40120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.63.133:34527/bin.sh id: auto-63087ae92385fe3019d11dc0e9f5e1e2b333381402b4b243fbd7dbdcb70ab7ea status: experimental description: Detects traffic or activity related to http://219.157.63.133:34527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.63.133:34527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.52.221:33689/bin.sh id: auto-0b2d0c427da71c4cbc6fa5ce2a6bbf234bd5ba61b0e3a5c39b9ccd97015573f7 status: experimental description: Detects traffic or activity related to http://117.215.52.221:33689/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.52.221:33689/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.10.60:36990/i id: auto-4690c0116e02ff40317d100a97cd07c92dfa2c1841736614e5361fb8f8a71a05 status: experimental description: Detects traffic or activity related to http://221.15.10.60:36990/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.10.60:36990/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.105.6:47305/bin.sh id: auto-76f40acb16f9920f0dbd3417065230b7aebf83359545e1d854992ebc408223ba status: experimental description: Detects traffic or activity related to http://59.96.105.6:47305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.105.6:47305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.141.65:41283/i id: auto-a4c1f6b4ac5c708cceb66941942e70a48bd4e26a4f945fcbcb6105f72a9c138a status: experimental description: Detects traffic or activity related to http://59.96.141.65:41283/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.141.65:41283/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.92.10:60894/bin.sh id: auto-cbc3fb27c81a0257690ac8cd9287fbabbfa6c9427a1d962a6f7aca98900d916b status: experimental description: Detects traffic or activity related to http://42.235.92.10:60894/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.92.10:60894/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.97.113.40:55396/bin.sh id: auto-e2602b0f4a004b6119e722aeb2f5484559f88466697c94a19f8d4bf9be33f86a status: experimental description: Detects traffic or activity related to http://185.97.113.40:55396/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.97.113.40:55396/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.141.65:41283/bin.sh id: auto-9e16fd4ead7b64abf2865f272d28a9b284973c164959ba7d08eed70b41cd5978 status: experimental description: Detects traffic or activity related to http://59.96.141.65:41283/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.141.65:41283/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.155.44:59321/i id: auto-676a078d410d9e31b19f70ec1ef729d9d75947c44d20d91c6c8850b086beb16d status: experimental description: Detects traffic or activity related to http://115.56.155.44:59321/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.155.44:59321/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:55565/i id: auto-d40d52128ce255f7d39df0d09601fe46c5d8a7f14dd2b81500c78a35a3d31032 status: experimental description: Detects traffic or activity related to http://110.36.0.104:55565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:55565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.218.143:60582/bin.sh id: auto-91ffb07a2e0a716067590f135323add23c761f80efc63d92992d327e9b9cf950 status: experimental description: Detects traffic or activity related to http://115.53.218.143:60582/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.218.143:60582/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.115.91:56281/i id: auto-9d21229d964aa34de18b3d43c55e29507df98ef4d58245c48e9e869587539a20 status: experimental description: Detects traffic or activity related to http://110.37.115.91:56281/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.115.91:56281/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7717526653/hqAJhdS.exe id: auto-281e771873821f726720301b457145bfd417524fe3c16dce5e6e9f228bd1e84f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7717526653/hqAJhdS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7717526653/hqAJhdS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.115.91:56281/bin.sh id: auto-cc569d9ad54fbc8735c4eb47ae85e617df9dc80f4ca9441205f5a24ded95a19b status: experimental description: Detects traffic or activity related to http://110.37.115.91:56281/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.115.91:56281/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:55565/bin.sh id: auto-90417b50e6791317618132149aac547e236a18978b87a24f1ebe33d1002f12f7 status: experimental description: Detects traffic or activity related to http://110.36.0.104:55565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:55565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8518751198/gWyywez.exe id: auto-b9cfaf353ff83813e6181100e13c5536c7224c187167be154c6175884e891290 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8518751198/gWyywez.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8518751198/gWyywez.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.49.254:39250/i id: auto-408b22f41a720c84db549188c8615a04c85c60a0afec596e0fbb160ee7f8777b status: experimental description: Detects traffic or activity related to http://27.217.49.254:39250/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.49.254:39250/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.91.153:47450/bin.sh id: auto-f31957927b085a32d1043b0167286feb794691d7e0f77b4475a19bab1793b13a status: experimental description: Detects traffic or activity related to http://175.150.91.153:47450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.91.153:47450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.221.27:37611/i id: auto-32b2c9531286e3a9b4261683a604a848511d89fe455334829404888542796fc7 status: experimental description: Detects traffic or activity related to http://125.44.221.27:37611/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.221.27:37611/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.55.229:42904/bin.sh id: auto-7410c14ff63a0809b6c2f2df4dde9e684a771623906b0f6a72eb1177eeb6bd26 status: experimental description: Detects traffic or activity related to http://182.116.55.229:42904/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.55.229:42904/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.26.68:49208/i id: auto-b7f57b379078d4b32a5c50e231b17a34b930bfd2104aded8ef89e0eef40b97ac status: experimental description: Detects traffic or activity related to http://42.53.26.68:49208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.26.68:49208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.92.10:60894/i id: auto-b5989b55e47a011bf9e6d9e81ce198a3fd77ee02f386117d79d1e3bb6f6c1758 status: experimental description: Detects traffic or activity related to http://42.235.92.10:60894/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.92.10:60894/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.71.78.186/a7 id: auto-41e4670b677398896013c38bde4bedefe8dbdddce132a5e467a6dc46ad2758ef status: experimental description: Detects traffic or activity related to http://167.71.78.186/a7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.71.78.186/a7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.104.202:48565/bin.sh id: auto-2b0bba56a7bccbbd1ffd7edc1d0b3f3395b4d6c78a4cd6777aac378b5be25226 status: experimental description: Detects traffic or activity related to http://42.233.104.202:48565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.104.202:48565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.241.149:59642/i id: auto-945e0225a77dd9226a4f97d90ead610e93b2ddddacaa52114977db4545e65c54 status: experimental description: Detects traffic or activity related to http://106.40.241.149:59642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.241.149:59642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.218.143:60582/i id: auto-7e1ba55c27fcead8e06d042085fdd340896999f18779d78fc4be8be0e0a9d338 status: experimental description: Detects traffic or activity related to http://115.53.218.143:60582/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.218.143:60582/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.23:58242/i id: auto-91e9656444e87a473e0e9b1897c1293fa6c5957d08630e7db03ff1831cab1f1c status: experimental description: Detects traffic or activity related to http://221.15.5.23:58242/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.23:58242/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.221.27:37611/bin.sh id: auto-2278d3229fe85bc36694797fb44951dc7002d6690f55fa495fc7e133bd1768ec status: experimental description: Detects traffic or activity related to http://125.44.221.27:37611/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.221.27:37611/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.148.170:40270/i id: auto-ff9e0b4a54c66d53b812dbdaab6564f16456adf7d43d48062f6f6305a410b83e status: experimental description: Detects traffic or activity related to http://42.179.148.170:40270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.148.170:40270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.90.117.8:11137/Mozi.m id: auto-d53713098b646d7a507c38dfc8ec0a40634d3f00fec260a5cc7d03697dc51671 status: experimental description: Detects traffic or activity related to http://176.90.117.8:11137/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.90.117.8:11137/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.128.178:58974/bin.sh id: auto-f992f31cc10e442d1671fab5cd207c627d1280c1b4e85d12b33f44931ff2b408 status: experimental description: Detects traffic or activity related to http://222.140.128.178:58974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.128.178:58974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.120.52:54526/i id: auto-6776df67d51c85da92a56a5b6fa89eeca65bb0dc02ef1f13591770ced63ba058 status: experimental description: Detects traffic or activity related to http://175.173.120.52:54526/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.120.52:54526/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.24.175:48461/i id: auto-4fd9c24158fd4e717d9cefc72055d09b0dbc30d182ae3d3b8c6eef533f911362 status: experimental description: Detects traffic or activity related to http://123.10.24.175:48461/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.24.175:48461/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.241.149:59642/bin.sh id: auto-6af34d5c94202472baa0a9f209594e8e3b7d8894dda39278d2da2970b36d3e28 status: experimental description: Detects traffic or activity related to http://106.40.241.149:59642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.241.149:59642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.3.159:38246/i id: auto-67f4aba6238d7c7ff6cdbb14bfa2d09c776163d989396f46bc3c2e6e71a5b518 status: experimental description: Detects traffic or activity related to http://182.117.3.159:38246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.3.159:38246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.24.175:48461/bin.sh id: auto-4f6178f0b6e350536e46e36ea899108de7012fab9db3e195ebdd1516d4eef4a0 status: experimental description: Detects traffic or activity related to http://123.10.24.175:48461/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.24.175:48461/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.17.177:44585/i id: auto-31c1ca2f91de4879d3dca5a3001a5c42a40009e55143c80bfb220f1a822c58f9 status: experimental description: Detects traffic or activity related to http://110.36.17.177:44585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.17.177:44585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.2.83:46729/i id: auto-007684a50ecaf857f4388b2a596c5cf283a542668a8a57b8d9498075a1945d2f status: experimental description: Detects traffic or activity related to http://115.56.2.83:46729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.2.83:46729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7717526653/ZouPrUI.exe id: auto-0780ec02af076b25815e41f565004e1dafda840d24725b8f94e86367490cb7b9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7717526653/ZouPrUI.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7717526653/ZouPrUI.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.66:40874/i id: auto-13ec0780fd3d4012d7d2704328f8ff9e48ce720ab5c166951b77f0fae4dadebd status: experimental description: Detects traffic or activity related to http://110.37.11.66:40874/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.66:40874/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.3.159:38246/bin.sh id: auto-2d936d563eb14c7f6c2f60f72489cddec4183ecb9e4022134def9063f5ddc7cb status: experimental description: Detects traffic or activity related to http://182.117.3.159:38246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.3.159:38246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.2.83:46729/bin.sh id: auto-82c718b33e322d42d609a27183143d7079adf63d8e5656f5560ef1b2e6c86280 status: experimental description: Detects traffic or activity related to http://115.56.2.83:46729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.2.83:46729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.119.164.21/main_arm id: auto-9e0654e715cb3a18c4240bef70734052e488fe93abfe31c4540140a9f11832be status: experimental description: Detects traffic or activity related to http://92.119.164.21/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.119.164.21/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.119.164.21/main_arm7 id: auto-54965b7e4a0626747a578d4d3931c605ff2ecb2ad3406f90d9794ce0080f6312 status: experimental description: Detects traffic or activity related to http://92.119.164.21/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.119.164.21/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.119.164.21/main_mips id: auto-12bc5d322906680a48b9b0fabe6e46d13c31ee35c1d8d4669a2ae79ca9b018bf status: experimental description: Detects traffic or activity related to http://92.119.164.21/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.119.164.21/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.104.202:48565/i id: auto-cd8c1d50126f67f6081a6b565d50facf46e549434bbc97ab0c678eb9c84af7ee status: experimental description: Detects traffic or activity related to http://42.233.104.202:48565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.104.202:48565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.17.177:44585/bin.sh id: auto-52718db4dcc3cb8a85395b05b27f6bcc6c6dbe6214a2cb80f046233bb421aee4 status: experimental description: Detects traffic or activity related to http://110.36.17.177:44585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.17.177:44585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.66:40874/bin.sh id: auto-9d58c8f008e72844529a6556fa4e06c1bc84015316e840518f0de0eff2ac5c6b status: experimental description: Detects traffic or activity related to http://110.37.11.66:40874/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.66:40874/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.196.29.73:65377/i id: auto-153c25b4e81d12e255903b5d576bda4c6899c43814668172fb713bbee8a0cbaa status: experimental description: Detects traffic or activity related to http://183.196.29.73:65377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.196.29.73:65377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.71.218:54920/i id: auto-3c7529a2f966545fcf1342048914f8316c9039d7b62f58227910bae819176b99 status: experimental description: Detects traffic or activity related to http://42.225.71.218:54920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.71.218:54920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.10.251:41284/i id: auto-263901e51c7daa3d4aa72f8c7f3db9901b3e0dfc07001e6d72588fba3094e486 status: experimental description: Detects traffic or activity related to http://42.54.10.251:41284/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.10.251:41284/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.77.169:58618/bin.sh id: auto-78393d90f0ae9b07338fb6ca95afef811dc3e1005d601af9c4774bd183d65643 status: experimental description: Detects traffic or activity related to http://182.112.77.169:58618/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.77.169:58618/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.196.29.73:65377/bin.sh id: auto-e012d0328d76df4e8d2ce282daaceaa9fbd12544188ff59cb3616b1c1f6ed140 status: experimental description: Detects traffic or activity related to http://183.196.29.73:65377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.196.29.73:65377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.71.218:54920/bin.sh id: auto-e098acebadd2f4166dba0158402d4d054ed097c980eb033c23bb5ce6e9e53555 status: experimental description: Detects traffic or activity related to http://42.225.71.218:54920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.71.218:54920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/23phys-step2-det-sim/asset-mgr11 id: auto-0fc86a217dd522bf8d2517b90a5a2b42304ec31133c5aa2b37d50c34502040cf status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/23phys-step2-det-sim/asset-mgr11 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/23phys-step2-det-sim/asset-mgr11*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.1.104.108:39156/i id: auto-610a274e75e7ea42b41529db0a0c9d5ab21ab5ee7a565ca2d28f40d2219c5bf8 status: experimental description: Detects traffic or activity related to http://14.1.104.108:39156/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.1.104.108:39156/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.12.224:34698/i id: auto-a7fd53dfebc50c35458c74e54de5290ffe0761b982f88880056c5ec71e2fe822 status: experimental description: Detects traffic or activity related to http://115.61.12.224:34698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.12.224:34698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.212.175:42267/i id: auto-0ebefc29ef5e57f4b926f69488b79757a73c2989c8f40768b491e37deac748c2 status: experimental description: Detects traffic or activity related to http://115.50.212.175:42267/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.212.175:42267/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.2.112:34482/i id: auto-5afad3bad24c70e5d807fb25043731e7f190a83b5712d73ac70376c6a268439c status: experimental description: Detects traffic or activity related to http://182.113.2.112:34482/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.2.112:34482/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.74.146:48535/i id: auto-71a08f25198ed32cacc358f9a9cdd049e9d9030f7c52c2124d94c0330ac7db85 status: experimental description: Detects traffic or activity related to http://115.49.74.146:48535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.74.146:48535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.183.205:45791/i id: auto-f2910a5366cd518d06c7d36e15d4605eb52e0678090fad549860f0bf44b33022 status: experimental description: Detects traffic or activity related to http://175.150.183.205:45791/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.183.205:45791/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.70.39:45342/bin.sh id: auto-57c6b2fe79398c33399e1a35540e980ffa43fcee6afc766334b85b9c0b0c125c status: experimental description: Detects traffic or activity related to http://117.206.70.39:45342/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.70.39:45342/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.2.112:34482/bin.sh id: auto-e9857b706f492263053a83f998796bfa47fac616dde7121deec387a21c4eb1f6 status: experimental description: Detects traffic or activity related to http://182.113.2.112:34482/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.2.112:34482/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.10:59906/i id: auto-344567ee321cfa21d938136abe6e6581cf6b9056c6b17c3cf33ce3dbb09763b3 status: experimental description: Detects traffic or activity related to http://117.198.12.10:59906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.10:59906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.74.146:48535/bin.sh id: auto-2952e22b9f3d23d8a1b7ebe4bd4e57475afcf00d2d7ab4a9e5711ac8c36d4d01 status: experimental description: Detects traffic or activity related to http://115.49.74.146:48535/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.74.146:48535/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.183.205:45791/bin.sh id: auto-120f1e4817474047a935d79e8502eec6d004fee5bf7d6918d45232afebbb7029 status: experimental description: Detects traffic or activity related to http://175.150.183.205:45791/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.183.205:45791/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6334661508/BlX57OS.exe id: auto-44775b8b06ec1a82fd3aecd56c31385ef10a14ff2199952115f43179e64d402a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6334661508/BlX57OS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6334661508/BlX57OS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.70.39:45342/i id: auto-f407607c3636f800ef973ce40accd04a65cac851d6c525212b287f26c372558a status: experimental description: Detects traffic or activity related to http://117.206.70.39:45342/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.70.39:45342/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.10:59906/bin.sh id: auto-654eb8ec77d7583748cb88f383ce6131a8c99d961dbe42d85e028270b9f61927 status: experimental description: Detects traffic or activity related to http://117.198.12.10:59906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.10:59906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.195:39612/bin.sh id: auto-2542523ad84cd3a4021f5b1fc36d2f203272393e43ffdb62335644f779938e84 status: experimental description: Detects traffic or activity related to http://59.97.251.195:39612/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.195:39612/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.123.56:55404/i id: auto-fda918655f500ce0ec73511cda96dd8408d4e9431e96380b8afa0072773442bd status: experimental description: Detects traffic or activity related to http://61.53.123.56:55404/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.123.56:55404/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.11.4:51464/i id: auto-3d3a430803e19b99d5e6f04cf38990ce78952e3307d51925572b139c264157f7 status: experimental description: Detects traffic or activity related to http://123.12.11.4:51464/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.11.4:51464/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.52.168:54197/i id: auto-8a1b245595c007f3427342d520a561fdf3a702209767e8bb38d0d20af62a67ff status: experimental description: Detects traffic or activity related to http://115.55.52.168:54197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.52.168:54197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.123.56:55404/bin.sh id: auto-ca05a148a75d222d787fa048d0363243f023bda071d6792ae312149c320bda0e status: experimental description: Detects traffic or activity related to http://61.53.123.56:55404/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.123.56:55404/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.122:43768/i id: auto-7f8c1e4a08807205d2d00377d5f0a9dfffc85f3d80c30b80335e7b7a3e292b9f status: experimental description: Detects traffic or activity related to http://117.209.83.122:43768/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.122:43768/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.52.168:54197/bin.sh id: auto-9f1913a76357df9527162a9eb7fc9663d645199984d2c1f60215539d976a9424 status: experimental description: Detects traffic or activity related to http://115.55.52.168:54197/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.52.168:54197/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.230.141.123:33539/i id: auto-fbcc6f5c9cab0e3eb89802dbf5c3119bd17228907ddc7f7980f1956ecdb3935c status: experimental description: Detects traffic or activity related to http://94.230.141.123:33539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.230.141.123:33539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.11.4:51464/bin.sh id: auto-5c379eb5e9122d1b4ec9006dd3ecd5ef7540a4dd70b602dc20392bde7f4f60e2 status: experimental description: Detects traffic or activity related to http://123.12.11.4:51464/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.11.4:51464/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.213.159:43810/i id: auto-50a73b25632b06529caf9ebfa5c2dc05a0e648b9f51bdfdb1892668986b0c50b status: experimental description: Detects traffic or activity related to http://120.84.213.159:43810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.213.159:43810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.21.48:37168/bin.sh id: auto-0c8e3ddd5b22a25200a15de6ff52fa1f4154277d3c89ddbbf5ddabcc7b9481e1 status: experimental description: Detects traffic or activity related to http://115.48.21.48:37168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.21.48:37168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.122:43768/bin.sh id: auto-ac86397fecd30cb6b702c73dd569ca442b325880305fc3e9cfba2d902303c991 status: experimental description: Detects traffic or activity related to http://117.209.83.122:43768/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.122:43768/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.230.141.123:33539/bin.sh id: auto-58e21a0de9917d0f5f35bff572bc3629a2ec75ef13cec3dd247c6c8b78585803 status: experimental description: Detects traffic or activity related to http://94.230.141.123:33539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.230.141.123:33539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.51.67:38549/i id: auto-f9e439c60ef42e7b5811b8721178a434efcf67b9e92c9351c492361c9f51f08a status: experimental description: Detects traffic or activity related to http://182.119.51.67:38549/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.51.67:38549/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.212.175:42267/bin.sh id: auto-bc634a6bea5778995e16d644f8f9b2271e8b485678117ad63dc0b49afcb5d4e4 status: experimental description: Detects traffic or activity related to http://115.50.212.175:42267/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.212.175:42267/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.81.64:49933/i id: auto-eb4202a7582fa7effb1408b1561441c35dd513b132bdd3e8c05c97743e728705 status: experimental description: Detects traffic or activity related to http://61.53.81.64:49933/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.81.64:49933/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/qw21IdW.exe id: auto-59f8edf2cba1c806d6dde344f6dbda5b4999e497bb808097d97e5aad1f2eacbd status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/qw21IdW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/qw21IdW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.5.158:43241/i id: auto-1979b6793b4b0a7024febe6d5ebb7533777e2f9b2bf6c24242dfd85d40c523ed status: experimental description: Detects traffic or activity related to http://182.127.5.158:43241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.5.158:43241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.193.43:48350/i id: auto-bc75c6c041d7938cd97f9e6c555e6f83a7aa263b67134308351e06f2a9fc5fb9 status: experimental description: Detects traffic or activity related to http://213.43.193.43:48350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.193.43:48350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.187.235.93:37739/i id: auto-4977709acf7fbf5eb25c7f9302d2571425f62dd70ea649b18bdb0b06f161619a status: experimental description: Detects traffic or activity related to http://119.187.235.93:37739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.187.235.93:37739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.130.16:60746/i id: auto-a31cf07f0c18e0708494d76da8a4396319671a313c3440ca9f42e69be19db82e status: experimental description: Detects traffic or activity related to http://42.227.130.16:60746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.130.16:60746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.51.67:38549/bin.sh id: auto-9e89c4b3b77daf241d04cce04b5c0145ee138a078da9eb2deb2ec588e239f027 status: experimental description: Detects traffic or activity related to http://182.119.51.67:38549/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.51.67:38549/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.5.158:43241/bin.sh id: auto-629cb5b2689240bfaee495357df8338fd52b0c67cc30fee9a236340937c1b651 status: experimental description: Detects traffic or activity related to http://182.127.5.158:43241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.5.158:43241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-rt-net-sync-exp/v65-sd45-asd102 id: auto-b351d82e6032d2ba455a3e49acb900c7ac3322288a3736ffc1dbe87775d1a6ba status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-rt-net-sync-exp/v65-sd45-asd102 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-rt-net-sync-exp/v65-sd45-asd102*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.193.43:48350/bin.sh id: auto-495c75f2c0faa7d2a164d00615f30c977e2832b22601c9927b4887d891bb35ed status: experimental description: Detects traffic or activity related to http://213.43.193.43:48350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.193.43:48350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.81.64:49933/bin.sh id: auto-0bf6cb79c5e243207f6221c2569d603cb7d5a897f2e74e89535343d44ead8ff3 status: experimental description: Detects traffic or activity related to http://61.53.81.64:49933/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.81.64:49933/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_arm id: auto-fe74b3c7d1f254ef8b3c7ea4031019ebaa7ee7ac5414831a9f0422aa05be6a7b status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_arm6 id: auto-75470306acfcb85b03faa90302e8e701741f35cbc57a9c5faa489d49298a2e46 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_ppc id: auto-78ec7bfa3e82d78226e80fb3d674b80de5bbb9d7acd68bda8b59c8d1ef7528ba status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_sh4 id: auto-20bf1dbdcb748c7fd8aa291c067ba3d77ef74bba609d40dacb539c0ab01008a5 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_mpsl id: auto-e3f02abcefb17fba1ed571d7baeb2a7772e1d9373db36add3433fcbb76ed3388 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.187.235.93:37739/bin.sh id: auto-02d786887767cd97c5293486ad8cbd29351dc9b02ac9c27c647c83b0e5b83a40 status: experimental description: Detects traffic or activity related to http://119.187.235.93:37739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.187.235.93:37739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.212.202:45854/i id: auto-360da21a4644ca2dfbc2b25b5646f6bc264db6b66e51b6747545b28bda5b4e0b status: experimental description: Detects traffic or activity related to http://124.131.212.202:45854/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.212.202:45854/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_mips id: auto-7b9a985bb3beabe10b9c253a7cfb0b8e57b17bfdbfe2b73f9b5b7407fbaab489 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_m68k id: auto-20908961bc1b4fc8052d0478ed918e7e6f94aa3dc27c0e31c15a666bf03254d2 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_arm5 id: auto-12afdf6402a64326dd1e4f3cec9f2215dd0b499bca0b9ddf0ced3a6e3fb6ad85 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_x86_64 id: auto-1225cc21163a37287b8eddd3833cf02703c03096f75116b7a1775e53be4f0633 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.214.31:35786/i id: auto-b77c8bbee58456613a73e007a2ff4ec7dddaad4f7bcf2feaabf1fece76c7be45 status: experimental description: Detects traffic or activity related to http://123.14.214.31:35786/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.214.31:35786/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.121.49:48966/i id: auto-a218c95e3a0e42a86fdd683047cfb9731002cd2ba2250e4c8264ac4f6ad1ffa6 status: experimental description: Detects traffic or activity related to http://60.18.121.49:48966/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.121.49:48966/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_x86 id: auto-d9aafe95b937d743a3081f41c24b08ed3696a3363a0a9d18a96808a69f0fb3a1 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/jack5tr.sh id: auto-7906a673f9d3899ac2ea13150c591da6a95024f6917b506a2a3511fd7db6886f status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/jack5tr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/jack5tr.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/main_arm7 id: auto-7bc00ffd6145f1c94d4401c7fbdb134a933eb8d0df417f3b4520509eca850753 status: experimental description: Detects traffic or activity related to http://5.175.136.77/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/main_arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.204.66:37373/i id: auto-339995e83bdf7982af1ef756f3499fe245c47cd76aa2dc4ccd9266be13294f9d status: experimental description: Detects traffic or activity related to http://112.225.204.66:37373/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.204.66:37373/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.130.16:60746/bin.sh id: auto-5dbe0a0fbe0536db3e5f18341d1e2c8bbb9e36b03b51ddc458a9e31fe291bf2c status: experimental description: Detects traffic or activity related to http://42.227.130.16:60746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.130.16:60746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/jack5tr.sh id: auto-61f42f1f32a272f722ff39066429abafc30138203d4c9f98edd3ea7b3689ce4c status: experimental description: Detects traffic or activity related to http://103.124.93.149/jack5tr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/jack5tr.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.arm6 id: auto-27df3956178bb9bbd4126b94d159d06f8e99b84e42a36b0a102999f5d7b5456e status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.206.235:45851/i id: auto-f5bdb22cab2da7dc9f52efd6437c77e10209f76be36fcd70ed1ece66804e12ca status: experimental description: Detects traffic or activity related to http://175.175.206.235:45851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.206.235:45851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.mips id: auto-b9d3b6836bf088fec4a519c7758cc2677a0c9b3dd20df7e84d58399bd4da0389 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.x64 id: auto-caa4e825eae3b625303a725fbbe7646ab9bc9b94fd4bf01c70ecb563dc12b44d status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.x64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.arm7 id: auto-3931961873fd24e77e23f91209404f9782f779900bc594f026e8bdb0108b05ff status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.mpsl id: auto-6f678b452c368737d6e45a91ee8e5b10d7a1771111128a5db396d06ac4885571 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.m68k id: auto-1821c8c73b27ae56887e6bd3a2694a13ba48d1229c212315bf21f589860855b2 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.spc id: auto-9ff6545c6df17151aa57867c235e3f20f4886b84fd3c7a73317e3f15a60a65d4 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.x86 id: auto-053ae540deb183335d33d2b7ed62dcfb4f9dde200b11190f366963ebdc6c06e0 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.arm id: auto-59295fedcbad28c78e1a6666513df62b659d44f96143a8ea8061aea4125c0ec1 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.arm5 id: auto-802eb5d3f2700283175157468e179441a87eeb1f3a150d00796cf6537d5ec8f9 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_sh4 id: auto-4a90d1bf6685d2a9ca9b6773a4356040e8a4bf7ccf1f7fadc2352328e029ab34 status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_mips id: auto-83078abe7d4edef18960f43a4466e2b784583a9b6e949002a3bc12ecab82a30b status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_arm6 id: auto-d35dbab2cce47aae29ae0ca81689f65c22cd4ae6dee379e8aaca7ed976d44687 status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_arm id: auto-3c2e7d43907b51e360fcdb9085f705d7eb60d4f0a9222e6b34bbb09cf295c9a3 status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_m68k id: auto-293f49344fe5b6b446275179cc1c6133eb65abf891f5d0a59982212eca5a111d status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_arm5 id: auto-8cc7038fedfbec5c65701d5a19da52ac3f4460682c9b26a84ebd80a196f9adf2 status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_mpsl id: auto-b8dcc4af13788625ee87555345dfe38bf977a966ade9727bf3308db7a0093842 status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_ppc id: auto-063a7124467e19f496735a753906e97f1cde4c88cc4ef998bbbd7ffe51243cb7 status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_x86_64 id: auto-0aa073badecc0280f9336313c150741e9a8616d9e4d31ec2efe6d97cc288319f status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.sh4 id: auto-90fce444d0c84864dcd190bd6c0926280b445e9789553ba1c6575805c8d7030e status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.58.58.212/5r3fqt67ew531has4231.dbg id: auto-6cdae64dae8356004bf236244189866255795a59ae43da93d6efd9a87c32ced5 status: experimental description: Detects traffic or activity related to http://31.58.58.212/5r3fqt67ew531has4231.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.58.58.212/5r3fqt67ew531has4231.dbg*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.179.231.52:57302/i id: auto-1bc92262675ffd1ac7eae757e6f679a440c779c2b15cb1b97e40737f7ccb31fe status: experimental description: Detects traffic or activity related to http://123.179.231.52:57302/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.179.231.52:57302/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.131.219:56366/bin.sh id: auto-1af305f080c4aa83d2df1608bd7c56fe0de5d816613322ccfb7a0c476d7e2cff status: experimental description: Detects traffic or activity related to http://123.10.131.219:56366/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.131.219:56366/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.143.167.155:52873/i id: auto-e77b4d83a094929407ae27657b8c9ae936ff197c0cf4b5d5b43ee97ff93142b0 status: experimental description: Detects traffic or activity related to http://103.143.167.155:52873/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.143.167.155:52873/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.121.49:48966/bin.sh id: auto-4f63388118fb59a7a38946c4da7be6558f86a94c94e861195d25b8ded4f11571 status: experimental description: Detects traffic or activity related to http://60.18.121.49:48966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.121.49:48966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.179.231.52:57302/bin.sh id: auto-bc7123ac491e07ff3a65d8e1bcd00a28da8e2a9dc69fd440eaffa61c30e1cd12 status: experimental description: Detects traffic or activity related to http://123.179.231.52:57302/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.179.231.52:57302/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.206.235:45851/bin.sh id: auto-20c8d1472b68af4473f13b0880d242290667dc8eb51700cda67b1daab4bbba7e status: experimental description: Detects traffic or activity related to http://175.175.206.235:45851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.206.235:45851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6382108206/r4tMpI3.exe id: auto-4a63459ca643319e2e48308f4d3874911b5b41058ea500259069f28f95d58b47 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6382108206/r4tMpI3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6382108206/r4tMpI3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7815353551/KI90cpb.exe id: auto-9cb8dbc38da86b1da91133ed1a46b399fed4845aa63d39097e7d5a9bb968556b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7815353551/KI90cpb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7815353551/KI90cpb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.143.167.155:52873/bin.sh id: auto-733e3b73c67fd954bf051f4c156f706eeb37b5acdf0f53c3369abbd74e241ad5 status: experimental description: Detects traffic or activity related to http://103.143.167.155:52873/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.143.167.155:52873/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.0.21:36704/i id: auto-429fece05fa031d883ee09453293c1b0e78840ee060a5de50d9bcd2692b22429 status: experimental description: Detects traffic or activity related to http://219.156.0.21:36704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.0.21:36704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.133.125:45676/i id: auto-1b6c8a338b64ebfda0e1afc012149a5f27e24b0d7efe69cdf0aec44105627104 status: experimental description: Detects traffic or activity related to http://39.79.133.125:45676/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.133.125:45676/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/380743829/wBDdndM.exe id: auto-1fbeea460b0fd69f6730a56d32b45a07aba3c1cc9a71eecedd1e953e2d100936 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/380743829/wBDdndM.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/380743829/wBDdndM.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.0.21:36704/bin.sh id: auto-4d8ba72a4be4b04845a3371da3dc018fad21fc986b29c7547dab8d13f21127ef status: experimental description: Detects traffic or activity related to http://219.156.0.21:36704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.0.21:36704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7815353551/ArkzMPY.exe id: auto-91095d8cc2143a88d1d6366ae25418d9f779c624e6d259dfd43f502a7180a142 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7815353551/ArkzMPY.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7815353551/ArkzMPY.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.93.16:38129/i id: auto-2f057ac3c302968994f50bc2d67d16df3d9179c0b9f90987c53e9403c8da3da9 status: experimental description: Detects traffic or activity related to http://125.41.93.16:38129/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.93.16:38129/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/wget.sh id: auto-014a61c002b25288713612bd9015a8263b7b22526524d5912d80b49d6b7fdc98 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/wget.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/mips id: auto-8051eccd967cdbd31e9cde410fd9125134012d3951735ce631232a4759d0a7e5 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/sh4 id: auto-91b1e4804db09871ed10da54e2247ad8fa401e0af586c68f3512d4584d365833 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/w.sh id: auto-2d681339f606ac07205671994bbce4f814d18862171c77ac59db68121d36623f status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/w.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/arm7 id: auto-f4342c4b18b930733e8d19e1d6ca7dd7dbef0e18baeabfab06a5e96fe616cb2e status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/x86 id: auto-1a12ff026ef9cae572b79a5d3fe33439fcee7d4fc6db0d3498662319b1a56b89 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.166.0:44255/i id: auto-3d0b43de1da72ee219a7a414addb245b250e926adc67ee7220183532961ba461 status: experimental description: Detects traffic or activity related to http://117.196.166.0:44255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.166.0:44255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/arm6 id: auto-c1fa5f00ffd1f5887ad589143c3605c67c93ca74f2fe4acc6924469934e9e8a3 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/spc id: auto-68227a0a1a918a5251bef238de0c09288ecafc3a623f56eb68a065b94f11c5f4 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/arm id: auto-c1183c32f50fe0a28901615bf56e3f0a46efe6df3cc438fc9f5c4a16ad866aaf status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/mpsl id: auto-62ebbadddbc495e71668e93dde1de6ca04b9c0745fd47c92781a0951a450d78f status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/debug.dbg id: auto-efa07a35495753dc3de259fd3607eda8bee22f5692248384cd3e6dc1af5971f7 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/debug.dbg*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/m68k id: auto-737a99f9d924a97dbb784ed0109a568b58856c64f080ccce6e40ca1d013767b4 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 id: auto-7d912b1c9ca11da5f42fbbe61ae30211d8fd9919c8908b2c1552df1814aedeb1 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/ohshit.sh id: auto-c2e5d51679cf30bfacfcaf0fe2c4ef23a64c5b6ce96b40e4de0047025c4f10ef status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/ohshit.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.50.148.169:59797/bin.sh id: auto-1d4b5627571b9389581e9f6ddd8baad26cac0193fc398f6a4c8917aeb7d231a2 status: experimental description: Detects traffic or activity related to http://185.50.148.169:59797/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.50.148.169:59797/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/c.sh id: auto-00117cb349ae078ce0ad4fe3425c82e7c2342c9a5d71c32f6a6f7811d8e76bc9 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/c.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/arm5 id: auto-ed0f2b3134b490e1a38eb3b668c25a0cc681381bf7ed07868128b9610055f6d2 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/ppc id: auto-3cccddd1f2f3acf215e86f1c528ce1616f760fe17080e6b6eaca319efce0e505 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.taphoanxn.cfd/x86_64 id: auto-8ec14810c50bee758a32fa4dbc5505dad87afabb8444308f7bbc255302edb815 status: experimental description: Detects traffic or activity related to http://bot.taphoanxn.cfd/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.taphoanxn.cfd/x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 id: auto-0cf49983dfacb59c37b405b01724cafa0dbedeb44f6ef70e58ef2f2e651b0820 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc id: auto-29dfc321f0231d07c5e65c23d70866e62a48e252cc7811a4d19d36a5e2c51acb status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k id: auto-39650a0e564e7946ab268e200178b73493098f6db470a0aedd790f7f31b4b5c9 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm id: auto-837f4585fa4bf8b59d9defd4d37e471b2180df617f06e2f45b88dafb65186141 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 id: auto-c41c3dade800bf967502423c4fac2d0eef6a6d2a29d6893a2ccd571581482c64 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 id: auto-f96826365b3e2f45ec068460f7c0441967d2caf2d880fffcd2eae4bece93fc32 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc id: auto-a03ec93c50d620966eeaf631c5da92af35bafd442087c3d9db5a0e2892ff7ab2 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 id: auto-2b03b97f1c6d9c650ff90aecbee0be80a7f043e5a075088fce5517ba7ec3cd4d status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 id: auto-4891a3126ce03c688deefd7b931e5a58e7a39fcfd4b51fa0cdfd5e101f32fb63 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips id: auto-acd1347fcad24f5853d252eeda4f29ef3281b6682506018613ab22432bfe435e status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-209fde27eabb1297bff707bc82a98d825ddbcaf420c607e7abaa9430c89e9919 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 id: auto-c785430ff76d7dcf357498b616ffedff4d777ef18365f241e6d9588b69931956 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc id: auto-f5589b38947e82488ac6858bc0cbf99041c07b92a2c26bd48320bfd587d740c3 status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64 id: auto-b693cab1b9bdc2c922e5cf71c36c33357e6459c5c6b3211fbf4acb2360e705ae status: experimental description: Detects traffic or activity related to http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dongfeng.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/a-r.m-6.SNOOPY id: auto-ba557b0a9896164e05f39a6aa8cc7d62fc475d7d65d7cfadaacc6f47413ce305 status: experimental description: Detects traffic or activity related to http://130.162.189.29/a-r.m-6.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/a-r.m-6.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/a-r.m-5.SNOOPY id: auto-e2e9e63ba914cbe22d2fc6de0dc5632c0cc08f99bd735282bf30c8e56c65fc28 status: experimental description: Detects traffic or activity related to http://130.162.189.29/a-r.m-5.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/a-r.m-5.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/s-h.4-.SNOOPY id: auto-26446ac5686b8321340f2de8bde9dc1a77ada7031d12dce531219f5b9727a3a9 status: experimental description: Detects traffic or activity related to http://130.162.189.29/s-h.4-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/s-h.4-.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/p-p.c-.SNOOPY id: auto-af2be82b700756d0f624b35534d486e388e6c076e9456eff0d915dd1ebb581e7 status: experimental description: Detects traffic or activity related to http://130.162.189.29/p-p.c-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/p-p.c-.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/a-r.m-7.SNOOPY id: auto-af7edd068ecc44814b04c39856bfd9bafe94ea06553167d7276a9b3c3d8ae05c status: experimental description: Detects traffic or activity related to http://130.162.189.29/a-r.m-7.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/a-r.m-7.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/m-p.s-l.SNOOPY id: auto-3f1ab5dc6764a340b84bb7a150468288408e4b64020419ce91fae034095233f2 status: experimental description: Detects traffic or activity related to http://130.162.189.29/m-p.s-l.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/m-p.s-l.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/x-8.6-.SNOOPY id: auto-6697e0ad88252270b1afaf4a2159c926237c17f39f8815c444355c5b7148a087 status: experimental description: Detects traffic or activity related to http://130.162.189.29/x-8.6-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/x-8.6-.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/x-3.2-.SNOOPY id: auto-d699be179a44cfd480c73d4b90562eb9adeeade6ce3813a04ccff588ecafe753 status: experimental description: Detects traffic or activity related to http://130.162.189.29/x-3.2-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/x-3.2-.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/a-r.m-4.SNOOPY id: auto-068b2db4b49ac2e4e73c1fc6d96200702fdf71b8a1382e467b8cca1adf15033e status: experimental description: Detects traffic or activity related to http://130.162.189.29/a-r.m-4.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/a-r.m-4.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/m-6.8-k.SNOOPY id: auto-062bd33bbdd345a14e05a1a48bf2cc9c5c86a430dcdd1be1859a8a902a87aa14 status: experimental description: Detects traffic or activity related to http://130.162.189.29/m-6.8-k.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/m-6.8-k.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/i-5.8-6.SNOOPY id: auto-68eada0ccf5b00902d62e5e191cbcbc71cd5af6f2c3bc08c57357bd5db6553d3 status: experimental description: Detects traffic or activity related to http://130.162.189.29/i-5.8-6.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/i-5.8-6.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/m-i.p-s.SNOOPY id: auto-089527248fc1d6152ca70e0de8ecb47f9280f5a0d32f809bcacae126998288a5 status: experimental description: Detects traffic or activity related to http://130.162.189.29/m-i.p-s.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/m-i.p-s.SNOOPY*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnloongarch64xnxn id: auto-15fda1a25b4c9ed8f9dc7de850a3d7e40e79d8a1fc072a8b3e27cc6889d89d87 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnloongarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnloongarch64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnriscv64xnxn id: auto-7aff40b1009092b1b3d7ab4cc8cbe8a93a13ff8a6e7d8fd40d406049932cae40 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnriscv64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnriscv64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnsh2xnxn id: auto-d3c26c7d0e50493c0939719ba60fa5f2ab8a823a283465b0f08f775c343b81d8 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnsh2xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnsh2xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnriscv32xnxn id: auto-8674c2166efb436a4983e61fe91a30bd502a0dc9ac4c356e127197299d55cec6 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnriscv32xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnriscv32xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnmipsxnxn id: auto-6e871e4661f2ec4f7eea1eca87ab6ca05533b15425ad0bbdd5d969c5270efac3 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnmipsxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnmipsxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxni386xnxn id: auto-588df5ddb559dea706e85696d3e5ce31270db23fa64490274cfcd70b54d89beb status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxni386xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxni386xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnx86_64xnxn id: auto-85feaccd82d9a659424a7595af71e276eb8fd2919f0d296a78ac50c235d81001 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnx86_64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnaarch64xnxn id: auto-48be375601d586cc224a57111c1638a9c7bc65d25f9959f97abe278b2afb8131 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnaarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnaarch64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnmicroblazexnxn id: auto-a2d9e69ff1349192b20abcdda1c89c1265bea120cbcf3cec59ca8183eb448ebd status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnmicroblazexnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnmicroblazexnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnor1kxnxn id: auto-480df5c8c4a5ab84481391a618cfafc008f3ab003fdea7ccd12555be753f4d83 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnor1kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnor1kxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64 id: auto-f59add45ebbf418467e3d91b2c09608278852fc35294578d4f52b42ea80cf8a8 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc id: auto-eec1eb787ae91ddf0370778b3b0090392e884ea0810e638ba058daf1c92d4818 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnsh4xnxn id: auto-38f89ce76decc86df5a256414681de8ffa6f323bec36849e9a020b1130f2ebc5 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnsh4xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnsh4xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnpowerpcxnxn id: auto-86c7f87ea46f2f297eb059d37fa159b9638d68100960e2e11c0f11d156c68666 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnpowerpcxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnpowerpcxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/bins/xnxnxnxnxnxnxnxnm68kxnxn id: auto-4ff4c85bc7f8cba8b81237e6331262b56705815f4e5157f094a47dfffefe6f46 status: experimental description: Detects traffic or activity related to http://194.110.247.71/bins/xnxnxnxnxnxnxnxnm68kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/bins/xnxnxnxnxnxnxnxnm68kxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnm68kxnxn id: auto-c5430765dee6b3e43c538824722efad3cd4e974771c407abdf524dcf3434c2f2 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnm68kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnm68kxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh4xnxn id: auto-dc65e64cfb413f862dce8f88a01ce6312b09b32c5522a52f1e82b9a5a4a40678 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh4xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh4xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv64xnxn id: auto-bc91e320b580b7b9189e76c89267296cba0644cfb7dd5c7e07a952964a7ea96a status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh2xnxn id: auto-ee530aa5d50a5d3a762b289b01e4ab648a83ffb5bc193b5caf73c6222eec38de status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh2xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnsh2xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnloongarch64xnxn id: auto-db91b29c28fdcee2d57ef4a5c4f7aab27605af9a0193a12c2722c140a8ccc559 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnloongarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnloongarch64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnpowerpcxnxn id: auto-87d3d0cfdcacafe6a27d78756a763f973c416c1c2064fc4c5409f65d79d06cec status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnpowerpcxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnpowerpcxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv32xnxn id: auto-b1f9fd80d7111711d6a5c1593a505f8f6f47e36bbbaf1f0db80ef03ac5f8ee10 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv32xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnriscv32xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmipsxnxn id: auto-88195f3824d397072b633f985b59a094297948cedee34c122e5f224254626607 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmipsxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmipsxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxni386xnxn id: auto-75d614356774d4306ba1aef13f3d1290f2004f221e956ed334fcfc3fc6933142 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxni386xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxni386xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnor1kxnxn id: auto-f53f87cd0c2d768c5fa4af6990b94d297918fb7e89ed75371e76103e1e43549a status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnor1kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnor1kxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmicroblazexnxn id: auto-acb8de7fa2535ae6adcf52c337a539989112d0af3cc350a58f89aa0d61e43615 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmicroblazexnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnmicroblazexnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc id: auto-4a628948e17c753004d59736eb1985e69783e5b43e46350470b53f33405ee9fd status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 id: auto-fcca3b2733c211f4a8988d93ceff1057187e2aa1d356e506e5c68dfddf5bcfa3 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc id: auto-dc360999c4286bf06869da61374fa197f04c782637208eec5a5a7f070221906c status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-e6767c60182c2c88623eef48b82b2eb4c6f5f7827f5850e47823720fe00ee8bf status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 id: auto-cfa5b6ccf55491525c7fe737cea97715ffe56c386e14e966309420703e46ff14 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnriscv32xnxn id: auto-550741f6dd5fe0604fabe0bcba45ccbb4aa378f823950ad3a91cd5a3f605595c status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnriscv32xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnriscv32xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm id: auto-b36f53af320e840f03d6694030780184d491cf6a5f57d7026dbbfb9c4033b026 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 id: auto-edee3565a401c5805c159660aa5449734e87d2a1d0f3dbd283d93bf79578f25f status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 id: auto-fbb39959c3dd1e35a4c0c12b27771e95a3507d03996fbf7b3552004b5ef91dcc status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips id: auto-139f696e6a5e1dc1a9dd9fbb8582912c4999b17bfe865d459dd676b5e067e7f5 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnpowerpcxnxn id: auto-198b0e8dc3f2f12fb020681246978b665cdbb7ee5d847700a9748a535e6f5503 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnpowerpcxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnpowerpcxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnmipsxnxn id: auto-ea7c557694bb490c28d7bdb83265debbcf84eb9f6c1f65a3f0b6a9e353f7c058 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnmipsxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnmipsxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnm68kxnxn id: auto-de23d2f7f16f6c6da90b95ec16c3f818eb905d50442fe199ae7124fd51366827 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnm68kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnm68kxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnsh4xnxn id: auto-1701f40f3a10897508d23effa25149b08fa9cc0c14f6d3b32e9f92b9b15aca30 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnsh4xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnsh4xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnloongarch64xnxn id: auto-d7cc724fedc8c131f8de7ba36c253dbdc8ecda5f1fd9bd1867f6a8f45b456aa3 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnloongarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnloongarch64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnor1kxnxn id: auto-1a67f05a5b46dd3472414117c7a6b1ee8abaeeeed41a804e5603c374a2d77d50 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnor1kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnor1kxnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnsh2xnxn id: auto-3899ba9fa9abe9baed3d7da690ac3155df7ba8e310a28f5612b929ab39a9a9b1 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnsh2xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnsh2xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc id: auto-9b7c7706bb4e99190ea8d087802b456a6105382d249f40abfc3060b99f993912 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnriscv64xnxn id: auto-87b8ca0b1f7d30cb552699853ec5b8d27501f21a0f46d8c254160be990adc903 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnriscv64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnriscv64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 id: auto-c81a8c652f3fd6f6ade7449d217793280467effea3ac0bf48a44ad798311cc63 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k id: auto-55d25bd31645f2fe56257b3e4fac2006dd71ba0d38f892aec0e1ff5e422f0aef status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnmicroblazexnxn id: auto-9d2fd6da6c51d19dfce755e7cffe52d66fe02532ac7f54c05426720efe22fa99 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnmicroblazexnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnmicroblazexnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxni386xnxn id: auto-4cf58f1ebe4c903c22ffe6556d6d8097a6bceb3f0e75c2c82037a0af15e12fb5 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxni386xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxni386xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.162.189.29/SnOoPy.sh id: auto-f8b307b34fcd947080c333a6911f6d99c54fab7880a7e8e2d4988473b3f706d6 status: experimental description: Detects traffic or activity related to http://130.162.189.29/SnOoPy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.162.189.29/SnOoPy.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.110.247.71/run.sh id: auto-2216c46f03063c245b3a5bbdd61f1e1400e6ecd499dcb111c341e1536ae57723 status: experimental description: Detects traffic or activity related to http://194.110.247.71/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.110.247.71/run.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/run.sh id: auto-6827e54f11984896f7b5efa03257fb17fb93b01f45519524055de58848e4159a status: experimental description: Detects traffic or activity related to http://198.96.88.70/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/run.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/run.sh id: auto-a857a0ff1a22236867e34ce8ee952013b7d04e7b32048307a6701238b57bd8c5 status: experimental description: Detects traffic or activity related to http://83.168.110.127/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/run.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/8UsA.sh id: auto-82cfa5ce7f3d8b18b4f12e572e98d458cbd806c043f7dd9f37a0d97a8557e840 status: experimental description: Detects traffic or activity related to http://165.245.129.3/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/8UsA.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/ohshit.sh id: auto-389b7f4a6edf12171b0879388bd0681e65bacab188a686369ad985a481b263c7 status: experimental description: Detects traffic or activity related to http://45.83.207.194/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/ohshit.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/wget.sh id: auto-f8df8ff04f1b09f3a564deed53974460cd1418b505c08bd20f3a56eb11998556 status: experimental description: Detects traffic or activity related to http://103.124.93.149/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/wget.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/w.sh id: auto-25114bbb0dfce65255daddfb1cbeb6281c597e0ca7b5e30e4021e5d312f01d5a status: experimental description: Detects traffic or activity related to http://103.124.93.149/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/w.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/c.sh id: auto-b0514b301e9fedfe4ede7e3c5348529f9a8f33b9ef365d76e2511488ea57379f status: experimental description: Detects traffic or activity related to http://103.124.93.149/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/c.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_arm7 id: auto-4f38587c7a382065e1919c3b44e1291baf3b7cfc61268bac6dc47b2e4eb50dce status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnaarch64xnxn id: auto-b55eb491be2eb298e4a591d45236caadc699484be74792339e63be6aff8bbf64 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnaarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnaarch64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/m68k id: auto-84d093724b14251c4319f7b109d4c83ce0bdc75bf98a6f450a7579429b9d0a91 status: experimental description: Detects traffic or activity related to http://103.124.93.149/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/arm6 id: auto-4aedd16df83be3651094a7076d2898eed3eba458150149fa8d3c35027a6f3321 status: experimental description: Detects traffic or activity related to http://103.124.93.149/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/sh4 id: auto-c601350eebc0adf2a03a450bf270aa945d9c21860ac29ad0e5b1f340946623ac status: experimental description: Detects traffic or activity related to http://103.124.93.149/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnaarch64xnxn id: auto-f8ca881d9eff4f2703a39015e639a999c46acb6d8b41c5ee17d7db053e368af9 status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnaarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnaarch64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/arm id: auto-3161f175005255f8b237e2d8fa225c0cec74315549deced295e67e1781df0ab9 status: experimental description: Detects traffic or activity related to http://103.124.93.149/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.127/bins/xnxnxnxnxnxnxnxnx86_64xnxn id: auto-2ff134095af22bf1c3352ae04edd5846ad9dff49ff45885252fdaefb6ec7bc7b status: experimental description: Detects traffic or activity related to http://83.168.110.127/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.127/bins/xnxnxnxnxnxnxnxnx86_64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/spc id: auto-b61a75b4eebd0b10b289a0bda653add65b65e74cde022eec3b227241d0685905 status: experimental description: Detects traffic or activity related to http://103.124.93.149/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.arm7 id: auto-c2c5ada35cebf9738fa4c9d474e2d4f342e2a9dd74c22d77459b3ef64584c41d status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 id: auto-16c1fc9b27bf2d279811c0381047d62684521739b53fc8c5d287773b24bfff48 status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.96.88.70/bins/xnxnxnxnxnxnxnxnx86_64xnxn id: auto-ead6508b5a02e0bc3a9c5f3ea35d52170e69f6e79d2e76db1b929d7b6ea58951 status: experimental description: Detects traffic or activity related to http://198.96.88.70/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.96.88.70/bins/xnxnxnxnxnxnxnxnx86_64xnxn*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/arm7 id: auto-20ba3c1330e0ee352737d3465b309a39bf521efdeed4e35cc5d05ec57afe1605 status: experimental description: Detects traffic or activity related to http://103.124.93.149/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/x86_64 id: auto-7da663d5e703697fe1180d34b066fd7b35312daa4f3e7bf9aa76fb87ecea5f97 status: experimental description: Detects traffic or activity related to http://103.124.93.149/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/arm5 id: auto-876c7c7fed05aeeb7ae9520c05e22f1d28667ff9e2fd864c9581fd798deced75 status: experimental description: Detects traffic or activity related to http://103.124.93.149/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/mips id: auto-22c29f72bcf82e85d312f9359d8af03a68e2ce46d1493c58aea6204a39dbdebb status: experimental description: Detects traffic or activity related to http://103.124.93.149/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/mpsl id: auto-67a230f63518b780b0c91e6926a7a8da0afcc430244a390d09a35370f985b846 status: experimental description: Detects traffic or activity related to http://103.124.93.149/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/debug.dbg id: auto-6cb1b5e9caf22bdb3dcb7c6234fd3078bc86bdc5f6d0294085f900a68bcc7b39 status: experimental description: Detects traffic or activity related to http://103.124.93.149/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/debug.dbg*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/ppc id: auto-e264bb99e8e59e656587034e03b8d67518f62a6a683212996344d71995fb32f2 status: experimental description: Detects traffic or activity related to http://103.124.93.149/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.124.93.149/x86 id: auto-9c376456bd3bfc203e52b73f151f4e3be53cf52d75df5181d52cc7cfd89a60ac status: experimental description: Detects traffic or activity related to http://103.124.93.149/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.124.93.149/x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 id: auto-e7df6445baffd977e2dd124604ec61a8b0f561680a143e61fb050ff3bca8ccaa status: experimental description: Detects traffic or activity related to http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.194/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.168.110.34/main_x86 id: auto-5159fca05f273217bbf6faa56b32abf6c8007ac4fb5213ee4f1e4c51a8377aae status: experimental description: Detects traffic or activity related to http://83.168.110.34/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.168.110.34/main_x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.129.3/bins/sora.x86 id: auto-5d3ff8c22c57ce73dbcdf6c59a311efeec2f6d266611af7f66d8a910bae8cb7f status: experimental description: Detects traffic or activity related to http://165.245.129.3/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.129.3/bins/sora.x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.166.0:44255/bin.sh id: auto-6080662f1c22698542ebeee277b0e00b325d24b5d281fa5235aefe1631748f7c status: experimental description: Detects traffic or activity related to http://117.196.166.0:44255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.166.0:44255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.24.147:47605/i id: auto-abece9b60d880c699bd54c0e341ac96ed13fbe59f0f726c89615100ee889b89f status: experimental description: Detects traffic or activity related to http://219.156.24.147:47605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.24.147:47605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.243.95.50:42140/i id: auto-1629ae0a59867c3eae5347dc8556caeb2b9e5f7b90f41f827f92184f7dc79873 status: experimental description: Detects traffic or activity related to http://222.243.95.50:42140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.243.95.50:42140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.21.48:37168/i id: auto-f019f31198b8874102f5d3af0cd907180f57c543b7f6d2c2e1a40a2e94cde0ce status: experimental description: Detects traffic or activity related to http://115.48.21.48:37168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.21.48:37168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.219.153.123:46238/i id: auto-fffb79b451c5dafbb33d7a02b6cd8fb294441724f4019c394db35656a15d4b4e status: experimental description: Detects traffic or activity related to http://117.219.153.123:46238/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.219.153.123:46238/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/Y8qPIp1.exe id: auto-9a777bde9a13c14a6199fa789e9afb5460101a7978f6143d666a742b4b704f85 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/Y8qPIp1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/Y8qPIp1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.24.147:47605/bin.sh id: auto-6f14f397738762fc4f67c309f945919c516110b0deeb3fc318d56a62c25c6180 status: experimental description: Detects traffic or activity related to http://219.156.24.147:47605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.24.147:47605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.45.60.206/arm7 id: auto-75c85799901f5d3de8996d64d27c36875ae1274bef1cd47052d18be43c8c11a8 status: experimental description: Detects traffic or activity related to http://147.45.60.206/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.45.60.206/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.124.218:5509/r.txt id: auto-18dfce99e0a83fcae80df5d47fd24bf388e1eab7422fe7f03ee23feb36d1d964 status: experimental description: Detects traffic or activity related to http://150.241.124.218:5509/r.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.124.218:5509/r.txt*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sdufkghdfshds.cfd/ id: auto-b51575ee6485268a8977b274d0490da6ef2880e2a34be28fb324b6768c6ebe94 status: experimental description: Detects traffic or activity related to https://sdufkghdfshds.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sdufkghdfshds.cfd/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.221.201.191/ id: auto-7af1571e54009cd610e55b604d5410fd7db687bbfac622ad512d64ba612faaed status: experimental description: Detects traffic or activity related to http://193.221.201.191/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.221.201.191/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.123.58.63:33782/.i id: auto-3c3991ebb8d1e1e72125b092b720bcfe1400d419d701a5b5cccb3751aa3651d9 status: experimental description: Detects traffic or activity related to http://185.123.58.63:33782/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.123.58.63:33782/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.113.38.99:33617/.i id: auto-135fffd5812da7f5784a2d410b44d6f5bd0443d1809ea364b9049366b79c2fbd status: experimental description: Detects traffic or activity related to http://37.113.38.99:33617/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.113.38.99:33617/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.25.163:47268/i id: auto-4d8b7515c23c0e110a8c14c4d381eceed35f228eafedf36582bd5f76a5fc965a status: experimental description: Detects traffic or activity related to http://113.230.25.163:47268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.25.163:47268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.221.149:37768/i id: auto-54b269190d1dc017a780c29dacf7250f07878392a35db51fdbbcda45c5e35c10 status: experimental description: Detects traffic or activity related to http://60.19.221.149:37768/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.221.149:37768/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.25.163:47268/bin.sh id: auto-f7fa71814c5217c7a3bbc233f9ebba1b9fb20a09ffea6a6d3ffc5f4596434a34 status: experimental description: Detects traffic or activity related to http://113.230.25.163:47268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.25.163:47268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Lounger678/lapce/releases/download/1.0.0/Lapce-windows.msi id: auto-55a8e2fdfe9ba6a09c75ed4b43baa839ebdb2b76462fe319320997ebe29f8f44 status: experimental description: Detects traffic or activity related to https://github.com/Lounger678/lapce/releases/download/1.0.0/Lapce-windows.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Lounger678/lapce/releases/download/1.0.0/Lapce-windows.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.82.252.178/02.08.2022.exe id: auto-85b11a106f7afc4c08d339b484bc51d66f68bc2197ded5e7424895e27c356939 status: experimental description: Detects traffic or activity related to http://45.82.252.178/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.82.252.178/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://155.117.155.45/02.08.2022.exe id: auto-4ce48d5794cf069c0f6b9256b6935508d3ec1c3ca30442692ba87b80944be3ec status: experimental description: Detects traffic or activity related to http://155.117.155.45/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://155.117.155.45/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.226.82.46/02.08.2022.exe id: auto-50b54a267395f01afd331e812ef9c194b9920731f0416a22ab4aaf0ffbd548fe status: experimental description: Detects traffic or activity related to http://20.226.82.46/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.226.82.46/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8020066796/5hA6Cka.exe id: auto-edf6f41791fe2570f0b9fdf9ab2f633098f073e2aa355031a8595a9104a7f7c9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8020066796/5hA6Cka.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8020066796/5hA6Cka.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.157.56.179/02.08.2022.exe id: auto-90ebe2259642d692832729396c381e7ccd7097b616412d57e48a46a6accb7354 status: experimental description: Detects traffic or activity related to http://82.157.56.179/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.157.56.179/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.240.63.127:6253/i id: auto-46135690ec1a28f3d714f90abdef3ae10d1d019e58a541f2178cc1c4ce1af59e status: experimental description: Detects traffic or activity related to http://92.240.63.127:6253/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.240.63.127:6253/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.167.58.231:20546/i id: auto-ec1754acd31bc11b8f3b2bdf4f69a736218a38676f9c87634be64352ff34fef5 status: experimental description: Detects traffic or activity related to http://178.167.58.231:20546/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.167.58.231:20546/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.52.87.27:27191/i id: auto-a5d4a48532e7b783f31a685a6a221b79687e20874945862df4778ffb20d78bdd status: experimental description: Detects traffic or activity related to http://14.52.87.27:27191/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.52.87.27:27191/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.25.137.18:48475/i id: auto-3bd732b28218aa0178198e40b999e39217d2d2fb73de35287fcd38052c07ae18 status: experimental description: Detects traffic or activity related to http://39.25.137.18:48475/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.25.137.18:48475/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.19.9.239:45544/i id: auto-bcd14388b2656dda9647ccb2eb9f6695d1b6b55a85b525e3995e2f0af33980c5 status: experimental description: Detects traffic or activity related to http://195.19.9.239:45544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.19.9.239:45544/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.139.111.237:57489/i id: auto-a200961293afe840754a957920a09a0e9839236a48598c35de348edad500c252 status: experimental description: Detects traffic or activity related to http://95.139.111.237:57489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.139.111.237:57489/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.190.22.119:29729/i id: auto-1cdc6b6a7fd92687f5170ba8f548015ea66fe22bddfbb0b3cb8805d289e143f3 status: experimental description: Detects traffic or activity related to http://113.190.22.119:29729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.190.22.119:29729/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.185.115.165:34505/i id: auto-9ed8aab464ee82547e88bf4bc26ba2457af50ff4c850813871b6645dbb403e81 status: experimental description: Detects traffic or activity related to http://222.185.115.165:34505/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.185.115.165:34505/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.7.114.186:25051/i id: auto-dd543083c68997e5b2da22683cebd956959b80d75908d0edb6e9b52107d89a43 status: experimental description: Detects traffic or activity related to http://59.7.114.186:25051/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.7.114.186:25051/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.235.89.207:93/sshd id: auto-61c07a2e84ebbcaf924d6eb3ca4a776c205b717f9513cb34d5ec0c3b69a57bce status: experimental description: Detects traffic or activity related to http://93.235.89.207:93/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.235.89.207:93/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5630670893/47ktn7m.exe id: auto-7277822876c0b9f13fb8cab9d3dc3e719b02be5a770b184f1d74d3081440c996 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5630670893/47ktn7m.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5630670893/47ktn7m.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5630670893/FMJ26oE.exe id: auto-ef61eff32b733bd0997581a94a37ab5409da3db83a046db6b6212edf60076128 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5630670893/FMJ26oE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5630670893/FMJ26oE.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.41.144.12:8083/sshd id: auto-eeae17f28c51f4a231f63a4fd820edd695901b36beef060e6ad9917ab60a70c9 status: experimental description: Detects traffic or activity related to http://92.41.144.12:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.41.144.12:8083/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.179.104.55:8080/sshd id: auto-3d3ab61a28ccc1ed9e02196bf5ff00302ef9e699fd02210de1d1ee50d23b56e8 status: experimental description: Detects traffic or activity related to http://77.179.104.55:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.179.104.55:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.155.30/sshd id: auto-9842db7dcae83a87233d34315a70ef3e81a74035dcd303b2787a266e08e56d94 status: experimental description: Detects traffic or activity related to http://91.80.155.30/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.155.30/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.118.28:54015/i id: auto-e142af54d8da0ce57bea5b009273d205964fcd9d5d7f7cc65c2a84cf27518e57 status: experimental description: Detects traffic or activity related to http://222.137.118.28:54015/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.118.28:54015/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.235.66.76:59424/i id: auto-84c52ef398c3065c3c92c4458f490d04f66d534e41bde63e98d1d96791006537 status: experimental description: Detects traffic or activity related to http://111.235.66.76:59424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.235.66.76:59424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.122.158:40274/bin.sh id: auto-b47ab48a192bbcdeb473d9bf6fd850f25b0ee674646bd388d68af91139b54563 status: experimental description: Detects traffic or activity related to http://182.116.122.158:40274/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.122.158:40274/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.118.28:54015/bin.sh id: auto-2779adbf4b2a6edf091b37b78c155e862dc788c45a32cc881aa5697f7279c8f4 status: experimental description: Detects traffic or activity related to http://222.137.118.28:54015/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.118.28:54015/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.135.115:38372/i id: auto-cc7af8fbf242791299734ab625d8d201579410e7706271b1605fa230b7e1ec41 status: experimental description: Detects traffic or activity related to http://222.141.135.115:38372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.135.115:38372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/net-pred-rollback-testbed/scene9-strm3-16 id: auto-cdbad6dc40a3f34a82431f3fc57964f5f2d5e2e867d73138c3ddee00a926ae7e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/net-pred-rollback-testbed/scene9-strm3-16 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/fxd2-tickstep-sim-loop10/net-pred-rollback-testbed/scene9-strm3-16*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.156.230:45327/bin.sh id: auto-52b6221ecf8f1ae4e2377a3cfc9239e200c4208e63830536d51c879babb625e7 status: experimental description: Detects traffic or activity related to http://123.10.156.230:45327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.156.230:45327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.235.66.76:59424/bin.sh id: auto-117a418c026c4bd098a20587b5e41e0d6340078168221cfecccea0a63cf51ae7 status: experimental description: Detects traffic or activity related to http://111.235.66.76:59424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.235.66.76:59424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.212.183:53783/bin.sh id: auto-07091198a00e24e45b0d66fa7fba2c48b42cf9866adefefaaea8b577f3381de9 status: experimental description: Detects traffic or activity related to http://120.84.212.183:53783/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.212.183:53783/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm4 id: auto-09eebb1f3081017b24de4420f19843cf61be5dff06395b24128cfccbb3f2ade8 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.135.115:38372/bin.sh id: auto-fc94197d5a1d2d9089a31bb6d38950236f48ef7725f0b46b0210d3c5561f84e8 status: experimental description: Detects traffic or activity related to http://222.141.135.115:38372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.135.115:38372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.mpsl id: auto-c943c89128a1bf74522e41208d9d835902a596607064ec8526ee5bf2623e8e92 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm6 id: auto-0b0b6c13d4029708e2e67a51017985d8506ad2ed873b7cf2d023b367aecf6ecc status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.sh4 id: auto-395b7d9e8f8d7c5953dd07aa2f113b3b1c91aacf79e1605e37ecb8a483deed29 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.ppc id: auto-b0a0ab98869f1663b8835490c05eb5346c9a6046b5cac7b4d0908e4bb536c101 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.spc id: auto-483717ba181f62ecdefb012fa665dabfc14c93bd5e5624005818e31afdc7f647 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.dbg id: auto-4748762ee51918eda76d96730c29c822d014c5fdff884645ec6bf48a924c9cbd status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.m68k id: auto-88612f44acf6f23c7abcb18e28f03d5e9d0d07f0de67e678c0d02576d77f8557 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.x86_64 id: auto-c480403c581d2dfaee7e0642cad36b4503d61a671cdc0bc79bd05ff6608d5c55 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.i686 id: auto-15c203a00d8dcf49adaff6ccca2344dc24214db4af0ae32b1360d1ba46030252 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.m68k id: auto-f1e7258653e34b160c21dae331f5970cdbc054e8324a82720318a7d6c67f3af0 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.arm5 id: auto-0f90425b308cd5de8c87273ab9ab4408eb81d4273e8d0b7f7ef483aaed31054c status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.ppc id: auto-685178c4de81f323f5fd226db2ee357905eb00ccc0989067dcd91425d6c4041a status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.239.252:40545/i id: auto-5d0a165e67a60249bc155d004249ecd8a99f05fd32777fd0cfaedcf368d46e0a status: experimental description: Detects traffic or activity related to http://182.123.239.252:40545/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.239.252:40545/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.arm6 id: auto-e4c602915ca726f432165537bd8e2b2f1a4b65897c3f6ef8eb4d53ef5062df70 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm5 id: auto-87f801ad0811a5d9dfb06387529907091b1e4d3590c2e05a493a2529b33e143c status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.arm7 id: auto-27855e13f61cfcbdcd06f762394302ea819576a2490b4c0be53f066ac2d1a744 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.i686 id: auto-4cd5c508288aa9ea1e0d9b163fb6f4df41126f56fef917c8e123f4149f7b20cf status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.spc id: auto-8ca2e47a2289eb7f5f59f5c679a53ba5e288d80d5cc963616f33625ddb0301bc status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.mpsl id: auto-ecdf5bee2222753f7754ebb263e7624e1503d89966d8487ab867ee9cac82aa8c status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm7 id: auto-a4535bb343a7eb47f3c5b993f7efb82316f42d71b15fbb18da5419d5cd8debc9 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.sh4 id: auto-b6a237286af60cd8dc6cba366054d4278b8a2a3061ff0b17a8308a93fdac8555 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.x86_64 id: auto-bc9298930fd6dfdca1349aa7c8efff1073063cb771306a03bb08e42ab2e43d44 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.mips id: auto-eb5cd68363969c068e0b1dbdba3b75d3235c72826e068adac1fddc136c395559 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.arm4 id: auto-69399f030723c41bf1eff448c66011fd42a9717fa37dd75a5e3a2940fba271ef status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.dbg id: auto-d3b9202a9650a02ee28b0c5997ac2ffa5934b4117e5727a95e932c5934c84454 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/Aqua.x86 id: auto-9041fb3e642aa9dcf1077f54cb3072981b4d3997d6d6623a70c21714453d4ed7 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/Aqua.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/Aqua.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.mips id: auto-7c38967da6419209245e48400a0ef650733a2cf72f8b0a993b1568d917500794 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.x86 id: auto-c189595061e0804da1a6b432340e656e5baf8e631306045e2869707c813a5304 status: experimental description: Detects traffic or activity related to http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wsefghuiwehf.gxg.xxx/no_killer/Aqua.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.mpsl id: auto-ba82598938227ac87046a48cadcc5a8ed40015851bd9ef3c931b7c3c82eac6a9 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.94.92.143/banner id: auto-7a19f54a00ecc53f93573011ce034880621d2516c873616c1ae67d8ab98e31ec status: experimental description: Detects traffic or activity related to http://80.94.92.143/banner which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.94.92.143/banner*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.mpsl id: auto-1a8804b68114a99137fc56def819212a3803c598acc1a7398abc24cb2b63bba8 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.x86 id: auto-211c72c01509e29fa4a3dd7be0ebcb10021cd99b4cba7d79361ce13b0864daaf status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.arm6 id: auto-1e57aacf33f1ca812e55936510936226b17b3049293a78d1ce02a4d2f982ef04 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.arm7 id: auto-5c4ed18dee1f77bd4cd478c08a482fd2fb341eaad8f14ea3fb9ddb191696069e status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.mips id: auto-8e83e2b8f08a7579836ec44234fa5efa66f43876a2b2578cc04151ef4d5b6539 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.sh4 id: auto-0f1c2911fc5ac23bb230b2086b1431df4444de9581f2969ca03de78c4c016571 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.x86_64 id: auto-bfc97cf6fc844beb18edf6a5b710e484133af094e13f87647dca7cf67b10d36f status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.sh4 id: auto-de85f2faeda6bea6f5d44204ebe90fce6115174f8e0641606f683d4a06871d61 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.i686 id: auto-95af82b826b673a543f0eda0d43209de2c666dd0110b748f7e606321ffd324e5 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.dbg id: auto-d6f702b74e40fb6042616ce2273903b9c4254cace81949917b3f882ace6e0d84 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.arm5 id: auto-d6c4d49d45c9d4c16eb7ddcba85874eebe2927064725a1be04963384ec03ad64 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.ppc id: auto-5510034b7aa3fe22fbea29ae5491da893c5ce8833316d031ce5bcb51a5077ecd status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.spc id: auto-ce2f1a41ccacf5561aafc0f4264d4c24cae4f6c6ee7b45304c1151b818adbfa0 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.arm5 id: auto-fc886404768e3963c24e92b111c4f0c99d9986c9d10363774c4c8d1a84e4d5a3 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.m68k id: auto-afa91b3db3c850b28b3341bb75a5fb0b3c6634a1761804f68b133ed8fb2b7ab6 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.94.92.143/ame id: auto-c7925a73c040e9a6f7d41da4719c8a22a76839b9253ded5f87d14ade1fa265d1 status: experimental description: Detects traffic or activity related to http://80.94.92.143/ame which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.94.92.143/ame*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.dbg id: auto-653e9e84dd03b30747c432feb24b98fa6c24ed82064ea4abedd4afbdc221b044 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.arm4 id: auto-abcfb92691f52e90ccc858d62d4be5fa18cfb079e46896f1ebbc8de7bf49f171 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.94.92.143/xxl id: auto-2775e86dffedcd2f89c2b9f43cb13ab281ef21ae45b73bc1f27e171d33f2b9f1 status: experimental description: Detects traffic or activity related to http://80.94.92.143/xxl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.94.92.143/xxl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.x86_64 id: auto-c857b8317d31223355bc89ee7606ad89755caf156150363fdfc3dd92c5a25569 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.arm4 id: auto-bcfc64dbbd825a1862c4a86ae535cd5a01e7aef393987fbd76135a6178b9dc9b status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.i686 id: auto-58a6d988480e263a5b6881ca78c782db3b778dcffbefe6bc1c7e062aca71529c status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.ppc id: auto-cd4d8a12f851faffd0cc6590c77d19edbfc67aedf5bcd2ff36348bd5a2d4fce3 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.mips id: auto-8f76f542b76bfebb353cfd8d9184c612a84c8d43efae3e633ee1c849387717b7 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.arm6 id: auto-3feb9808977f68e47ea6861d1354b0ad106a96490212369a40f40378deab68d8 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.spc id: auto-208c3ac3102ef0bd52afc98674d60755dfcb83357ac9583f90cf7853cd340726 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/no_killer/Aqua.m68k id: auto-c306b2cd04c4b9a7b97bcbcd7c8f55ce96b447eff2bcaf4045479616d2c0cea5 status: experimental description: Detects traffic or activity related to http://91.92.242.83/no_killer/Aqua.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/no_killer/Aqua.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/nkarm5 id: auto-b905809f1f25bdcb610f11c1eba6ef4e75bfffe16b4a7e7176f1928dc15f1847 status: experimental description: Detects traffic or activity related to http://130.12.180.64/nkarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/nkarm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/faith.mpsl id: auto-5e0f5e057908109f6b339c95b5c875e010ba69178f93ad4adc07b9d756a8ec3d status: experimental description: Detects traffic or activity related to http://185.247.224.107/faith.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/faith.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.79:34906/i id: auto-00cf2b3b40b0db477ce1d04048d423374694340431513e2e927552dd660284df status: experimental description: Detects traffic or activity related to http://27.204.192.79:34906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.79:34906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/wow id: auto-04948ec86cf3907d3386ae5d7954c3cd12b5dab8d27c351053f1811e9d2461b0 status: experimental description: Detects traffic or activity related to http://130.12.180.126/wow which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/wow*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/arm5x id: auto-5bc814a24370d228e5bca3b0b1817073f11f89b07f4558b9798f9c1ae178d0a0 status: experimental description: Detects traffic or activity related to http://130.12.180.126/arm5x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/arm5x*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/ppc id: auto-bdbe7f2cda7359f48c1d856fe43aa287131a0a6801b9c4e3a6f6984e0fb7d4cf status: experimental description: Detects traffic or activity related to http://130.12.180.126/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/arm6 id: auto-951cdb92374977009f435e23c243cd65e8240f18596cedac594b5eda3672c25e status: experimental description: Detects traffic or activity related to http://130.12.180.126/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/xmpsl id: auto-669df609fdf67c8109dc99e1ed8df18523ceda667713fe2d2bc61abca596f919 status: experimental description: Detects traffic or activity related to http://130.12.180.126/xmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/xmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/dlr.arm5 id: auto-27f0e504b8d838f6beec97b811ad109393a1c664f79bf508d105f696c4b5533a status: experimental description: Detects traffic or activity related to http://91.92.242.42/dlr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/dlr.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/dlr.mips id: auto-3fa6f17110dc6cd431491b3a00f888a09015c77a2cea1a624f98857245f2703b status: experimental description: Detects traffic or activity related to http://91.92.242.42/dlr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/dlr.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/dlr.mpsl id: auto-6b3606a6145be9931ff48057a049be16d504ed0fa474c351419381d7fd539986 status: experimental description: Detects traffic or activity related to http://91.92.242.42/dlr.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/dlr.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/dlr.arm4 id: auto-2c5517cadf090bcdc848fa37d8696945fab26086e5bab3bdb02efc4a91883249 status: experimental description: Detects traffic or activity related to http://91.92.242.42/dlr.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/dlr.arm4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/dlr.arm7 id: auto-014c79f273f1697bc1c2e856d1f9d82a61894b35c57d09b9e7a657e5ffcac41b status: experimental description: Detects traffic or activity related to http://91.92.242.42/dlr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/dlr.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.83.49:41310/i id: auto-c6c51a0b581342c8f465393885ab3d9d8c2a973a215872131a3014dac984b73a status: experimental description: Detects traffic or activity related to http://42.178.83.49:41310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.83.49:41310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.usrfiles.com/ugd/09c1d5_5c6798e4313840408f0492f2f113cdcf.txt id: auto-08694a3f569dbfb321065b0c9b175672894ee24f901a4ee7266a87d760489305 status: experimental description: Detects traffic or activity related to https://09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.usrfiles.com/ugd/09c1d5_5c6798e4313840408f0492f2f113cdcf.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://09c1d5c3-1a6e-4c05-8e4e-eff75c6b5dd6.usrfiles.com/ugd/09c1d5_5c6798e4313840408f0492f2f113cdcf.txt*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.backupallfresh2030.com/atom.xml id: auto-770bbfb6baddb1a850cf27e0cc8047320f7e863361ffcfe68c2164153ead001b status: experimental description: Detects traffic or activity related to https://www.backupallfresh2030.com/atom.xml which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.backupallfresh2030.com/atom.xml*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.79:34906/bin.sh id: auto-acebd2c646813e6519cf6120379aa007484da668bfc2a98823d0567c0b51361a status: experimental description: Detects traffic or activity related to http://27.204.192.79:34906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.79:34906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.109.235.143:39953/i id: auto-2b09f85e18ddbdef5a65dc1cad9748ef719974a9f1586a96d5ca373c7d0d9cf4 status: experimental description: Detects traffic or activity related to http://119.109.235.143:39953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.109.235.143:39953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.214.81.110:40085/i id: auto-7fa6f40cc4f4c4eb8aa15b2ac0d10240061a22cffd9b74dc889b7267874cd86e status: experimental description: Detects traffic or activity related to http://117.214.81.110:40085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.214.81.110:40085/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.83.49:41310/bin.sh id: auto-ad9c6e8fa8bd4f752a100fa98af9cd7e3f9ea6d19289328fb50e05050dc11c92 status: experimental description: Detects traffic or activity related to http://42.178.83.49:41310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.83.49:41310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.144.111:42738/i id: auto-552784cea0d54201f9b0390e92bfe94887543f1e51dbd46c22aa716a941131cb status: experimental description: Detects traffic or activity related to http://115.56.144.111:42738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.144.111:42738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.214.81.110:40085/bin.sh id: auto-0624f217791b7069cc6a7aff95ef558060e1ef5b906be0d02991ba03259925b4 status: experimental description: Detects traffic or activity related to http://117.214.81.110:40085/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.214.81.110:40085/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.19:43587/i id: auto-1b702c5a13a15f551e290f64c837c69376a4503ddba2463350787973ca61461d status: experimental description: Detects traffic or activity related to http://110.37.53.19:43587/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.19:43587/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.144.111:42738/bin.sh id: auto-1b038c4fb65382a9e0a652d3e103cfe117c632243994d39e54f28afeac5ab4f9 status: experimental description: Detects traffic or activity related to http://115.56.144.111:42738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.144.111:42738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.158.74.30:51693/i id: auto-23051a60205dc8938b637e084b2271810b8f1148578c6d894eb66496144b9566 status: experimental description: Detects traffic or activity related to http://36.158.74.30:51693/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.158.74.30:51693/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.54.143:42455/bin.sh id: auto-1857fc825ea0499f9472f03cb1cb8e26b5557046ed48811bc99bd7d9be6f0acb status: experimental description: Detects traffic or activity related to http://115.63.54.143:42455/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.54.143:42455/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.7.155:45181/bin.sh id: auto-57cc2328695cad53ce448cb349942b8cfc03f39812b154b004bb35b26db486b0 status: experimental description: Detects traffic or activity related to http://110.37.7.155:45181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.7.155:45181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.14.252:57370/i id: auto-aa59c89766e5f2b9bd98ae7ef109ae93f26f65e32254f17bb9b1de7090501a0b status: experimental description: Detects traffic or activity related to http://110.36.14.252:57370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.14.252:57370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.70.30:48842/i id: auto-aa3675be79449287cc24c644c301928c258753dfb91329e2305ef6c3d00083b5 status: experimental description: Detects traffic or activity related to http://115.57.70.30:48842/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.70.30:48842/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkarm5 id: auto-f96e3cad6bb2351c78db60e709d3c63fd895e05c4bab9e2b02a671cc57dcb6d7 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkarm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/splarm4 id: auto-e6f5bf2800668d6456c68329a7a1bd8f01c4e9c4ba969fd5743ddc3a281d6136 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/splarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/splarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.arm id: auto-f1b83394de0d572fb2e07312ae1f790c5267a4e2e485da8f8d02bc5cf6a00944 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.mpsl id: auto-67b393ef42434ca9ac5222943355af04461a2418b0260b44183c3096f04a9f75 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.sh4 id: auto-abab9e42d6a22660891d88013e8747aeaa38dac1017f9cd18d6f530e3fd6e2f2 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.ppc id: auto-9630691228f7ba02bb7724c5d29a35b2538478a8aed615b809fcd72d63f59e5a status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.arm5 id: auto-670928cf0396fbf1d26b629e0bf44d6e0bfef8688571d3f0bc6eab9db3024edb status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nksh4 id: auto-ff6ff830864c940c5dbd4c66787b4da3e645fc1a776ded1abf0ef433804d0c75 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nksh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nksh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkarm7 id: auto-34c6a9d07246d86f7bb837c27dfe782c1058fe20a7d2c0a6e4bae2003c22d0c6 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkarm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.spc id: auto-70bc2074e7acb5260f957e301a886044095b2564b7023a2fbad3acc99cc0a88a status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.x86 id: auto-f26106ccd349353676f6610fc91deedefe903a44b749114511ed0c5a3ab1103e status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.m68k id: auto-116e7cf3c19593fef6e7237370a648e6fafee754721d8d95c856703aad825bb6 status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.arm5 id: auto-e52f30e664b34a08677862454596286347e7d78da769bea00f64381b944c4ca2 status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkx86 id: auto-5ee159f3e1676f9552326cafbf750142b48e7073ce4f575a24c7a728f5e1cebf status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.189.74:40314/bin.sh id: auto-44fbce868b892d644c43488fd80328adf286a73ddd661c5f05bbbc62b2d9416c status: experimental description: Detects traffic or activity related to http://123.5.189.74:40314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.189.74:40314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/jklarm4 id: auto-4c4589a11905007ba62bf677294fffb5a04b2c05465fc5cacba95126790721b2 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/jklarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/jklarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/vv id: auto-463fc9ee54ac461c3a37066f5eb11c6fb117788ef7bcc485bd4cd44d21b8c3cf status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/vv which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/vv*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.arm7 id: auto-f223e99c39095a2edab931620c8e4a36f118692c7d3e5ad0e3fca682ab42077b status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.mips id: auto-ae4656b10924cf5da08f69b0419703175bc2a1b7bbcf8a267a7fa10cdb17f812 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkppc id: auto-fe2b227c15535b2dbec5dd560e1df333401cb25ee0017b8824a82bb4ba91b9bb status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.mpsl id: auto-9ecbd216f3bfd47a5ebe1014c84d909bbf6e0a469c621e1886cba87b518d8b5a status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.ppc id: auto-6bb6e892c46a211e1d5d4d0d7408b6243fcac8a6943e9dbf391f6be90a0e1bcd status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.arm id: auto-b8e04aa1d2c0e98146a72fa3c7ca77fd6c08fbf544e98227bf46d48e89a4ede8 status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.sh4 id: auto-a3f6806b9dac1237bb3f8e2f6f3d95a7aeeac366996e8d9ad818f015a4780ca5 status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.mips id: auto-be60c860cf5b1e404aa5b26205e49f3b2ae333768a2bd2ed6efab5d3f42dc15b status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.201/bins/Oblivion121.arm6 id: auto-ce609a04f659d640495384693106e93542fe7c9b2ed8c3214428ab4b1d6d86c8 status: experimental description: Detects traffic or activity related to http://143.20.185.201/bins/Oblivion121.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.201/bins/Oblivion121.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkarm4 id: auto-894fb638ef683a98d3a7d3eb82b513f6d655ec1ed1488ad361ba7775ff99cd6b status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkarm id: auto-b606bf8d6e114bf96c5f6208a312505f2c9b6d4298765e4064498f8d52911bbd status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkarm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nabarm4 id: auto-dc246b475333fc898ab7879a68deb25d991d4b40d9400f9c5efdfec847afa19d status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nabarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nabarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/zerarm4 id: auto-97a9dce15bdbfe039d4caa2ba27a7cddda049b78f1e37ceb5897d5f06d351b82 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/zerarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/zerarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.arm6 id: auto-e85b74cf8a62573a97bc45c3fbfb80e1bdb8d9135e1b509650f4e85a4fb8d771 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/nkarm6 id: auto-590856d2485664b7d3cfa292a76fc1a60a250d02809fed05a0120e526f67961f status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/nkarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/nkarm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.m68k id: auto-62b08fbc535f292019698e75287c967159e9c51c9359aca385b65b2889ba6802 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.spc id: auto-9a60de3dff1bbfac9c3a6c581192d5c09f605d612dcb9dde12995fe195ba5c93 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.arc id: auto-61810589cb91ce2e6efde4a56c8a55b19b7607a322c1b5b41cc624cdc5ba17bf status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.19:43587/bin.sh id: auto-d922d45221f7922e6c7d24ac2d4a28377a2d226f4fce905eee26c12c3c10de68 status: experimental description: Detects traffic or activity related to http://110.37.53.19:43587/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.19:43587/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.106.233:56967/i id: auto-39663dcdd02c99fc9854bb366e1c07fae54024b2919cb48df81556090933a6e7 status: experimental description: Detects traffic or activity related to http://116.138.106.233:56967/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.106.233:56967/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.17.68:59065/i id: auto-67e78bafb356522d19e6853fc051596577e9bbcac27b15b2fc25e0edc99d0532 status: experimental description: Detects traffic or activity related to http://42.53.17.68:59065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.17.68:59065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/wget.sh id: auto-24a187ee5fcbcf6bf3e4c3bde2975bc4ad546829238edd80ca129e7e6df330be status: experimental description: Detects traffic or activity related to http://91.92.242.42/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/wget.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.arm5 id: auto-76eccbb6b98dc5c856355997133efddd45145d56b9571bad235a36008d993242 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.sparc id: auto-f0f67f724ed9e2a349d40bcfae942074f4cb4b264f0762fae30ca238fe63e60b status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.mips id: auto-08b229e60f42cfc8d85666acb894ac89ed9ab197d75de23312e18cc3d439775f status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.sh4 id: auto-c5907206d7660c63d2713305769294f09ed5e1d878e87394fa3da50983ee8568 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.ppc id: auto-b29efbfa6080a69749d31b67a28a947ef25e5f0ad0ea8a0efb37e8a10f87a354 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.spc id: auto-b23057364e2262f21ffc63d52dbc639a5d0bdb35e1466b481b0e8f8102c48b2b status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.i686 id: auto-60b1c900a57d8dea64b3797fe8eab3c8fcd9bda9beeea54b17e27cb5cd7d0468 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.ppc440fp id: auto-5ae10ed89a2755042de8d83c710825d668189700b435ab7071631f9ede71c36e status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.ppc440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.i686 id: auto-1398b93a6b3b34c60b0f39c570d08a0aa3cdad8ec0eb0fc43c1c665f73857a9e status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.mpsl id: auto-67d469787e2733fd0b6bff4dd6a9bb6a9afb53e1475bb1f22a08d09a053cbc6e status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.arm6 id: auto-815575d37d583b2b0596b7b80646a0e5ddffa4f980e149475f78811afb01dac0 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.i468 id: auto-1e2310559e9514df971e3e779466ae4f7310ef4f8518be5599757c6688e4678c status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.mips id: auto-39bb1647bc91255a6fa1c55a25fdfe03ba3d40e102d047cc9acbb10de0ce9075 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/tftp.sh id: auto-ef4ceafc1450b4fc13d159d9b01ce94a82fa2776da66ffe15a352a0342d49cca status: experimental description: Detects traffic or activity related to http://91.92.242.42/tftp.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/tftp.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.arc id: auto-99d984d4fa4b4d9e4a69edabb01afb6511d8f376b6f80541c6b65cf12176ca0c status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.x86_64 id: auto-5d9817e794ac282b92f068f2e5d6b88b61e7c6bd2286574fe7dbc3e6a182a04b status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.m68k id: auto-88cb96d4e001d9545a736d933e205a53e5dc0b9eb7dea2617c0788052547c2b1 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/wget.sh id: auto-58ee08b9e7dee5c71096820f312e92a5e889cded2efc0bb30bb5ba86686ddba3 status: experimental description: Detects traffic or activity related to http://130.12.180.126/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.i586 id: auto-6e64910f1467363df6f5b4fbe570625b14e5e91715e5976f9c191ee666f3d204 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.arm4 id: auto-ebb46d770003fa5f8d48270a5438dbf27caefaf0b81bef89f56ef438aca42194 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.i686 id: auto-c4a310c74d80fb14c2a974531179a9ffe522488488f373f633899f42b3e70c8e status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.arm7 id: auto-b0fe901ed4ef212893d1607655f393c79c91e42877a5148daf0ed447d7918aa8 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.mpsl id: auto-7ba4206cbb851ac7d0dc5045e5d6337bb07a14dd9457653b25ebf8be34cd2608 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.x86_64 id: auto-baef95b3201706ef5e17c45229d2e2b6cf7feb1e3d5b0b26920ac482c63c4fe3 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.ppc id: auto-2b2d718107dcb5e38c6f9525414f932ef12dca260d18d54e59c5bb4fb4e4c429 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.x86 id: auto-9e373aef97e4b129268e7db54b726fef6fbde3065496b2b5dbb488e8f0bd0ba6 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.arm id: auto-6dfcd1a4ad41612637549e6b953d96a3ce0ee546e3cd5dbd53fa522704b47c7e status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.arm5 id: auto-2ee68e08355d41f0d059b5de1382ca5f6e6b24a0df462c7d8bce1d2724075296 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.m68k id: auto-d3b6211aed625e6a8cbf91ac1ee463b6fa8be5f4aee7736c9d0d34dc20db8f1f status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.i468 id: auto-e6c4adea70098cb3820e81233b508a60c91020f2f87fdbd5d99615773827878e status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.arm7 id: auto-47c53b1f07450d828ff1f5336099742dd88eec3b97947b88a4dc83a31d6251d7 status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/hiddenbin/boatnet.sh4 id: auto-c5c80153f75ea72234a745994c061b2a52e98cc83e4e49e125ad95be8d90dbbc status: experimental description: Detects traffic or activity related to http://176.65.132.44/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.44/ohshit.sh id: auto-96d36f47cb9e3af37f3d43b2435954827fae70f8422ed83e9e6e4f27d893be52 status: experimental description: Detects traffic or activity related to http://176.65.132.44/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.44/ohshit.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/curl.sh id: auto-e932c569c4eedbd08aa98cbe2cf1352d16801f6c813a49fae527c78533cf9e35 status: experimental description: Detects traffic or activity related to http://91.92.242.42/curl.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/curl.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/bins.sh id: auto-3253b36e1a8ad2045fb81922ca7c52b9e8bc894caac2c34493a8c6a5a29e89df status: experimental description: Detects traffic or activity related to http://178.16.52.166/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/curl.sh id: auto-465e0ece0bab50da0b3c6944bb32c143ab27eebc27814a6f4ede6dba92b690b7 status: experimental description: Detects traffic or activity related to http://130.12.180.126/curl.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/curl.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/tftp.sh id: auto-4291c7b087eff71501779dd96c57cc8fcfc4679d36fc451ac5a7b81326caf24f status: experimental description: Detects traffic or activity related to http://130.12.180.126/tftp.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/tftp.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.228/bot id: auto-b5b4c919cce71a57afbeb76a38fa9f5570ab783bdde0f41b21e0e7b568b7bcb1 status: experimental description: Detects traffic or activity related to http://45.156.87.228/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.228/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.20.250:50201/i id: auto-8bba2759fc130ce4da8e39e3e9e218de7259aa478f8ba90364e6ec5f39e2ee27 status: experimental description: Detects traffic or activity related to http://202.107.20.250:50201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.20.250:50201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.219:41382/i id: auto-f6a1fca960f3e190a4a5e8454ffe38f16970b288a8809b2c78d9b609900d359f status: experimental description: Detects traffic or activity related to http://110.36.29.219:41382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.219:41382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/Y69YGj1.exe id: auto-9c424731c869d6e7a31fae6daa11810e61670e08c5dd14a3d7b083fa086287f0 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/Y69YGj1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/Y69YGj1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.x86 id: auto-c1c29f86c049f076b494f01a52c66934b494f5a8c3d81d3aad9fe19cdddcc520 status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.arm6 id: auto-2e8f7c4d07fad75f68d9df08751a077c87056413ae0878687aba466c06c3a0f6 status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.arm7 id: auto-88ebcc498eb7648d3a840681110c038831fc6c4a104213f0ec7b1605d3d37b4f status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.52.166/assailant.x86 id: auto-0f8ce57f14f32e3fc88092f981190419fffd2f7d2ced36b2247dbcce4c8c719f status: experimental description: Detects traffic or activity related to http://178.16.52.166/assailant.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.52.166/assailant.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.83/Aqua.x86 id: auto-fd192fc86656e8b9132d100318a0ae96f8749048f4f99bae6281c09293ad46b7 status: experimental description: Detects traffic or activity related to http://91.92.242.83/Aqua.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.83/Aqua.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.204/arm7 id: auto-aa05b11e5a9a95112261883039aabf633bd9de557c3bfb4deeba140da40fe824 status: experimental description: Detects traffic or activity related to http://91.92.242.204/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.204/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.22/hiddenbin/boatnet.arm7 id: auto-bcf8f0c87687ecc9c38a1dfb4314ed24d9689ae3e1a68d244be71017b011405c status: experimental description: Detects traffic or activity related to http://64.89.163.22/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.22/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.64.254:50377/i id: auto-d5bc9d6bf44bb271b33ed277655bf43c1e27ce2c4a56eef6fbc45cf637c5f8c9 status: experimental description: Detects traffic or activity related to http://110.37.64.254:50377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.64.254:50377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/x86 id: auto-167728ff4fade2aa3a041499c3a409e7fd3207af3d10f0ad8db217f66d912ade status: experimental description: Detects traffic or activity related to http://130.12.180.126/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.106.233:56967/bin.sh id: auto-a37bf6598eff8ba6adc5e0304467de54db539defd40f2d867e4ae49dbe8aa44f status: experimental description: Detects traffic or activity related to http://116.138.106.233:56967/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.106.233:56967/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.64.254:50377/bin.sh id: auto-91ef060586f7924c0b50d357375e9b693bd0ed49fe6f6d2649efcc12009f586b status: experimental description: Detects traffic or activity related to http://110.37.64.254:50377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.64.254:50377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.219:41382/bin.sh id: auto-8cf561b32a0c50083b521e3cb6de0c33c570463619955cbfa8733777a630bde3 status: experimental description: Detects traffic or activity related to http://110.36.29.219:41382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.219:41382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.20.250:50201/bin.sh id: auto-5ca27ab057bbb9dbb78ff463f225e3fbc10a23a6103ab7244e17dc393f866bbc status: experimental description: Detects traffic or activity related to http://202.107.20.250:50201/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.20.250:50201/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.39.90:42517/i id: auto-98144dcf73502a8c15b3039ca0fe5163185af30e9ac3931f76d032b1f0b8f9bd status: experimental description: Detects traffic or activity related to http://115.50.39.90:42517/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.39.90:42517/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.201.239:37688/bin.sh id: auto-326d1d39ec7531ebde498650715efd4fd41a2dbf8f833898ec205c1fedeed791 status: experimental description: Detects traffic or activity related to http://42.52.201.239:37688/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.201.239:37688/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.77.69:39882/i id: auto-2a6a7881e19b98ad933ba58af4d4ae83fae39fa65d31ba0511b23e5cb3b09535 status: experimental description: Detects traffic or activity related to http://115.49.77.69:39882/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.77.69:39882/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.39.90:42517/bin.sh id: auto-d54fb0898eb48e8971ab77be74f3f9f54ac0aa280ed0e3eec0ea392768490ba7 status: experimental description: Detects traffic or activity related to http://115.50.39.90:42517/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.39.90:42517/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.46.138:58668/i id: auto-b019bd611b1776ce7de29455bcd21727938426b2ae36505844e5d0a72d89c701 status: experimental description: Detects traffic or activity related to http://61.52.46.138:58668/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.46.138:58668/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.231.237:37691/bin.sh id: auto-eece6c24d3a295dd9143e1ca4f5caa05e5fadca1afefc47e0372e99091a54a6f status: experimental description: Detects traffic or activity related to http://182.121.231.237:37691/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.231.237:37691/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.247.12.53:59018/i id: auto-60ff8b2b03253b03a64e8da26c0f11adfbdee89d43452ac11c70691d8cfec123 status: experimental description: Detects traffic or activity related to http://112.247.12.53:59018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.247.12.53:59018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.246.105:43235/i id: auto-ba47c1f754488543b02cd360d9a2876f365bfda8de2dae7302da552a7f83fd6a status: experimental description: Detects traffic or activity related to http://115.57.246.105:43235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.246.105:43235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.117.135:51795/i id: auto-f8b75c6d67a47d7088a7006bb1fe21be1eb7eb19dac00d873fbabb700adaaab9 status: experimental description: Detects traffic or activity related to http://182.117.117.135:51795/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.117.135:51795/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.46.138:58668/bin.sh id: auto-693b0b513565982151cd8dc9914e2c57401a0679f8f3793dfbdd9f68ed22fda4 status: experimental description: Detects traffic or activity related to http://61.52.46.138:58668/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.46.138:58668/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.246.105:43235/bin.sh id: auto-bfc25458aa88f980762e29f37c29b97f61802dac1bbb01781b3dc7b81f26768f status: experimental description: Detects traffic or activity related to http://115.57.246.105:43235/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.246.105:43235/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.117.135:51795/bin.sh id: auto-edbff489d56c1017d6457fdefe99023a0f584338870eccffd2322d417f6dfab6 status: experimental description: Detects traffic or activity related to http://182.117.117.135:51795/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.117.135:51795/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.105.154.212:46266/i id: auto-79339e64a56f434ce8edd315399c9c3eccc4ab5f96290cc132bf2c0c87932c8c status: experimental description: Detects traffic or activity related to http://174.105.154.212:46266/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.105.154.212:46266/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.105.154.212:46266/bin.sh id: auto-66a2f556614fae78f1dd94d22807a987ed151a00ca3835a20c6d771fc8340215 status: experimental description: Detects traffic or activity related to http://174.105.154.212:46266/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.105.154.212:46266/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.10.114:45037/i id: auto-7898db85d32d235f04de1d98c1bf10f1a6351f6b00827aea03adc210bdc3589a status: experimental description: Detects traffic or activity related to http://221.15.10.114:45037/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.10.114:45037/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7661816258/KphOu3m.exe id: auto-59751940b3da3106b7eb74a8d3968b6f28536ba220a458a51fcc55f88f712ca1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7661816258/KphOu3m.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7661816258/KphOu3m.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.106.103:51600/i id: auto-4b1964332500e1a8a8d04862a712c6629697f06862918d8669572bf5c459a4ea status: experimental description: Detects traffic or activity related to http://221.14.106.103:51600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.106.103:51600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.203.153:44171/i id: auto-0f6297fdce0367c1fd21a052195f0f41e0cd54147b1f2c9e1a4ac8c4a1545dd4 status: experimental description: Detects traffic or activity related to http://219.155.203.153:44171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.203.153:44171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.2:44592/bin.sh id: auto-f84ceb5c222fe315d3f055e71b526867348328ae7998040e38a7351e8fa3500d status: experimental description: Detects traffic or activity related to http://59.97.177.2:44592/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.2:44592/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.43.98:55929/bin.sh id: auto-6a0673077325603f17aa7f357ed7b0c08116351399b9a748c84e4bc66b664c20 status: experimental description: Detects traffic or activity related to http://61.52.43.98:55929/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.43.98:55929/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.18.162:50236/i id: auto-d3250bad3561eea9dc3aebac77e302254c7d1f4edd6276b84572ee87f093770e status: experimental description: Detects traffic or activity related to http://117.217.18.162:50236/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.18.162:50236/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.106.103:51600/bin.sh id: auto-38126c2aa3b0ae17b7abafd05ab96294f6233d45c63e20b812f1af4a1d8ab0bb status: experimental description: Detects traffic or activity related to http://221.14.106.103:51600/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.106.103:51600/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.7.155:45181/i id: auto-0597bedf38eab07c887dbe9ad8e9892a8bb9e80049466d7d93de1c52baa2d656 status: experimental description: Detects traffic or activity related to http://110.37.7.155:45181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.7.155:45181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.10.114:45037/bin.sh id: auto-fcb330ec68d55d0efe7304eb19bab17d920bcf6a46bd74e671407e89f18fa879 status: experimental description: Detects traffic or activity related to http://221.15.10.114:45037/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.10.114:45037/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.203.153:44171/bin.sh id: auto-461c84e8a6b5b5d98ead44e870307595a4346f6ca79c26009a88d8e0306d7a9f status: experimental description: Detects traffic or activity related to http://219.155.203.153:44171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.203.153:44171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.110:37596/i id: auto-55dbbf15aa7e7463cd4a9ed3a410ee39fc5a40116a2766f146cc8119d5de09ce status: experimental description: Detects traffic or activity related to http://58.255.46.110:37596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.110:37596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.18.162:50236/bin.sh id: auto-685fd3eb413e83406e2184586a81da598cde607b9c87c5d29cbdbf58afda24a3 status: experimental description: Detects traffic or activity related to http://117.217.18.162:50236/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.18.162:50236/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.247.195:34324/i id: auto-6f703ec231ad5a87c29a5615755c2f4b763816e8b73c9607754c7c6d7c300575 status: experimental description: Detects traffic or activity related to http://42.59.247.195:34324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.247.195:34324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.119.9:60886/i id: auto-485ee9e68609291643c22227246dcf3e7cfa936cefed2e7b7a664c69d9f747b2 status: experimental description: Detects traffic or activity related to http://27.37.119.9:60886/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.119.9:60886/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service-reward-armory/friendly-posting-w1se/stand2 id: auto-d7db1ceab84cf2a0e3122445c15ddb6ead5190253c77b0a5880914355cb359e6 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service-reward-armory/friendly-posting-w1se/stand2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service-reward-armory/friendly-posting-w1se/stand2*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.229.53:41241/bin.sh id: auto-0d51b640f835048d1a8a5498abbfb5405c128b931f805ae5cb8aa60367a6ec0e status: experimental description: Detects traffic or activity related to http://115.50.229.53:41241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.229.53:41241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.70.147:41781/bin.sh id: auto-80f0f27cb1f12241f4eaf6e45454259d2e1a0e459162e3edec2b590456b86b22 status: experimental description: Detects traffic or activity related to http://123.11.70.147:41781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.70.147:41781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/arm6 id: auto-6f39ebda0a5972870585021be46b1f8e089f79ecd239a5abebf0d75fd4260174 status: experimental description: Detects traffic or activity related to http://158.94.208.251/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/m68k id: auto-49d525701e205c67ac69a300941e41823bd12570065297afc75faa7e6f4e44d9 status: experimental description: Detects traffic or activity related to http://158.94.208.251/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/arm7 id: auto-890d47f463d9f02bf9ed2b2134e31c42ac443206cfc3869e14b61c344e5b7971 status: experimental description: Detects traffic or activity related to http://158.94.208.251/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/sh4 id: auto-478eb5a4ab3da2ee0770736b08c372b694986094939253e97f0170e7a515f8ee status: experimental description: Detects traffic or activity related to http://158.94.208.251/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/x86 id: auto-1cc4c4073cb701fd4e138a37d77983faaf1d9c7691ca05abd1941f1b895ef303 status: experimental description: Detects traffic or activity related to http://158.94.208.251/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/ppc id: auto-8d3cc005e044e37a5d016818ef00c4411dd4b3ab927956e0048aff44023b31ed status: experimental description: Detects traffic or activity related to http://158.94.208.251/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/i486 id: auto-c8daa6e38a2cc03aef5868635a67f665fc9ba3c405ac8bfb9b9031ec086cf4ba status: experimental description: Detects traffic or activity related to http://158.94.208.251/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/sparc id: auto-06bfeadf5050b3f858585ce6d20a8dee800721502b49c3e491ee2c8c24112923 status: experimental description: Detects traffic or activity related to http://158.94.208.251/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/x86_64 id: auto-dc454da569c130377e7f4f57a709adaff03d18a1626b0a3dad51aeeb6169ec80 status: experimental description: Detects traffic or activity related to http://158.94.208.251/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/mips id: auto-c614d54d1a72dbf2cbaefe312a580810b89f481751ff1eccb3151df23e098300 status: experimental description: Detects traffic or activity related to http://158.94.208.251/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/mpsl id: auto-a2c02cab967e1771d2042db6b8b65c48405ab011ec328964f65230941f608f20 status: experimental description: Detects traffic or activity related to http://158.94.208.251/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/arm4 id: auto-354221282a3a0c9d11125755fe74fa45d286d8ba930edc00d61cdf6023c6bca6 status: experimental description: Detects traffic or activity related to http://158.94.208.251/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/mipsel id: auto-7f0397c14cf06e5a95ac9ad75eee3fc0685f63b3bcd16c6f2601ba93dc7cdbcd status: experimental description: Detects traffic or activity related to http://130.12.180.128/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/x86_64 id: auto-c35d6cfa694fc2f47fe3a383c320c955d465dd71042cb49cdc6807177452de0a status: experimental description: Detects traffic or activity related to http://130.12.180.128/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/arm id: auto-983e74c5581059a91724b16a2a62b9bcd4d1b55e8fa9d4143cfbb4bd24318a81 status: experimental description: Detects traffic or activity related to http://130.12.180.128/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/arm5 id: auto-53ff7143bf061ee25f293f49ab0123f07b723d8ae5eaac2583cfd0efe2efd52f status: experimental description: Detects traffic or activity related to http://130.12.180.128/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/mips id: auto-58b32eb1a501947ef3984dfdc9ca64de3ac1d3b8ad0f954e93994b46bd65e3e2 status: experimental description: Detects traffic or activity related to http://130.12.180.128/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/arm5 id: auto-b1fb1860d04bc7b5539ec35b5956251a07990784e2895f3a7d559eeb2cfb3445 status: experimental description: Detects traffic or activity related to http://158.94.210.68/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/arm id: auto-dcd45f31c196e9978854e7cb2d2a5d224d305c85c5731f8ff834496afa410508 status: experimental description: Detects traffic or activity related to http://158.94.210.68/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/mips id: auto-8579978ba8a1811eeafc83608b8e7dd43bf69a8c6e1155dbdc49bc58094a0802 status: experimental description: Detects traffic or activity related to http://158.94.210.68/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/mipsel id: auto-a50bfa68ac3949024ace9e839a748ff455617bddc934cc8dfe1345eca4832f87 status: experimental description: Detects traffic or activity related to http://158.94.210.68/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/x86_64 id: auto-05e50f040d5ed20a83ea24a217a8f305eba61e391cffed0c7a88270fe866a0e6 status: experimental description: Detects traffic or activity related to http://158.94.210.68/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/arm7 id: auto-16553e83c5fe53f9a12b2eb764cbea9ce415053f91c9124ece005f5a163032c6 status: experimental description: Detects traffic or activity related to http://130.12.180.128/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.68/arm7 id: auto-d2790621247e88b339863d3510477c622cf0cf993f681d2e27b6f387dbeeb39d status: experimental description: Detects traffic or activity related to http://158.94.210.68/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.68/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.128/arc id: auto-61dc8683268a55983854e33b8526cef2ee13559e966dc8913ab92e6f73b9174b status: experimental description: Detects traffic or activity related to http://130.12.180.128/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.128/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.251/arm5 id: auto-e3423a2826a53616accd9529843d35a1e35effe4ae610ff5019e65341fcc9eda status: experimental description: Detects traffic or activity related to http://158.94.208.251/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.251/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.216.231:35269/bin.sh id: auto-852bde10ed69b8a65c73262c6029aedfa47bc498c1b8bc72e12bb31a2240ee3f status: experimental description: Detects traffic or activity related to http://222.140.216.231:35269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.216.231:35269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.119.9:60886/bin.sh id: auto-f19ccdaec893d5f1db3c94c41baaa9afd13c4c2bb57881dc0bb02fcdf1f4a27f status: experimental description: Detects traffic or activity related to http://27.37.119.9:60886/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.119.9:60886/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.6.103:53333/i id: auto-658a80d007e302cb96a14ed7cdaa9cae0b8c0d4ec16011b76c82ad03763bf037 status: experimental description: Detects traffic or activity related to http://42.227.6.103:53333/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.6.103:53333/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.210.228:54163/bin.sh id: auto-9b121a14cc4f3fead778df871b0c2e8123648ef395d15acc8ba7b154a2164233 status: experimental description: Detects traffic or activity related to http://60.19.210.228:54163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.210.228:54163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:38703/bin.sh id: auto-b8cecafff8acc438802328898e1d2da66c89f30d342ad679976ac9e94d80a24a status: experimental description: Detects traffic or activity related to http://110.37.110.217:38703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:38703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.214:52920/i id: auto-17412662d7ccbc83952176e520e5a42168968e9c359cdf07c8fad76366feee64 status: experimental description: Detects traffic or activity related to http://117.209.2.214:52920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.214:52920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.179.143:55805/bin.sh id: auto-b59556db4fdeb3dace4bb9f8c1b5fd117c5e1eadb448bf5b920829dcd5540170 status: experimental description: Detects traffic or activity related to http://42.54.179.143:55805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.179.143:55805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.218.119:50858/i id: auto-74721352a023296f0c01138d8ee8e8c66e5f99b3a10f0e2327ee99938458306f status: experimental description: Detects traffic or activity related to http://60.19.218.119:50858/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.218.119:50858/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.74.12:46171/i id: auto-faf04ca599a6ea8532e08aa117bae360f41867f08cf128c4380943dfccd3b0d3 status: experimental description: Detects traffic or activity related to http://124.92.74.12:46171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.74.12:46171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.77.69:39882/bin.sh id: auto-60b5d2b7e1c58e614a1970b87023d06eee717a81c7c5900a15a3bdb4f18df32b status: experimental description: Detects traffic or activity related to http://115.49.77.69:39882/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.77.69:39882/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.218.119:50858/bin.sh id: auto-d1c1eb7871539c75f516bf0ad1f719eec67a682b9e55cae1c191c95dd836cdf3 status: experimental description: Detects traffic or activity related to http://60.19.218.119:50858/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.218.119:50858/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.0:46073/i id: auto-fec14705c705d4a3943b392c511931051533073b0e2393df921d7786651df7f7 status: experimental description: Detects traffic or activity related to http://58.255.46.0:46073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.0:46073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.74.12:46171/bin.sh id: auto-6bcba7aa1436e474aabbbbd875cd0cc29c10e91ab15c40dbb1df3506a31f8587 status: experimental description: Detects traffic or activity related to http://124.92.74.12:46171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.74.12:46171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.78:47200/bin.sh id: auto-e0a876c06f5392bda4d0dbc84e34d3eb6428e3352174c472d8afce54fc1d43b4 status: experimental description: Detects traffic or activity related to http://110.37.66.78:47200/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.78:47200/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.177.130:53891/i id: auto-5baa4ac52d1246b0d9e30780bf90308a076cf1f3bf868bc0bf755b3bfcb4b6c0 status: experimental description: Detects traffic or activity related to http://103.93.177.130:53891/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.177.130:53891/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.177.130:53891/bin.sh id: auto-e7c6d64121638017774c2dfb097eaf5240e72381b3ff547803f4637b9b54b2fb status: experimental description: Detects traffic or activity related to http://103.93.177.130:53891/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.177.130:53891/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7643569036/G1kyO7v.exe id: auto-a2d78af8e83628c839b7af47ff4352289172b72986057844c4ced626e3e11e06 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7643569036/G1kyO7v.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7643569036/G1kyO7v.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6099023828/dfnQp5Z.exe id: auto-a49c883208fb1ecf75f1d549c91ca2ba49e948fb076a6761ed97498d0ff39d85 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6099023828/dfnQp5Z.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6099023828/dfnQp5Z.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.49.19:57387/bin.sh id: auto-ebef8617836abd81af844291360b517f4de35c5e7a68a105ecd26812110b2b71 status: experimental description: Detects traffic or activity related to http://42.179.49.19:57387/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.49.19:57387/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.12.155:45523/bin.sh id: auto-c75d0b0bcc45c8eeaf5d5c5063ad858c795dc50f71414ee665cf245a3d07be31 status: experimental description: Detects traffic or activity related to http://42.55.12.155:45523/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.12.155:45523/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.54.143:42455/i id: auto-fea1a7a3af460aadbf9cb8e89bdf97b7173eaa8075341054d51a81d15f524ea8 status: experimental description: Detects traffic or activity related to http://115.63.54.143:42455/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.54.143:42455/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.208.153:60301/i id: auto-7af076d83a6f3ef4e00257b66b9f07c3e4c2c974d0a17a8a1b05860943bbfe59 status: experimental description: Detects traffic or activity related to http://175.149.208.153:60301/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.208.153:60301/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.12.155:45523/i id: auto-369f40a8e1e643db4c53a6986d495fa7d38fa5bd84a9dad3c47c66ebaeb4a03f status: experimental description: Detects traffic or activity related to http://42.55.12.155:45523/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.12.155:45523/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.168:45777/i id: auto-a52b951aec41e33c734d7b6803439baede1b2bc28a8a4c45467118ad4891c219 status: experimental description: Detects traffic or activity related to http://117.209.31.168:45777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.168:45777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.231.237:37691/i id: auto-5c55526fb0b0343b961a8603814363f157e7645188928d625fb200adba8ea8fe status: experimental description: Detects traffic or activity related to http://182.121.231.237:37691/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.231.237:37691/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.201.160:44674/i id: auto-f024ecf0a9f3e5e4c9ba2db33c7c85d3b8d643dedc187f3dbd4ede037896a610 status: experimental description: Detects traffic or activity related to http://219.155.201.160:44674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.201.160:44674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.226.246:53973/i id: auto-a4970f21522f51245f418909d5dfe7ba820920ce7d7547e6806e1d82dbeb0db3 status: experimental description: Detects traffic or activity related to http://219.155.226.246:53973/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.226.246:53973/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.0.215:58917/bin.sh id: auto-6999e51c8ed4a5ef1b35462be3ee680e7611b3992f7bcb747711aa085155e5ba status: experimental description: Detects traffic or activity related to http://117.245.0.215:58917/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.0.215:58917/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.23.0:43826/i id: auto-6b5d439533505aa77d1263e7a704088c0b50b68041e44eebfc37291aa89e29c9 status: experimental description: Detects traffic or activity related to http://202.107.23.0:43826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.23.0:43826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.202.92:40150/bin.sh id: auto-a63f85577f630155d3a6cec790082f3a37469b9f22354f0ffb12f08a261be9ba status: experimental description: Detects traffic or activity related to http://120.61.202.92:40150/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.202.92:40150/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.226.246:53973/bin.sh id: auto-60f7af34c2d432eb3394459aee554162a2d16da619b7c33747ea4a73633fb3ee status: experimental description: Detects traffic or activity related to http://219.155.226.246:53973/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.226.246:53973/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.201.160:44674/bin.sh id: auto-4eb551abfb3bd8107c20a586617ebb05513d532601b6ea8df5a5a3dede49e8e8 status: experimental description: Detects traffic or activity related to http://219.155.201.160:44674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.201.160:44674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.23.0:43826/bin.sh id: auto-2c4b4e131d282013bf0bcda33cc039366e19964035a43f7563323b5f5824ef3a status: experimental description: Detects traffic or activity related to http://202.107.23.0:43826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.23.0:43826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.103.247:33078/i id: auto-09bff194adf41905ec7aeb85efe9cf2d685a1ba2fc279cdc1f041869b815968f status: experimental description: Detects traffic or activity related to http://182.112.103.247:33078/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.103.247:33078/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.189.166:40606/i id: auto-238afde0b9231ab242297d9751ff33879805a5119cc6f2f6f7689df16b9ffd80 status: experimental description: Detects traffic or activity related to http://117.196.189.166:40606/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.189.166:40606/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.80.7:60318/i id: auto-7de5dce535406849b7dbe89c418c6f318304df838f13f46142db77e1bc4a637e status: experimental description: Detects traffic or activity related to http://112.248.80.7:60318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.80.7:60318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.253.238:56468/i id: auto-b0260b1c61ba4264b37c640c4d559057e9e0200344ccb8b6609735aec88e8ede status: experimental description: Detects traffic or activity related to http://42.180.253.238:56468/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.253.238:56468/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.80.7:60318/bin.sh id: auto-75dd4a9f1260081dc2a70385edba07a8bfa3061bf255e1a8bc3f8423c55a79e5 status: experimental description: Detects traffic or activity related to http://112.248.80.7:60318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.80.7:60318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.189.166:40606/bin.sh id: auto-2e292d4f8de83e01af6410682e0f014e773d52ef389cebc2dc130f94bf02d48e status: experimental description: Detects traffic or activity related to http://117.196.189.166:40606/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.189.166:40606/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.103.247:33078/bin.sh id: auto-5e17b3bf041e39e340cc9a23dd301fe64d95daf0cfea201220505d4ee3f468e9 status: experimental description: Detects traffic or activity related to http://182.112.103.247:33078/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.103.247:33078/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.94.12:42572/bin.sh id: auto-ba7dcaec88424f7c7c16b536f7f743d2ad2371ee4394956ec1fc9b156f60cf4e status: experimental description: Detects traffic or activity related to http://182.126.94.12:42572/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.94.12:42572/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.253.238:56468/bin.sh id: auto-9d755609fcd28a70941732a5448826f4855380cc93e1fcd271ee4262996efe10 status: experimental description: Detects traffic or activity related to http://42.180.253.238:56468/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.253.238:56468/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.6.103:53333/bin.sh id: auto-4843da1926e5ce50754e5f4f6f6d2590cf581d2877db93014e45d1c7cb7c2ea6 status: experimental description: Detects traffic or activity related to http://42.227.6.103:53333/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.6.103:53333/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.176.16.15:43207/i id: auto-24ad78943024b49c2101c414789e57a16972577b667f0934a2bfd0107ff4dad3 status: experimental description: Detects traffic or activity related to http://59.176.16.15:43207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.176.16.15:43207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.182.113:39841/i id: auto-d55923bb5390d77aa753c9822f29777550df4781f8046862bad2b8d425c0e0f2 status: experimental description: Detects traffic or activity related to http://117.216.182.113:39841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.182.113:39841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.176.16.15:43207/bin.sh id: auto-d43776b3634f9d962274a70774a50c8f7f9b6e4567c79fb8e1448072e3637a53 status: experimental description: Detects traffic or activity related to http://59.176.16.15:43207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.176.16.15:43207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.196.122:59781/i id: auto-be793c522a3da0758787ad3099db4c11a689456ecd916b0549c210ddd9890838 status: experimental description: Detects traffic or activity related to http://178.141.196.122:59781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.196.122:59781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.142.206:39480/i id: auto-1e79c860801dc3df926e3490d50d43ffcfb534fb2a0bf98ae733bb782a0169fb status: experimental description: Detects traffic or activity related to http://124.92.142.206:39480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.142.206:39480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/bucket id: auto-c12577453ddeb416a05fae84db0616fa9a644b61778c2a476c86897962984bee status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/bucket which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/bucket*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.225.132:53485/bin.sh id: auto-6e01e9c080275d2e4cb596ef736f93c0293d0953e45a9068852a863b94a5267f status: experimental description: Detects traffic or activity related to http://123.14.225.132:53485/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.225.132:53485/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.26.45:32835/bin.sh id: auto-fd930fcb3c2545d097a4550360fda3f86547dbb68c9495c342a482e5a0c495b1 status: experimental description: Detects traffic or activity related to http://61.3.26.45:32835/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.26.45:32835/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.239.252:40545/bin.sh id: auto-c4d3a8f05dff9385f68af25ce638ccba7b6488d15c6439d10ae44d00ed8a462f status: experimental description: Detects traffic or activity related to http://182.123.239.252:40545/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.239.252:40545/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.222.217:34403/i id: auto-622ec2317bc28a2d7bcf66308d749f77fc11bf520c6741402af5c0da182c0e9a status: experimental description: Detects traffic or activity related to http://182.112.222.217:34403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.222.217:34403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.142.206:39480/bin.sh id: auto-305f687a9c27969d1cd55187c151e76c672a1129433dbd07cd06133d1062e49c status: experimental description: Detects traffic or activity related to http://124.92.142.206:39480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.142.206:39480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.185.73.248:44693/.i id: auto-afcd6cc567bfb66ca845af0a409b0224e99ca2bb4b6e1689e8cd755508b505f8 status: experimental description: Detects traffic or activity related to http://222.185.73.248:44693/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.185.73.248:44693/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.222.217:34403/bin.sh id: auto-3713c8ee570941419837403207f2dd095f9502b232d2e1ad47cdc1eb115ddfa4 status: experimental description: Detects traffic or activity related to http://182.112.222.217:34403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.222.217:34403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:35418/i id: auto-0cfd4af8f6780f5ccd30352ee7031002ee7982cb1160d10f0903551dffdad128 status: experimental description: Detects traffic or activity related to http://110.37.42.225:35418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:35418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.24.4:55802/i id: auto-2004b6fafbb06cbc7de33fdf4b975e1bb9a75b8fc94ac00c7d5f84a9c58335d1 status: experimental description: Detects traffic or activity related to http://117.248.24.4:55802/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.24.4:55802/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.161.111:38253/i id: auto-b90f843964dbbe5f39b155a2f7826c02d4d77a72383931c6480de5992764ad2b status: experimental description: Detects traffic or activity related to http://112.248.161.111:38253/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.161.111:38253/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:35418/bin.sh id: auto-72b6f1af59471f759ff2377b6ef0e801cb43e436d17badf1f11f0daa41f61503 status: experimental description: Detects traffic or activity related to http://110.37.42.225:35418/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:35418/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.100.249:49372/bin.sh id: auto-f79a0a405076e11e9f70c10c6ecca1368802593abd3390a63859e078b4f43eba status: experimental description: Detects traffic or activity related to http://113.230.100.249:49372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.100.249:49372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.204.196.136:54674/i id: auto-a2309c8eef4aa36aafe34fcfae4ccf8e07396455a17d2f63e0470131a9ae5743 status: experimental description: Detects traffic or activity related to http://138.204.196.136:54674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.204.196.136:54674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.24.4:55802/bin.sh id: auto-1ee989b8fb0c772153dd074c25e860e840f767d9a52371f1e5a04b150a4a01c1 status: experimental description: Detects traffic or activity related to http://117.248.24.4:55802/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.24.4:55802/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.231.129:49437/i id: auto-c6ee76c71ef55874ac1f5540bd3a2472babd2e82058c15083212d101af4bd507 status: experimental description: Detects traffic or activity related to http://113.229.231.129:49437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.231.129:49437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.251:45809/bin.sh id: auto-5039074ad6076e9503fb259854564bb188c4733f5b994c25a35ebb446c0d2238 status: experimental description: Detects traffic or activity related to http://61.53.84.251:45809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.251:45809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.0.208.91:54279/bin.sh id: auto-12fe833b562abf7f0b3ec6ca7d06ed263dc27b9526d1b7e803be49b7c9ea8b79 status: experimental description: Detects traffic or activity related to http://221.0.208.91:54279/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.0.208.91:54279/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.204.66:37373/bin.sh id: auto-2fb6c368c6f5b7142dfb7e1c1bed1ad35f4a1e300dd9dfe0b8d60e9206959478 status: experimental description: Detects traffic or activity related to http://112.225.204.66:37373/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.204.66:37373/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.13.187:51620/i id: auto-b1988ae49f396aa61e945489e1fa6da4c1c3bdd8188bc3c2524bb631f712948d status: experimental description: Detects traffic or activity related to http://123.8.13.187:51620/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.13.187:51620/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.124.13:46464/i id: auto-2394a17aafabce86824287b4d352fb9ab62ac3129a298ba46cb3fd002c8b5df7 status: experimental description: Detects traffic or activity related to http://27.37.124.13:46464/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.124.13:46464/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.98.189:57640/i id: auto-f244f16d907c38be34398892ba7280cce7aefd94fb924f0c43037d3fce47fcd5 status: experimental description: Detects traffic or activity related to http://59.177.98.189:57640/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.98.189:57640/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.13.187:51620/bin.sh id: auto-60555d0faa4c8ba714fd8cdee49484deb4137f0b21e5a16ff82862e13eb3b295 status: experimental description: Detects traffic or activity related to http://123.8.13.187:51620/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.13.187:51620/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.161.111:38253/bin.sh id: auto-cda038df75fd5b08c3347b49c267e06865668a08e9185dd0dd70e243cdb58643 status: experimental description: Detects traffic or activity related to http://112.248.161.111:38253/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.161.111:38253/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.98.189:57640/bin.sh id: auto-6c6c1b7d99d7f07481ada2854c643ec68f4282f61f40b5611926a425293439b1 status: experimental description: Detects traffic or activity related to http://59.177.98.189:57640/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.98.189:57640/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.226.38.225:49901/i id: auto-cb6493eeb8865cd37a71ec7372fc3d9243182c821e116d8105467e861a6cda4f status: experimental description: Detects traffic or activity related to http://112.226.38.225:49901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.226.38.225:49901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.35.140.111:50160/bin.sh id: auto-e5e366d866ebb0914d361c0fbae74575090570151e48b256b25880a0fdc13ca0 status: experimental description: Detects traffic or activity related to http://106.35.140.111:50160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.35.140.111:50160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/bramps id: auto-85d02a94e6375db9dc66da5b4748d2d7d6108a2f6f111fe088149968361d7304 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/bramps which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/bramps*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/volume id: auto-1149b55d01199532ff9b1588a75220138d11e3775f827eeb0cd2b66aa432115d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/volume which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/grave-filesystem-hd7/volume*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.113.23:56466/Mozi.m id: auto-dd1b42e1aadb24154e97ed6ff5e33ebb7194aa1264688b10c2c3a84d8324a6ea status: experimental description: Detects traffic or activity related to http://123.188.113.23:56466/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.113.23:56466/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.226.38.225:49901/bin.sh id: auto-adaa20a508f380634a09fef6f1d14d3438c98d037410a5abe0c32636fe23778f status: experimental description: Detects traffic or activity related to http://112.226.38.225:49901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.226.38.225:49901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/i686 id: auto-dd797cfb542e6513ab826e54fbc1e7a8cc7b803a38d92fb66553982e73a8e0fc status: experimental description: Detects traffic or activity related to http://103.43.8.15/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:48594/i id: auto-cadb49b1014866c3698229d1ebe30ff255497f6308e30ef32ecd4b42036d918f status: experimental description: Detects traffic or activity related to http://110.37.101.252:48594/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:48594/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.122.158:40274/i id: auto-95b3de8007abfe10488ec2804e98be3913cc9dfee6031c01fd221b8d00d0063c status: experimental description: Detects traffic or activity related to http://182.116.122.158:40274/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.122.158:40274/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.176.221:53531/bin.sh id: auto-e6ab9458cdab6e7a3d658b4bd9f9b822d9cfe0fce865c4b67cbe7584df0bc780 status: experimental description: Detects traffic or activity related to http://222.140.176.221:53531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.176.221:53531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.189.74:40314/i id: auto-92d73df1cfbea8e1926c96588acdb6403c1dbbfac310d97f08b087d766dbac98 status: experimental description: Detects traffic or activity related to http://123.5.189.74:40314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.189.74:40314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.106.11:46163/bin.sh id: auto-9f3c7d646bfa09800688a4cd050c1c4343e5cbdb8dfbe0d698fb538aaae20ef5 status: experimental description: Detects traffic or activity related to http://221.14.106.11:46163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.106.11:46163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.176.221:53531/i id: auto-7659f72354a23e3f81019f38bc87545729fc7b10409a44cb723a678e4bfe5a46 status: experimental description: Detects traffic or activity related to http://222.140.176.221:53531/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.176.221:53531/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.41:49189/i id: auto-3cbbcfcbf9edc53996e41b7803b34048b8d9668ca8c891f815557303685e1392 status: experimental description: Detects traffic or activity related to http://117.209.18.41:49189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.41:49189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.41:49189/bin.sh id: auto-a1c5869a9cccb1f700d296c76b36ad99e3523bb36a3422b363661ddbd2bbdd48 status: experimental description: Detects traffic or activity related to http://117.209.18.41:49189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.41:49189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.2.91:46553/i id: auto-c6b3c0d092ce4e15b7a10dcf4f3cb9e1e5bbe8a5b4dac78ca4f5256e9569cbc1 status: experimental description: Detects traffic or activity related to http://117.223.2.91:46553/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.2.91:46553/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.2.91:46553/bin.sh id: auto-07a485406d3604ec63bc55d11df79e27da2ab005d5786db3a56b7f90ecd32f36 status: experimental description: Detects traffic or activity related to http://117.223.2.91:46553/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.2.91:46553/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:48594/bin.sh id: auto-e5aad096e824e2cd1440988e34c6a1050f05d5126ba7dcce1d6b29ee5fc5e566 status: experimental description: Detects traffic or activity related to http://110.37.101.252:48594/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:48594/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.84:34390/i id: auto-f07e3ad4eea26cc46139feee54e79ec070d90ecb786beffdfc13f588912949c9 status: experimental description: Detects traffic or activity related to http://58.255.46.84:34390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.84:34390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.154.162:53265/bin.sh id: auto-2779fd326bb21ad27a48c21aede9d3a206336deb6071515723fcd68af8a40a71 status: experimental description: Detects traffic or activity related to http://42.234.154.162:53265/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.154.162:53265/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.24.159:58160/i id: auto-32e233c6863d475f802ae22a818e38a3f2bec824e6c59626310413e513a919d5 status: experimental description: Detects traffic or activity related to http://220.201.24.159:58160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.24.159:58160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.49.19:57387/i id: auto-9663be5dc47ad33faf1ddda13a7e0c7c881d715730b322bfb0f609a61cf65b99 status: experimental description: Detects traffic or activity related to http://42.179.49.19:57387/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.49.19:57387/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.24.159:58160/bin.sh id: auto-29c1ee94b1dd70ff6d9bfd4d6b63b84afb3b514413dcc13f610a4bac5c3d989b status: experimental description: Detects traffic or activity related to http://220.201.24.159:58160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.24.159:58160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.169.22:35210/i id: auto-b366881b1893f75860cd872c91a070a75166635e176c06ec4149bd0a054445bf status: experimental description: Detects traffic or activity related to http://42.178.169.22:35210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.169.22:35210/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.156.71:38492/i id: auto-274a688678db7ee95b2617234ed2c65d6eb05062c8a589ac224111262357a90b status: experimental description: Detects traffic or activity related to http://123.10.156.71:38492/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.156.71:38492/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.176.173:44062/bin.sh id: auto-e1f3b46d60d6eff26316c36950e0007974c968939f6cf224caa068a08c270b78 status: experimental description: Detects traffic or activity related to http://123.189.176.173:44062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.176.173:44062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.37.237:43679/bin.sh id: auto-abc301dbfd55db35f525f81ea6ce38a2278ab16fea2b3128aafcfa87e8174b4b status: experimental description: Detects traffic or activity related to http://39.74.37.237:43679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.37.237:43679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.181.217:43723/bin.sh id: auto-30e4143e33f4039a8c50d689833a21a1a3a0c668a8b7971cdf8abc61367ddbe0 status: experimental description: Detects traffic or activity related to http://42.235.181.217:43723/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.181.217:43723/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:44734/bin.sh id: auto-8ba7a831c2215563d986771766ce2715c570c9774784119cbe05ceaf227a0642 status: experimental description: Detects traffic or activity related to http://110.36.15.184:44734/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:44734/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.183.34:46302/i id: auto-f9c473e6f0c9927399cdeffc299e15a0c59cd33f17d1576c6eb5c6e3a684911d status: experimental description: Detects traffic or activity related to http://125.41.183.34:46302/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.183.34:46302/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.183.34:46302/bin.sh id: auto-5a386ee679798d5cac7d2429649161f61959ac71d7b570326933b87ab53d0282 status: experimental description: Detects traffic or activity related to http://125.41.183.34:46302/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.183.34:46302/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.192.144:38150/i id: auto-d1db8e1ffff99cfa240677d407536286a9b5883b94ce50ad9c01b7e5fb092177 status: experimental description: Detects traffic or activity related to http://125.44.192.144:38150/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.192.144:38150/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.251:45809/i id: auto-fb5346b958d32d6839c0c09c1973b5fa0ed9469346e5efee411ff6821ae5f941 status: experimental description: Detects traffic or activity related to http://61.53.84.251:45809/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.251:45809/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.39.143:47181/bin.sh id: auto-4812833b592fea2c827b242742ed096b52da544c49e90b2dbf748a1e0e7b2f07 status: experimental description: Detects traffic or activity related to http://182.113.39.143:47181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.39.143:47181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1900003348/tXg0xgI.exe id: auto-9e4e12c3459c90e228c6e05dbaed1081bada578b0bed5ca8ca1837de870c5c78 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1900003348/tXg0xgI.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1900003348/tXg0xgI.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.235.206:49093/i id: auto-1ddde517c556881c9915d62013ec773312c914cc2c7d07a60554c8aba057d870 status: experimental description: Detects traffic or activity related to http://117.200.235.206:49093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.235.206:49093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.55.229:42904/i id: auto-0506f71c4af30523f869029b3d22f8ce860a516ccf98d9c468245628859c054b status: experimental description: Detects traffic or activity related to http://182.116.55.229:42904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.55.229:42904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.186.107:38060/i id: auto-599aefa7022ad523205e1ce9f2f358db513ab96075accdd43548177ee7e25bea status: experimental description: Detects traffic or activity related to http://42.235.186.107:38060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.186.107:38060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.47.253:47005/i id: auto-04375902ac69f8b8e1a52d1269b335d1a120f58cf130e82d5721bb63d9c50f73 status: experimental description: Detects traffic or activity related to http://58.255.47.253:47005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.47.253:47005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.1.150:39004/i id: auto-841fb18f50a2f8dcdc36bdda3cb14e951219c5b330a1da2cea9e21fe456d8039 status: experimental description: Detects traffic or activity related to http://117.223.1.150:39004/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.1.150:39004/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.192.144:38150/bin.sh id: auto-c9c6a292b4110f0dec664fc64f1133ba682e20d99c067a4376cf38f6e59107ad status: experimental description: Detects traffic or activity related to http://125.44.192.144:38150/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.192.144:38150/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.43.98:55929/i id: auto-139e51881a740eb93698cc07de3cba7fa356c22c4355816aec6c0201c851e3f2 status: experimental description: Detects traffic or activity related to http://61.52.43.98:55929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.43.98:55929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.186.107:38060/bin.sh id: auto-68ff6b0e99b36d2088477550c9282998990145c6861ddd3f477e7b168a82a027 status: experimental description: Detects traffic or activity related to http://42.235.186.107:38060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.186.107:38060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.94.12:42572/i id: auto-baa1ca3f2c1acfb294408e58a434ad6f8bf847bdbe74344612a1914c97851a8b status: experimental description: Detects traffic or activity related to http://182.126.94.12:42572/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.94.12:42572/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.1.150:39004/bin.sh id: auto-acee2c9a662a8e4262d20a8b326dbca3f2e4fcb27cc82accdd9a6f4844334005 status: experimental description: Detects traffic or activity related to http://117.223.1.150:39004/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.1.150:39004/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.81.18:37565/i id: auto-0ac2cdbb44f2106b921d03488a0123b3c581dadf3e2eff28f91959648d726fd0 status: experimental description: Detects traffic or activity related to http://59.95.81.18:37565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.81.18:37565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.41.170:52705/bin.sh id: auto-d130553e25f67c97f1351c56316ed37f680fd1dcd771eb96df05cf8fec0fd3bf status: experimental description: Detects traffic or activity related to http://42.231.41.170:52705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.41.170:52705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.133.125:45676/bin.sh id: auto-b45d21e6c350b9f7fc8bdb0cca39664ee98f983bcbab112cb380d0a25e73a832 status: experimental description: Detects traffic or activity related to http://39.79.133.125:45676/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.133.125:45676/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.208.224:42517/bin.sh id: auto-66a9617b9edfd9ce9c3ff74410f987a6d161cbc074496ff9c503b1860f9717b2 status: experimental description: Detects traffic or activity related to http://42.224.208.224:42517/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.208.224:42517/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/physics id: auto-52e621f9b13e340285e156d66d392b600ad0bbe4333d7e60ceaa1a0b85407d29 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/physics which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/physics*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gl1g7tts-5500.euw.devtunnels.ms/rankup/freetemp/RankupServiceFreeTemp.exe id: auto-6ed24a3d875a7f56284bedab08527fd8d090a7ae666153abc3122f147df39dcc status: experimental description: Detects traffic or activity related to https://gl1g7tts-5500.euw.devtunnels.ms/rankup/freetemp/RankupServiceFreeTemp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gl1g7tts-5500.euw.devtunnels.ms/rankup/freetemp/RankupServiceFreeTemp.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gl1g7tts-5500.euw.devtunnels.ms/rankup/freeclean/RankupServicecleaner.exe id: auto-5853a65b4dd7666c206e4d0b16cf8e94cf6dcccd4884fbdce239e8687de44026 status: experimental description: Detects traffic or activity related to https://gl1g7tts-5500.euw.devtunnels.ms/rankup/freeclean/RankupServicecleaner.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gl1g7tts-5500.euw.devtunnels.ms/rankup/freeclean/RankupServicecleaner.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gl1g7tts-5500.euw.devtunnels.ms/free.exe id: auto-5c9ae91aa0e260c8e61a3b8413ef7bae0dd8718447f1d17a554f4d0286951756 status: experimental description: Detects traffic or activity related to https://gl1g7tts-5500.euw.devtunnels.ms/free.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gl1g7tts-5500.euw.devtunnels.ms/free.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8042875554/cuwJf9w.exe id: auto-71662852429de7278db3a9e96b8f218f653f5226f2b6fc828f4bacc6bd30a14c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8042875554/cuwJf9w.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8042875554/cuwJf9w.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.192.177:51163/i id: auto-0aae091c72b264ddf37eb207d74e955ff91b5d5ce09f13fab3c694ae0c286104 status: experimental description: Detects traffic or activity related to http://123.9.192.177:51163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.192.177:51163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.209.80:47869/bin.sh id: auto-0760e12e2aa76664d4d46cb9a986e7e526f12f1da22e6727a11d6b53ee116256 status: experimental description: Detects traffic or activity related to http://42.58.209.80:47869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.209.80:47869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.192.177:51163/bin.sh id: auto-340f14f183629b189f2c008eebff3fe62193f39990a286f9cc69fb9f176df2f1 status: experimental description: Detects traffic or activity related to http://123.9.192.177:51163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.192.177:51163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.135:59176/i id: auto-bbe7de27f174f78ad3e0a77c1c4cea060c945f882cff0f54d8a031e1b28dbd15 status: experimental description: Detects traffic or activity related to http://115.56.146.135:59176/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.135:59176/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.190:57908/i id: auto-453afdca8318ea569849b95df9e221b45665bce56ed7476a0470d53fd3af2c88 status: experimental description: Detects traffic or activity related to http://110.36.15.190:57908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.190:57908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://105.101.128.3:44646/i id: auto-0ce55562b0368257c6602e92e55cd63aa8a20dee66794a236f90aed06756614a status: experimental description: Detects traffic or activity related to http://105.101.128.3:44646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://105.101.128.3:44646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.41.170:52705/i id: auto-261877dd51ca11fef5c9f63a8594a8bc77c27d56597b266908de9a59abeaf48e status: experimental description: Detects traffic or activity related to http://42.231.41.170:52705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.41.170:52705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.37.237:43679/i id: auto-fbdef2425490bfd483dd0624ff8a9dddf0b3e1fec3afc53857b9997b6fa8f70b status: experimental description: Detects traffic or activity related to http://39.74.37.237:43679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.37.237:43679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/mips id: auto-3aab50997bf200c8f4204d0760076da68b0b9ddd189ef5903b35d4f066e89612 status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/x86 id: auto-38494ddab5e311d0b6fa212ecae753a95a460325ef6d8f373cd272361403532f status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.128.178:58974/i id: auto-564318c75571f18c5474e8581a323250b2d8bce8ab2187422c51b97bd9d63223 status: experimental description: Detects traffic or activity related to http://222.140.128.178:58974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.128.178:58974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.229.53:41241/i id: auto-1107f1bf34e76b0e4c44ddf515cd6c6c467166c21e4d458866775be2e0b3ddcf status: experimental description: Detects traffic or activity related to http://115.50.229.53:41241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.229.53:41241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.198.217:39372/bin.sh id: auto-a51be093fdeb0ed36ad51f3f9c02f75fecb7fe85ac486bc4ce49d160e53f14b7 status: experimental description: Detects traffic or activity related to http://61.52.198.217:39372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.198.217:39372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.198.217:39372/i id: auto-6e857a722e7f9e3fd2376f0bc528dee70ede70dde44bfcd4fda79e2d4b825707 status: experimental description: Detects traffic or activity related to http://61.52.198.217:39372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.198.217:39372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.169.231:58680/i id: auto-f81ab0aa2069c406d8164a8ca6ef3e9ba56c217eb690b113411436a1af77250b status: experimental description: Detects traffic or activity related to http://42.53.169.231:58680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.169.231:58680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.201.111:51811/i id: auto-54b77091ffa600587ccbb8a2c3b16454f1643fb1f00d7c188dae8339f50d12ae status: experimental description: Detects traffic or activity related to http://42.7.201.111:51811/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.201.111:51811/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.135:59176/bin.sh id: auto-c536a14a859b2fa8b7cd512e4bdd47f7b909376e357fcd0211c4fd65052d6ee4 status: experimental description: Detects traffic or activity related to http://115.56.146.135:59176/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.135:59176/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.133.208.204:39840/i id: auto-654ed069da3f8be03549dcec826e1cb132305f7892df43c542c0b0167ce0c750 status: experimental description: Detects traffic or activity related to http://123.133.208.204:39840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.133.208.204:39840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/BOumq7E.exe id: auto-a724e981daf94a8765fe94a52c29041d11b5645380db2d8bb75ee5d96234083e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/BOumq7E.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/BOumq7E.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.169.231:58680/bin.sh id: auto-6a8d5e4250c39b9008051dd9ed41f771550ca81f27cf88685439afd2a1044d60 status: experimental description: Detects traffic or activity related to http://42.53.169.231:58680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.169.231:58680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8160837409/mDoab3L.exe id: auto-29dfea2d6573473e3c3da5c0a1b5c5ff8e6c180fd0ee0ee070fc2a7c8aeb88f6 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8160837409/mDoab3L.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8160837409/mDoab3L.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.201.111:51811/bin.sh id: auto-f58d187bcff0decf968452251f4fb6fb3af95fb7d22be5d06fc7975d6cb98692 status: experimental description: Detects traffic or activity related to http://42.7.201.111:51811/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.201.111:51811/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.133.208.204:39840/bin.sh id: auto-a86a4ee6131a76e1f52f3898d952ac5d2b84dad8e33bf393066acd9ac593b78c status: experimental description: Detects traffic or activity related to http://123.133.208.204:39840/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.133.208.204:39840/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/ws-code-sync id: auto-d044a552ac1bc008d86764d7aa0746abe5c8708029c0de400a3d962e11c36a02 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/ws-code-sync which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/ws40-delta-xchg-fab8/unity-dedicated-server33/ws-code-sync*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.223.195:34337/i id: auto-c4d05026a138aef4c97abe85a9b46cc92fb25f915872755fa4ca9c77013fb099 status: experimental description: Detects traffic or activity related to http://42.236.223.195:34337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.223.195:34337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.i686 id: auto-96e9b2b837d9240135ce684cad3f078bfaa979f4a81a9357f09ba49c2868cd76 status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.95.191.148:57781/i id: auto-6bb34a59230254963da5df9a930b5d285831c7778d5e59393fd5a133ea904e6d status: experimental description: Detects traffic or activity related to http://85.95.191.148:57781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.95.191.148:57781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.mips id: auto-05f693e986590cf2fe78c9546e0042427b55be0dbb95c384daa67b200fafe66c status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.95.191.148:57781/bin.sh id: auto-9be832ec01b2497dc9d54ba6677ceba275d5933b4aca53bb164f92a67503bbee status: experimental description: Detects traffic or activity related to http://85.95.191.148:57781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.95.191.148:57781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.130.188.72:33693/i id: auto-26c7364f6386cd5609ae0443f983087ffe0685e393401a66a8c9e3e91521e355 status: experimental description: Detects traffic or activity related to http://219.130.188.72:33693/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.130.188.72:33693/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.185.231:55810/i id: auto-0fd38ecef142836fc24bab39a0c9a0ce843f56da246cfe2f59d7fbb627ff36c8 status: experimental description: Detects traffic or activity related to http://115.62.185.231:55810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.185.231:55810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.223.195:34337/bin.sh id: auto-925e0d75e79295df042b1d4f3e86732e19938af5a8d0147f99af685915ef4990 status: experimental description: Detects traffic or activity related to http://42.236.223.195:34337/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.223.195:34337/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7285842090/7qxkVRg.exe id: auto-7156777dc9c1f2112ed076d9aa4ad4dd63f11fb52867e93159d6cb067bc37ab4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7285842090/7qxkVRg.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7285842090/7qxkVRg.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.219.195:38923/i id: auto-10d5a48dc33ca3d6e20a329549c6943e0e5fe6dff0a5a846b9cec67ea6cbb2da status: experimental description: Detects traffic or activity related to http://60.19.219.195:38923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.219.195:38923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.120:45203/i id: auto-aa7bb37db4dc4e53cebe5e3a7be700d4c0262dba91bacd82b071039aa6579a75 status: experimental description: Detects traffic or activity related to http://117.209.80.120:45203/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.120:45203/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.55.93.181:29926/.i id: auto-f5915fa438bbed0116ebb5b9a2edf70574841c5ee9d442ac4c3c4289d70aa2b9 status: experimental description: Detects traffic or activity related to http://116.55.93.181:29926/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.55.93.181:29926/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.9.8:37804/i id: auto-57c83c721700614a38f3e423bbaf6a78452e42f37850be4236825b0244d30171 status: experimental description: Detects traffic or activity related to http://42.178.9.8:37804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.9.8:37804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.9.8:37804/bin.sh id: auto-2fdec7f5c55f10e2aa03b6335e7c8cd32f85c887dd1f65fd51a94a4f86c423e8 status: experimental description: Detects traffic or activity related to http://42.178.9.8:37804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.9.8:37804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.136.167:55380/i id: auto-208a6a851bd7f5dcc321cebb8cf20d4130e67da5fa6867e3c7d436599b89b239 status: experimental description: Detects traffic or activity related to http://123.10.136.167:55380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.136.167:55380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.98.58.14:4585/i id: auto-523b0d15b3399fc712c606ea2766fed26ac29afda638f4b26189f25f17c45c0b status: experimental description: Detects traffic or activity related to http://86.98.58.14:4585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.98.58.14:4585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.19.118:33346/i id: auto-95c5e2d9cd9cdb2e3b8b2dc6354501e29b5fd5f4fdf532fd7cb6e6902b98002a status: experimental description: Detects traffic or activity related to http://125.44.19.118:33346/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.19.118:33346/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.120:45203/bin.sh id: auto-556a3a57529c41fdd12801780c4767dfac4604fc5af2bf5313fb9fab5476b847 status: experimental description: Detects traffic or activity related to http://117.209.80.120:45203/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.120:45203/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.219.195:38923/bin.sh id: auto-ac58f97aa8052f1565c69e3edc70baf7d0dbabb2e604db2a66d27e1f80bdb129 status: experimental description: Detects traffic or activity related to http://60.19.219.195:38923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.219.195:38923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.98.58.14:4585/bin.sh id: auto-07eb6c20fde5aa4878daa22b8115983825ea6af825e25e6b4946ba07d56daefe status: experimental description: Detects traffic or activity related to http://86.98.58.14:4585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.98.58.14:4585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.235.206:49093/bin.sh id: auto-0a67541ad557048a0bce0fceaab987586ce10462c89e3014626f64c0454b2679 status: experimental description: Detects traffic or activity related to http://117.200.235.206:49093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.235.206:49093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.1.220:38819/bin.sh id: auto-2dbe8d766064f009091a8183eb10609fde609732fa05665204f59c3aaab68d94 status: experimental description: Detects traffic or activity related to http://125.41.1.220:38819/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.1.220:38819/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.120.205:54565/bin.sh id: auto-b09cf721cc8739cc90b08fd4340f667870d0464e674f21583b124b31a98471af status: experimental description: Detects traffic or activity related to http://117.192.120.205:54565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.120.205:54565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:35908/i id: auto-02bc2f6d91fa3cdf32c989dda9ee61316db52e4e67241c35557f972a24042230 status: experimental description: Detects traffic or activity related to http://168.195.7.106:35908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:35908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.136.167:55380/bin.sh id: auto-ccf6aa388055e3fdced40d2d8e0bfb6c9da74b7556338946fcc76fd9848fe7b0 status: experimental description: Detects traffic or activity related to http://123.10.136.167:55380/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.136.167:55380/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:35908/bin.sh id: auto-38bda69ea7bb163e8146b3a73867c184541c2fef5b0131cc20a5242df35aae9e status: experimental description: Detects traffic or activity related to http://168.195.7.106:35908/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:35908/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.223:46627/bin.sh id: auto-c250baeeae5a395e6d325a105e7eecdcd1c30f70968d5d50eb1de9636569b411 status: experimental description: Detects traffic or activity related to http://110.37.87.223:46627/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.223:46627/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8431188236/Myo4ugs.exe id: auto-276d4cde5d6599283af3cf9df084fcfa02336652d84190dab6247d12eed8c22e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8431188236/Myo4ugs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8431188236/Myo4ugs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.19.118:33346/bin.sh id: auto-5a06b2938239f8a9571aa79e716a23f7125e8cf1533e3f404de45038a5374b3b status: experimental description: Detects traffic or activity related to http://125.44.19.118:33346/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.19.118:33346/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hm68k id: auto-2b525840482310cbbf268f6dd9abe468bf7ef9f435cafecadcc6aea80ea5fa23 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hppc id: auto-bd70c5a6c83b68772614257a83f699ce90183cc33e1f9eac7abbb931d9f19943 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/mrx/random.exe id: auto-03713d1394c31f8b25efd9aaea9abf00b9e12e09269fb90171b68c39e7acb8f2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/mrx/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/mrx/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6167083460/jfvkjXF.exe id: auto-28631d2d79c58c2fe7a03b46201f43b6d203e348f8e493a42531f59870d666d2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6167083460/jfvkjXF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6167083460/jfvkjXF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.224/nuts/bolts id: auto-6972489a07faa023725b1f573e7c07634aefd14901eb64639b6fc401ce871849 status: experimental description: Detects traffic or activity related to http://176.65.132.224/nuts/bolts which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.224/nuts/bolts*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hsh4 id: auto-dc4f782a991b0e0f357d4e7a5552b1ef7f0a8ee4481881cd5b08c9b496638414 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm6 id: auto-50c9236caed16c5e0c42fcb087e067f8dd00e62f6de11288a78359ac949d6404 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/hsh4 id: auto-ccf8e604dc3e655ea70537aebc883b118616c6229bb0890d0ad94b2a05fb01d9 status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/hsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/hsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/sensi.sh id: auto-9e5717208d8e2fbd3707aa2bf99063ee7105f5d5d013601b289d9e3195363218 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/sensi.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/sensi.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.175.74:47605/bin.sh id: auto-e489439f3bc27084e858c0f566383e11d3d00f50b3bf264db6b2285838f76b9b status: experimental description: Detects traffic or activity related to http://222.137.175.74:47605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.175.74:47605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm5 id: auto-fed74022743762878ccae3d1a2f4e66f12eb24f8deb37f1d9b3b97c0cebd5f19 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hx86 id: auto-a1fbe2556ee75642463e0190d9eac9ca16ccc83017ec180e1d4d54f025a83b4e status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm7 id: auto-e78b9c106e1bb89bd22892a561183dcb86c71a6091ca02781f04ab65aff821af status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hmips id: auto-c8d566397d3354b0548bf21b66ce1c4ea2dcef1eb1b67a7f14780def9dda8583 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/harm5 id: auto-08186d57a3d0fed708b508de117e679d11e624bf3b554c4bd7c16f4b42770ed4 status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/harm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/harm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/sensi.sh id: auto-aa7099655ee2e82f760c9751d22b507f948e6005bef1f92289fbb35ac6256aa8 status: experimental description: Detects traffic or activity related to http://portal.openchat.world/sensi.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/sensi.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/harm6 id: auto-a7634b64967abfa4b3194200c980f8ee08da98dd1ef9acb0ab003085dd833300 status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/harm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/harm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/hx86 id: auto-1dcec0b05f810769f93a7f3117e76344a71f228fa9ca4770ecf97b7d6164adca status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/hx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/hx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/hmpsl id: auto-bed45d28ab1b0d5651463ed986c5685ebe02d831ee31557fd76efd5f8dbd4005 status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/hmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/hmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/hm68k id: auto-5834ca441166f00bc60b038b2fc0008df65a84be64e98312eccc4659a97d0feb status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/hm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/hm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/harm7 id: auto-586d50742b791df676a06ffa542c7c781c53ef0b613dae0ca106f8546ed7bc7e status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/harm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/harm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/harm4 id: auto-fbcd2b5a0654b23b739d2ca6f71a6c91ba05c9d890f1fdc5e8417a5bc7155c26 status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/harm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/harm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm4 id: auto-650303c0b91b07d694f02ab8cf809ae4a7911e70f259f967d5909b5ad8def4c7 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/harm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/hppc id: auto-7a8fee694cd2b28be359be84d9e2add2614eb3dbe10b97333aa8218502da555e status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/hppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/hppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hmpsl id: auto-3db8d3877d5f5631851ec34cdd172e52fe684355d390ae17d08fd2853d91dce5 status: experimental description: Detects traffic or activity related to http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://berichtenbox-nl.net/wrgjwrgjwrg246356356356/hmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://portal.openchat.world/wrgjwrgjwrg246356356356/hmips id: auto-78f11c2deb2cdfda10dacc62f503be4522961d789c283b4ab88183e87955f30f status: experimental description: Detects traffic or activity related to http://portal.openchat.world/wrgjwrgjwrg246356356356/hmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://portal.openchat.world/wrgjwrgjwrg246356356356/hmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://205.185.127.97/nuts/bolts id: auto-8778d5af57b0892697ba7bc73fa912af7f082363089b1217e5f70b0c71386d03 status: experimental description: Detects traffic or activity related to http://205.185.127.97/nuts/bolts which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://205.185.127.97/nuts/bolts*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.35.92.124:34470/i id: auto-cbb0e2c56f60da23c2534644e758280e16ace7e900746bd39b4793bf2aa6d11e status: experimental description: Detects traffic or activity related to http://59.35.92.124:34470/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.35.92.124:34470/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7068910247/iBxpeGi.exe id: auto-e926a27da566cd3a56847044e088fb98931dcc337bef4b502baea2be3878172b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7068910247/iBxpeGi.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7068910247/iBxpeGi.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/hm68k id: auto-fddfd4b47719a3478b21d11ebb5a4b7c9c49f2d416e10973b1cb7e5209979d1a status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/hm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/hm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/hmpsl id: auto-be97fb4d0319c5c08fdf9f5f6b011b1fa96f4a8534a97e2ede83fc9afa3cf320 status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/hmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/hmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/hsh4 id: auto-089d45477a5b425340ea3730627fff97bffd85c7025a706bd8822c9689b36d0a status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/hsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/hsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/harm6 id: auto-2ca43d88cc99ef95fd9142d67b4ec5ad20cbc267905d3eea77790a5f4112ab0a status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/harm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/harm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/harm5 id: auto-87bcf0cf639f7d034628373ffecb358bc265d771119158c83cbfaeb9e671b58f status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/harm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/harm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/hppc id: auto-ce5855dd3f767f8a09b69659cd15ace37eb9ef7861163ef7a8597a3d756eeca9 status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/hppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/hppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/hmips id: auto-4b006a3344c7b949448d26402aea05f920bdca381a15c5e919a8f149a9df0b09 status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/hmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/hmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/hx86 id: auto-daed42a12145f842c521f3cc6bdc931c82a7e9d33aba4e7d50cd1105d88a521d status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/hx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/hx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/harm7 id: auto-6bef275e58391e429fda523ba79970eeac7987999497eece4d642c85f8722aac status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/harm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/harm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/wrgjwrgjwrg246356356356/harm4 id: auto-cb8512b85bd7dc8f7ff598af21b789747ed9ae79f9f56b11ec564b062dd2ca29 status: experimental description: Detects traffic or activity related to http://178.16.55.219/wrgjwrgjwrg246356356356/harm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/wrgjwrgjwrg246356356356/harm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/1l.txt id: auto-1da7703e70b67214a2ff5886ff149006645445ed9ae60aec28c6f6d198f4c511 status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/1l.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/1l.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/d.sh id: auto-0ecb12949367632eaaadbf7f8ce0acaf6169ec2ecfda34234920ab77cc711410 status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/d.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/d.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_arm id: auto-5a7cbc991d9bba9b01532b2434f01fcf6e6af835a565762c55aaedcd18b41111 status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_mipsel id: auto-cab00c9b4b002101ab5f7a818c70156e9956c409c54e23aa27c118f83ab56b97 status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_x86_64 id: auto-07da4143a8efd42dbabbd411442797063d9ac847a32f900bef8c64b03fc8993d status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_arm64 id: auto-053fcbc5fcc0dfcbecc8cdda37389b3b607320d3ec54d774c61a5c179fc8ed46 status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_arm64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_mips id: auto-e47fe1999877729b8baf8ad702fb15f3a32c3a88265ab23230c8ca07dad56afe status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_powerpc id: auto-99cc10cbdac52e5877c8b9b8fc224e6211f34b743b35114eeb0ec97535f1335c status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_sparc id: auto-979b05dbb8b222ba4ed6c2d5d80c912803b082a6545a044c1ce68ebb9163bdb1 status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.239/d/bukakke_minimal id: auto-2cda31f84490432683e50db297924a924dc1a9d21185e28cee3e7e0b42ec577d status: experimental description: Detects traffic or activity related to http://176.65.148.239/d/bukakke_minimal which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.239/d/bukakke_minimal*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/w.sh id: auto-3bf252a1575fdee3b28cd5c3f49f432306fa977732a46c5d267c796944cb9daf status: experimental description: Detects traffic or activity related to http://178.16.53.46/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/w.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.96/run.sh id: auto-621c080709da008028a5b866481982eb72bcc59dd104a13e7bd52e529145917b status: experimental description: Detects traffic or activity related to http://176.65.148.96/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.96/run.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.55.219/sensi.sh id: auto-a95435ec4ef06c1473ae38348ddfc84f031ed4879dcc0f47fc60dce03f757d12 status: experimental description: Detects traffic or activity related to http://178.16.55.219/sensi.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.55.219/sensi.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/hmips id: auto-1789165ac03e694bdd3aaacea0e3a6165ef1b58b215fba330b18daa9bc2f9630 status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/hmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/hmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/harm5 id: auto-8a4adc32d65a653e9f1db87e1b684b5c02874a761b4ddd2984f7d8ecfc7f804b status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/harm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/harm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/hsh4 id: auto-92bbecb8124c11b46a26b5a302e6a9416c6cb6efb3b93ec095d44c85e9ec16f9 status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/hsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/hsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/harm4 id: auto-468e51e2bfb329053f2a9045d824f92d8de9372f12bf7d48aa40389d6b0c1464 status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/harm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/harm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/harm6 id: auto-4c529f65c6e1c205698162f0b659ab3136deaee68fba369165185907d858e794 status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/harm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/harm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/harm7 id: auto-9cffdc78198a6b9426f0e6bc4891c6c3c5061bde9f408a3a0afe63c5acc896bc status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/harm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/harm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/hm68k id: auto-180cfd4916967bfbfde4e0eaa03b8a98d3f6a619af4d45236aaa453c25df168d status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/hm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/hm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/hmpsl id: auto-4b10379fa5b62f9fc7bb8218f789cf272fd113b023956a7f93a84d1218c5b81f status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/hmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/hmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/hppc id: auto-dd30504e46f5977204d3ddb3f6fa4da5e3d3b8c49c9eb5e668ac0f73aa9945c7 status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/hppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/hppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.247.224.107/wrgjwrgjwrg246356356356/hx86 id: auto-5aa9bf8c1f8666040bbab2a16a7e142a0082a1b9f8a2f45286986dec44e8442d status: experimental description: Detects traffic or activity related to http://185.247.224.107/wrgjwrgjwrg246356356356/hx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.247.224.107/wrgjwrgjwrg246356356356/hx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.29/run.sh id: auto-b86f65fae5a3aedd08db9526d1dcf3d53747d959a9c78079137e43147ba86aa9 status: experimental description: Detects traffic or activity related to http://176.65.148.29/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.29/run.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.86.13:58722/i id: auto-ffe89b9f13986b08ce76547a067570fee7019c4424b6426f5d621a7772bcbe06 status: experimental description: Detects traffic or activity related to http://59.95.86.13:58722/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.86.13:58722/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.139/bot id: auto-219e54195b8ed7a9ab144f39e88a6be58b6fe8f99060ee8ef820e6893b0a0864 status: experimental description: Detects traffic or activity related to http://45.153.34.139/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.139/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.94.92.143/a id: auto-5446a17391268e89472a7baeca24050f8954d95b5965c43a76a554ad5e1f76c5 status: experimental description: Detects traffic or activity related to http://80.94.92.143/a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.94.92.143/a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.102.128:60561/i id: auto-e65d88818407322c8d28fdb2a5353bfae078f97bdbe6d86c7debcd2758a3f117 status: experimental description: Detects traffic or activity related to http://61.3.102.128:60561/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.102.128:60561/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.35.92.124:34470/bin.sh id: auto-2e52b1939abb3006b623984b469b7968ea13f038a7aba37e6423fd8175a1c79d status: experimental description: Detects traffic or activity related to http://59.35.92.124:34470/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.35.92.124:34470/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/2049738013/ilCDsTh.exe id: auto-ecff447334ddbc996148d1f4591721a9f8b8adf9b4c4a468ac4f17e398299a3a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/2049738013/ilCDsTh.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/2049738013/ilCDsTh.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.135.149:52332/i id: auto-07d2332ed0ed472d8684026528261a8736dc95745ad2228149e6130af407ece9 status: experimental description: Detects traffic or activity related to http://42.227.135.149:52332/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.135.149:52332/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.176.173:44062/i id: auto-65ad7306b6526ac4962fbbc15434e1e25146f9ea14ba81ab0093aa47d841e052 status: experimental description: Detects traffic or activity related to http://123.189.176.173:44062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.176.173:44062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.46.245:34661/i id: auto-c2ed32474889ec68b785b2c9741ce1f9ed49b32a3ac45598e655377ebebf6413 status: experimental description: Detects traffic or activity related to http://110.37.46.245:34661/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.46.245:34661/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.68.155:60921/i id: auto-750f74d0df3d1dcf104b1f311c180b462244788800aef3f17eb32544d6f80f1f status: experimental description: Detects traffic or activity related to http://110.37.68.155:60921/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.68.155:60921/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.230.120:55463/i id: auto-db6a406fae59906d6e4cc49498047050d90c51e98ad1e44702823f365dee3763 status: experimental description: Detects traffic or activity related to http://125.41.230.120:55463/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.230.120:55463/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.86.13:58722/bin.sh id: auto-20187cf3487c5a0ca314ccb9e4eb00ac0127d6d940be1d6a68c73d1c50e46a0e status: experimental description: Detects traffic or activity related to http://59.95.86.13:58722/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.86.13:58722/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.102.128:60561/bin.sh id: auto-a1bcd5762d92fa76004bb6326237408e17c890bd832d825afde5acf2f8f2a1e7 status: experimental description: Detects traffic or activity related to http://61.3.102.128:60561/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.102.128:60561/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.231.103:53983/i id: auto-ecf81383107df39f3f2796536de32635a1c060d4adcac5467a8e65898cb7cb3d status: experimental description: Detects traffic or activity related to http://124.94.231.103:53983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.231.103:53983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.70.147:41781/i id: auto-377d2495e7fe1ce6d739549b0c8ac4c1c46c1751e0f12b781c9042218c4e5b6b status: experimental description: Detects traffic or activity related to http://123.11.70.147:41781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.70.147:41781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.24.17:59225/bin.sh id: auto-a0fb85b16b318b1b53e5a0bbd2e0f0080e4e3aec7507a6daca4c98dc836f7d10 status: experimental description: Detects traffic or activity related to http://175.175.24.17:59225/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.24.17:59225/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.177.30:38035/i id: auto-be9807cadbac6efc32f14167dcaf0a2cf4f824781466a4130859d0e1502137f9 status: experimental description: Detects traffic or activity related to http://118.81.177.30:38035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.177.30:38035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.96.211:33214/i id: auto-2066244641f4f8ece2c2cdb9deadb9744271bea70d8c7e8f1e6fd456a99e6331 status: experimental description: Detects traffic or activity related to http://123.14.96.211:33214/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.96.211:33214/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.96.211:33214/bin.sh id: auto-fed52bde3270c9cf9744f3413a74a058cdda30724dbbaafef049d69bf4e78ea4 status: experimental description: Detects traffic or activity related to http://123.14.96.211:33214/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.96.211:33214/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.230.120:55463/bin.sh id: auto-b66bc9cabdb4266f6b0b9ba24b33556df85ef5685e0a4360a7b818f88a546c0c status: experimental description: Detects traffic or activity related to http://125.41.230.120:55463/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.230.120:55463/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.101:45803/i id: auto-98769b9ad74c33760923bdd06591421a9eeca1ab437bcd59bc7e2a54a1b24cdd status: experimental description: Detects traffic or activity related to http://60.23.236.101:45803/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.101:45803/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.145.4.164:4444/02.08.2022.exe id: auto-05f5131c1b8a2eb8e6c3f223b492b7e738ba992214f5039ffa8791f3b6d0ee4c status: experimental description: Detects traffic or activity related to http://23.145.4.164:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.145.4.164:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.31.168.221/02.08.2022.exe id: auto-b8945eb6f1494ec50db1a6e5cccb798130551220a2c1138d49b974afc0ef4f21 status: experimental description: Detects traffic or activity related to http://118.31.168.221/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.31.168.221/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.230.253.188/02.08.2022.exe id: auto-498d708017ec38ae021518d163ae999cb304f4865cc1ecdbccaf3454542a9354 status: experimental description: Detects traffic or activity related to http://5.230.253.188/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.230.253.188/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.22.183.176:8082/sshd id: auto-34889da2bcd4adb5b318caa6adebbee3ad9f43a11a53af65c78a8029dcfdf69a status: experimental description: Detects traffic or activity related to http://123.22.183.176:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.22.183.176:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.224.108.25:37771/sshd id: auto-521b81151d440cae20d79cb06a07187f32f55aed27e45d367e10bc0820627298 status: experimental description: Detects traffic or activity related to http://171.224.108.25:37771/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.224.108.25:37771/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.15.232.161:2078/i id: auto-f1501afe16df79560ae4e89e7026e6898e162611749481dfc0d608ef1e1ab4c8 status: experimental description: Detects traffic or activity related to http://119.15.232.161:2078/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.15.232.161:2078/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.41.95:85/sshd id: auto-90403f108410ed9290479fcb36ecd1e68df02ccb836c40caa05d91e2f06272b2 status: experimental description: Detects traffic or activity related to http://120.157.41.95:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.41.95:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.199.249:85/sshd id: auto-f20484c4115dd1c9d84f7472beb16bdbbc77d9ce223c4975feeea4fd808ca226 status: experimental description: Detects traffic or activity related to http://123.209.199.249:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.199.249:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.52.246.2:14490/i id: auto-a749150146338e14c8dae65014526880bcc9b8d3219cb8609fd08eb84260249d status: experimental description: Detects traffic or activity related to http://182.52.246.2:14490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.52.246.2:14490/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.22.236.21:13069/i id: auto-b32ebdf94ffbe1f1a36768d3af79185e09c56e278b86493dab8f7be15a0afcb3 status: experimental description: Detects traffic or activity related to http://123.22.236.21:13069/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.22.236.21:13069/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.120.4.177:8000/sshd id: auto-ff774fc5c7b775fcba36e6166fbfe5ca31bfe3fb8718e9eab8bab3a21596c6d7 status: experimental description: Detects traffic or activity related to http://171.120.4.177:8000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.120.4.177:8000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.151.0.28:1555/sshd id: auto-6540ce0062ea01c2b95f6a7de321be3b30efb4641172569d8f5b94c1ae6ecdc7 status: experimental description: Detects traffic or activity related to http://62.151.0.28:1555/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.151.0.28:1555/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.169.141/sshd id: auto-0df6d14f054ac03799c96bbe925624f4021f4afb3ccd2e428edc3d419c7e56f8 status: experimental description: Detects traffic or activity related to http://83.224.169.141/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.169.141/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.24.150:45112/bin.sh id: auto-e7df50c57df7a6a627a649d715f8c9bf302e4e4effaa8e2ddc461a8cf0029536 status: experimental description: Detects traffic or activity related to http://175.148.24.150:45112/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.24.150:45112/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.56.151:46507/i id: auto-9fa8002509ccbdb7bc81c1f2d14c106b94e7b02b775d1b26c6c228b28e5c7b21 status: experimental description: Detects traffic or activity related to http://219.157.56.151:46507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.56.151:46507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7103746036/sOtWKnM.exe id: auto-39ccf1932d52cbd306b3d35f591688b200014a228baaeff9ab47400d0e87f95a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7103746036/sOtWKnM.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7103746036/sOtWKnM.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.56.151:46507/bin.sh id: auto-0d2ea9a805a1cb6e6f4a2f2cb5418ed1b4adaa4c9da8477fa2a29c5e33b47037 status: experimental description: Detects traffic or activity related to http://219.157.56.151:46507/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.56.151:46507/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.101:45803/bin.sh id: auto-8c904c8242ce67f5373fd6f825239460055e541fed5683c3c1dafb2172481828 status: experimental description: Detects traffic or activity related to http://60.23.236.101:45803/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.101:45803/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.97.172:34266/bin.sh id: auto-32e4c06437f805ab3a815d0613a1cbbc9b89fa9a0a472ef5fbe978598e16a6a0 status: experimental description: Detects traffic or activity related to http://59.177.97.172:34266/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.97.172:34266/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.26.202:43720/i id: auto-24ce47e581cddbe3204b032e3e750bd88f4377b8a8a45829b13d4d1ccfc6eb23 status: experimental description: Detects traffic or activity related to http://123.12.26.202:43720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.26.202:43720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.229.137:33865/i id: auto-fa851b74e237279e764217f8f61864530c0faebc9e32e2dd24e412e26ff26a38 status: experimental description: Detects traffic or activity related to http://42.5.229.137:33865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.229.137:33865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.1:60747/i id: auto-d4926a78c11d1506cb6bc3c2989262da12e58561cd52715e4a591cc52e1518f8 status: experimental description: Detects traffic or activity related to http://59.97.253.1:60747/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.1:60747/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.200.185:56269/i id: auto-42af08d35b7d128bc89fbe7585b8a8698ca4e8de8a1cb2cc61e00c0afbcbd33e status: experimental description: Detects traffic or activity related to http://42.52.200.185:56269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.200.185:56269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.211.94:38645/i id: auto-d98ab79e696d76a3a8d52a83ba03493d30b1bd16517da532423aff5145d2518a status: experimental description: Detects traffic or activity related to http://176.226.211.94:38645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.211.94:38645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.185.143:46729/i id: auto-bf5b16b33de63c60137b035f93004bee7e56d653ff752db2f0f46980c1499218 status: experimental description: Detects traffic or activity related to http://182.119.185.143:46729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.185.143:46729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.249.76.33:38396/i id: auto-0d3e8c628ba0173dd0cebee7eead6ff7a53ac0b77b62896402ef11a70a97be8a status: experimental description: Detects traffic or activity related to http://180.249.76.33:38396/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.249.76.33:38396/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.26.202:43720/bin.sh id: auto-3f54355bdc265f1640d63a3362ec45b7c3ba82b508f3a02514cfb5a09084b1cc status: experimental description: Detects traffic or activity related to http://123.12.26.202:43720/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.26.202:43720/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.68.239:46903/bin.sh id: auto-aaccb876be65200b06b6f1d63dde522a3444b4da3da13df2ec35e073b58c0182 status: experimental description: Detects traffic or activity related to http://196.189.68.239:46903/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.68.239:46903/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.211.94:38645/bin.sh id: auto-2d477541a53498dd7335bd1de4096d243bec9966ee122cf6871828f909216405 status: experimental description: Detects traffic or activity related to http://176.226.211.94:38645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.211.94:38645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.124.133:47662/bin.sh id: auto-08d95cf1b6ca34ff83b768f5382270fd68d5eebbee374c73ba16fb0b1e03ec76 status: experimental description: Detects traffic or activity related to http://42.228.124.133:47662/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.124.133:47662/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.1:60747/bin.sh id: auto-7635bb691ae8db4d2ecb1f3151c44b198c58ddf94ea0f478ccf410acfbe2f2bb status: experimental description: Detects traffic or activity related to http://59.97.253.1:60747/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.1:60747/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.200.185:56269/bin.sh id: auto-ea8f9d0ba35abb0e3ed710761c2805c39d98cfc9a20cedaaa512a42dee327b3e status: experimental description: Detects traffic or activity related to http://42.52.200.185:56269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.200.185:56269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.185.143:46729/bin.sh id: auto-0ee9ff802f4f51fef1ff4ce159d04fb108ff147d405c74d61733390008bf995f status: experimental description: Detects traffic or activity related to http://182.119.185.143:46729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.185.143:46729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.249.76.33:38396/bin.sh id: auto-04f3e811c1231aa096ae959c5a244b594e8677cdda822f0b50a884e497b11e2e status: experimental description: Detects traffic or activity related to http://180.249.76.33:38396/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.249.76.33:38396/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8233900432/s0JNrXB.exe id: auto-31bce93f56e434d9b7bfd62e04a4046dfda701e83367c77e986b8a1a81b35bc3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8233900432/s0JNrXB.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8233900432/s0JNrXB.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.136.155:32957/i id: auto-a4ef082350a188649dfb5257612df2d46958427fadd6158d1b1b688e2f45be02 status: experimental description: Detects traffic or activity related to http://108.170.136.155:32957/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.136.155:32957/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.225.7:48158/i id: auto-a1e9b4ba807ac6b0b1893fe2863bed62ba57a3e497dc2127d5cdcddf95f5c526 status: experimental description: Detects traffic or activity related to http://221.1.225.7:48158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.225.7:48158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.arm6 id: auto-f4e6a185ff253da7b54606c75e8885a5634a0d4d04d879cf2d4e3f371b412ad3 status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.x86_64 id: auto-3b5463475235a82b757d8c88b0b5c5051ff6c8a873a34ac4f81725d712c54dfc status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.136.155:32957/bin.sh id: auto-327af29854625c56052b2fa21fe98936a0c0ce935b426fab8b81955a8c573bf3 status: experimental description: Detects traffic or activity related to http://108.170.136.155:32957/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.136.155:32957/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.arc id: auto-fe8621fd491fbcd4aae782951fcb8d844ae63132a67738b1fc5816c7c38e088e status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.x86 id: auto-343922bad9d7aafe47f172ffa8ff8e90cc488ea5366d8eeed513d80b8b4d1625 status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.ppc id: auto-93429f708413029d4a3a79b40d2260e50535daf6638a559c56347011980ac65c status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.mpsl id: auto-1abc708ebe8bc0cc5164bb014a6e9018747395d418a0a557fda2bbf85a94c4ff status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.mips id: auto-6528f93c3ced347014381b6e8d59bb847995a9c4c1059e60740e21802cb79835 status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.m68k id: auto-a45cb4863aae97a562d2e26c9791cf02e1b46f0fe7e6263e04d06bfbc0bc3d8e status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.arm6 id: auto-139c8cf145ce7a486e8c60127ee960795fbe1b071b0af1631bee4d36f2e2342d status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.arm5 id: auto-d42c5522b01ddb46d7d7283313647f4032559c164246dce57a73368dd8739243 status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.arm id: auto-c75b39be692d40c75b4c45132b12d06fc08bedd6e24021871f06866d7ba213d9 status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/hiddenbin/boatnet.sh4 id: auto-c42ed6c7d8ead1dc954785077f0f076ddad8824fc373a6499d51b29a5d707091 status: experimental description: Detects traffic or activity related to http://109.107.181.28/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.arm7 id: auto-97f352f84e5f15286823960bf17ea3442a184b54dae4d4af1d6e9f5aa5e9f3a2 status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.arm id: auto-d0e00ca18117775ff9a6f7edc9ef8202e1c908285e06363d3d75fda311fe4ba3 status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.ppc id: auto-d38ad88575fb2cb09246580d55c1cf98f78c1999e68d1594a2e7b18b92fbc28b status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.arm5 id: auto-86a1a7636543e18d320f308584c3e14b7cb980f0c5b6c71944c04787a8a39c48 status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.m68k id: auto-5daa2e04251e4bb3a548a037e1a80c354d52b843317389e0baf3f798f595895d status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.spc id: auto-afbfbae80fc3006ca26c1d886730f6d782d9ae256e67f95dbdeb472ae89c7f5c status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.x86 id: auto-8383ec0b600967f85ccbb144be55dd66db306df3795107d6a130c107d9a0cd8d status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.sh4 id: auto-8b21fd80cc61e01d07c084692508b67a94c0a9accabb1a35c5c9e0eba353112f status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.251.226.153/bins/sora.mpsl id: auto-48bd5deefea7ab9b334a1ea1554a74e545e775e40f8b62f73e6cb351eabe2b7e status: experimental description: Detects traffic or activity related to http://43.251.226.153/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.251.226.153/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.84.37:58896/bin.sh id: auto-26b66498b8e06ed71fc2f6e3b7d31bd60f8563c4c0da2369092360299083c2d5 status: experimental description: Detects traffic or activity related to http://27.37.84.37:58896/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.84.37:58896/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.112.64:45486/i id: auto-cf31fb13c25f118486bc0b8cc00475d0f38524aada98b7df444e25f5f53cef72 status: experimental description: Detects traffic or activity related to http://222.137.112.64:45486/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.112.64:45486/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.124.133:47662/i id: auto-9a6eaf7ef93dd48b9da2603a38f15a9638c85d7b4758a49367f23961ed162375 status: experimental description: Detects traffic or activity related to http://42.228.124.133:47662/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.124.133:47662/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.225.7:48158/bin.sh id: auto-d3097809feab8f6e9a231a91b7c1d969f215b8e9221e5e194d84f4ef49c19558 status: experimental description: Detects traffic or activity related to http://221.1.225.7:48158/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.225.7:48158/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.40.215:53391/i id: auto-6811a017f83a87a59b01faa8a6d57ed78a39efee571b09bb4c91dae4fd139a1a status: experimental description: Detects traffic or activity related to http://110.37.40.215:53391/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.40.215:53391/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.208.224:42517/i id: auto-51518d579fa135be7d7cf3c072bf8547da277431e01dca81cf3fb275a9a0a803 status: experimental description: Detects traffic or activity related to http://42.224.208.224:42517/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.208.224:42517/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.98.100:49406/i id: auto-ce4b2e43397bfb80e03802fae23f6dd7081bdacbf993dd07f97280f0c2703740 status: experimental description: Detects traffic or activity related to http://112.239.98.100:49406/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.98.100:49406/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6873056279/UAZOniu.exe id: auto-cd9b249cbb0ced015b53796ee8830d48ab142f1faa45e35c6fef5da1aba63080 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6873056279/UAZOniu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6873056279/UAZOniu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.40.215:53391/bin.sh id: auto-bc5f25d954d19b633b0e10e8700a907a743c85a780ab24b81dd06614a6fe6f2d status: experimental description: Detects traffic or activity related to http://110.37.40.215:53391/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.40.215:53391/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.98.100:49406/bin.sh id: auto-03f4f50e94acc949a6ca2eb8fb890875162b464aaa4742a4c5cff027656bbc5a status: experimental description: Detects traffic or activity related to http://112.239.98.100:49406/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.98.100:49406/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.112.64:45486/bin.sh id: auto-f4b4fd8cd4ebd05d0ed718623c12dc343b88b8b7758a9d5979adc63656b33c58 status: experimental description: Detects traffic or activity related to http://222.137.112.64:45486/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.112.64:45486/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:49018/i id: auto-3b5a0272938a13510a2bad115eb1e002b141f073002d3c1416e20eecaa930f45 status: experimental description: Detects traffic or activity related to http://168.195.7.78:49018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:49018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.191.14:45307/i id: auto-5f7a85e4e9b10a531596a97e1f92663fe176ed9f237fed78b4dbeab02ce5d13e status: experimental description: Detects traffic or activity related to http://119.185.191.14:45307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.191.14:45307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.55.73:48565/i id: auto-a9e3c411d3168ad3376b88cc2f1efadb38675afd1d799d255b6557b7a648c679 status: experimental description: Detects traffic or activity related to http://115.63.55.73:48565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.55.73:48565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5610404380/4BXUQLo.exe id: auto-09bd0e7fc5cddb6ff4bfc1ec3d1a977040895753749c52e54ca74b7c62c12862 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5610404380/4BXUQLo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5610404380/4BXUQLo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/vF2tJGW.exe id: auto-7d1154b807919e4fb15e5ad681cd8e7668481f55f451951f3f2f83d4e7336620 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/vF2tJGW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/vF2tJGW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/drum/random.exe id: auto-3a8f40f142a20b58459675b8740c26bce5ecea6b5cd57c6730a6cd31a87c2c0d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/drum/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/drum/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:49018/bin.sh id: auto-5d91fc351847be6f5b4bcf16a34a9707fb5b42bc72bf38fe7df76c96891c11a8 status: experimental description: Detects traffic or activity related to http://168.195.7.78:49018/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:49018/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.169.250:55599/i id: auto-ade46189d715600b5295d829ce6cdd56efe10170f2e6a2881adbd4afff0e6418 status: experimental description: Detects traffic or activity related to http://123.5.169.250:55599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.169.250:55599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.113.174:60946/i id: auto-a44245eefc828ebb4e8babafab90303dfff343771b3d308fc415ffecd7196627 status: experimental description: Detects traffic or activity related to http://113.236.113.174:60946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.113.174:60946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.163.116:44561/i id: auto-f64ec6fd19a6e89cb47148594ba5a4768c8816b94e20b06ba316926944dbb079 status: experimental description: Detects traffic or activity related to http://113.238.163.116:44561/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.163.116:44561/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.178.20:46715/i id: auto-3a7e52ba9efdbc73bde97ddd9527ca382b623cc5c40b270db83e03e2eaca48a9 status: experimental description: Detects traffic or activity related to http://182.119.178.20:46715/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.178.20:46715/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.39:52920/i id: auto-a85b072f10cab5421da9b7494997b607ebc35fa402dfa9c43a4b29c92d92a0da status: experimental description: Detects traffic or activity related to http://117.209.3.39:52920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.39:52920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8249811944/VFdRVUs.exe id: auto-a56c4d2577e5b1ec49d663acbd0580d19f4760a35aaaa275f313a8d218fc4200 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8249811944/VFdRVUs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8249811944/VFdRVUs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.86.123:48327/i id: auto-d9f0df0ef8ac27fe4f8f02925177a0e37f3c413d5280fe3e64e9a9ca9f295427 status: experimental description: Detects traffic or activity related to http://182.126.86.123:48327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.86.123:48327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.169.250:55599/bin.sh id: auto-7694e649edfb7821946c78dfeb79860e9828f664debe3ddb9159e0420290ae89 status: experimental description: Detects traffic or activity related to http://123.5.169.250:55599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.169.250:55599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.86.123:48327/bin.sh id: auto-eccfde3eb52b13b7a32f8a94988b44ae24b94a725f5d742de58be7face7c7a30 status: experimental description: Detects traffic or activity related to http://182.126.86.123:48327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.86.123:48327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.191.14:45307/bin.sh id: auto-c030dcd2948fca6bb0b5358f157a8df79ee81fe3c8d16b4535b820e6186ab897 status: experimental description: Detects traffic or activity related to http://119.185.191.14:45307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.191.14:45307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.113.174:60946/bin.sh id: auto-8474c7a43c1cd8ce9847b8bbc20a66c43cda485e1e449020afc75180045f7bee status: experimental description: Detects traffic or activity related to http://113.236.113.174:60946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.113.174:60946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.163.116:44561/bin.sh id: auto-35e1f054e31a1bacd75aa672163c3f297eeb98575082cdc2372ce909b10940e6 status: experimental description: Detects traffic or activity related to http://113.238.163.116:44561/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.163.116:44561/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.178.20:46715/bin.sh id: auto-d30a62a4e2ad43b69edc575a7416ffaf9ce5091eaaa93bb63a77147a2e81edbf status: experimental description: Detects traffic or activity related to http://182.119.178.20:46715/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.178.20:46715/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.39:52920/bin.sh id: auto-c33457817db73b9d929ef24a39694cacddf13d922c3458385c3397ce10e02055 status: experimental description: Detects traffic or activity related to http://117.209.3.39:52920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.39:52920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.55.73:48565/bin.sh id: auto-4f1497947bd5d176ad221583c95558bf9674e584d573d89e2a3b70ab185bd696 status: experimental description: Detects traffic or activity related to http://115.63.55.73:48565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.55.73:48565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.29.90:46001/bin.sh id: auto-192dd5623000a8fdfb22e6cea680a2f53983f182fa038e22b6de8bfaad7c1991 status: experimental description: Detects traffic or activity related to http://182.127.29.90:46001/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.29.90:46001/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.166.147:36038/bin.sh id: auto-659715e654cd3f48a4aa2f457b4d7b2dbdb289285ad63b13e48be6fae1d4d7c3 status: experimental description: Detects traffic or activity related to http://117.204.166.147:36038/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.166.147:36038/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.176.101:33518/bin.sh id: auto-98e885019ef62aa212c89fb1ad78a73a9a465ddd10992acbcca3e00b287b28bf status: experimental description: Detects traffic or activity related to http://115.54.176.101:33518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.176.101:33518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8378395755/6X8ib6y.exe id: auto-0d1f18e28fc3629828422ba1ee57f1f1a70dc9f792edbebc0e66b9b8fa568d69 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8378395755/6X8ib6y.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8378395755/6X8ib6y.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/2129674923/v7Jbcvu.exe id: auto-feac63d177f75fd72d06182905d0ede1842979511a4183876bb42ee44340d3ea status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/2129674923/v7Jbcvu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/2129674923/v7Jbcvu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.171.87:48571/i id: auto-1bacfe3fde32063be83ddfac6bc1ec06d9c93fff31fff914f88a295d19c795be status: experimental description: Detects traffic or activity related to http://123.11.171.87:48571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.171.87:48571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.165.240.59:4307/i id: auto-dc9fac2b377477962f817ecd4332e1730a20bb733891d3ddd910b20a0e547146 status: experimental description: Detects traffic or activity related to http://189.165.240.59:4307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.165.240.59:4307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/nah/random.exe id: auto-6aad4723117d71f4696bd5581dc139af1eb0ae1e8e5db2726b1e02f698bd79bc status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/nah/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/nah/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7758793870/sZGsW4s.exe id: auto-03b45b666a47ad2263fa73549b0580e024b553e5a9886fdfb2a647568b28ab0a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7758793870/sZGsW4s.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7758793870/sZGsW4s.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/mpsl id: auto-17bf2948ed0a43cfc0d631e16bba63f64afdd77d3ab561d2cf52d153cf496933 status: experimental description: Detects traffic or activity related to http://78.142.18.90/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.25.13:36285/i id: auto-a61a94ef219742fa3d90f5e332ba94238a7a0d86f2eb91f24c510a7908560bcd status: experimental description: Detects traffic or activity related to http://42.4.25.13:36285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.25.13:36285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/arm5 id: auto-5dd8ba1c4d3cb693807c7a089a73944e3a27f4d5ddf4c8bf9272a4a5624cfa6a status: experimental description: Detects traffic or activity related to http://78.142.18.90/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.arm5 id: auto-05ffe97d31be83b4cba3bc7bce04f0bc758e709145d433f15b12af4b442c16ed status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/arm6 id: auto-2fce841dcb25d7235fbab07514eec7479d087d5552ec386ed5eb3f30c9794908 status: experimental description: Detects traffic or activity related to http://78.142.18.90/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/arm7 id: auto-ae574b474286317a4e3c96614d050778314ad7844c2467cd60c9638dc2965384 status: experimental description: Detects traffic or activity related to http://78.142.18.90/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/mips id: auto-e438d16a97c46a2a3144229d03e9a34f01ba244e218baf5ce9a72c2192a4ddf2 status: experimental description: Detects traffic or activity related to http://78.142.18.90/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/arm4 id: auto-05c4d9ac9acc0ca6dbf5d7ac23937aad10ce14426aa8100a48a1d78b00acc959 status: experimental description: Detects traffic or activity related to http://78.142.18.90/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.90/x86 id: auto-9fc8d43f850eaa4ab31fc1b81a02368d85e26202bcfc16fe8503bb559dac7aea status: experimental description: Detects traffic or activity related to http://78.142.18.90/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.90/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.124.28:54448/i id: auto-67c96fc614b3685a8fc902efc0f064a09962f8b567f28c869c84637dfe665b8d status: experimental description: Detects traffic or activity related to http://182.126.124.28:54448/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.124.28:54448/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.165.240.59:4307/bin.sh id: auto-6ec6f359de4e6d135b91b14ef010d4fe86c8008a8fc27292b513b4a56a03573d status: experimental description: Detects traffic or activity related to http://189.165.240.59:4307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.165.240.59:4307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.181.242:60727/i id: auto-7493b5bb77f71cd33f305a7b0b954dcd30db2ca3c31cb8c4724b09ffc025f2b9 status: experimental description: Detects traffic or activity related to http://42.177.181.242:60727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.181.242:60727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.94:36061/bin.sh id: auto-33ffd4db5ea108b1cd3045180289d3f1b44edbbd4d7b040a070e78790de8ce4d status: experimental description: Detects traffic or activity related to http://115.55.51.94:36061/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.94:36061/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.169.129:55753/i id: auto-1bb63893d2debaa41a6577a2eabf576ab5983e1b25dd7e8e7a65062600208527 status: experimental description: Detects traffic or activity related to http://219.155.169.129:55753/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.169.129:55753/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.114.89:59593/bin.sh id: auto-0b79a1952e16669ebd71420a13986e156e14aa78468c270beef4d896fd7c1b6d status: experimental description: Detects traffic or activity related to http://42.85.114.89:59593/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.114.89:59593/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.171.87:48571/bin.sh id: auto-20e54fe618502b4d8aa0dca7d6212c577efbf223727533015a987e93e75d9c6f status: experimental description: Detects traffic or activity related to http://123.11.171.87:48571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.171.87:48571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.173.151:49951/i id: auto-472c04da0cc84d55c03555ace228206dc4d2c3acadf194cdec19b0d0677dccb9 status: experimental description: Detects traffic or activity related to http://219.154.173.151:49951/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.173.151:49951/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.69.189:45297/i id: auto-7f32b906d61e2877374ff9d58e087ea67832aa8f9b01d367fc65eb853901ec8b status: experimental description: Detects traffic or activity related to http://39.74.69.189:45297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.69.189:45297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.181.242:60727/bin.sh id: auto-f33a9a6727f062ae5cfacfb15515a977278414824cf860762ae5dea5852db18e status: experimental description: Detects traffic or activity related to http://42.177.181.242:60727/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.181.242:60727/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.25.13:36285/bin.sh id: auto-535f5bc75c9afe9871b606f5cf55de7e34a5f1f3dcef690269b633acaea7bb8c status: experimental description: Detects traffic or activity related to http://42.4.25.13:36285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.25.13:36285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.109.235.143:39953/bin.sh id: auto-aa190d6a7e52e764512bd2b74bc2678d2684bb8ec8d061a29ced6c47c4c6e21d status: experimental description: Detects traffic or activity related to http://119.109.235.143:39953/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.109.235.143:39953/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.0:53307/i id: auto-58a84a1ba4aa7e6031432be061469fe28a5876bc00a1adf243c0a903fc6fa5d6 status: experimental description: Detects traffic or activity related to http://110.37.1.0:53307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.0:53307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.216.35:47321/i id: auto-4933629664e046bf705b478227e57467b9e0267eb283079dbe7cc2a8b8ef504b status: experimental description: Detects traffic or activity related to http://42.226.216.35:47321/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.216.35:47321/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.169.129:55753/bin.sh id: auto-752b92c0dd9c747dba465f1e6e9cab59e8c53c14c7b169e448ecb6f433cb3cd1 status: experimental description: Detects traffic or activity related to http://219.155.169.129:55753/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.169.129:55753/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.173.151:49951/bin.sh id: auto-51b32e35817c8883e6b0407bd8ad6988b970b93f3dbf4eb881b8a923ca49c7ad status: experimental description: Detects traffic or activity related to http://219.154.173.151:49951/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.173.151:49951/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.69.189:45297/bin.sh id: auto-a404b41a532e96456b18b7f49965ea386dece25679ebb273f8731df16a1ff8b1 status: experimental description: Detects traffic or activity related to http://39.74.69.189:45297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.69.189:45297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.82.130:37341/i id: auto-b47f876ebc18a0c71282537ecc31d997d4bd9b267c1099aa40c7d12ebc8cf753 status: experimental description: Detects traffic or activity related to http://175.149.82.130:37341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.82.130:37341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.68.155:60921/bin.sh id: auto-bc727b5f13363774736f980c0df660dc5a1724aeb574910e383daf55d85175ca status: experimental description: Detects traffic or activity related to http://110.37.68.155:60921/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.68.155:60921/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:38703/i id: auto-d75be614f50efe307c9acfb69f53cea3d3c2c78774d46895d64e15a6ab19a19e status: experimental description: Detects traffic or activity related to http://110.37.110.217:38703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:38703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.79.172:36703/i id: auto-4b2b734c7e56c19a96aa16e26010c0fad8f1b2f5f3a1dcb04c3311f17e4a7db6 status: experimental description: Detects traffic or activity related to http://42.59.79.172:36703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.79.172:36703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7972786482/IDp7qWF.exe id: auto-17fe324f251211fa933e44604078d5cd2d19ab2b03ede68087aa62abb31fd4c2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7972786482/IDp7qWF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7972786482/IDp7qWF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.82.130:37341/bin.sh id: auto-e026e75d19565b18966fc3849c0c4044ffd30842dc78fdea6c58e5b41daa67fb status: experimental description: Detects traffic or activity related to http://175.149.82.130:37341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.82.130:37341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.68:51380/i id: auto-a31c4170b1888506ccb9fa439b76f7e16addf66b580af29811b6d3907bdfd3ae status: experimental description: Detects traffic or activity related to http://110.37.67.68:51380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.68:51380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.44.230:38495/i id: auto-de5afd181180ad24660cc961a751fba29a764e79cf30ff95c03c2d3c79f375da status: experimental description: Detects traffic or activity related to http://58.255.44.230:38495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.44.230:38495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.170.127:43314/i id: auto-ad560daab0645e61512ab613ce071599b4b2d61c49b6f45d829398e1163acaeb status: experimental description: Detects traffic or activity related to http://119.117.170.127:43314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.170.127:43314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.169.208:36190/bin.sh id: auto-f44f7785aad44b1afd73ea4d1c9526940683c72dafd2ceca4029e1005694360e status: experimental description: Detects traffic or activity related to http://42.87.169.208:36190/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.169.208:36190/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/7ZJB70i.exe id: auto-66a45ba0858dea6dc7b70618796aa1ff194a168252b9646311621195fcda7e9c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/7ZJB70i.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/7ZJB70i.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/ubiquitous-garbanzo/ba5e id: auto-e0ee138eeeea876970c664879270a7745ff65bc4160748c1bf964bd4d8884541 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/ubiquitous-garbanzo/ba5e which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/ubiquitous-garbanzo/ba5e*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.79.172:36703/bin.sh id: auto-25c7f0fd5d52e390944dff18e84303e2332b0a85341bfeb7087ad3eb7ee235ed status: experimental description: Detects traffic or activity related to http://42.59.79.172:36703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.79.172:36703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.88.238:43150/i id: auto-2770b087ae54f8f7814eb90703dc97f1a54499ab5db7421f428f3c662f513d95 status: experimental description: Detects traffic or activity related to http://59.88.88.238:43150/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.88.238:43150/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.188.199:53544/bin.sh id: auto-31f961ce2cff30eb52a6aa0119296c70fadf7d94c6f99130260ff1837c7d1f0b status: experimental description: Detects traffic or activity related to http://117.200.188.199:53544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.188.199:53544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.170.127:43314/bin.sh id: auto-6d17883bf4baa2e986c38f4718984f46f5ae2850c28e466c68fe1b03498a6204 status: experimental description: Detects traffic or activity related to http://119.117.170.127:43314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.170.127:43314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.93.201.70:37250/i id: auto-051d57e219d2ccde832afa9ce4ce01f835c932bb9d07905dbf64e31951f57c4e status: experimental description: Detects traffic or activity related to http://112.93.201.70:37250/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.93.201.70:37250/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.59:33033/bin.sh id: auto-d8b4877a97664d1494bd4fd04013727148a433c600ca0ec18765d8ca2eba9697 status: experimental description: Detects traffic or activity related to http://117.209.8.59:33033/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.59:33033/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.88.238:43150/bin.sh id: auto-cd9972e7c13b5620a2fb4e6afccbffbce103fe2875dec0d8c7158b28a5ed7445 status: experimental description: Detects traffic or activity related to http://59.88.88.238:43150/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.88.238:43150/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.155.17.49:59452/i id: auto-caed15ea5d44da4004e95693fe5e2032f6e44625cb604691bc6c484fe0652b37 status: experimental description: Detects traffic or activity related to http://185.155.17.49:59452/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.155.17.49:59452/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/hakantarhan613-ai/sdadsa/raw/refs/heads/main/chrome.apk id: auto-9d51da86b55722edc5c4c43104832a28c9d05fedda33929b7b5acccf95172175 status: experimental description: Detects traffic or activity related to https://github.com/hakantarhan613-ai/sdadsa/raw/refs/heads/main/chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/hakantarhan613-ai/sdadsa/raw/refs/heads/main/chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/mahsuntay8-pixel/chrome/raw/refs/heads/main/Chrome.apk id: auto-107c3be8fa5ada6685b21a472577a8c7daf3654ebca25114beda6d86d85e19d5 status: experimental description: Detects traffic or activity related to https://github.com/mahsuntay8-pixel/chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/mahsuntay8-pixel/chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tahsinekmen08-wqertos/reposity/raw/refs/heads/main/Chrome.apk id: auto-559541119aa3ba61be1676968497159d74caff13f2444aedd933d517b0daba70 status: experimental description: Detects traffic or activity related to https://github.com/tahsinekmen08-wqertos/reposity/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tahsinekmen08-wqertos/reposity/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://rabbitsbird.info/pe/output/setup_2333709.exe id: auto-6d7eb4edc9f91523c6c99b2e860f8a625d053b283c090632a3066d65d3faed8e status: experimental description: Detects traffic or activity related to https://rabbitsbird.info/pe/output/setup_2333709.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://rabbitsbird.info/pe/output/setup_2333709.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7154003499/b2nVDyh.ps1 id: auto-7fb774c7a708f43dae07a4559fd95be1590749433356f6c8bff9e134d98d81fa status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7154003499/b2nVDyh.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7154003499/b2nVDyh.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8170069107/q3KNNXQ.bat id: auto-1f67cbf43766b604e4b4a9b86662086b9e935a71b0e533ad51f6b3ac5c2c79f5 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8170069107/q3KNNXQ.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8170069107/q3KNNXQ.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8463396948/VisMByu.msi id: auto-7e7628066f2e6c15918b58e040065c87147a451a494b0753a12796ab767b0f0f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8463396948/VisMByu.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8463396948/VisMByu.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.130:40789/i id: auto-e76b96885b277a17493f2e69fa9bbd574b51fa54b92cccd870551ef94ce96a1b status: experimental description: Detects traffic or activity related to http://117.209.95.130:40789/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.130:40789/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.0.208.91:54279/i id: auto-511e45bc055c33a33d4abdd7b35991e1df142a5de2d50c30bdf16d0b69dc71ce status: experimental description: Detects traffic or activity related to http://221.0.208.91:54279/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.0.208.91:54279/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.193.216:46384/i id: auto-96f3f2213378dfcffce5bca337d9298c2036d468ae2a95cc35b8b216ffed1af7 status: experimental description: Detects traffic or activity related to http://115.55.193.216:46384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.193.216:46384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.114.199.203:36922/i id: auto-85b2e26929ee5a3951442b81ce2ff303e7591b4537ad3e0ddd175fbe114b98a1 status: experimental description: Detects traffic or activity related to http://188.114.199.203:36922/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.114.199.203:36922/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.51.94:36061/i id: auto-c759e55e18111cf803b0f3ba0105289aea5717bbe310f5c479ddbb84a2bee41a status: experimental description: Detects traffic or activity related to http://115.55.51.94:36061/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.51.94:36061/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.93.201.70:37250/bin.sh id: auto-a8a9770c9ee1040068b1a83f11fa0604ea7c5348e1b6cf524dd67da4b0ea6a29 status: experimental description: Detects traffic or activity related to http://112.93.201.70:37250/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.93.201.70:37250/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.66:57495/bin.sh id: auto-a7b9807af87e3ed3d41188a6d700afd663991f3a302f7086211a3400bbf5cdab status: experimental description: Detects traffic or activity related to http://110.37.118.66:57495/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.66:57495/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.1.220:38819/i id: auto-ac4d07803af282c14c314dc2e253eb28fc25fa4d174a7ff459d82e4236684022 status: experimental description: Detects traffic or activity related to http://125.41.1.220:38819/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.1.220:38819/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.130:40789/bin.sh id: auto-659c20c669743fc5552977c19ce1a6683c0422076282262ea9d14cbd7667b5b7 status: experimental description: Detects traffic or activity related to http://117.209.95.130:40789/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.130:40789/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.214.103:55591/bin.sh id: auto-b9aaeaec6e095cbd228f6c6f035d60a2f9e3502634078d9a4f9294d1b92926e2 status: experimental description: Detects traffic or activity related to http://113.239.214.103:55591/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.214.103:55591/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.155.17.49:59452/bin.sh id: auto-e32cfd1133704e77ed940bf812963c3d16610567ddabbbb7040a77593c8acd20 status: experimental description: Detects traffic or activity related to http://185.155.17.49:59452/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.155.17.49:59452/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.193.216:46384/bin.sh id: auto-1fd3db93153fc8fdab2a49ef92971ed8ab2c199abbf3a6045364cdb268e4f063 status: experimental description: Detects traffic or activity related to http://115.55.193.216:46384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.193.216:46384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.14.14:47713/i id: auto-f86b0f7d440373f093e0c80809bc4f99d33edb37699dc88cfd18d84b171958d5 status: experimental description: Detects traffic or activity related to http://116.138.14.14:47713/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.14.14:47713/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.226.185:48219/i id: auto-3478aadb6c6ea3a0635991b2882b550a93ac4b39dfa6289098dd95b9f252af94 status: experimental description: Detects traffic or activity related to http://113.231.226.185:48219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.226.185:48219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.239.190:32908/i id: auto-2617d8a4514ff2a21ce0fd973ac0298bf34c095692eb94c8a9a45dcb6102f637 status: experimental description: Detects traffic or activity related to http://42.228.239.190:32908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.239.190:32908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.73.35:44024/i id: auto-951f32e056ea41c76dc2ca17a8c8bbb32db219440bb8fafb4e471bd7205afa1f status: experimental description: Detects traffic or activity related to http://42.59.73.35:44024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.73.35:44024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.244.253:40007/i id: auto-fe84b0583aea737fef66fb85e9d49bfce49b1f5a21a8a77e64ac81c7def67ffc status: experimental description: Detects traffic or activity related to http://115.55.244.253:40007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.244.253:40007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.22/file/bbc id: auto-2f6a6c9279b7e3371d4394c4ee8c390f2b08c98382635f41ac03159579a020fc status: experimental description: Detects traffic or activity related to http://130.12.180.22/file/bbc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.22/file/bbc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.14.14:47713/bin.sh id: auto-6d56febff12fdb713fd0845d9a464461f009b30e3081f8289c4bf72d792e2b84 status: experimental description: Detects traffic or activity related to http://116.138.14.14:47713/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.14.14:47713/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.226.185:48219/bin.sh id: auto-bc6c65f6f18013b4267da9deb204a6a71b286d25fc5b8115ec7ddae5d9ea35df status: experimental description: Detects traffic or activity related to http://113.231.226.185:48219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.226.185:48219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.73.35:44024/bin.sh id: auto-08ffb7948982ca620607954cb36f29f9b3050b939b4b2f7b622a744f98a76887 status: experimental description: Detects traffic or activity related to http://42.59.73.35:44024/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.73.35:44024/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.251.139.116:49505/bin.sh id: auto-b676a69d554233d7d497c6390a82c141f1c6654f350130a8c6853d848de4a0b0 status: experimental description: Detects traffic or activity related to http://117.251.139.116:49505/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.251.139.116:49505/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.244.253:40007/bin.sh id: auto-e266c63dafcac0e193a2a21a87cebb4454aded7a96e252c1e5014329b136c813 status: experimental description: Detects traffic or activity related to http://115.55.244.253:40007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.244.253:40007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.105:42428/bin.sh id: auto-40bff0eab16de5c7290141fcf5f3cc5048014109b357357dc9fd6bf896372deb status: experimental description: Detects traffic or activity related to http://117.209.24.105:42428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.105:42428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.63.61:43011/i id: auto-a84777452be230a12b141a53da2f4a7a41a21c348b889f775fe48c2b16640d08 status: experimental description: Detects traffic or activity related to http://182.119.63.61:43011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.63.61:43011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/aarch64 id: auto-f1b9b6757fdf785dc7e069c72624820fa1de7da8e4b5db42259ef2d4e878ab4a status: experimental description: Detects traffic or activity related to http://178.16.53.46/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/mipsel id: auto-610d343c2a5b8eef5fcf22223b45e83777a640bb94769c086d695297d6675127 status: experimental description: Detects traffic or activity related to http://178.16.53.46/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/arm5 id: auto-937032e597f33eec996d48f70d7fa1f88dc45d2ad490ffd2c1d5bf8165a9f346 status: experimental description: Detects traffic or activity related to http://178.16.53.46/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/arm id: auto-86623ca2d12600526e2fa53690f8d12b4856d9a4e9ced1777bcfe497ed8308f7 status: experimental description: Detects traffic or activity related to http://178.16.53.46/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/mipsel id: auto-9356e96730302138455a93c68cafdc2ef5663d8e3f20766b3715d645c820b817 status: experimental description: Detects traffic or activity related to http://103.43.8.15/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/mips id: auto-0dbaaf72579d2358783e496cef3ecf84b8a99c0acb43bce4f686690af9b0b0b7 status: experimental description: Detects traffic or activity related to http://178.16.53.46/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/arm5 id: auto-ecea19a5bbd9cfea0cc3fe3170a48fbf31909df34205a0947ec16c1a590b4096 status: experimental description: Detects traffic or activity related to http://103.43.8.15/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/arm7 id: auto-b8078f8cb453c9a3159d8f8c8dd53f2c9b99b6acd79d00ee88cdea59e26875bb status: experimental description: Detects traffic or activity related to http://178.16.53.46/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.46/arc id: auto-313ddaf05c6958fb903fd3648dd16fa32b3bc4b29d1258035322b313be71498a status: experimental description: Detects traffic or activity related to http://178.16.53.46/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.46/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.183/arc id: auto-1792a456e2c834c315dd04ef76978a9d8ccb8397e5d1f639e36154f96de72d29 status: experimental description: Detects traffic or activity related to http://176.65.132.183/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.183/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.183/aarch64 id: auto-a3c07a8d76858edb1e4d04da1b79c26d5f32e4b6f6a3cb0a534893a5c9c0e2a7 status: experimental description: Detects traffic or activity related to http://176.65.132.183/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.183/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.183/armv7l id: auto-82fc250d1cd6c68f89cb9ea0d0956ec200e661779e4ddd7fb5034088a81d2779 status: experimental description: Detects traffic or activity related to http://176.65.132.183/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.183/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.183/armv6l id: auto-304e8e13d91abebd5f2aba565931ac63674b7f339b49427504bbbd905ce15784 status: experimental description: Detects traffic or activity related to http://176.65.132.183/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.183/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.183/csky id: auto-ebbafcc580bda7b919c404760a909e21218acbcf49a9d5520799d15b114bded4 status: experimental description: Detects traffic or activity related to http://176.65.132.183/csky which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.183/csky*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/sh4 id: auto-7a3c6a4c0cd108f999ee00e02ae94466f7ba20aed28494974c46ebcfc2d5a775 status: experimental description: Detects traffic or activity related to http://103.43.8.15/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/mips id: auto-9213532d61c493406d94f4e573e788122b0f922c4ae06084d2f14e7453eaa547 status: experimental description: Detects traffic or activity related to http://103.43.8.15/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/i586 id: auto-23dbb21bf643817a60cc47e595557290894341459f3c44f5fa86ddda8d36648a status: experimental description: Detects traffic or activity related to http://103.43.8.15/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/x86_64 id: auto-9af98c84aa43aae69fc784b3f160efcf58dddc90021a1f67b763f2d54ee4544e status: experimental description: Detects traffic or activity related to http://103.43.8.15/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/arm6 id: auto-8221f9381d723ca6fc960198da42e7cad0c0da0fb19d6bde7a09c654744607b7 status: experimental description: Detects traffic or activity related to http://103.43.8.15/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/arm7 id: auto-736fb887ff3170d953c396cdb7599ff7abfd590fe01be94c744185a27009e51c status: experimental description: Detects traffic or activity related to http://103.43.8.15/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/arm id: auto-cf34f391b061d75342fb913cf36253b6fdb849aca41408159e83b75a8278a6fd status: experimental description: Detects traffic or activity related to http://103.43.8.15/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.15/arc id: auto-b22dccc226b81b1052963dc008a9e416e8550501d54d9daeb9ec1a4f840d17ec status: experimental description: Detects traffic or activity related to http://103.43.8.15/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.15/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.m68k id: auto-011f7b72c384ee31d9d446786c29613694f864a1f449eb5f69439659389d32a1 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.sh4 id: auto-bf67e39ac101f9100e5baa1a25e96c6978ab78db6015b2d2a701a0bb3a5cd188 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.i586 id: auto-e3ae7bd532ddcaabe9fe0a57cef83af1d4d8dad1f4e15990e29be2b24caea71a status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install id: auto-cb4ceaf9b619327e2c6a67200cbe8d2348d509dca041ebd5a043ef25f28000f2 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.arc_gnu_2017.09_prebuilt_uclibc_le_arc700_linux_install*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.powerpc id: auto-31831af5dea725897a892202923bdb4f5307a39162c056770cc656af979f15dc status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.i686 id: auto-e3512dbdd98c3aa0a39c374b7fbe8d946a13355e8b22c0770ebe21e61eb37db0 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.mipsel id: auto-b3cd62a080f7bf9971c95df18e2074dc427cfb94ad636b0d976fdd7f20737598 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.powerpc-440fp id: auto-d2e51bd6555c59fc2dc4d05dcec2d1d50df119d866f777097b9a6fa422e15ddd status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.powerpc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.armv4l id: auto-f4092598bde1c36d104b0d9cb94be7c560217ccd5c04c919bf2af9d651723e4f status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.armv7l id: auto-1b62d641107fd8640914fa828ffa3ef0bbc0bae882d70575e15a20933edc891e status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.armv5l id: auto-3170673bcf186f203544a87107aa18ead08433b9ff8f165272baf10f5e92ec68 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.i486 id: auto-ec00da1d2986c3f285eac4a9adbd7b91e4cd8cbc6c641730bf7215f70f47bc67 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.x86_64 id: auto-1634e715359af1797af7ef102f14311471afea702cf837d9416e25119fff91fa status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.mips id: auto-5ce1c72047a8ab096709457d5298f4a7b0598dc2926b49dc7a91cd789d86655d status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.94.31.234:8080/bot.armv6l id: auto-abb3181662fa352d15aac0e7a6c9374f2f17cf28d65aa98d8a05da1c1e0fc3d5 status: experimental description: Detects traffic or activity related to http://45.94.31.234:8080/bot.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.94.31.234:8080/bot.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.63.61:43011/bin.sh id: auto-656ad5277efd7f88042b565af8a5ee4641f5de248104c7d4db35f2c8f5f50005 status: experimental description: Detects traffic or activity related to http://182.119.63.61:43011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.63.61:43011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.113.121:48919/bin.sh id: auto-440a8737a68233d55fca836484b8813fb2fd69ccf9d9e06566895429bd2806d4 status: experimental description: Detects traffic or activity related to http://182.121.113.121:48919/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.113.121:48919/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.74.122:36206/bin.sh id: auto-29b5c2e50d85af56090aa19eda070bccc40e415f8956ffce3b899b6ce17e87f1 status: experimental description: Detects traffic or activity related to http://123.188.74.122:36206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.74.122:36206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.187.236.224:35746/i id: auto-6bab5ed242ae30519e1ca2963447f06a0f828bd7ae091b9bdea6a4714adb93cb status: experimental description: Detects traffic or activity related to http://119.187.236.224:35746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.187.236.224:35746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.8.217:47181/i id: auto-1e56e26d8ce558e534b0d677f4f5d2a2fd9a96f5bb2b07919ca75f28b4d50379 status: experimental description: Detects traffic or activity related to http://182.116.8.217:47181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.8.217:47181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.187.236.224:35746/bin.sh id: auto-25b5544d99db59d6586059aa6e8d06697b40786ecc7251150add245d44ed138b status: experimental description: Detects traffic or activity related to http://119.187.236.224:35746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.187.236.224:35746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.52.87.27:27191/.i id: auto-0c96fd196d7d7ffbf7d767721c179f217daae92733f2023115b7e49a93792f1e status: experimental description: Detects traffic or activity related to http://14.52.87.27:27191/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.52.87.27:27191/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.39.202:59110/i id: auto-789f46ecc19a999121345b07e557cf6a4990018e6d8af9bb2614e55a6eda9e1b status: experimental description: Detects traffic or activity related to http://117.211.39.202:59110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.39.202:59110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.27.72.142:45438/i id: auto-a76dbb92a62305bffa4872cecf47802166d99aa202ab1612c502cfa06d75105c status: experimental description: Detects traffic or activity related to http://80.27.72.142:45438/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.27.72.142:45438/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.62.26:47985/i id: auto-916c66b379a1604cd62c856b8a3327695705199c1170dfe32de6a4beb4445e86 status: experimental description: Detects traffic or activity related to http://115.55.62.26:47985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.62.26:47985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.8.217:47181/bin.sh id: auto-6e6dde0524779739302946335ee6db194a40b58f57de5dfbc10e0ce0e6ee9b42 status: experimental description: Detects traffic or activity related to http://182.116.8.217:47181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.8.217:47181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8170069107/q3KNNXQ.exe id: auto-938a97b36e071c0d4315328a36417965707f3451b5345b3752f48db183e26510 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8170069107/q3KNNXQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8170069107/q3KNNXQ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.39.202:59110/bin.sh id: auto-30e176ce1fa79c3a93d12977c2318a2acb988c57bbbcdffb115f7fdad46e04ab status: experimental description: Detects traffic or activity related to http://117.211.39.202:59110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.39.202:59110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.27.72.142:45438/bin.sh id: auto-91f50b49731352bc1e7be311fd39fc46e50b9052fddfe0ec13be2b4f453d9ec8 status: experimental description: Detects traffic or activity related to http://80.27.72.142:45438/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.27.72.142:45438/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.131.213:56801/i id: auto-4a7614783ce7f952cff99a3ece5023ee853aa5e30aa4b9297d6b958857b07c01 status: experimental description: Detects traffic or activity related to http://219.156.131.213:56801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.131.213:56801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://205.185.127.97/nuts/poop id: auto-97c392299b2f97631ca2da3e8b2f7bb89bde4356aad0c928eb580f8f5392ee35 status: experimental description: Detects traffic or activity related to http://205.185.127.97/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://205.185.127.97/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.198.188:55211/i id: auto-333617571839dfa05540af675c391293c46b0bfe8ffda810d3ee285a44699a47 status: experimental description: Detects traffic or activity related to http://125.46.198.188:55211/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.198.188:55211/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.102.180:53297/i id: auto-9f1c550ae02f8297a704dc4a826ed9c6afde78be9f73226b0be1ac6723904ea7 status: experimental description: Detects traffic or activity related to http://175.146.102.180:53297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.102.180:53297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.116:40613/i id: auto-4c8597a584e0f99c69574c71559fa8f82a03a2a813be26db610cc2be3bdc3f9c status: experimental description: Detects traffic or activity related to http://110.37.66.116:40613/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.116:40613/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.248.10:48865/i id: auto-239cd9ae058dd5c10eb00ba5b9b54f27337c4330b1ae0011828c06c5af0cfc73 status: experimental description: Detects traffic or activity related to http://42.224.248.10:48865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.248.10:48865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.145.89:47412/i id: auto-c5a061a82f66f1d47a38e3329de15e720e60d58e52d884a0fa78434ac3982069 status: experimental description: Detects traffic or activity related to http://39.90.145.89:47412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.145.89:47412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.198.188:55211/bin.sh id: auto-874a5fdd25ad3f46fe495eb17dc2cbf96fce2cb8b1b5e386d783643504f3e56a status: experimental description: Detects traffic or activity related to http://125.46.198.188:55211/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.198.188:55211/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.arm6 id: auto-b9001cffd557c72aa2d2197846c38d2b38624e9d198ba9d18501f8db8205465a status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.arm id: auto-7f4c27fc3500362734b8e01d1c2e896ef0415d416eb48df7dfad3430b0b005c1 status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.arm7 id: auto-86d87071a0c2b2024d524b36a6a23ad6d8af375af2480a3972ec7fe0894bfe1f status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.mips id: auto-f32ca150ac43608e4e51defb92614de8bf41523bea7b6661d7121ab16d32e36a status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.ppc id: auto-be1cd37dff3d4af24c8a976172986720a3d0c67065280dd6cd274aef70600505 status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.m68k id: auto-8f7f8e476aabf49a62419c8d55df3a0e2e4e823a1b20830d6201593ecfc6d822 status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.x86 id: auto-c083b47999bdeda1c71781f15dcb386ec1b8f942e49d2225c3f82fdf820ef3dd status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.mpsl id: auto-0e8d64bf84a05a9ef388b957336d61454da585a447e6202c716fd7c04be974bf status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.sh4 id: auto-3b083ceba1ca3d8cab9f9e5f48e348e151937a3ed968d1f9317800a135b461cf status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.spc id: auto-59a6ca14b5cc77d7b18e26af102b6f2c62255404c9dcbbbe7ecda4eba6dd9aec status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/arm7 id: auto-26ece39a4f6231a72c000c0f31d7bbd694e0dcdb0686cc9a0a8844f963e80b50 status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.18.92/bins/byte.arm5 id: auto-874c5f0a043df4f59416663f593e54388e3fbefd803959fbe2890ebe9b566344 status: experimental description: Detects traffic or activity related to http://78.142.18.92/bins/byte.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.18.92/bins/byte.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.131.213:56801/bin.sh id: auto-8a0988e0abe8ed024774faed494091636a80304e3c756c568509a99c8f0f5e9a status: experimental description: Detects traffic or activity related to http://219.156.131.213:56801/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.131.213:56801/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.62.26:47985/bin.sh id: auto-73327bf66ab9c4441adb6e6d6232ddc9cdb867298eb56e356bf17bc8f3574ceb status: experimental description: Detects traffic or activity related to http://115.55.62.26:47985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.62.26:47985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7154003499/b2nVDyh.exe id: auto-8e9f6af633404ad4d170b1e43a19e7d390e81824575cefa33d2e4e83e997499d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7154003499/b2nVDyh.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7154003499/b2nVDyh.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7154003499/XilNUsI.exe id: auto-3a7d8985664820d777296d22343001c6322552f7ba5541d124728d04fc359e0a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7154003499/XilNUsI.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7154003499/XilNUsI.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.82.48:51960/i id: auto-6c8a56503818187d87714262e2e52a693de7e1ccc47873b6b289b67d66d4140f status: experimental description: Detects traffic or activity related to http://119.117.82.48:51960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.82.48:51960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.82.48:51960/bin.sh id: auto-d44ee9edf1e9dce8a8fb69647523a1769668df264e1bfc049a838333abec7bc9 status: experimental description: Detects traffic or activity related to http://119.117.82.48:51960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.82.48:51960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.113.121:48919/i id: auto-1ec3551d3a7edce4b1582ec76315661d6c83ded343c7f4abdd77f90a8d208548 status: experimental description: Detects traffic or activity related to http://182.121.113.121:48919/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.113.121:48919/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.92:48622/i id: auto-9ea8e33ab81701ddaf8385303958352b6de5ad62d14e0bd510f2331a6adc58db status: experimental description: Detects traffic or activity related to http://110.37.55.92:48622/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.92:48622/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.182.20:40285/i id: auto-3201ca31b3708ce5aa4a3485418bead740a3689ec21e4a742b9c4ce888242b51 status: experimental description: Detects traffic or activity related to http://222.140.182.20:40285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.182.20:40285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.223:46627/i id: auto-41b54249fe6ebe95880344b9c29bec2a92eefd18c2f52b209316c1b01ba10e05 status: experimental description: Detects traffic or activity related to http://110.37.87.223:46627/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.223:46627/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.95:47114/i id: auto-2150251590e10525926d125b44a0177928a8ffde6941fec111c2e93a4558e936 status: experimental description: Detects traffic or activity related to http://60.23.238.95:47114/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.95:47114/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.182.20:40285/bin.sh id: auto-498cf9abdfdecb0d117c5fbcfaf1fe95d5b783e410696ed84e14d4cb3a8375f4 status: experimental description: Detects traffic or activity related to http://222.140.182.20:40285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.182.20:40285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.238.95:47114/bin.sh id: auto-450bb4239340c899771fc29b3c7a9689ae93eeb4d03c428cb510797e6f4c8445 status: experimental description: Detects traffic or activity related to http://60.23.238.95:47114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.238.95:47114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.92:48622/bin.sh id: auto-950f4d8f0497afade13b59c795e5bc6a1acf34e57088276eb0fa5db93787ac74 status: experimental description: Detects traffic or activity related to http://110.37.55.92:48622/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.92:48622/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.142:39723/i id: auto-6514f9149083905232df0dae4e76e6feb3cdd7af7a05b3058f46c2e0ad6c6f7a status: experimental description: Detects traffic or activity related to http://59.97.179.142:39723/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.142:39723/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.127:57549/bin.sh id: auto-4817c360ff8baea5f4f64fdc5cfc5f34d0a3bf26a503c046daa901964892d587 status: experimental description: Detects traffic or activity related to http://59.97.182.127:57549/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.127:57549/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.214.101.182:36156/i id: auto-6a8b1b992b52e1be4b705190ff4c1299072a2e08ca7418e7b3dbafe65251e1de status: experimental description: Detects traffic or activity related to http://222.214.101.182:36156/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.214.101.182:36156/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.217.192:41968/bin.sh id: auto-85ed691882e9865c17c400257464f15ec941774e69b362165351d98db55f6ee8 status: experimental description: Detects traffic or activity related to http://59.92.217.192:41968/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.217.192:41968/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.214.101.182:36156/bin.sh id: auto-405854c14e6f715fadd9ff118c5a4da375f72b18a6dc0af9e62d06df1235159b status: experimental description: Detects traffic or activity related to http://222.214.101.182:36156/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.214.101.182:36156/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.221.63:56401/i id: auto-a20de90fe13ebd8cf672995be08a8e6f2e8d86ce604366d4c893734ef3e58aa5 status: experimental description: Detects traffic or activity related to http://42.177.221.63:56401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.221.63:56401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.235.5:49722/bin.sh id: auto-0fcf05aa218de574535e620bec7e6e9f267fbd76cf0b89903b7a194f1e8f9982 status: experimental description: Detects traffic or activity related to http://182.121.235.5:49722/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.235.5:49722/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.221.63:56401/bin.sh id: auto-799be0ddb6b8b57dd175c3c8bbfeaac52356a7ff7f0c22791239b9f0ea86ae3d status: experimental description: Detects traffic or activity related to http://42.177.221.63:56401/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.221.63:56401/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.arc id: auto-1168e1f9369fbb83a224141edb3b2260d840355969e88625fc02d58b2f62ffeb status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.arm7 id: auto-3e225c75c3a24899dc4855d7bf55cb4322932dde3107dfdf3b68e9f3b1fa0663 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.156.230:45327/i id: auto-0f8eef525602f8ffd5eb97e9420efa25b2acac00c1eabd477f940ccc5c6cd1e1 status: experimental description: Detects traffic or activity related to http://123.10.156.230:45327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.156.230:45327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.arm6 id: auto-334e63561c7b6c92df3a8fca01a737a0b8b47a56c33dfa95ba29a17f29f50e25 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.i686 id: auto-7939102e9d6637288ba5216024102fb3d598ff0e99d6ce720a97df1d62f04bd5 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.x86 id: auto-c424cdbed0cf82e4e6a9da62e3259635729b8fc33a7425484d9e17048d415012 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.211.109:59920/i id: auto-d4abd669755bd8a93786837baf2d27148d447b389812621f5a0b8a99c7cdb338 status: experimental description: Detects traffic or activity related to http://110.38.211.109:59920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.211.109:59920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:54318/i id: auto-800814aff80fd95111062f757e675591081ae9dc8642e05f7096cdfede108ab2 status: experimental description: Detects traffic or activity related to http://110.37.76.189:54318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:54318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/qkuys.sh id: auto-a0c5bde4a3962bf8cfbd5fa764b8786c2511c9f3801897333f1038abad553f8f status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/qkuys.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/qkuys.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.arm5 id: auto-4abac7852be37742713f3ccd1b519e2d28b026dc2532896ca7ee6d2612f92d37 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.arm id: auto-5c8b44f3bcf5decfaa1f9cbc464c25b96d1c8ba4beac08965165c624f90dffa4 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.spc id: auto-02fabc8f50b264cb23838f13d4a347c5439bb67b6558dc95543dd6481040aabd status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.mpsl id: auto-367e69c1eb3448fb66f9f1acc52cc525fc9b4d1a65f9a0cfc62f2a47c31fd183 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.mips id: auto-9b2276ec96d82d75b0376aaf15c92b3c483c3a088f4b9dd6a84a2373f0acd70c status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.x86_64 id: auto-355c4cf029c72f662e1bfab998ad5356f83ab69e3c59d7f935a96e594602f1c2 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/debug id: auto-ddc0c556d6ff98cb3fe6552e7cd996665265ae14a25b0f72b012f6425227bb32 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/debug*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.m68k id: auto-aa59c0f826e4f5c00b1a3645ec75abed35ea90d768a25f4b2002f7187394e0cb status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.ppc id: auto-bb401286ddac7b22a0ac8408eaa7c5a5271e9fbef0ddda47813514a1eb44edd1 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ilovenetssomuch.ddns.net/bin/Polar.sh4 id: auto-0c0c9dcb1d7452e9f31d089e5390287f1d7e4c17b4a522ebf438be39928e88b2 status: experimental description: Detects traffic or activity related to http://ilovenetssomuch.ddns.net/bin/Polar.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ilovenetssomuch.ddns.net/bin/Polar.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.118.39.151/mig id: auto-44479f349cb783c29817495caf8c740e17b8b7c9fd59734ea339fe8bc5393c79 status: experimental description: Detects traffic or activity related to http://92.118.39.151/mig which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.118.39.151/mig*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:54318/bin.sh id: auto-acc7e65c9466f539393df22b9f80b2b5af80619e482ccf444f1a5c80239eca98 status: experimental description: Detects traffic or activity related to http://110.37.76.189:54318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:54318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.194.105:39372/i id: auto-48a9aa0b2a3e35e69c0156873abb0e7768310cdd2f0bec42e7b6d83cd7888c9b status: experimental description: Detects traffic or activity related to http://61.52.194.105:39372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.194.105:39372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.110:41544/i id: auto-edc107b59048152d6c91dc1dd33f169c2e3fb724bd540d97ff3345975ae43592 status: experimental description: Detects traffic or activity related to http://110.37.61.110:41544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.110:41544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:46426/i id: auto-84185d9271ed13802d4e4a94167e5a91e02f4eda9528b3bd5fb9bd479d3509e4 status: experimental description: Detects traffic or activity related to http://110.36.29.76:46426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:46426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:35679/i id: auto-ad66826af07c7ade832d3fdf2c58f07f2ceb10697a32cd0c069a007e90134711 status: experimental description: Detects traffic or activity related to http://118.232.137.101:35679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:35679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.7.114.186:25051/.i id: auto-6dd9fcdd98226939a0eb0fee800728e2c4f417b57123f04abc4fb184429cef35 status: experimental description: Detects traffic or activity related to http://59.7.114.186:25051/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.7.114.186:25051/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.194.105:39372/bin.sh id: auto-f385b19d9ddbba31cb9cd55a408e86a1787ea36cbf468d533962f04fc7d1e54d status: experimental description: Detects traffic or activity related to http://61.52.194.105:39372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.194.105:39372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:47110/i id: auto-0e1633b837b22aca910b8bd97164470766882ba77aafe8b3f53fafd5c08d7340 status: experimental description: Detects traffic or activity related to http://110.37.123.210:47110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:47110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.110:41544/bin.sh id: auto-e4615b13ae6be1f1d4a61214b68ed1aaa5d440cf5a4b8c7d297f4e6df1fdef23 status: experimental description: Detects traffic or activity related to http://110.37.61.110:41544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.110:41544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.162.67:34062/i id: auto-6f56820f610e607916f90f39a52ca55d8dd590e002529a63c08e603b66af916d status: experimental description: Detects traffic or activity related to http://115.48.162.67:34062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.162.67:34062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:46426/bin.sh id: auto-b7e4009f3921b6ccf5d31a63fbe356d33b5d76e45eebf5c19eb80d36e46f21f8 status: experimental description: Detects traffic or activity related to http://110.36.29.76:46426/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:46426/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:35679/bin.sh id: auto-3d3330f7ac574181410f368e8095681b1d6054ec018ad1623a82eabd6689267c status: experimental description: Detects traffic or activity related to http://118.232.137.101:35679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:35679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7606537116/TL1ax3z.exe id: auto-db983f7ddef2f22c4099abe33631d54efe75b09280e8468816aed92f683269fe status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7606537116/TL1ax3z.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7606537116/TL1ax3z.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.126.222:33068/bin.sh id: auto-91e99361e953cc29837fcfcbc7aeb28ae33d326da5b7bd5a73a47271e61e9345 status: experimental description: Detects traffic or activity related to http://39.187.126.222:33068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.126.222:33068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77 id: auto-644670dc7aedfe7d5464c7c0546022c3365db41bb8675e4809e1b3dbbb9d1502 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/systems-win64-sandbox/tick-based77*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.162.67:34062/bin.sh id: auto-ea861bd76fdd2411225ee17ff4266f5edc17813bc34d256840da1d111aef17e0 status: experimental description: Detects traffic or activity related to http://115.48.162.67:34062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.162.67:34062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.197.49:39095/i id: auto-214375d759ccea94f04da0c0e2de0f47b3bda77759c1a52b5b838473e47f212d status: experimental description: Detects traffic or activity related to http://110.38.197.49:39095/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.197.49:39095/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.113.54.131:44245/bin.sh id: auto-7ed7bb199f138838204b713de3f4b779960996184a04073724cb7ea13ef956e1 status: experimental description: Detects traffic or activity related to http://118.113.54.131:44245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.113.54.131:44245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.167.90:37169/i id: auto-376ddf3fcfe3620920742b1bd666bc62918668577d8493bc2bdf9ba0abc9aced status: experimental description: Detects traffic or activity related to http://117.204.167.90:37169/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.167.90:37169/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:47110/bin.sh id: auto-fbc774cd105e550038a115455e0440b23bfe6eeb75bbfe3d5363199726fc4f47 status: experimental description: Detects traffic or activity related to http://110.37.123.210:47110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:47110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.55:39512/bin.sh id: auto-8273bea3b350d04f9fd5a2c3a936a7637e976d018d264ce1d4b8e988c4359685 status: experimental description: Detects traffic or activity related to http://110.37.5.55:39512/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.55:39512/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.5.55:39512/i id: auto-69a93ebc78f4b555bdabe8680daac91f6942856d64fb3ecf5ebd82205cd5cc8b status: experimental description: Detects traffic or activity related to http://110.37.5.55:39512/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.5.55:39512/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.179/hiddenbin/boatnet.sh4 id: auto-ca2aeb001f0a9ad0df0100f05418410e83dfa7530272db33d93ac6c29c787083 status: experimental description: Detects traffic or activity related to http://45.153.34.179/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.179/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.202.214:47103/i id: auto-42a2b3dad1e6aacbaf767ab01046567398e43ee1814b6835160a03380a9572e3 status: experimental description: Detects traffic or activity related to http://182.114.202.214:47103/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.202.214:47103/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.179/hiddenbin/boatnet.m68k id: auto-719b4843be37903812269c4f04ae99bde6c814b2e9f60fc9fe20a8d92f91c215 status: experimental description: Detects traffic or activity related to http://45.153.34.179/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.179/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.179/hiddenbin/boatnet.mips id: auto-12bf957bab161000db4c69adad725f262defb6a3ec825e04c6d3fa1bdeea024f status: experimental description: Detects traffic or activity related to http://45.153.34.179/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.179/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.176.101:33518/i id: auto-bcbc1e6baa7c040e76c1f7fa40dc876892c923078244a13c7712c95496e1a535 status: experimental description: Detects traffic or activity related to http://115.54.176.101:33518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.176.101:33518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.167.90:37169/bin.sh id: auto-6f5dde9ac13efdbfe841d3abf2255fef14e6e092df1da523265b1a60880a5f41 status: experimental description: Detects traffic or activity related to http://117.204.167.90:37169/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.167.90:37169/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.0.100:50222/bin.sh id: auto-6d2be848d8a4369a4b5819560b5963d4690be9036d5f28a67371264c372f5ea4 status: experimental description: Detects traffic or activity related to http://113.237.0.100:50222/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.0.100:50222/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.119.251:34527/i id: auto-c29992659f65961138e0bc0a4eed9aff7c602612f1264dfbffde5a8668ddda04 status: experimental description: Detects traffic or activity related to http://182.121.119.251:34527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.119.251:34527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.197.49:39095/bin.sh id: auto-28f70dd8d9729d0723f68a7c56f55a2f28bab1f2dea34496469d18c9fc866d31 status: experimental description: Detects traffic or activity related to http://110.38.197.49:39095/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.197.49:39095/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.218.192.46:34587/i id: auto-170e12fccbe668b4d12762090d356f278040f8f6cbed03d3d1836e3445bb79a5 status: experimental description: Detects traffic or activity related to http://60.218.192.46:34587/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.218.192.46:34587/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.57.123:34930/i id: auto-a4c31422c91ec17ac86ae175d44e75fed895420746c4268fe3ee0954ab511d37 status: experimental description: Detects traffic or activity related to http://60.18.57.123:34930/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.57.123:34930/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.7.156:42556/bin.sh id: auto-6c2eff4e132a99abf60f38cb6618be350763c12bae5e12e4a76b00773398a9db status: experimental description: Detects traffic or activity related to http://123.188.7.156:42556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.7.156:42556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.57.123:34930/bin.sh id: auto-f10065251bbc1bde32151b88f2c9314922406a0d420b2174f945354c9319656e status: experimental description: Detects traffic or activity related to http://60.18.57.123:34930/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.57.123:34930/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.119.251:34527/bin.sh id: auto-7823c6b2f1469fb46a22bc1a28363f1d03a09f89b4ebf78df17411c0be9be611 status: experimental description: Detects traffic or activity related to http://182.121.119.251:34527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.119.251:34527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.170.57:54763/i id: auto-94c3a92a44aac355e227de6b867b8ca20c2ee3711cf22f52c1de9aad21b98ccf status: experimental description: Detects traffic or activity related to http://124.94.170.57:54763/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.170.57:54763/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.218.192.46:34587/bin.sh id: auto-3c6330615a5b7d3b30b20772f5e911decf3eeb56dc8302b65246b46079410e5a status: experimental description: Detects traffic or activity related to http://60.218.192.46:34587/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.218.192.46:34587/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.166.248.15:38639/bin.sh id: auto-4c674ad65f96904175f99c1b9d4bd5f73363281fddce51e53def06b7614d23bb status: experimental description: Detects traffic or activity related to http://222.166.248.15:38639/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.166.248.15:38639/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.120.182:42805/i id: auto-956f86aa8f612638e2b4397784143e0036f0734ab9b8627a2c080d381cfbe3c0 status: experimental description: Detects traffic or activity related to http://182.116.120.182:42805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.120.182:42805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.235.5:49722/i id: auto-b9ea1339b43be011853cd93f024d61c09dbe35d671477240b0763c3c9e750685 status: experimental description: Detects traffic or activity related to http://182.121.235.5:49722/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.235.5:49722/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1 id: auto-d2bfa130d64c2fb71eaa84cae38931447b92093a7c60d083e5e28a45364ed694 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/grv-matchmaking-l1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/bins.sh id: auto-17d2ea1b059d64f64b2d99330387ab9ab659fab5714c806416b4ad4a8286f783 status: experimental description: Detects traffic or activity related to http://103.211.218.101/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.219.230:50078/i id: auto-ca524b82a0f7ec2514e23b23a5c5bc7d6e2a6534f44cf7b876f156afd12509a8 status: experimental description: Detects traffic or activity related to http://112.242.219.230:50078/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.219.230:50078/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.x32 id: auto-b8db1f28f65ebe93afea5c78f59fad050797093138a8cb396599702d0d55fcc6 status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.x32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.x32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.sh4 id: auto-f5ea11b265dad8a989e6e8665f9a66c3de9dbd64743e6d9d06de58efa714fc7b status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.mpsl id: auto-494938e69c14fcdac9866ee0d6cf140b05f4a7f6a7b8417a3dfb6c63227c4c69 status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.arm6 id: auto-809afd6b2516f768afbe5cdd17d6ad15e05d03b7a65856f76b2c19464511164c status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.arm4 id: auto-439c32e5b8852c9d5ccc7c6be5000ff736a3dfe462e8414ec61c5204f0abb201 status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.m68k id: auto-429b9e307b4cd0070009723727b4b5676a6adff62761a60966da07850b73068f status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.x86 id: auto-476606b68a22a46e02656c937b13613f85212d9e209982ae46ff7c66f9e95c3d status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.i586 id: auto-202ede26e884df49562ace0924398b9f2b15e00847dd2d9a099f429bae278794 status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.mips id: auto-abf0bae0da8f640d741c47e1dd70be5533b6d8604325450305bcc28ec6c510db status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.211.218.101/yakuza.ppc id: auto-55fc4eadf60dc07bcf011ff3041ede25e03508a4589239afd22dc60568b5b6b1 status: experimental description: Detects traffic or activity related to http://103.211.218.101/yakuza.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.211.218.101/yakuza.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.243.227:8443/sda1/Video.lnk id: auto-e2946f31b344e979244a29e7c1026351f8618dd848e941667ad60f2115f6c71c status: experimental description: Detects traffic or activity related to https://151.15.243.227:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.243.227:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.243.227:8443/sda1/Video.scr id: auto-0d6179c61b4ed895feca16492bdc5f57775ae21554e3fd7407e0eb6560ec00e4 status: experimental description: Detects traffic or activity related to https://151.15.243.227:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.243.227:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.243.227:8443/sda1/Photo.scr id: auto-cefb9ee5a0455b714e70646945721a13aec81187a6d0ded0480d54e570d40884 status: experimental description: Detects traffic or activity related to https://151.15.243.227:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.243.227:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.arm5 id: auto-947385923bd7c67b16a422909e397db379304abf42ccd65fbfb48d964dd84ff9 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.sh4 id: auto-e26c810cdcbc6e22fd1a6e58c432dfd92d42d226becc654c886194d38b8cfbf9 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.243.227:8443/sda1/Photo.lnk id: auto-d51772ab10515c1c6c089e279bff7e285b6254a3fcc99b3f84411c642c8749b1 status: experimental description: Detects traffic or activity related to https://151.15.243.227:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.243.227:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.243.227:8443/sda1/AV.scr id: auto-372b912a8fa5606192a435d071f2e96b0d50f9c10dadc0a4df14c37ffa89d55d status: experimental description: Detects traffic or activity related to https://151.15.243.227:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.243.227:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.243.227:8443/sda1/AV.lnk id: auto-0fef938b296f72216016e2c00f3381928e8f591712e694db9fd61af8c5a3efa2 status: experimental description: Detects traffic or activity related to https://151.15.243.227:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.243.227:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.arc id: auto-877500b60dd002465e876c4a0174404f88bddf17b28f7f66db8c50960ea13f43 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.m68k id: auto-56df98c8f850dc8ea3062912130059f17cb2c75511bb71a423ffb50c151e8ce1 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.mips id: auto-9aee8b6f6098b9be590f1b5092bae0236833c931ef0bb1d324b63f9fc6fb6cb3 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.ppc id: auto-3d2f334658f4915277c5a892573b292481e27f5595b967d9eb26d37576f9ef8c status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.arm6 id: auto-3f71383196fda8166354802a7e42174f71bc40dc7db412099cbdf9cbe27cd13e status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.spc id: auto-f1c2828c9d3e7491d0a674be75bffdb47b225e338bccc0be2b216ef096f424d2 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.x86 id: auto-7bba079e7ea091122b23d8bf6f8a37fe3bb58a7c0731279f3e9f129a4a732b09 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/ohshit.sh id: auto-1530c14934cfed54d750d5265158c7ce01465bbccf79153494fd953e19c7605c status: experimental description: Detects traffic or activity related to http://64.89.163.39/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8408827406/u6SIdRE.exe id: auto-1fdb8916f8cec4763e3a544f63b1c355eae4c694e9c1779242050ec24f15afbc status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8408827406/u6SIdRE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8408827406/u6SIdRE.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8457623682/Fnum0RZ.exe id: auto-0cb595b4786fcdbda92eda8f86285088548465a0f9cf22c31570f1bde7a17d81 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8457623682/Fnum0RZ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8457623682/Fnum0RZ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.217:37288/bin.sh id: auto-d23ea0a2612c9c076700d5c14570105c4157fe8d233595cb0ab6bc546be99706 status: experimental description: Detects traffic or activity related to http://59.97.251.217:37288/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.217:37288/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://interdashboard.mom/team/TeamViewer3.exe id: auto-b2a5f88e33997778b087c7ed31a7f511900bfcb6f3692896bf417a66f5f09085 status: experimental description: Detects traffic or activity related to https://interdashboard.mom/team/TeamViewer3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://interdashboard.mom/team/TeamViewer3.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://interdashboard.mom/team/TeamViewer1.exe id: auto-df8d50206bbe2ba425e79685f2f291bf3d9ef297f1e444386fe7afa146f642f5 status: experimental description: Detects traffic or activity related to https://interdashboard.mom/team/TeamViewer1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://interdashboard.mom/team/TeamViewer1.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://interdashboard.mom/team/TeamViewer2.exe id: auto-7d4f06e81ba7e4becf79011fc0c4fe30884b67c32e16ff076f28eb9cdb76c2f9 status: experimental description: Detects traffic or activity related to https://interdashboard.mom/team/TeamViewer2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://interdashboard.mom/team/TeamViewer2.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://interdashboard.mom/team/TeamViewer4.exe id: auto-04bbbfb2ab91ab30cdf2b0a4abf3f53cd7c57d5f087fd4636270a6ae0904ea1f status: experimental description: Detects traffic or activity related to https://interdashboard.mom/team/TeamViewer4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://interdashboard.mom/team/TeamViewer4.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://interdashboard.mom/team.zip id: auto-a9f6ff7b8ef01576feefb966aa776907cbca45d38969c17201079ef035de6429 status: experimental description: Detects traffic or activity related to https://interdashboard.mom/team.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://interdashboard.mom/team.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://interdashboard.mom/team/us.exe id: auto-9285912bd4a4ff64fc68e2f7b4947dfecfeea0cfb9663e787fead7a7cbda83f8 status: experimental description: Detects traffic or activity related to https://interdashboard.mom/team/us.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://interdashboard.mom/team/us.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.mpsl id: auto-4ba1765f0d37d7deb9992700630bb46f302a4d5f80737d2b01742990cc56a509 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/arc id: auto-b5bf8a984b5c78bc992d865ff3bdaa25f0bc82c2872718536aec3f6eca353955 status: experimental description: Detects traffic or activity related to http://208.84.101.162/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.mips id: auto-cfd85e0021c6b1340acf7db65a33e59a3123c31d0a9f04e765ceed221613b857 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.arm5 id: auto-752b7ace12b6e2bb0bc1afa681ca408d739d4a671c274df0d1a0eb19fa3efe43 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.arm6 id: auto-5f7c31af41627affef1971d2804e6e469f6a98391e6b527c08d64b6055a071c4 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.sh4 id: auto-7848752a33f867abc80edfc6daec369a479a58cae8a7a9e8cf224e1a8d9711fb status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.ppc id: auto-eb5578c74b8ab7377fdfb521252753a8a4b1be4678867651131ce78bc7836c81 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.arm6 id: auto-96ca1b8bc26a0c5bf9193eac309a708108f1ca5f113f88b5739e6f591a391abd status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.x86_64 id: auto-30e4c1415c8e684de8f7d72ed2360158a9b1927dd31d3aa82dacf607edf43e57 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.spc id: auto-99853e868730447a1bf775b497793ad7e06bed2b4b8713509c057c6711776201 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.ppc id: auto-2fb06186708930f79d1494423d021eeeab9daf9ec8b34673e2272d6ee228c398 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.i468 id: auto-65969a37a01bed41852fc6c0f2bd850af9e7f131ca008ca6b312269542b221a9 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.i468 id: auto-0e8a7fde4429078e0e4242cdbc4ef6d8311d8084164cfe7bc7c16a4e39854679 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.i468 id: auto-425623926439a3c64c76ee2c180c24d6ddc054e1e56f295081e22d64f38e686c status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.arm id: auto-96cca319c5abed7c22b1ec1d8017eaeefc7099d31ddd2d104a6693f266cc7fd9 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.arm7 id: auto-cc820187d9c264f4eeb14d6fb58dc375918fe7d61e03326276e0953f23fd4f9c status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.m68k id: auto-3cf3862e5655e37924d49bfe1ee3f5806e0249d03cac6b05985d7f3a5dabe736 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.spc id: auto-d2a01402c4fe99f5d47c72f637379e04683b068af36b044d9bb3b28336371638 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.x86 id: auto-36b2c23ca887759c129fd17b9f532742f9a4b783cb677dcd3c6bb2539cdae035 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.arc id: auto-dbe150aee1d03c0589f56d28024ded7e89b3f6ff5fc60aba1b0b51aa49c78fc3 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.mpsl id: auto-312bd0667a6e80c7a897694611e80b7dd2ee99a8fa56ad9517800882b8a47adb status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.i468 id: auto-8ab7893f555f0bcd7dd9d5f31ee63ceedaeaa47fc94950be7fab813482370f96 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.arm id: auto-aa82c9eb2d12c3bd1ca845309436f29f11928016cb1d6e70eacc6676e73c764e status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.sh4 id: auto-6026993592c515a9fd5581ae55b84fcfe18de7125f86ba93c7c556fdd602d4d6 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.arm7 id: auto-f7c7e564d44c5ffbbadd963974e2589c97ff09962cee7c8323a48b3cc2e9de7b status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.x86 id: auto-d2f6a442bca5e5cc397202274147928e0e6b35c27bea94b5cfcdfc869e27ce9e status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.x86_64 id: auto-154d03d551c0f8b361e7d8f7e92b18ada14298fe1969ead420d1c0f890eaa777 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.79/Orbt/Orbt.i686 id: auto-592811858830d3e804f85db73a8b48d5abeaf7a695618b6e95b38b9ee9bcabf3 status: experimental description: Detects traffic or activity related to http://143.20.185.79/Orbt/Orbt.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.79/Orbt/Orbt.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.i686 id: auto-d542de030ab7433ec607a07cc9a0c9399fe726fd7aee9e8b502e8da406de43ac status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.arc id: auto-d495c62d5540d483d423375be2d59a595f8acd1826870c596ec3df6383009bb9 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.arm5 id: auto-8d5b69250f153abb5671feab7af9b3ac49396a3511404c862e6bdba68b3eaad6 status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.mips id: auto-ad6ee5fc024236d30abfa5230694b9e277c2a6ebf19d31e18af61a1171435faa status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/00101010101001/morte.m68k id: auto-d6e13abffa3a755e0fd460cefac56d3bf676936334005849630ef9a1841dfd2f status: experimental description: Detects traffic or activity related to http://109.104.154.249/00101010101001/morte.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/00101010101001/morte.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.spc id: auto-e49cc78fbf4d43bc8406ace0bb6cc1a3724426db8f640accc697cef6fa8d5206 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.arm6 id: auto-2cacc63cc30f8ac2f4bb54574f1fefa176ee08f449e0d0baf5b32b4ab4384f30 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.arm id: auto-7e75b860e817fb4d14b89941ea7956f5c07d3015303a395cb3b921f102b50a94 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.m68k id: auto-10080628cd778af58733fd0a5d5e589b3b31d56712d2a6ca42f9eab5983402e8 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.97.157:48034/bin.sh id: auto-abf2c5d81e3796b53f5463000cd3cf82aa5fe0b77bc97737bc172e1e20800217 status: experimental description: Detects traffic or activity related to http://175.169.97.157:48034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.97.157:48034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.x86 id: auto-d23b7d41349aad0209fbdb987ff3de0a3d7d1df1e9d35948d50d39a85aa4bc55 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.arm7 id: auto-75dbe87039f646f1b855d0acc3354bba33fde4826751347cc1ac299fa46e0a3f status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.ppc id: auto-883c7d9a63cfb53a4b186eb87ce6cd62e25b95f94bb99a468d6daae111518db3 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.sh4 id: auto-bdc6f572d43b8fea253d6989ca3d274f3f9942437f50e25a4d7738be37b2f222 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.sh4 id: auto-1315e96e934883efba9007e63a64d58199758cb6bd4f68cf7dfad3c7a2b6eff4 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.arm id: auto-d47db12e55d8b5eb3a72c9bf97d63e6b5b8badd5d19c017770a97cb61042e109 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.arm5 id: auto-a9cd7b6315da6d2778a9e193395064c1e78ee206ec80cc5fe725309aef3fdac6 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.m68k id: auto-bad13f6ffd1cb051b65741410bd6c9d9be1963326cd492c17dc4c5cdaf47599a status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.spc id: auto-14347b5ff402da8ce796f0998a016b790134233c6ab26ec4f7be009342ddca9d status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.mpsl id: auto-637ae7e4887fc2774d2e6a7356cde7ea91d66451b774717e813c0bc7cb458250 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.arm7 id: auto-804a5261fa090d6813ba5baccb904944f81a62df2ad03419c95db82653717e2a status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.x86 id: auto-7f70e43b9727acef226e0a1a29c7be0ac7e9706063ad7b6edb983180bcbadd9f status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.mips id: auto-a31cd53fc37207d067b7ea2d7c8d7ca93daec84e7e80c62254517d480aafe394 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.arm5 id: auto-914924220baffbf03fd40abb4a084497f32c5c5a84d345df2f80b0c393e97764 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.ppc id: auto-b85be5b19b91bb971c27791519a062346817ff5ab8598c9853658d24d8993c39 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.arm6 id: auto-1645c11ecc146a9c2a5a1d1be3f7a6f888889539d1d2eb5892b8e1e29aca5d50 status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.221.40/bins/byte.mpsl id: auto-34dfe69b547f4811a9b9f127c023d2060858739da19b4b55d1a403380b3c6bfb status: experimental description: Detects traffic or activity related to http://5.175.221.40/bins/byte.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.221.40/bins/byte.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.38.104.63/bins/DEMONS.mips id: auto-00f7016ec1a88b94725e87dafeb3ebfa4d9222af3bcfd2536c49e9149d249ff9 status: experimental description: Detects traffic or activity related to http://209.38.104.63/bins/DEMONS.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.38.104.63/bins/DEMONS.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.arm7 id: auto-9d671e514f51241d1f7eaf30e6dfe5fbf3828fa4238432f5321638173267d039 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.m68k id: auto-18ccca8385dc9744be25cb17f8f976e4830e78e1572e0083d1d653eacc82f673 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.arm5 id: auto-5da81a5b9b694057645aac22d6fa065fb4c7bee1281b457e5d0540535a9eb792 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.arm id: auto-1939048a7b9269e36226bbfcb41f451bc6f0aa885a7303320c4b3c866a561b09 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.x86 id: auto-d28f1a3261a3911f2610d2a1f6b748b1b923a4a2886fd945374ac63ec4aface7 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/start.sh id: auto-4bc38c76e15d337b02e7f67e37fae7bc57c839450f403254abf3a6c716ffabf0 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/start.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/start.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.sh4 id: auto-7b30a0fd4bdf930ff95aded6ed9bef5465fc36b565ee659027c8f2b9c0dbc251 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/wget.sh id: auto-544e388caf59356d27df5d34677aeebd7ac5d3efa48a8c4c858b1545bc0262ec status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/wget.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.ppc id: auto-a4421e4aee553c5546ca97584eac0b54a6362fd8eccf0ac471bffff484c9c9c9 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.mips id: auto-fca2434a21275e376a4858bde80fa2fe49147530c5fca2751622bb41db5e07d9 status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.arm6 id: auto-fd6c2ebf7f877707901bc4dc6834c852e4a6a32c7f13f8850fce9e985aa9eeca status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.32.162.76/bins/Leyn.mpsl id: auto-1852f4baa80599c813a59eaf3a2c7dadaab46592cbff1046588541ab2bfdfc0b status: experimental description: Detects traffic or activity related to http://193.32.162.76/bins/Leyn.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.32.162.76/bins/Leyn.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:37946/i id: auto-241f1d63c5d9d11cf41c63cd18d38b314ee5c70c749667bf0903528e93e9c87f status: experimental description: Detects traffic or activity related to http://110.37.78.200:37946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:37946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:37946/bin.sh id: auto-99b587d41a8b11a64c17c08bc539fb1dba18933b99320df6c920f0d652112fae status: experimental description: Detects traffic or activity related to http://110.37.78.200:37946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:37946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8463396948/p2jKeFi.msi id: auto-f745d718bad076e064e92ab7f7d58e80c8edc3e41cf998fbe70fd1e3dc6f2bea status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8463396948/p2jKeFi.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8463396948/p2jKeFi.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/it.vbs id: auto-aa94ac6db818a809ccbf8f7154b6491edb7130a4f69276a4024e6d2323ade41a status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/it.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/it.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/CromeSecurityUpdate_software_revision_build_1311_x86_x64.exe id: auto-9e4d433f7fceabd3482048ed1a93570d4313f71004e28c61d592cca5e66db195 status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/CromeSecurityUpdate_software_revision_build_1311_x86_x64.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/CromeSecurityUpdate_software_revision_build_1311_x86_x64.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater2.vbs id: auto-85b488b7b978b6581dcde3435a37aec83407573de0b90783676db5c894cf23b5 status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater2.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater2.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/98.vbs id: auto-470b85134839f43e144f195f3ec707761371588b5b249cee1d1c88157a6120af status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/98.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/98.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater.vbs id: auto-8ec68ac120ab0c7a4ad7374bc17f12ff29d00dcdb750a052d67960a19196febd status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fastball.in.net/Go88.apk id: auto-2974f294534aff719eb18b0d208a4bb44521ec081bae168e1c1fe30688e1e1fd status: experimental description: Detects traffic or activity related to https://fastball.in.net/Go88.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fastball.in.net/Go88.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater4.vbs id: auto-cc01ec64ba79cbd36994b4aaa484dc9d3c7c4bac3c48702420930de0f91e74ce status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater4.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater4.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater3.vbs id: auto-8f8d71f4bad82c89327d4e1fdaa6e5c9da5e316976c3ddcab7be850af3d99b12 status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater3.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater3.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater1.vbs id: auto-203c81d3bc451b0b40deac0f5fb6c4c78aada8571e5976be53940b284881a494 status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater1.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/updater1.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/us.vbs id: auto-d7d87e8505845e3349cf68215d1c9bb922ad843a9aa04b5c831c5d6593fd0a85 status: experimental description: Detects traffic or activity related to https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/us.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/e70412150-del/fullinfonedameee/releases/download/23456465/us.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.10.64.72:42971/bin.sh id: auto-be56ed7986d50885f87b577493cf07eb1750d311cb3d8b88f1734c00ade25e1b status: experimental description: Detects traffic or activity related to http://27.10.64.72:42971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.10.64.72:42971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/armhf id: auto-0b8d1b850d7bab1a96d1d4f1d717b2f67e334e7d3354cc414b0852f3d7010d73 status: experimental description: Detects traffic or activity related to http://208.84.101.162/armhf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/armhf*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/arm7 id: auto-c92de4c8c2368f6e4425c2ccc0226bd4edf3a18c20cd3a651b6d28ca21124458 status: experimental description: Detects traffic or activity related to http://208.84.101.162/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/arm id: auto-2f0356a53d0dc6b7b45bfb4b4934a11ebc359cf57b3b732356d7a16f81ef57ce status: experimental description: Detects traffic or activity related to http://208.84.101.162/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/aarch64 id: auto-ef014acca858e379def2932a18a8cf471141d6e576f247c1e5680e327f1dfa7e status: experimental description: Detects traffic or activity related to http://208.84.101.162/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/m68k id: auto-1751859d5dc187778130361b1c0d8c28277e40774fd14862f2153bfdbacac4c0 status: experimental description: Detects traffic or activity related to http://208.84.101.162/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/sh4 id: auto-de9fd3898137f71d76b355cec2780d4f1d150f402a17fbe8eb3f11e9aed9da54 status: experimental description: Detects traffic or activity related to http://208.84.101.162/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/sparc id: auto-a80bc7512c15aba877f14819bc239e1f1b552aed2434186464b3ac3eee8cda76 status: experimental description: Detects traffic or activity related to http://208.84.101.162/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/mips id: auto-9a03f2b59ffd035d5e25255aaf37d19b6982c5cf901ff62982d3e6237370e204 status: experimental description: Detects traffic or activity related to http://208.84.101.162/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/ppc id: auto-d995f95433a2258dbdf1bd1b41a79e5c631aef5c22749a260f3ccd985e5f650b status: experimental description: Detects traffic or activity related to http://208.84.101.162/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/x86_64 id: auto-bc085cf870c0b226cfecf7677d4c91d64598f5015a411bb4e182e37a724fad2d status: experimental description: Detects traffic or activity related to http://208.84.101.162/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/powerpc64 id: auto-a3c678a0ce9a1673d6418d8cb7203180d7aa7a1f0eefe01ccc4dae84d85ddd56 status: experimental description: Detects traffic or activity related to http://208.84.101.162/powerpc64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/powerpc64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/i686 id: auto-4c56ab5ac41ff7d5d230404d7f70b12f8b788ed0323f4b3d2e1f5507a4ea0272 status: experimental description: Detects traffic or activity related to http://208.84.101.162/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/x86 id: auto-57dcd9448cfb902fcd70bb0a97af7d2a1202e30585de43a4541e2656a505cc82 status: experimental description: Detects traffic or activity related to http://208.84.101.162/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/cat.sh id: auto-39cc7532e95c403ec7f5ea46e4dfd88c1fa637ef6162238a62aaf8c750eb5913 status: experimental description: Detects traffic or activity related to http://208.84.101.162/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.arc id: auto-9c42ce128a8e45a4c4cb0f34ae02a69d477d0fbfe580dc2f0fb09afc64e93aa0 status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.ppc id: auto-7e923894b73acbe48b489e78162bf4024f837a343e5d878203c633856aca52e5 status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.m68k id: auto-e8af904052ab9ff0793f3ae95ed08e35bcba3d79e59b5fc799301a50ddd810ee status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/sh id: auto-352598f5a6219f1a0c59d19743ff6afb7c0aa8ce4c9bcd3af4c2ef3fb25d688c status: experimental description: Detects traffic or activity related to http://198.144.189.70/sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.sh4 id: auto-bddb8f3a69f6bcaea75a3de84c635c49d6a214019518b70f01357bf9d2777f0d status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.arm6 id: auto-d220f9165ee7a522f12f977879d1b3834edc6d9e8835fa9e18e28ce4b187708c status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.x86 id: auto-9db9c71cc05cae7e0c60627e3cc125ac97b6ba246532fbd8fbbb255671e5175d status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.arm5 id: auto-b515383040a91686b126470c1c06980c7e0351a919c3f5a1e67a97c0c6fe13bd status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.spc id: auto-5e53374022a6cf1748901a353e7a51abbec2978fad257997a8f50ffebd3901f1 status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/re id: auto-ddc93e5d37a9d3a7b40782802adc7509b3f8c6b1b6e15f3dc7ced041007819d0 status: experimental description: Detects traffic or activity related to http://198.144.189.70/re which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/re*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.mpsl id: auto-7251171ba9cd31574ed89774991766a0a4cbe8f9fb9368e704ea68d29e58ebe7 status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.arm id: auto-1e9b57c640deaaccc9aca1cc9cb884ad1b41a2efc0086dc2645ed734a66e1eef status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.arm7 id: auto-df733e00b48710004a5d72bb8021900171a1dfdf22c00adb68da684061d46670 status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8536096438/TS4d2oo.exe id: auto-c66ee85eec4894f8445b77438ddd83de6df9d2a0bd4fdfdc7848ac7f748be961 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8536096438/TS4d2oo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8536096438/TS4d2oo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.91.153:47450/i id: auto-0d1e7f09a285f276f5e17a035c2786e26b67ef8f4078f3f89eb99f61c477c927 status: experimental description: Detects traffic or activity related to http://175.150.91.153:47450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.91.153:47450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7818839633/8Ub7bbm.exe id: auto-aafcb73b418e2f139a8cfdff925a1b4d3a416ab870a0bdc9cb9930395d2ef295 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7818839633/8Ub7bbm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7818839633/8Ub7bbm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.175.74:47605/i id: auto-fdd501c76a14bf689849eba06f7ec57b01e78e83b13b8ccc057eb348db1825fd status: experimental description: Detects traffic or activity related to http://222.137.175.74:47605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.175.74:47605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.123.26:32923/i id: auto-db27cb62db330f70c03b246d2439d56298de83ed1804cfa7c034a9d1d5777447 status: experimental description: Detects traffic or activity related to http://117.192.123.26:32923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.123.26:32923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.123.26:32923/bin.sh id: auto-ec89044f3dfc65c4d140422dad3a87898c41edd3d13d61b819ba3c0efdac969d status: experimental description: Detects traffic or activity related to http://117.192.123.26:32923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.123.26:32923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.150.213:45595/i id: auto-d7fbd5b72f8d41f66d8ce97062c8b2f8e9d10c9a1640be45d50a594c8367f090 status: experimental description: Detects traffic or activity related to http://42.224.150.213:45595/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.150.213:45595/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.22.148:56076/bin.sh id: auto-27642e3995447876d1a90c06f3a464e8bcc9100d862116df95f29ab0d01be4b5 status: experimental description: Detects traffic or activity related to http://123.12.22.148:56076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.22.148:56076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.55.25:36056/i id: auto-e0c19c772e37ff638a2d2456eeee692afea68cee5c64c6c04304046bd9b31434 status: experimental description: Detects traffic or activity related to http://117.216.55.25:36056/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.55.25:36056/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.243.187:58576/i id: auto-5930b17034d819c010c13a0f5c6d09d6b97d2336a361658882e2fb34d45bd75a status: experimental description: Detects traffic or activity related to http://115.57.243.187:58576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.243.187:58576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.158.92:45081/i id: auto-d437556f2a66a34776ea159b92c2b9bd0934c62e50a78ecf01a9b10206324798 status: experimental description: Detects traffic or activity related to http://175.148.158.92:45081/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.158.92:45081/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.150.213:45595/bin.sh id: auto-463c7d31a7e5df4d10c8d210f8da45198e0f992694e30170cb9e430a670d671e status: experimental description: Detects traffic or activity related to http://42.224.150.213:45595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.150.213:45595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500 id: auto-703cf199bf8b3816029c4ac0ea8caf878e2d0045bb8ec97a4743e10316c125c6 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/networked-transform-sync-srv13/lightweight-ecs-500*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.158.92:45081/bin.sh id: auto-ce6a050b07fbfc1d10aba1ec6459e7d1cb685596e7f148403d28548de9c5b885 status: experimental description: Detects traffic or activity related to http://175.148.158.92:45081/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.158.92:45081/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.243.187:58576/bin.sh id: auto-889891ade9a6dd58c8317f60012a5216c445f83bcb6021e73b99aa6f694975b8 status: experimental description: Detects traffic or activity related to http://115.57.243.187:58576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.243.187:58576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.209.80:47869/i id: auto-553ce3c5d3b0ad397818f10767ad56ebaf55d54fe447ab8073572156c0585656 status: experimental description: Detects traffic or activity related to http://42.58.209.80:47869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.209.80:47869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.30.44:47744/i id: auto-000e0e95f4ecfaad993ddae772affbba06ee8197f2fb4fff0690466e671b5ec3 status: experimental description: Detects traffic or activity related to http://182.112.30.44:47744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.30.44:47744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.239.2:44661/i id: auto-91b8322d7a4f665a73f2b3990c1a8fa13f2141e988979e4f93a95e46f725e6f1 status: experimental description: Detects traffic or activity related to http://59.88.239.2:44661/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.239.2:44661/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.20.220:42397/i id: auto-c3cf85cde8b1c41d7afc8187bb447ec058bccab92c82dfecf6d0003b41592af6 status: experimental description: Detects traffic or activity related to http://221.15.20.220:42397/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.20.220:42397/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.139.229:43569/bin.sh id: auto-3947fbbb5239748f0ce7ead897108d474baaccd3de59479a47a6a3b65a419543 status: experimental description: Detects traffic or activity related to http://113.236.139.229:43569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.139.229:43569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.239.2:44661/bin.sh id: auto-efbe86f565cce1e58b3e75e0bce930525004dd8a5d09b0c0c1d4f41c66f45864 status: experimental description: Detects traffic or activity related to http://59.88.239.2:44661/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.239.2:44661/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7799503374/4iCBIJO.exe id: auto-8b6af7e6befe03ee24384161a98141646f57f55ea359aca2d7bc040de14eca07 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7799503374/4iCBIJO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7799503374/4iCBIJO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.17.173:36376/bin.sh id: auto-e4d77680d38f65a28efb57f22f5f04a13920c86bdfbb85621499b8a297a04ac0 status: experimental description: Detects traffic or activity related to http://182.121.17.173:36376/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.17.173:36376/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.20.220:42397/bin.sh id: auto-a047ee7ee0c9e125730ae6f12fe77aaf7bea6e41516595c1a3969cfb64e60bec status: experimental description: Detects traffic or activity related to http://221.15.20.220:42397/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.20.220:42397/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.227.67:33486/i id: auto-28d7ce4ab4f2ff5ec8f9214a997e6790c73bd6d9440f8f19621c1211e1305b2c status: experimental description: Detects traffic or activity related to http://1.181.227.67:33486/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.227.67:33486/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.252.67:45034/i id: auto-02881d24c015082d53187a24fc5863bf9302eb68d072cd512c97ff6c6591d1c5 status: experimental description: Detects traffic or activity related to http://115.55.252.67:45034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.252.67:45034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6891704441/GKN3jQ5.exe id: auto-a6f18d05019554e838a6584cc1446dd79d50115641b1d9677523495134b4f089 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6891704441/GKN3jQ5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6891704441/GKN3jQ5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.106.115:49220/bin.sh id: auto-3730784e48fde23e068831296224b6faf30a1a5146a21d7c6cc81ec85e2070f2 status: experimental description: Detects traffic or activity related to http://5.59.106.115:49220/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.106.115:49220/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.169.197:50858/i id: auto-298aaf51807569d6e0bc1090f6f3c36d17775dbc67e4edf82ca7fe0a4e9959b8 status: experimental description: Detects traffic or activity related to http://60.22.169.197:50858/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.169.197:50858/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.252.67:45034/bin.sh id: auto-f76422f6f64f6842524515040eb6583844caf4130dd5ee8d3ae298c9d6090aff status: experimental description: Detects traffic or activity related to http://115.55.252.67:45034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.252.67:45034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.189.204:46990/bin.sh id: auto-4ec375301a213342ce2ce40356c502fdd77c7113ccd08669bd398d475998958f status: experimental description: Detects traffic or activity related to http://42.239.189.204:46990/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.189.204:46990/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.169.197:50858/bin.sh id: auto-a1cd01483efebd1f2b5d7edfb3e4df5c9eacfce5eb8b611edd850971d52def82 status: experimental description: Detects traffic or activity related to http://60.22.169.197:50858/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.169.197:50858/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5610404380/bf9wnaz.exe id: auto-b6a15ca4e581b456a5b930073211e89a76161441c64259f7606868926daae462 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5610404380/bf9wnaz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5610404380/bf9wnaz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.62.52:48445/bin.sh id: auto-52596bb58bf9ab5cea8633d2baf360b9427e835d982b4a59c721d6cc121c2f9d status: experimental description: Detects traffic or activity related to http://115.55.62.52:48445/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.62.52:48445/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.195.99:59972/i id: auto-425aa439dd6553e957ef75c6d531becdda1c39607de204fa9f093ca04acfa3d3 status: experimental description: Detects traffic or activity related to http://42.224.195.99:59972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.195.99:59972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.66.113:53794/bin.sh id: auto-66c496e4653e036d621fbd27e42e980135a3dc2b75154b0e5479e52fbef2324c status: experimental description: Detects traffic or activity related to http://42.238.66.113:53794/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.66.113:53794/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6910114762/ZzP9eWD.exe id: auto-7a830c352d7af4002491ae3fb5d8fa3c632171f571dc379102c7009b20519414 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6910114762/ZzP9eWD.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6910114762/ZzP9eWD.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/RZr3IyV.exe id: auto-54fa28d03e03d1e7c2a247ba504de4d9c2f7ec6015ad8905c032d52798ced215 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/RZr3IyV.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/RZr3IyV.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.72.178.246:4848/02.08.2022.exe id: auto-f469d0f6052312217e4557e2c416606cb88f5fa2ceb79797639c363db952279e status: experimental description: Detects traffic or activity related to http://117.72.178.246:4848/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.72.178.246:4848/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.139.50.42/02.08.2022.exe id: auto-fc00ac009dcb9dfd5f56ca3c8efaf229eef3f7a8f302ab7c473282669a04fc76 status: experimental description: Detects traffic or activity related to http://43.139.50.42/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.139.50.42/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.196.41.201:30001/02.08.2022.exe id: auto-a59c9d2157937d28dea83d062274f638958ace7e8aca05b6a7537937fdae0b01 status: experimental description: Detects traffic or activity related to http://139.196.41.201:30001/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.196.41.201:30001/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.195.99:59972/bin.sh id: auto-b159c5df8a2f173865f24c48de17b0e8b6c8d2245ac7416c2ca71f1b60d7ead3 status: experimental description: Detects traffic or activity related to http://42.224.195.99:59972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.195.99:59972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.114.82:2000/sshd id: auto-0511bb40a3e212daa887909bb1d3fe578a26c85b4c967e52f240b54d3d016286 status: experimental description: Detects traffic or activity related to http://59.182.114.82:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.114.82:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.168.40.172:85/sshd id: auto-7c41ef8a3f92fc908d4be707c973cbcd3fe7a0f85610172ba244192b9e058dcf status: experimental description: Detects traffic or activity related to http://101.168.40.172:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.168.40.172:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.22.183.176:8081/sshd id: auto-c10fc2c22c7c00a52ffec1e73ce7ba366671b25418e8ca290fde04232f530c6a status: experimental description: Detects traffic or activity related to http://123.22.183.176:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.22.183.176:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.180.217.55:8080/sshd id: auto-2ce404dc03d9a931ea9a2e1fce0e6790dcee347a60219283c1795555dccbbd72 status: experimental description: Detects traffic or activity related to http://14.180.217.55:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.180.217.55:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.185.73.157/sshd id: auto-1d703ac93a431ff67d7c44dd8a3774410f58baa45a3266a2c3368e3bc2a66a40 status: experimental description: Detects traffic or activity related to http://14.185.73.157/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.185.73.157/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.106.67:9301/sshd id: auto-5c602b94bd1f1b5058189eba1ff28337863b2e2b27b71bd5be4d286721f7c3cd status: experimental description: Detects traffic or activity related to http://178.50.106.67:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.106.67:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.103.167.211/sshd id: auto-02ba8622e4f1d41136022d469c531e0b985065dca1c7c0291b73ce3068beb2fd status: experimental description: Detects traffic or activity related to http://116.103.167.211/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.103.167.211/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.184.195.152:1188/i id: auto-a340d0898d754a73a81af893bb3fcc3a92a6b37dd69aaeb9b522e56afbd7b114 status: experimental description: Detects traffic or activity related to http://124.184.195.152:1188/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.184.195.152:1188/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.170.166.44:8054/i id: auto-12f86be2cf8d261b7d7e4924ac12664099ab126e1dc17a95f6f5db7335f8670a status: experimental description: Detects traffic or activity related to http://1.170.166.44:8054/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.170.166.44:8054/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.135.60.25:22977/i id: auto-0732dd6c5fd9d28d767c2049d90cc1cec599f44b8b5f7a756b1b9db5525e55c5 status: experimental description: Detects traffic or activity related to http://178.135.60.25:22977/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.135.60.25:22977/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.35.160.239:60609/i id: auto-302bbb1126ebdeb421bf03a10367751158d63f5d7db4584ccfb2e60a11900fbe status: experimental description: Detects traffic or activity related to http://36.35.160.239:60609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.35.160.239:60609/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.173.156.128:8080/sshd id: auto-3c42aab0fcc30b201220bbfd3ec61f52a3f017d791cef27c5dc469f90f3ee78c status: experimental description: Detects traffic or activity related to http://152.173.156.128:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.173.156.128:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.144.97/sshd id: auto-63a4b3c4344773c4ee3c9253f4d5920f940fecd55e32d99b2758ef9a54a45f73 status: experimental description: Detects traffic or activity related to http://83.224.144.97/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.144.97/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.149.99.231:39991/i id: auto-28981de6ed3ef75dd08fd7580fb5c6e61d7ccc699e197e892dc1231f87e18a40 status: experimental description: Detects traffic or activity related to http://121.149.99.231:39991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.149.99.231:39991/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.181.249.10:8080/sshd id: auto-3f84014c5bfce9274e615ff19605a91b8215b8ae802c90a95fef91c3ae5545e0 status: experimental description: Detects traffic or activity related to http://77.181.249.10:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.181.249.10:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75 id: auto-e383bc3ad63e75a424f5f9172aed2d7b13743f40c9843912a9fa61367e2da1db status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/inc-meme-clock57/blade75*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.46.253:51802/i id: auto-0616ea98dc527925f91b98a1203a50a3f26b94fcc195d65e29cd9041332ffa8a status: experimental description: Detects traffic or activity related to http://60.161.46.253:51802/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.46.253:51802/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.181.53:54408/i id: auto-ccd9e84fa29d9969bb60d32e39e103d519df686d1857c18a184874e2e22644ac status: experimental description: Detects traffic or activity related to http://117.254.181.53:54408/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.181.53:54408/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7972786482/3gFrSjy.exe id: auto-4bed8d459e7547dae77f49af329a59264c80d14b657a792130f25dc48b75006e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7972786482/3gFrSjy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7972786482/3gFrSjy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink id: auto-454ad957000e7f67752353985ec0a18f9d5d9f517e4f11bf5602f4055a57afff status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/pink*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.213.106:57812/bin.sh id: auto-4f5a81fed59d32f5723c92454e353379a8ff2f00f4306067a58db113cb818c66 status: experimental description: Detects traffic or activity related to http://222.137.213.106:57812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.213.106:57812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6817977673/FSqGXMX.exe id: auto-6e83cb76c2b0d16716a8a503eb6991421eabb2977bec470e3ddc0faacfeab036 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6817977673/FSqGXMX.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6817977673/FSqGXMX.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.46.253:51802/bin.sh id: auto-fbd3d54f35f009cbaa2a92c513b9b66e7cd9ee40cef6b43b12b24d213b2b96d4 status: experimental description: Detects traffic or activity related to http://60.161.46.253:51802/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.46.253:51802/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.181.53:54408/bin.sh id: auto-6bcbecda13cb8ed350a0b057797ebd097e58c9573440d4ae9e89a62c12c0e3d7 status: experimental description: Detects traffic or activity related to http://117.254.181.53:54408/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.181.53:54408/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7679981030/f3QakLp.exe id: auto-205663c38291cb8ba7b93a32b9d534795c55be6952e8215d09e67ac6be3cbc95 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7679981030/f3QakLp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7679981030/f3QakLp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.116.245:37513/i id: auto-cf23fbc63fd4a867d7ac61a550a53ef95be72969aa73af90d30fb10cd55e70b3 status: experimental description: Detects traffic or activity related to http://182.116.116.245:37513/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.116.245:37513/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5289122063/PgyMLOD.exe id: auto-7ed90009192bc93b5450f73263016207159daa515a71ff01fe04a4ba99cb4253 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5289122063/PgyMLOD.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5289122063/PgyMLOD.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.30.138:57110/bin.sh id: auto-d3ccc7d5e69a3162223a1a657cd939eefc985db625e76483f773fdec646a27e8 status: experimental description: Detects traffic or activity related to http://117.206.30.138:57110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.30.138:57110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.116.245:37513/bin.sh id: auto-6341aebc0a05d802c16e7db2f37a9fe13e02cd0ffe32934d8e21756b4bca4498 status: experimental description: Detects traffic or activity related to http://182.116.116.245:37513/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.116.245:37513/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/b id: auto-8deda219efa10341b3f219f2c8bfd1412f5c4edf926ef491418674038e9a4f2a status: experimental description: Detects traffic or activity related to http://198.144.189.70/b which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/b*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/a id: auto-96b86209812205db56379486a4e5e9e8106bc23fc754d61150d4d31ed6db032d status: experimental description: Detects traffic or activity related to http://198.144.189.70/a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.144.189.70/kvariant.mips id: auto-9500afcf9b48f1b0e25123d3cc4d6e99a7596bfddfe555c02a602c362448fb1b status: experimental description: Detects traffic or activity related to http://198.144.189.70/kvariant.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.144.189.70/kvariant.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.10.64.72:42971/i id: auto-a37bf6f6b2bd1b9b54917c21080223441ac2ac705173a50ebc9a0e9df293d973 status: experimental description: Detects traffic or activity related to http://27.10.64.72:42971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.10.64.72:42971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.9.42:40289/bin.sh id: auto-18cf6633a59ac2365dec5301b3b4cb3de9db109cdc8a53c42e252c6691d838bd status: experimental description: Detects traffic or activity related to http://42.5.9.42:40289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.9.42:40289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.213.165:54223/i id: auto-9a8df43fb8c0177b3415904e05a567b0bb78687a5699388a867ff2b124f2d8ab status: experimental description: Detects traffic or activity related to http://115.50.213.165:54223/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.213.165:54223/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.211:36757/i id: auto-8948e46d3ffab5c169ddc7015621259eb59862643fbb938aa49d8dcb7e478050 status: experimental description: Detects traffic or activity related to http://117.209.88.211:36757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.211:36757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.119.112:52520/i id: auto-7b2c55ab1123976112e65457b30147dcf0b0173730cca13df5843c79bb884231 status: experimental description: Detects traffic or activity related to http://42.4.119.112:52520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.119.112:52520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.205.243:40093/bin.sh id: auto-aa15eb63aa366b4e7bf175da5bcbeeff71fdcd61b5506e17d065304d3aaab93c status: experimental description: Detects traffic or activity related to http://175.146.205.243:40093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.205.243:40093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.127.2:44353/i id: auto-2a55d2c4278aeabf4841b1eb787fb40fac185b1d6d683f106b2758b6afbfb54b status: experimental description: Detects traffic or activity related to http://27.215.127.2:44353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.127.2:44353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.127.2:44353/bin.sh id: auto-652cc6c8fe74ca11cfb4baa3c3eba1b4b3ea310420415cef7ca37a24333c5941 status: experimental description: Detects traffic or activity related to http://27.215.127.2:44353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.127.2:44353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.119.112:52520/bin.sh id: auto-d52a379c11e70093e96d050fd141ace89e9fa4d9468e00feadeb4378b529b56c status: experimental description: Detects traffic or activity related to http://42.4.119.112:52520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.119.112:52520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.22.148:56076/i id: auto-8a2a5609bc5c85f361e1ed0f48178657168fdb909400ef32ce7ecbad8e565080 status: experimental description: Detects traffic or activity related to http://123.12.22.148:56076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.22.148:56076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://96.66.24.241:50125/bin.sh id: auto-cd41b4d0a42637923cd4d6dba45a7d69b59ce6f9d69733007689d7039dbe7980 status: experimental description: Detects traffic or activity related to http://96.66.24.241:50125/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://96.66.24.241:50125/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.26.120:41832/i id: auto-a16d74360ab7e15aed811be9a0e190d87c16c7df0b20ae54800f307d51892fa1 status: experimental description: Detects traffic or activity related to http://123.8.26.120:41832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.26.120:41832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.94.125:36600/i id: auto-79489c325fb899822769a764d592bb98cca17e05e18dab407ef2fc01887fce02 status: experimental description: Detects traffic or activity related to http://59.182.94.125:36600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.94.125:36600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2 id: auto-0d9b3eb5ac8ba292f33c01565f4a4688c1013b57132189eb45abcf7fa2c8449c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/brave2*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.213.106:57812/i id: auto-55efb7a298ec7ddcee0959a055465e0ff9b7907db86013894444ec232e68b219 status: experimental description: Detects traffic or activity related to http://222.137.213.106:57812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.213.106:57812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.149:53896/i id: auto-1087e7abf9bbb3a509ef205951a7a09f252f7c0385891814c6f8ebc9dd9ee36c status: experimental description: Detects traffic or activity related to http://181.103.0.149:53896/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.149:53896/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.225.43:45414/i id: auto-c401a729ef335447dc6cc461d083867f4805a075f8cc2c4bec1453efafe50bac status: experimental description: Detects traffic or activity related to http://42.59.225.43:45414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.225.43:45414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.94.125:36600/bin.sh id: auto-85352a48ab1d06855fe2b88d0fbfac2b5c486721c5603083ecc902249be9a43a status: experimental description: Detects traffic or activity related to http://59.182.94.125:36600/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.94.125:36600/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.26.120:41832/bin.sh id: auto-fe6f017c5525aafed65f6c89848aaa320e8b022ae2af35e7d0be27db451230c6 status: experimental description: Detects traffic or activity related to http://123.8.26.120:41832/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.26.120:41832/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.209.50:35442/i id: auto-2b8e3530c9bc4cfb5d2f8e166777529cc29ff5c51448bca1e31e52fd3e0d0ba8 status: experimental description: Detects traffic or activity related to http://125.41.209.50:35442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.209.50:35442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.24.150:45112/i id: auto-3170f90ede6000888db87bbcf4683f99004693b7346310981cfe1f00ff5f25bf status: experimental description: Detects traffic or activity related to http://175.148.24.150:45112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.24.150:45112/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.209.50:35442/bin.sh id: auto-0a489a8c8761bf2bb2c1f4ac65802afdacb9db0900044b5ea722ffbf4cca2e08 status: experimental description: Detects traffic or activity related to http://125.41.209.50:35442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.209.50:35442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://osn.lunxe.live/zap.zip id: auto-83056e05670c8ceb51a27c8e5b2bca7bd6945abb25a1eaba1f42e01133db4cda status: experimental description: Detects traffic or activity related to https://osn.lunxe.live/zap.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://osn.lunxe.live/zap.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.178.37:33924/i id: auto-7f764ada8ddd9bae28a47f62d46ae814c33717b03c08bf823437f2dc146f1803 status: experimental description: Detects traffic or activity related to http://175.150.178.37:33924/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.178.37:33924/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.113.97:44175/bin.sh id: auto-5bff1ba4c1a59a9a20aafc6395204d9209397da393093b476ea69f1af7cc05c8 status: experimental description: Detects traffic or activity related to http://27.37.113.97:44175/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.113.97:44175/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.178.37:33924/bin.sh id: auto-d18b40798633249890ec732620e1982005a1e8471ebb31087b22023372b78d76 status: experimental description: Detects traffic or activity related to http://175.150.178.37:33924/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.178.37:33924/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.17.222:49452/bin.sh id: auto-b4be773b8615b29e6f606ae711ce5d16e639f654ae9cf19fc12282bf7ac88991 status: experimental description: Detects traffic or activity related to http://175.175.17.222:49452/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.17.222:49452/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_x86 id: auto-5808ed240ff1c1fb3e17ddd43be63923e43c6168c4466d136e04fe57a3c0f2fd status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_arm id: auto-7bed6aa47058eb25e14d974e66ad2216f590db6d58181670828287e048c44407 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.3.227:45707/i id: auto-1fc2403ce1014ac710b4ad5fa34c353dfee83ed021360c44093cce503694cae0 status: experimental description: Detects traffic or activity related to http://125.41.3.227:45707/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.3.227:45707/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.247.154.220:51981/i id: auto-fa8d98047946383fc4a63ce9b2222039eae129da3d128542450f347d31f0bea8 status: experimental description: Detects traffic or activity related to http://182.247.154.220:51981/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.247.154.220:51981/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.81.195:60584/i id: auto-11be6178974509930e6d451d345d9262bf3d56a2a7cac8509182c71f50c74201 status: experimental description: Detects traffic or activity related to http://39.74.81.195:60584/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.81.195:60584/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.100:58485/i id: auto-e9f375cc90074026f6c4b181a84e4ed08f0bac05547a9315763c705113b45cb6 status: experimental description: Detects traffic or activity related to http://59.97.252.100:58485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.100:58485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.81.195:60584/bin.sh id: auto-2f4eda281ff2cd54528f3a41452ebbca2102657e75dc86955f8b2cbc8487adc5 status: experimental description: Detects traffic or activity related to http://39.74.81.195:60584/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.81.195:60584/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.100:58485/bin.sh id: auto-4a8aa8d2be80bced0f2479277f1c2c155bf60d45ee27946cc197e0b798a3aecd status: experimental description: Detects traffic or activity related to http://59.97.252.100:58485/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.100:58485/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.224.25:50834/i id: auto-c2fc37e5d17bff55cdba40c8ff16a16a3d63b9094875fe6141f1fab770d8d784 status: experimental description: Detects traffic or activity related to http://61.1.224.25:50834/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.224.25:50834/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.154.162:53265/i id: auto-09a3fe565deaf93e5229deff671fb1b35d5e22fe75be8f715ff46bdd7f5f3bea status: experimental description: Detects traffic or activity related to http://42.234.154.162:53265/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.154.162:53265/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.44:44973/i id: auto-b488d775985a1c06ea0256d48dd5335a109de92e55045020bdf9ea9a6c6bbf8c status: experimental description: Detects traffic or activity related to http://59.97.182.44:44973/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.44:44973/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.44:44973/bin.sh id: auto-a5284d65cd4e9c761e7e1f78d19287a34b122d52f486201b2fdedda54dc92ebe status: experimental description: Detects traffic or activity related to http://59.97.182.44:44973/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.44:44973/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.3.227:45707/bin.sh id: auto-57f2b9e14f8f5e83015119868c26659f76e0cbb9a897b52e06a8a17faea2ccbc status: experimental description: Detects traffic or activity related to http://125.41.3.227:45707/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.3.227:45707/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.175.138:51567/i id: auto-1f26cc48ad509f3a8eb3a81092701fcfebc11611d72586628765793e6391b094 status: experimental description: Detects traffic or activity related to http://182.121.175.138:51567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.175.138:51567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.224.25:50834/bin.sh id: auto-4b9f0b77254b6d3df50acc22c720d55198832ed454a6404557710fb58e39e494 status: experimental description: Detects traffic or activity related to http://61.1.224.25:50834/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.224.25:50834/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.213.131:34349/i id: auto-06e1c3e975c87029bb457025bfa7ccab2ec2b1bf9d0159b39ca5a45d5b52d451 status: experimental description: Detects traffic or activity related to http://117.215.213.131:34349/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.213.131:34349/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.151.197:49355/bin.sh id: auto-f8899d2019702b76a6b683f2c98b1e40175d728d486fc0584afe902f93872c17 status: experimental description: Detects traffic or activity related to http://108.170.151.197:49355/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.151.197:49355/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.213.131:34349/bin.sh id: auto-443d2e6dce0353da1db19b888049b8eb4bcb8f7a8e2ccfe7d11bfd159fe0ae4d status: experimental description: Detects traffic or activity related to http://117.215.213.131:34349/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.213.131:34349/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.134:53711/i id: auto-3c1aad9ae7d147ca2bfd4c1d86bb96b1ab8ab1e3f46f1d9e8f2f6f7a4d07bbd3 status: experimental description: Detects traffic or activity related to http://117.209.88.134:53711/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.134:53711/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.245.201:33214/i id: auto-dd487e7f305e765ab3d47b663151bd5e8d5e053e3b25db7fdabef81e53975eff status: experimental description: Detects traffic or activity related to http://123.14.245.201:33214/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.245.201:33214/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.80.159:37071/i id: auto-d348a51b520473a3a8f3b95c62af3a7f5bcdac392270dae2e19202044bf2940c status: experimental description: Detects traffic or activity related to http://59.95.80.159:37071/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.80.159:37071/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.232.149:44751/i id: auto-cc8d1d6979f4889c6c80746254bf91bfba92f272b795a338bae83835aa2144a8 status: experimental description: Detects traffic or activity related to http://59.88.232.149:44751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.232.149:44751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.240.152:56366/i id: auto-c756713ad8e8669404171a47427d5144389a8e2fb8918c9c513bbe9a25c9c88a status: experimental description: Detects traffic or activity related to http://115.49.240.152:56366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.240.152:56366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2 id: auto-2a68162932c639645c85cca60f62fda90f1fb74d64152eb1fcc5cce31adc7f75 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/grape2*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.232.149:44751/bin.sh id: auto-8c1d347a07a905c1eabccc0a0e899621176bb5471d14d1a5a76fbba8c3e70cff status: experimental description: Detects traffic or activity related to http://59.88.232.149:44751/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.232.149:44751/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.3.63:47369/i id: auto-4e56c0a3f26885cba74440ba255c9ad5ec35279be3269ca0e2c332817cac83ff status: experimental description: Detects traffic or activity related to http://125.40.3.63:47369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.3.63:47369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden id: auto-6cd59312543a0d8266e64e436e104ca34c3d6d824259b327c21b39e21ba61ccf status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/strict-knoll-interface/difficult-kitty-tp1/garden*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.240.152:56366/bin.sh id: auto-7a1e61ddff4d33d2cdfcc1d60c481cb9baf7fcdeb6553f2ec1b7e5748db75f31 status: experimental description: Detects traffic or activity related to http://115.49.240.152:56366/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.240.152:56366/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.89.34:54770/i id: auto-0b0cca1862feb968be4e99b2d235a04d67b2797796887562de893114ba2488f3 status: experimental description: Detects traffic or activity related to http://117.205.89.34:54770/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.89.34:54770/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.131/nuts/poop id: auto-4528a26007a55eed9828c5d529225bb44356fcc91999af31b8958d843795774c status: experimental description: Detects traffic or activity related to http://82.23.183.131/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.131/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.3.63:47369/bin.sh id: auto-aef12b45b39f7716b51c55cae95747a605d51fe9d8bd29eb3de16d0bc1115b43 status: experimental description: Detects traffic or activity related to http://125.40.3.63:47369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.3.63:47369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.92.198:50101/i id: auto-2d0dee9afd443bc464c514ed9a4093db42127c7320c8cda8dfc8d1984bfdcd42 status: experimental description: Detects traffic or activity related to http://219.155.92.198:50101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.92.198:50101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.60.161.184:63644/i id: auto-ca4ffb0d86138b05c9ad7ddb4598c6b3253957b570bd63a9dfa77e5bb7490d20 status: experimental description: Detects traffic or activity related to http://109.60.161.184:63644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.60.161.184:63644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.131.236:39679/i id: auto-2ec657cd27cc8a28e2433c6d32cdc94eb6962bde2721d9ca6f600a5542644c3a status: experimental description: Detects traffic or activity related to http://42.7.131.236:39679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.131.236:39679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.78.38:54675/bin.sh id: auto-7c5ac7e2147c1ab140e2782ebfac684d6bcc4b49c6e8eba21c5157d88cc01c3f status: experimental description: Detects traffic or activity related to http://119.115.78.38:54675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.78.38:54675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.92.198:50101/bin.sh id: auto-80b020dc689f4585d95d60ed7153df8841f9cc52113b8b31a62dc0e4a15dd2f0 status: experimental description: Detects traffic or activity related to http://219.155.92.198:50101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.92.198:50101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.60.161.184:63644/bin.sh id: auto-2424982b162b5d9c3b8f38b39eff9400325f7ef997e94f3c2b4c4fc070c31374 status: experimental description: Detects traffic or activity related to http://109.60.161.184:63644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.60.161.184:63644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.74.221:52998/i id: auto-f4f64c9988d7a04136a95964c49ffab4235b66b556dfe3e748f10a161eccf220 status: experimental description: Detects traffic or activity related to http://222.141.74.221:52998/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.74.221:52998/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.209.203:51310/i id: auto-342a6e529d2c0144190ebd6f1a09d89569d6319665379fea10f96e19a1f0100a status: experimental description: Detects traffic or activity related to http://27.217.209.203:51310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.209.203:51310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.75.46:48535/i id: auto-6668b3e5369070aa14f81aa921010c88dadfbba313528bb29007de924237446a status: experimental description: Detects traffic or activity related to http://123.11.75.46:48535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.75.46:48535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.39.36:40672/i id: auto-508df68337938def3f251b26018ab6495526181d69997ac7250135929d0f197f status: experimental description: Detects traffic or activity related to http://39.74.39.36:40672/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.39.36:40672/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.29.90:46001/i id: auto-4f835f60d2afe617c88a4e85bcd5a2e41fcf71e049bef8b2297acf7345bcc0c8 status: experimental description: Detects traffic or activity related to http://182.127.29.90:46001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.29.90:46001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.201.127:49120/i id: auto-ea3b5a26b9290a5e8e60f74f52646df67aff9fe1ebe9f2cffd1ea7c4c11b8c01 status: experimental description: Detects traffic or activity related to http://116.139.201.127:49120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.201.127:49120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.90.19.201:11137/i id: auto-ee2b56c7bbac1bafb614af9f06469fc8943db36e77b441290d18a807568163c7 status: experimental description: Detects traffic or activity related to http://176.90.19.201:11137/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.90.19.201:11137/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.74.221:52998/bin.sh id: auto-cf3cdfb90dea29cef8355aaa766e6507ec8abb49a58d0ce0a866b7218caee988 status: experimental description: Detects traffic or activity related to http://222.141.74.221:52998/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.74.221:52998/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.66.113:53794/i id: auto-6e7e6a1cbcd0647f0c795ef5ff3128d39011911b9c1dfd4afe58fa627ba01338 status: experimental description: Detects traffic or activity related to http://42.238.66.113:53794/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.66.113:53794/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.196.81:34539/i id: auto-3cfdd68d7fa35b989a9334d835324ed17410acb83f1bb465cfac00357585a423 status: experimental description: Detects traffic or activity related to http://61.53.196.81:34539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.196.81:34539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.255:54448/i id: auto-c245d30e5754126be617c97e848587f2560d247812bf84c0f857278dccd0ddaa status: experimental description: Detects traffic or activity related to http://115.56.146.255:54448/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.255:54448/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/mips id: auto-8f72a2eca91996287a1b6a193fba3c295aac09c8af9ae747ed805d1ccaa83ae5 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/x86 id: auto-7bdffd83e6c53a4cbad18388eed16affb7b708ce454739c0fcde31f820fe5885 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/mpsl id: auto-317ee5b7224506ca9d20acc753164c966cc5a56c5fc702edb631f18100b2debb status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/arm6 id: auto-b9e2bcd97e0daa18dad3bd4d563b82076bf3d1164c95d8c7143830cbc058f283 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/arm7 id: auto-3fc4af8ca50095c1c550f586d0a36ca63695136d9532ceaae67d3166b0fee105 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/arm5 id: auto-fb64652683fc37da9ccabee096fc9a4f7495b08515b4c7df5a71d603c1feaec0 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bb/wget.sh id: auto-eecea3714e0971b245eb7728d523384de2f6cc7434e7fc88e1f424398b1bad2d status: experimental description: Detects traffic or activity related to http://130.12.180.132/bb/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bb/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.249.73.142:46141/i id: auto-eb75b3e07a0508f15b9dc12c37c2997e4f8d5cc4e9110f6130da680c3a9571ce status: experimental description: Detects traffic or activity related to http://180.249.73.142:46141/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.249.73.142:46141/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.111.248.32/m-p.s-l.SNOOPY id: auto-38db79dd6143616c617323b5c6bc4144408a3eba0be0a0be68ac9013fb1783b3 status: experimental description: Detects traffic or activity related to http://193.111.248.32/m-p.s-l.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.111.248.32/m-p.s-l.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.196.81:34539/bin.sh id: auto-6323ba46296a4a4a9f14d4f1360c5fbe9fa12a5b39ed8c1bc6de62500da7a3a9 status: experimental description: Detects traffic or activity related to http://61.53.196.81:34539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.196.81:34539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.79.78:38770/bin.sh id: auto-903b8e1382ff558703751fe81c24e79cce1d062db02b2e60447242dd00a1e0e6 status: experimental description: Detects traffic or activity related to http://42.231.79.78:38770/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.79.78:38770/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.134.234:52205/i id: auto-3118efa4db1934bcae8d973470ba17d3d18708002d231aa8df985c0323d97fd2 status: experimental description: Detects traffic or activity related to http://182.120.134.234:52205/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.134.234:52205/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.255:54448/bin.sh id: auto-d6cbf3fd9d01928bab8074618db154ca0a9465a7e57e9f823072e6770f485241 status: experimental description: Detects traffic or activity related to http://115.56.146.255:54448/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.255:54448/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.249.73.142:46141/bin.sh id: auto-c242d335f94e29c21676bd949f80ec127f3feee6d417320420ed943e7e09977d status: experimental description: Detects traffic or activity related to http://180.249.73.142:46141/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.249.73.142:46141/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.26:37102/i id: auto-e27a31377551195c6d49780df78947e4f943e071408148bcfe2688931b4cf2e8 status: experimental description: Detects traffic or activity related to http://61.53.89.26:37102/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.26:37102/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.29.187:44981/bin.sh id: auto-fc386c8b2d2b224c18c7e1bce37a862059709eb7b3c1a3da6e114a00302f27ed status: experimental description: Detects traffic or activity related to http://202.107.29.187:44981/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.29.187:44981/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.25.207:50786/i id: auto-fcc9b1435776724291ed98ed7fbc5a38bc1704a3e1120935f5f22047b3f75970 status: experimental description: Detects traffic or activity related to http://117.221.25.207:50786/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.25.207:50786/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.134.234:52205/bin.sh id: auto-903a60b624240a3350808ef3a53af9fe037dc986cf19d4c56896e0a33285e3ad status: experimental description: Detects traffic or activity related to http://182.120.134.234:52205/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.134.234:52205/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.26:37102/bin.sh id: auto-6b69d23968f4568ce50a24ccaf9ccea97b483a69ac13db978a2ac6fd1dc89f71 status: experimental description: Detects traffic or activity related to http://61.53.89.26:37102/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.26:37102/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.169.1:45295/bin.sh id: auto-8f87672f7bda17c2cfee66a92b3fc5e18453d755ed36db23a0ceabb440868d89 status: experimental description: Detects traffic or activity related to http://59.92.169.1:45295/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.169.1:45295/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.17.38:55505/i id: auto-dfa98800f856149e35c899ec4dabf1063a5748c19bbd9d1f6dcf1a309962f78e status: experimental description: Detects traffic or activity related to http://117.212.17.38:55505/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.17.38:55505/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.171.177.193:34047/i id: auto-69747a7adfeeef9edc0b7594e602d31e9a7086f3b6eeda9d2af5807fba023755 status: experimental description: Detects traffic or activity related to http://45.171.177.193:34047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.171.177.193:34047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.144.184.100/nuts/poop id: auto-6dc0456a8cc65be63b91799a19e5b305d6c6896129ca7530d26f09098e0e73f5 status: experimental description: Detects traffic or activity related to http://217.144.184.100/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.144.184.100/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1 id: auto-2f2d0c992c3e012ed37c20b5106448ade608f7bb1b2d32ac0054c724695eac71 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/streaming-system-r1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.17.38:55505/bin.sh id: auto-fbb50167d6b6c704bad49a75f455e4ef39544c191be7a57e77944c237506356a status: experimental description: Detects traffic or activity related to http://117.212.17.38:55505/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.17.38:55505/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.83.61:54975/i id: auto-93ef66341c8c9a6e2f81fa1ef087a04dcdced0f25de66882639f25d99d094dec status: experimental description: Detects traffic or activity related to http://175.165.83.61:54975/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.83.61:54975/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.51.109:50892/Mozi.a id: auto-1166f3e03d505681894cdd5d3ab8cf15f12c58630cf5b802332e359472b11912 status: experimental description: Detects traffic or activity related to http://117.215.51.109:50892/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.51.109:50892/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.103.207:55714/i id: auto-38969a5a92143679b1951f8e16b8f051b6734a5a552869db548de14d1899859a status: experimental description: Detects traffic or activity related to http://182.126.103.207:55714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.103.207:55714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.78:41593/i id: auto-dc8f3fffe26b08d1a39e5e5c2d76e8e88783abe0b9d87e9ccfa4cae2dc002d2a status: experimental description: Detects traffic or activity related to http://110.37.66.78:41593/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.78:41593/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.171.177.193:34047/bin.sh id: auto-f92840925d641e69939181685f0c266ec6fb80240ef9758e74672e9f11653abe status: experimental description: Detects traffic or activity related to http://45.171.177.193:34047/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.171.177.193:34047/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/ll.sh id: auto-aff72af16b73d04dfc6c8e2fcdca723eb02c3b63a10ed7f32637b439a766df5a status: experimental description: Detects traffic or activity related to http://158.94.208.27/ll.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/ll.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/1.sh id: auto-d9be60ab62958ca6227bd98b628fd3c13c52b309264b734737c55c787de25b38 status: experimental description: Detects traffic or activity related to http://158.94.208.27/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/1.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/tplink.sh id: auto-25f83c1ee023cd09bd9167f9eb15c57601bbfea7eaad2ec061b6d09deb3f1707 status: experimental description: Detects traffic or activity related to http://158.94.208.27/tplink.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/tplink.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:44628/i id: auto-48850c196de238aa5dabb524e2de94006e85903c309d36866e5b8c1b763ac85b status: experimental description: Detects traffic or activity related to http://110.37.73.233:44628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:44628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.103.207:55714/bin.sh id: auto-a71bd5a73747b6a7d67465e22c08478bb0aa41b9c2af53fab4f7168c14b4d02e status: experimental description: Detects traffic or activity related to http://182.126.103.207:55714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.103.207:55714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.66.78:41593/bin.sh id: auto-3e1f28a7026b1a23dee9950af6f2e5aee28dc4b30fb7d127f520662aca11f268 status: experimental description: Detects traffic or activity related to http://110.37.66.78:41593/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.66.78:41593/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.189.204:46990/i id: auto-aa613aabc4716c4e30068ba90b33485709f206d73da452eaf114babdcc43eebb status: experimental description: Detects traffic or activity related to http://42.239.189.204:46990/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.189.204:46990/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.217:52793/i id: auto-3ff3b12eaca549665508c1e1d948c40563a9b7a84efceba88b6ceb3fd10a9b5e status: experimental description: Detects traffic or activity related to http://59.97.250.217:52793/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.217:52793/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:44628/bin.sh id: auto-fefca9738606e759a01405eaf7d39a87d159c6ec9f2b2dd15dcbcd968cb40872 status: experimental description: Detects traffic or activity related to http://110.37.73.233:44628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:44628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.243.148:43877/i id: auto-c3fc8a5032e0273649931f2ecbcf9f813cf8e36f598128a6380b44db70c9ca8a status: experimental description: Detects traffic or activity related to http://27.202.243.148:43877/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.243.148:43877/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.87.77:45855/i id: auto-e58217107aea0c65f3bf959afa5e28d3f24065782057a56619e722e79140e83f status: experimental description: Detects traffic or activity related to http://175.165.87.77:45855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.87.77:45855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.3.233:50545/i id: auto-7ab3d2fe2bdbd67cb5dd65fca57b15d158c201cb9092e8862c4ffe66bbef6293 status: experimental description: Detects traffic or activity related to http://42.53.3.233:50545/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.3.233:50545/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.87.77:45855/bin.sh id: auto-bdeecf5c0791e19d86d2b2edd6be29fff8968b5d40b4361744721977ffe18d06 status: experimental description: Detects traffic or activity related to http://175.165.87.77:45855/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.87.77:45855/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/state-cb44-sp9 id: auto-7d2c887dc9ea7c7358a220247098d08f9eb682f29a6165ce2a4b6e7334efd6f4 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/state-cb44-sp9 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/state-cb44-sp9*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.81:40322/i id: auto-61376a18955b9a393d996e584564d168cfab29b0098bcd2ba9e9275f7cbbd99a status: experimental description: Detects traffic or activity related to http://110.36.29.81:40322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.81:40322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.91.130.77:49326/i id: auto-ef9e267729ae41d39bc55114ad48bb88f0f9f374c75b35efdbc1e068a1dce028 status: experimental description: Detects traffic or activity related to http://59.91.130.77:49326/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.91.130.77:49326/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.243.148:43877/bin.sh id: auto-613f7238e3bc9915d34f2b078f889f04015f2893d67084a54225cb8608eb757a status: experimental description: Detects traffic or activity related to http://27.202.243.148:43877/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.243.148:43877/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.3.233:50545/bin.sh id: auto-9a301aa3f1e08aa3adc7e96a3bd562ffed57e0f0837eeb12be762a1c4245ae55 status: experimental description: Detects traffic or activity related to http://42.53.3.233:50545/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.3.233:50545/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.117.154:52705/bin.sh id: auto-c5fce4b7783980de68fd4a83aa3697c2597f3b3f202591996ca2ac023a91310e status: experimental description: Detects traffic or activity related to http://123.13.117.154:52705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.117.154:52705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.81:40322/bin.sh id: auto-dba4ee4e1f17dc85eafc4982ac71405f36d84becdf6990f452798f6dc78348ee status: experimental description: Detects traffic or activity related to http://110.36.29.81:40322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.81:40322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.114.135:38174/bin.sh id: auto-1dad7df4bcff0c4fff4d0d6c6aa8bce764e6d0ccc21eccb0fd61ed27a4a1fe72 status: experimental description: Detects traffic or activity related to http://27.37.114.135:38174/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.114.135:38174/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.8.17:52189/i id: auto-3966950f1fca958a7d203ff8459daff5825e2b1cac76e420d123e6547f489b76 status: experimental description: Detects traffic or activity related to http://115.59.8.17:52189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.8.17:52189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.91.130.77:49326/bin.sh id: auto-03015aaa44e3cce24f6c0f9f6ac007c438a1b9df07d630dc6a98d15a4005d4af status: experimental description: Detects traffic or activity related to http://59.91.130.77:49326/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.91.130.77:49326/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.1.231:57132/i id: auto-f0c5aba0f0ebc4afe2febe74e807544e3589bce480d62c9cf9cf4694b76547ff status: experimental description: Detects traffic or activity related to http://106.57.1.231:57132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.1.231:57132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.159.118:34646/bin.sh id: auto-28c1b92f586bf64add593a0fe60187c2d5e285c15f006811c818b7cd8304a8a7 status: experimental description: Detects traffic or activity related to http://61.52.159.118:34646/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.159.118:34646/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.234.243:40541/i id: auto-6cf413fc2f59ba0d09237512d5e9ff6d4a05e9e0bad45d81c1263257018e3dbb status: experimental description: Detects traffic or activity related to http://59.88.234.243:40541/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.234.243:40541/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.1.231:57132/bin.sh id: auto-a60ca0dc5e9304dbdaed26daa2a077a6741668352465653c9f5bb8595d7d2045 status: experimental description: Detects traffic or activity related to http://106.57.1.231:57132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.1.231:57132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.8.17:52189/bin.sh id: auto-709239a5460963d91e3fe40a25a65597044f83a5081f39fd0e595f904a009185 status: experimental description: Detects traffic or activity related to http://115.59.8.17:52189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.8.17:52189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/entity-replication-v2-4 id: auto-116e6211ca725e3a2df7ebea2a10e22c9e9493b0b663533d54be44840ebc5349 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/entity-replication-v2-4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/state-sync-prototype/entity-replication-v2-4*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.234.243:40541/bin.sh id: auto-4a7c8294f87245d4c8e845d0233d003a55201c34501b7ee2e2e12f67bc3d5926 status: experimental description: Detects traffic or activity related to http://59.88.234.243:40541/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.234.243:40541/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/wget.sh id: auto-c9bdc8187e4fb0ea64c3df761e7e847a996715125e766377f16ca26f234777a0 status: experimental description: Detects traffic or activity related to http://45.92.29.74/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/wget.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://chromium.report.tech.b55081fa-9cd1-48c2-95d4-efe.crashnotify.org/browser/chrome?uuid=null id: auto-458fc74ca4041bb40adf25988a7323d165995670d7d20d61602d12d4e9f75532 status: experimental description: Detects traffic or activity related to https://chromium.report.tech.b55081fa-9cd1-48c2-95d4-efe.crashnotify.org/browser/chrome?uuid=null which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://chromium.report.tech.b55081fa-9cd1-48c2-95d4-efe.crashnotify.org/browser/chrome?uuid=null*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.79.193:57629/i id: auto-415721b7629e7d615afdc78a4f4a7de37927477a0968e112033caa14bb84e611 status: experimental description: Detects traffic or activity related to http://222.138.79.193:57629/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.79.193:57629/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.50.57.143:45041/Mozi.a id: auto-6194e28e23446ed78c6cf5f13e09f56501f00f50b6c351600333bbba7bb1feef status: experimental description: Detects traffic or activity related to http://212.50.57.143:45041/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.50.57.143:45041/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.106.230:49179/i id: auto-33425bfe47da3c3831297178af7d73fb3b2223f7f7628ca689df4e725119488e status: experimental description: Detects traffic or activity related to http://182.121.106.230:49179/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.106.230:49179/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.68.72:50976/i id: auto-523fd029417cd2f7e0d81ae80f4e608508faed50b6d5c04f3a0c21cd407a925a status: experimental description: Detects traffic or activity related to http://42.230.68.72:50976/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.68.72:50976/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.3.36:44484/bin.sh id: auto-0f1412c214d6bb0c426c26fa06fad1f39f474766188c1df1ce5124aec7f41737 status: experimental description: Detects traffic or activity related to http://59.88.3.36:44484/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.3.36:44484/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.45.160.7:2233/x86_64 id: auto-565081c6532c02fd3619c0378b995ffe1d9331138fbc8e08c3fae94dc256da8d status: experimental description: Detects traffic or activity related to http://119.45.160.7:2233/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.45.160.7:2233/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.203.178.203:39997/i id: auto-615b98692f6ffdbcd2bdcc8a11f4e7a84de98dda871424039f49b942c44b3785 status: experimental description: Detects traffic or activity related to http://221.203.178.203:39997/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.203.178.203:39997/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.24.100:57163/i id: auto-27e7d7c52582601099243a28bc1cf8587c4807a2c6f771253bf777df3b1e5177 status: experimental description: Detects traffic or activity related to http://115.51.24.100:57163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.24.100:57163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.66:33269/i id: auto-241b66a151b53e1cf57cf06538fb526c72b48f1fbf61cad82cd11186cb6a11cd status: experimental description: Detects traffic or activity related to http://110.37.11.66:33269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.66:33269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.24.100:57163/bin.sh id: auto-ad5a078082707094892f122a0f2ed44eab6172f161bb88440f14efccc0021b2c status: experimental description: Detects traffic or activity related to http://115.51.24.100:57163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.24.100:57163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.203.178.203:39997/bin.sh id: auto-cc123f64d591deb9b12d5f8c24f7cbd38f34a5fbfe652b99c0560301299df564 status: experimental description: Detects traffic or activity related to http://221.203.178.203:39997/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.203.178.203:39997/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.157.179:37646/i id: auto-d2636c57595f83d49b23d76c54beefc4ec31a76cedfad86aaeb76636b220e6a9 status: experimental description: Detects traffic or activity related to http://113.228.157.179:37646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.157.179:37646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.125.198:59886/bin.sh id: auto-f96496cf505d5ce1fabcc2889c52246b3af43f0961be497a995995dcdd088838 status: experimental description: Detects traffic or activity related to http://27.37.125.198:59886/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.125.198:59886/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.231.154.75:39145/i id: auto-17eb785300c16acdc6f7c702145e175f0a81405950f55f13e554a7c5188647c0 status: experimental description: Detects traffic or activity related to http://117.231.154.75:39145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.231.154.75:39145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.196.81:40314/i id: auto-b0d3459fff5d4a7d6b20f384ae99a249d51397c505ef0d038c60b7a7231efe83 status: experimental description: Detects traffic or activity related to http://123.9.196.81:40314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.196.81:40314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.246.92.170/armv7l id: auto-2449f8f1d9dfc5d93592e57b6e6d8e769093e21c8c9b7483bfd8a85b5de6f17b status: experimental description: Detects traffic or activity related to http://46.246.92.170/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.246.92.170/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.196.81:40314/bin.sh id: auto-59d02f46e1ec1a5634f9e9d8f388a50b63b01ec7c2599742a8e16ebb55b0f560 status: experimental description: Detects traffic or activity related to http://123.9.196.81:40314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.196.81:40314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.231.154.75:39145/bin.sh id: auto-2186853ea0bdccbc809ca33d2c5f42408c528a72c2da9dda16a2a76fe4485724 status: experimental description: Detects traffic or activity related to http://117.231.154.75:39145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.231.154.75:39145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/pmpsl id: auto-996041d95bebebda8a7c45c45735ed2867950c72818899e168ac30dcba0015cf status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/pmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/pmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/psh4 id: auto-f8b3cf31d350d846a60c8d51dca3c9dbf72007dc73ccd8a3a2476456f8e9289c status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/px86 id: auto-0f7625168d65e03bc75b3aaeed6508e84ca7a34ad2d36bea59412c8874108790 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/pm68k id: auto-a064e1b71849083389ac4519fa4999b81065a6eb3556e5fb2a843bb3d75545d4 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/pmips id: auto-da4b18aac47738bc12d4bdee01fac2a7d441f6a8a90eba4ef583637be87d9ba8 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timestep-sim20 id: auto-6ac66b0fd8dc0f217aa901badaf7ac94c37159951b269002d094eddfa6ed060b status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timestep-sim20 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timestep-sim20*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.41.191:51644/i id: auto-b95ad226a8344cd09eb01b8f1781950f4c1748bb88febe9cfc0d30a0a17ebd7a status: experimental description: Detects traffic or activity related to http://115.50.41.191:51644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.41.191:51644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.55.195:46331/i id: auto-764206b12a4a9d61d90ec9b97652b92ea0e2c4ad212ac24aba528010fdafff51 status: experimental description: Detects traffic or activity related to http://182.116.55.195:46331/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.55.195:46331/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_m68k id: auto-5202d034ec7be0cb826fc686c4362cec181c96525d55764bc0fc94d246944182 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_spc id: auto-1fe28e9ec7acaabf27c38b5ef4310f3327f7a2cf3554dd0a63fff3d8ba0f77ca status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_arm7 id: auto-4d7b3558b3b09d2684e7b5cf2256db65262fa89b2712edef459d0180b5b8deda status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_arm6 id: auto-db4ab811f05a358fda63b6aa1b95714db903d4ed3283db48f0bfe6e7caf31555 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_ppc id: auto-94252db760fcace2a36a4360a52ac391ad82ca2b997ceab05d92668622cc1475 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_mips id: auto-34474f19b6c3e94c66883d13a94b29373cd2b85682829a6a1f76b93d3048cfc6 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_mpsl id: auto-00f1f04663146bb8a677e879481c25a6e7e033808892b9a8351294af6f0cd1f6 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_x86_64 id: auto-99c077e8f7c6ccadda82c90c5e8b3b7a1075b07a4864c2613effebf865ea1502 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.117.177.93/csk_arm5 id: auto-65ebdf55e35b3997d3b6d5e321966d4534680cb7b6b0ec35dcc043722e305909 status: experimental description: Detects traffic or activity related to http://45.117.177.93/csk_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.117.177.93/csk_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.15.183:43536/i id: auto-1deeb8ddcc5f429b057c0288e24d5b16a3f5c6c3e6138147ec40e206f5c23adc status: experimental description: Detects traffic or activity related to http://123.11.15.183:43536/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.15.183:43536/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/parm5 id: auto-2a79f77138cff49d39e78cb422ea1de6f44e48183f6e0c70124875fb821d123f status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/parm6 id: auto-05d19d2f595b8d9e945401b4f2938712b7cbe18f9e658f2749fc60fdf34b5301 status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/parm id: auto-46e53e52ad62b5b12f01997dff033fee56e50b0057df600200249d22edc0990c status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.148.120.23/bins/parm7 id: auto-1f5dc9c526de4893e9061289f8940e32916a551fe49aa839bc17fdd6f2df7fdf status: experimental description: Detects traffic or activity related to http://45.148.120.23/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.148.120.23/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.m68k id: auto-66d826189a633112a251b487e3cb5e2f04113f18ff40f32ce49f933af9eb877b status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.arc id: auto-24b1c27e0e8cfe3e79abf9149e2b523aafd1b3ac4bc1c9f1f17e1130f603485e status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.spc id: auto-f2995989f9ec524173a57bfdf774013e7ac1ba31c2a9a7af0cd2e5ac7aa414f7 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/debug id: auto-c03075455871bd58c4e5bfaf42238a9cb2ed47ddf2ec18427e0600c9e0b5862e status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/debug*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.sh4 id: auto-1212ca2f98796fec94671d9122fd05b1f9e6319a7d825a650e3d5ad3e87ac49d status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.arm7 id: auto-208952c9deff3ae230bca8cb2ec5d9b665d33dba5d4cf051f97aa8dea407bc10 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.mips id: auto-53dc5fee70778e8bd2e213dee5f5ee1d2a46f1446c31b74bfd3dae2a8860096c status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.arm6 id: auto-f1710e9491b2392b87a812a2a1942ba19a66e5929b28608f336506911f706db2 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.x86 id: auto-ef042d54234c1ef7f68b25c44f04e33828a929ae9e861b6d717219aa8e8b28d1 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.i686 id: auto-badc3560166a2cdc6e236649e4fa98eb87d99a4483bf110485fc4a273b37948c status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.ppc id: auto-b84b84594f93eec84f864848013795fbccbc6baf1063c35b19232406f64307c5 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.x86_64 id: auto-258c20eddbffe29a9805db7aedc03128a359abf1c078dd7d7c20ec5c37ad2d51 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.mpsl id: auto-cb724d17629d990dcdf4f89de354aa73dee9922ca82188b2ed005d31a20efcc0 status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.arm id: auto-e3bc5004c9fe9877865df62498ae2dda2d57915b187587c7aec629de7169777d status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/windyloveyou/windy.arm5 id: auto-4f3b83b605f94a25fb12f1cff6386995099abb28801c133f95276b05ea0d378c status: experimental description: Detects traffic or activity related to http://47.245.109.122/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.245.109.122/1.sh id: auto-c8495db19e77a13872913098aff5ac0fa4069d77a8dac016684d362cfd66743b status: experimental description: Detects traffic or activity related to http://47.245.109.122/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.245.109.122/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.mips id: auto-ad4176f77978dffcaa51ae698ade513a61924430f24f9b0fbb8ea72f5d39fb2c status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.i686 id: auto-8e90ce5217ab060741b9345d7b14fcd95b01fd74f5d829806cbafa424c09df0b status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.x86_64 id: auto-3e7f19d0f622d3871dd8fd8b3a824dddc68ade799a28d39aba41f0f35238999b status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.spc id: auto-746717aa3c34d53cd1f0ff8cdfaf0124b0bd4ae4ce1e823f65d88f34b8d2697b status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm7 id: auto-dca24b9f5c4df8f8c7b368d69e6f7376fc4295550e50a684644eb583d64ef2fd status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm id: auto-1a1d65a70a5c955a440ce3651c15889b744e42c6197f62347afbed574b38b33b status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm6 id: auto-6c55f7999fa3d9afc69da06436dbea61b5b8d799aab45fda322849d991da7901 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arc id: auto-a87b58add91c9ee31ef2ac3ed0eb5df963da6f4530fd2ea1f6be7edec2f26fbe status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.m68k id: auto-02c1d4288d4d7e83b80afd5f5318dd77fe9a99e4d5e6dae07bd9be57c5c834ad status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm5 id: auto-62bda8c71be131a29d0b646f19cf1fae58ea5318561f1e4327fce102deb3972c status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/debug id: auto-d43dad27df79f4c44e0b5c560772a15f682e1dc18ea7fe10959d323e5c13c615 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/debug*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.mpsl id: auto-34f540e6c042f2ab3de51485a903a158333e9fa010b3e280869dea3f6d889810 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.104.154.249/1.sh id: auto-f29c5a7bf4177999785658eaf810fc38dec7b15d8a1893d666832d2c652aa8e8 status: experimental description: Detects traffic or activity related to http://109.104.154.249/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.104.154.249/1.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.sh4 id: auto-e30eaabdce3f62b77ec71312fc93158568ed810d6c56ed4c85c1612c25bd2777 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.x86 id: auto-1846fb888f9138984d3cd58c39e4941f730daa26f4efca9703f08495cfce0566 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.ppc id: auto-4af0970a3fb86e9502ff08bcf4a8da4768e3aa28a2e92655e16e9123b6f4c652 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://gymnasium.cloudkanahost.biz.id/1.sh id: auto-3a2ee188f4bc297d9af77b7503b9b7c88dd831eb7fe3534d600f7fa047cd4de4 status: experimental description: Detects traffic or activity related to http://gymnasium.cloudkanahost.biz.id/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://gymnasium.cloudkanahost.biz.id/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.mips id: auto-7e887bd4793f37fc561473ea897b9df80be19a80826e91ca30adb9b16d9ed4b2 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.x86 id: auto-59f550c10e848b7ea4771bbe3c233000dcf2ca697bb10a0e791704973b111d74 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.arm id: auto-ae66cb8b404f389bfdc13135c1adfee8949cfd8c82552ebe04f0ebccad7ab9a0 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.arc id: auto-f07656268869c5359d21ca73b287fb6bc73ec37667f0d8ca41ceab92b3e59730 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.m68k id: auto-332f6c61077f401c0d714540021d468a127af8f335e7dbc8cae74cfa3827550d status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.arm7 id: auto-2b8832ca142c7fa1d950e92ca931c84bc1e8350df9515a550f94153f95ae8531 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.spc id: auto-d341c7c3701cd02f1a4a8bb1295da848321fedb3686fa19b5f824e3bf082df61 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.i686 id: auto-a1db50cc8e0298376555547fa4a1ac6333cde12978d8dc7fd085b71b931cca6f status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.ppc id: auto-dae43399a69847a9089e75d014d24afc2ae555f009192c2787e91300d4b1950a status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.mpsl id: auto-80c3578df1e0dd9f8db4da2f8be0c44e4a3711ce77600c1f9a2404b7d03ddd0a status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/1.sh id: auto-9f341d28608c57580236d0e9fd749bb5460cb88839957d7fa27a09cf48ad4361 status: experimental description: Detects traffic or activity related to http://202.1.31.177/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.arm6 id: auto-f3ab2176b2d3d7228893f11cef2cd5ebd6fb01b840db63d3394b5f51cbd9ad31 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.sh4 id: auto-c52e0e49534a132ba9dc813ba60b3fa5448d4b1e95edfa785ea9d0b028b92b98 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.arm5 id: auto-7b2b29c93eb5846285e75530ca2b623901b9b562af38973541a78d1aa82a9cfe status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/debug id: auto-4b0ab3dd5d21383c7ba72317f05ee7f439faf67265c053c3fde88ca561607c43 status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/debug*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.177/windyloveyou/windy.x86_64 id: auto-528337210e58866d87689c5fb37f6a04c75eab962e3e4624586983e0f9adceab status: experimental description: Detects traffic or activity related to http://202.1.31.177/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.177/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm7 id: auto-7c72427447b9b8fa75d55f7d0d4ba2121f3e753f2fa731807beed3a81f291313 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.spc id: auto-2256aba9513045296b7a5ff76076bd6d075e58ebe4fe273d76bf763d38afb1f6 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm6 id: auto-74947fd1be538250ef8326422f824bfb99f27cdcfff016363a20517d24704d6d status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm5 id: auto-b5ee0e80f8b61d93ae4ee32adb10eb2dd818e34a405f54dbf3a5d4002ad5dca0 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm id: auto-b81506f05ca0ea3af4c22a58eb52ff5df70491002b9a5d8bb5ffe4415227fc12 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.x86 id: auto-2ed1417e3cea251442adc1416f0f9c5bf90c62a4760b94d55df44c407cd4c3c3 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/arm6 id: auto-d00b5343fc2d175ba32eb1946874d2859de45f3d9cc1f3c33778cb45fb2d8293 status: experimental description: Detects traffic or activity related to http://45.83.207.173/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.mips id: auto-cf17c80507cd01462f20d3868a91926173ec664f42b548491803ef7a6c104a7c status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.x86_64 id: auto-20628ba99d7d723e32af34bbcf7ef22e58759350f2a705bbcd7f15d30fbdcdcd status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arc id: auto-2579bb4c4fd0d28289419445c962855e3267bb15a3cfce8af10575f4a2677658 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/mpsl id: auto-7711b82ef2bb57f4eb0ae0a7b0fa6aff4d483aace9976ea479b6c82311462945 status: experimental description: Detects traffic or activity related to http://45.83.207.173/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/arm5 id: auto-7ae08c38527d841a9b8b9b8f32d4ddfd50f722ec0bf2927fc2861e113a1ab864 status: experimental description: Detects traffic or activity related to http://45.83.207.173/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.ppc id: auto-96ef02cbffae3de805b94aa7543d6663f3c45e844d0688753708b1e62cd61287 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.sh4 id: auto-56da4c2589d2f82ddd087a5ccafa4ae5c64b1836684f9e1db57fb407478b6ee6 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.m68k id: auto-aa4d49bdddeac1a304d5dc130ecdd706a337d9d703d3b0e0901ba4e85a3dcf26 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.i686 id: auto-af8fe6c774ad10945499461c66578f7915d1890dcbac118fb14dcbb2224c16d9 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.mips id: auto-f11574f23b22ae1aa217946895315e796f5ec3cb4270dcf9574198464a96c192 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.spc id: auto-83dea15edd76ef063ecd1a5a339db91af54de95f32dc575288e24f497777cf40 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/c.sh id: auto-233bcaa519451384bd28b4acc2bb638aa6409f6c110835126ce397244028e8c3 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.arm id: auto-b9bb87015ef1ce9d4043711e633d92aeee50f9f7bf6255cab9ffd23a5459469f status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.ppc id: auto-b013b1fd79be97765dcd6c6db52a22d9b0c70eb312d85314244487b3f467f58b status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.x86 id: auto-dd799d265721858ded8c3aebb352e5ab64dcd9816926f59a91ba3bd51e643382 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.x86_64 id: auto-1b58f63906972407ced3a24ac748f24a7790939042b42ad0548cda4076bfe130 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.arm6 id: auto-886c0836c5c215dca0a03bca8a27568b0ba7393e067412ca7abc288b2710df10 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/ssh.sh id: auto-de85e9aa16d1f106d310eb21e092092c2dfe9f8e6168a52cd3e7f9447576e06f status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/ssh.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/ssh.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.m68k id: auto-cc2e815b7055b2434f506132e360762b37cb03d06a0a73192ab1df4ecf0f5e4e status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.arm7 id: auto-0b574eb9e3248c4a6281d9b06d82874e6675dc9fbd337d9df05908c7e8285576 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/wget.sh id: auto-328778db94d94639907da38be7faa075f7d2ebd617a7cc28db1563fa03144c99 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.mpsl id: auto-97b6e6b0d58572090844f3fcdfdbb3d3e85f1e40ec64c63a30cbf33f3387955d status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.sh4 id: auto-79f31ed507dbb96349c56638eff4cc6cd885f03b765f1b49a3f25c4eaaccbac5 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/bins/systemx64.arm5 id: auto-0aa9e2ff23bd63cb5582798cf02ab6648056a885ef1a02f18e1e188a09940587 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/bins/systemx64.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/bins/systemx64.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://waatheqinv.com:3712/w.sh id: auto-66c6a99a49574e580cb6f11ca0a0b2476a089fdc4e78435b9cd2e71937b876d1 status: experimental description: Detects traffic or activity related to http://waatheqinv.com:3712/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://waatheqinv.com:3712/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.55.195:46331/bin.sh id: auto-0e616e2ed16fd220c5da7fb5dbf0d9a2529f6dc867da2fc7429ca43302c7dead status: experimental description: Detects traffic or activity related to http://182.116.55.195:46331/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.55.195:46331/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.ppc id: auto-51e7711246c1ed3a0c7f7029d67c8e33c2280de2f51647939395838e8a00c94f status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.x86 id: auto-cee0de0c6a5b96a53303bfbdcecbfa83fd0cd42c791390c3a2088a18d0ecd255 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.arm5 id: auto-90555e5fc87ed396019f16d26be313b327db7864bd12d828950b1062990869d3 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.sh4 id: auto-259485153b83a3d5a9caa19b40a2a84b85a1ddd93bbb65734324f3fab78dd174 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.arm id: auto-c05aa080567d64b91c785507cd6c76fce35067c93577cc340a28c683c20e79d2 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.m68k id: auto-7d2fa526bf759e29478c8d5aa70ab4abcbd5ee869d2cb671a2365eb0e0ccd46b status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.arm6 id: auto-e66049b848a106cb930bc8acb6146639cb871b8194b832cc3533bf0f2bf220a5 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.spc id: auto-1c0742006a95cd65b554d785004dab356c8b86608e2b40cae553d165702258e5 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.mpsl id: auto-f15e22edd2c17af268eb767aa44a298ca6ee268973ac7e2d2418b78fe627c8cb status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.mips id: auto-c92996ca9da6d891cde8c5efa95228b06f7076541378f2b1252f0260e9157740 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.19.69.21/bins/vcimanagement.arm7 id: auto-5f4f118de9df8338e937b2b1e7cd88a55348b530c12510a1fd21f40fda1a1373 status: experimental description: Detects traffic or activity related to http://61.19.69.21/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.19.69.21/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.arm64 id: auto-42b3c45733e72af6f94349b42b4f3a811df367a11d40e051f24b4368e0df9d67 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.arm64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.15.183:43536/bin.sh id: auto-c4f9d7fc9bc9591655adebcdb044e0c16ecb3a989aef33d727ecd6f7174d53fe status: experimental description: Detects traffic or activity related to http://123.11.15.183:43536/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.15.183:43536/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://author-ride-detected-wholesale.trycloudflare.com/dashboard/Connect.ClientSetup.msi id: auto-f5f5fa6ec622f4d86782a80ad8be197a9f0529dc4f5baf048dd6a60fd67f1e5a status: experimental description: Detects traffic or activity related to https://author-ride-detected-wholesale.trycloudflare.com/dashboard/Connect.ClientSetup.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://author-ride-detected-wholesale.trycloudflare.com/dashboard/Connect.ClientSetup.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.150.107:47985/i id: auto-f2ab5fd83464476ac45dc5a108b1371fb07abe7a0672231a85023ae118ede3d2 status: experimental description: Detects traffic or activity related to http://222.138.150.107:47985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.150.107:47985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.101.31:47071/bin.sh id: auto-d2121eeb72343932946bfa638c4eeb68f295c8eace6af0e21848cfa57ea4076c status: experimental description: Detects traffic or activity related to http://42.232.101.31:47071/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.101.31:47071/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.110.16.154:38848/i id: auto-54ffde4289ee0a5100a0ff2065d5a9f10463e60c18c802809acd313574b8d9cd status: experimental description: Detects traffic or activity related to http://202.110.16.154:38848/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.110.16.154:38848/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.17.222:49452/i id: auto-416ed8a5cf0dc2f856c9d06027ebb8ff023d7145f354bf434599f43ff32edb7f status: experimental description: Detects traffic or activity related to http://175.175.17.222:49452/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.17.222:49452/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:35261/bin.sh id: auto-8014ccbb40e6a87bb027fc879fab4cbb2aea568751246a60816e1ced3ff245c9 status: experimental description: Detects traffic or activity related to http://173.28.101.7:35261/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:35261/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.150.107:47985/bin.sh id: auto-1698de992b617ad408adcc3c11a8c13ea2deac4c9acfd86afad5954b6822f3ec status: experimental description: Detects traffic or activity related to http://222.138.150.107:47985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.150.107:47985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.68.72:50976/bin.sh id: auto-7a1cd7df540c0914ee059852049a09dc4ffc0980bf3e40428786a69f9566ce02 status: experimental description: Detects traffic or activity related to http://42.230.68.72:50976/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.68.72:50976/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.62.52:48445/i id: auto-268a036fcd4047d20f7f74f25bdc6609022be14fcac3d9d505bb0877f7af14ce status: experimental description: Detects traffic or activity related to http://115.55.62.52:48445/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.62.52:48445/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timeline-buffer-x32 id: auto-224c1f0922e62194634c25ee2fc7fa0dcf741cca0f4fd0e3a25dfa76d27fe340 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timeline-buffer-x32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/asset64-bundle-resolver/timeline-buffer-x32*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.152.21:34729/i id: auto-1701625b426389575896a84a86e48effe74c4bf0ce24e7d4c3a2c52a31a814a1 status: experimental description: Detects traffic or activity related to http://219.156.152.21:34729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.152.21:34729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.16.70:39788/i id: auto-a72763e92c8c51d475d5763482ebc787d7cf255f62b79e5b964c73a62afc289c status: experimental description: Detects traffic or activity related to http://219.156.16.70:39788/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.16.70:39788/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.16.70:39788/bin.sh id: auto-17e2af138f202dbf982ebb5d51431602a6898a78cdc804ea72441e3bedad3f01 status: experimental description: Detects traffic or activity related to http://219.156.16.70:39788/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.16.70:39788/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.225.132:53485/i id: auto-28c1b17501f389fa45412ab7021e5403f7d4ffe242da5ded86c87f2aec6dc2a3 status: experimental description: Detects traffic or activity related to http://123.14.225.132:53485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.225.132:53485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.82.191:55599/i id: auto-53b5a95dc22520764272ca412fb1c9be3a80d15aca652c7799dc061b1e45e546 status: experimental description: Detects traffic or activity related to http://42.235.82.191:55599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.82.191:55599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.28:53403/i id: auto-72ce8deed6bb24d3079189f44107bf5ea2132e4bc2712186ce7065faf3193c96 status: experimental description: Detects traffic or activity related to http://27.204.192.28:53403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.28:53403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.152.21:34729/bin.sh id: auto-8bbaafdd41a16a0354febe178f977c0070ec5f059c2be5aec5ae7b271e2c4c35 status: experimental description: Detects traffic or activity related to http://219.156.152.21:34729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.152.21:34729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://app.quietnetpro.com/browser/chrome?uuid=null id: auto-979cd39258da41facd659cb9d3c4705ece31e642febab5a40b855061f4e5d593 status: experimental description: Detects traffic or activity related to https://app.quietnetpro.com/browser/chrome?uuid=null which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://app.quietnetpro.com/browser/chrome?uuid=null*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:35261/i id: auto-7140af5e17d2e7a60c3d5d7b8f633cb6d5cbaefcd95d979ea60ae5516d3874ec status: experimental description: Detects traffic or activity related to http://173.28.101.7:35261/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:35261/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.45.90:41021/i id: auto-a6925aba579a030eef5d60d8fa91ec8385dbf2a3bb0864b31487a258838d3570 status: experimental description: Detects traffic or activity related to http://123.4.45.90:41021/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.45.90:41021/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.126.222:33068/i id: auto-9ac4372aeb6b0d8c5b5c6f8fb2fa1c4a2bda67735645a8856d853da259d051c2 status: experimental description: Detects traffic or activity related to http://39.187.126.222:33068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.126.222:33068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.245.198.62:36460/Mozi.m id: auto-97c669323d2f5328d377d5b994932e8d2eab318c0ec2f97f871f577943343ae0 status: experimental description: Detects traffic or activity related to http://178.245.198.62:36460/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.245.198.62:36460/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.88:34727/i id: auto-56411d8f3e096d577dd737515533362ae92e34a1b9ded9bb3575700771e473af status: experimental description: Detects traffic or activity related to http://110.37.38.88:34727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.88:34727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.89.33:58971/i id: auto-0dc92717d18899197b05c5ec879300a434daf87f376434bba635681fe481d6c3 status: experimental description: Detects traffic or activity related to http://42.59.89.33:58971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.89.33:58971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.arm7 id: auto-e638d05eeb2b3db2260cb6875e90c96d58bd4e6ca8f8b7f37226231ae9af1b80 status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.arm id: auto-dbaf16cdcf0c5f1d568c93f0b9cf39dfed854a72deeebe57240b7b2b9ce733fe status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.10.132:47840/i id: auto-ab09532a416d3f275b20caafd9ef3f497ff9376dfe04265023886c60f8c47b61 status: experimental description: Detects traffic or activity related to http://60.18.10.132:47840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.10.132:47840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.196.141.186:40638/Mozi.m id: auto-7a466a1a7aa052b0e3543f6e094581979e6963a4f6f439e7ae713d28ef79f430 status: experimental description: Detects traffic or activity related to http://141.196.141.186:40638/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.196.141.186:40638/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.28:53403/bin.sh id: auto-13475da4e7ac6c4f901cf0fa3a0e9251a1e2e657cfe6de636be3bac77280bc10 status: experimental description: Detects traffic or activity related to http://27.204.192.28:53403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.28:53403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.82.191:55599/bin.sh id: auto-e80ccdb3656812e471a70455a23a462e3813bd4b8fbd8c9d2d2a7602d624fa05 status: experimental description: Detects traffic or activity related to http://42.235.82.191:55599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.82.191:55599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.157.40:42095/i id: auto-87b3bfe5e314ec15af93707ecd9b1689801bb585c72b6f8913e7ed94e860c361 status: experimental description: Detects traffic or activity related to http://115.56.157.40:42095/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.157.40:42095/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.34.109.121:38993/i id: auto-54e7e1bd2f585c583bec78bc0454202c31aecac30f817aeda34150dd6bd9a2de status: experimental description: Detects traffic or activity related to http://118.34.109.121:38993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.34.109.121:38993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.34.109.121:38993/bin.sh id: auto-3983b9564c5ecbba5473c6646b85de2b6aa3d0ec1095c40b33aeeebd8b8f473a status: experimental description: Detects traffic or activity related to http://118.34.109.121:38993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.34.109.121:38993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.65.142:34353/i id: auto-990dfeba99b69bf0710655ba2453a2422bae7d1094a560885ad503ae5e3c44ff status: experimental description: Detects traffic or activity related to http://219.157.65.142:34353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.65.142:34353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.226.59:33585/i id: auto-2cfff9d34f62418aa5f0dc5b371f1c99162807b3a9f2a3c59259bfd8ead65668 status: experimental description: Detects traffic or activity related to http://42.232.226.59:33585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.226.59:33585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.88.144:33822/i id: auto-8dfbc4102de3388f459047e742a0fcab8e89e2e9ac1fd9f19fd56bd2e2f4f3d6 status: experimental description: Detects traffic or activity related to http://182.126.88.144:33822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.88.144:33822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.46.107:40393/bin.sh id: auto-c55276d4c3a4dcc36b9349339f0ae781e3ad5c7b390b3654cb04d4f9abddd4b6 status: experimental description: Detects traffic or activity related to http://42.230.46.107:40393/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.46.107:40393/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.231.246:46163/bin.sh id: auto-d96d6dcb101a98d4960ec9b0e296303bf5507883db7d977db5b23032f4f29082 status: experimental description: Detects traffic or activity related to http://42.225.231.246:46163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.231.246:46163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.46.218:38880/i id: auto-9d3582df8a8d530f0fa95080365809c916475b379dbc3f1fcbdf07505223106b status: experimental description: Detects traffic or activity related to http://222.141.46.218:38880/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.46.218:38880/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.157.40:42095/bin.sh id: auto-f696ee5d56e48aa1783f9c3b39ba8a6da2b439f654745e7a534a310817f4cb03 status: experimental description: Detects traffic or activity related to http://115.56.157.40:42095/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.157.40:42095/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.65.142:34353/bin.sh id: auto-8075e03d438ca2f15793be8b81a96c400df512bf5e9f620d714200c2aee84a5f status: experimental description: Detects traffic or activity related to http://219.157.65.142:34353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.65.142:34353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/shard-affinity-router id: auto-4b0164c39d5aed62dbc6e349ea7e8e879e84f71f96b2d160a879c1b305686b6a status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/shard-affinity-router which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/shard-affinity-router*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.226.59:33585/bin.sh id: auto-7a1988fd9d7c434e6711d74b2e76a924cc0175038bdbac6d6aefdcd2716d9d0f status: experimental description: Detects traffic or activity related to http://42.232.226.59:33585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.226.59:33585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.234.127.43:18254/bin.sh id: auto-4ab97f01be00c15b4fcfe60c449d8011a8c490786423b74d3f292ab07b710980 status: experimental description: Detects traffic or activity related to http://85.234.127.43:18254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.234.127.43:18254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.88.144:33822/bin.sh id: auto-83c429cbce0b0663053929b66ccb154aad6d8cc152505d86b6764c93a29eca6e status: experimental description: Detects traffic or activity related to http://182.126.88.144:33822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.88.144:33822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.234.240:36307/i id: auto-fd68c65001623dd5320f9e084e16fd5e467d74ac01f7f7046d684979d8c0ca86 status: experimental description: Detects traffic or activity related to http://117.199.234.240:36307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.234.240:36307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.46.218:38880/bin.sh id: auto-a56fa842fa60f5684d970802a5dc2552f505e4d2433b3a1805f8d03795a2215e status: experimental description: Detects traffic or activity related to http://222.141.46.218:38880/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.46.218:38880/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.143.210.34:7000/02.08.2022.exe id: auto-bd2794ce64c4508c194313e520d4f63009eeb0bb569b722e42718139d179ecd7 status: experimental description: Detects traffic or activity related to http://43.143.210.34:7000/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.143.210.34:7000/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.14.241.63:8889/02.08.2022.exe id: auto-d95cd603ffe8dbef3e7f7894905f1a435f42887bb0607e80e1efa50d52a3c707 status: experimental description: Detects traffic or activity related to http://1.14.241.63:8889/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.14.241.63:8889/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.250.188.15:8078/02.08.2022.exe id: auto-035f3515d481a7f352257965ea94f4a50c07771920c3aaa5d92081a71e74738f status: experimental description: Detects traffic or activity related to http://113.250.188.15:8078/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.250.188.15:8078/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.234.87:9301/sshd id: auto-d4f0d3a5a33afcf04ecadca78d4a1ae2b682f2ca11cd2d9e5eaaacc4afda9849 status: experimental description: Detects traffic or activity related to http://178.50.234.87:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.234.87:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.16.246:8084/sshd id: auto-934e8afda3baf0322a565c7507df9d098922ab569452ee9c9e470de4fdc52631 status: experimental description: Detects traffic or activity related to http://41.146.16.246:8084/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.16.246:8084/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.236.114.209:14212/i id: auto-3f39de8e2c76d1ff3f239e3efb927913812293ad6c6870a5310f736ac0011b34 status: experimental description: Detects traffic or activity related to http://178.236.114.209:14212/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.236.114.209:14212/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.232.153:2000/sshd id: auto-6c2effa0a06f4e71487dc7112a0ebb3da682590b9dad1afe532293b9f8c62510 status: experimental description: Detects traffic or activity related to http://117.242.232.153:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.232.153:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.139.55/sshd id: auto-7d48372b918274878d8b0803038a46ecfa028bc950b22d1fc7459aa8605215d8 status: experimental description: Detects traffic or activity related to http://91.80.139.55/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.139.55/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.138.41:85/sshd id: auto-12baa5b94a3f619f22dc617efc68a3b09b5f9e32593a651e64efebea702f4f85 status: experimental description: Detects traffic or activity related to http://120.157.138.41:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.138.41:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.181.228.2:8080/sshd id: auto-fa58a1641e75a16c4826386d6272d2ce9789116674de1097d5783eccb2108c89 status: experimental description: Detects traffic or activity related to http://77.181.228.2:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.181.228.2:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.155.127/sshd id: auto-b071bed12247e4e375c0ab899700c49dc5c4eeb79c941a67197fadd0e41cff78 status: experimental description: Detects traffic or activity related to http://91.80.155.127/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.155.127/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.110.184.53/sshd id: auto-9a17c82b5905893d99926c4b836e3bd474f9fac722ec65186977ba6f8da80ce5 status: experimental description: Detects traffic or activity related to http://116.110.184.53/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.110.184.53/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.176.82.248/sshd id: auto-f8cb926b5028627a2068301f680182792096b3fed4c91046513af6f85a1d5ef3 status: experimental description: Detects traffic or activity related to http://14.176.82.248/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.176.82.248/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.127.116.214:65368/i id: auto-5f9519162586280ced9cfa2959f543faa538ae803b76c869444307d4a4e568be status: experimental description: Detects traffic or activity related to http://179.127.116.214:65368/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.127.116.214:65368/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.116.216:52199/i id: auto-2b39d5031d1eec9a372017080c60da7ded97523901562e15e28462fd21a9f46e status: experimental description: Detects traffic or activity related to http://182.116.116.216:52199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.116.216:52199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.234.240:36307/bin.sh id: auto-c6c71c975094e29c5228c1cd2cdc547dd984cbdc151b63bfff6341d636dff54c status: experimental description: Detects traffic or activity related to http://117.199.234.240:36307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.234.240:36307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/worldstate id: auto-ef683e6b83aa152c97d8230d497ac76f38bff4f666684247d8946843aa9063be status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/worldstate which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/streaming-core-720p/worldstate*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.202:53560/i id: auto-18b514092058d9e173353b59c9462a88227678d89cfbec9230e1b86fa39d29ca status: experimental description: Detects traffic or activity related to http://117.209.31.202:53560/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.202:53560/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.122.125:42805/i id: auto-590649e55e8a881e3dd64e4545df998ea2eb94c990e654c72ded9bfcc8484662 status: experimental description: Detects traffic or activity related to http://182.116.122.125:42805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.122.125:42805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.240.6.31:49766/i id: auto-ea91596fd306780a56baac70b6bcfc664439e03a101906187295d20c4f9a7e89 status: experimental description: Detects traffic or activity related to http://84.240.6.31:49766/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.240.6.31:49766/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.211.99.72:34596/bin.sh id: auto-8abf7e910d1daa4d98b371ef17e4f26631b250cbba0e5027803a4a3644e074fe status: experimental description: Detects traffic or activity related to http://60.211.99.72:34596/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.211.99.72:34596/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.53.22.223:41927/i id: auto-1795a79e05c4558adf7069b65f17c44cf52ee25877c28095b0ce42462ca2bad5 status: experimental description: Detects traffic or activity related to http://5.53.22.223:41927/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.53.22.223:41927/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.25.27:53045/bin.sh id: auto-2c45a3e03e8d0a7ffe488768ea1936d66c004699cec955e7e44516a12ce607ae status: experimental description: Detects traffic or activity related to http://219.156.25.27:53045/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.25.27:53045/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.202:53560/bin.sh id: auto-2dbc8629c6a78ec8e4e7922301a687ccd9e412665dc944d1cbe272859d5f5752 status: experimental description: Detects traffic or activity related to http://117.209.31.202:53560/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.202:53560/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.122.125:42805/bin.sh id: auto-0299d01d22b486b143a418fe7af01b1ca5290cdc61b09c27256dc616fda08359 status: experimental description: Detects traffic or activity related to http://182.116.122.125:42805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.122.125:42805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.241.10:37870/i id: auto-12216795e7d52f84243a5ab376fdc404e76cde06d70b505a6465a5e873e7ab8b status: experimental description: Detects traffic or activity related to http://115.55.241.10:37870/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.241.10:37870/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.41.191:51644/bin.sh id: auto-30d5c303d86b0bd7a2edc4ff5d300af5b0136593bd7d9eed962acdd45bb6db94 status: experimental description: Detects traffic or activity related to http://115.50.41.191:51644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.41.191:51644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.240.6.31:49766/bin.sh id: auto-aba5cf6dbc6c235089afc1e722fe49e88ec17a788484f1cc48c2b057dfdd0c8f status: experimental description: Detects traffic or activity related to http://84.240.6.31:49766/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.240.6.31:49766/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.164.63:33578/bin.sh id: auto-c909955ff012e3592a1ba115f8e9bb4b3ce1060a027939c672e91d7cef59ba18 status: experimental description: Detects traffic or activity related to http://182.123.164.63:33578/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.164.63:33578/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.53.22.223:41927/bin.sh id: auto-47d4c73cd938b1da63b3d5c2a758c9fe281dc772d6bce39574a5f3a8b2964352 status: experimental description: Detects traffic or activity related to http://5.53.22.223:41927/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.53.22.223:41927/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.241.10:37870/bin.sh id: auto-513a8639f821d4c7f41158fc78a38b297085d0e3a5d20093c7ca7fb0fe26be6c status: experimental description: Detects traffic or activity related to http://115.55.241.10:37870/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.241.10:37870/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.22.236.21:13069/.i id: auto-91db9f3211aae12e0787eb787ff63bda8755fee9d863d17d0623cbe78f94b050 status: experimental description: Detects traffic or activity related to http://123.22.236.21:13069/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.22.236.21:13069/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.137.171:45202/i id: auto-346bbd89a44e34ed6b18e4015f202ed5f3b0041768a779a9f97db989630fde9b status: experimental description: Detects traffic or activity related to http://119.114.137.171:45202/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.137.171:45202/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.213.165:54223/bin.sh id: auto-1d987671bf5f7659f3960630e28352c07def5a10a8daeb2aec1d804f0e360541 status: experimental description: Detects traffic or activity related to http://115.50.213.165:54223/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.213.165:54223/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.137.171:45202/bin.sh id: auto-fb7f2f2d0ae01e3cfdff323a6ac3dae40012fca0d408d27c850f2f5bd05e3710 status: experimental description: Detects traffic or activity related to http://119.114.137.171:45202/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.137.171:45202/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.23.183.171/nuts/poop id: auto-bd67073e2ff75ca59ef6a1f1527edb9010ff34e90cb8ab6c420bdb5a411415d7 status: experimental description: Detects traffic or activity related to http://82.23.183.171/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.23.183.171/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.31.250.12/nuts/poop id: auto-67e33939953d61c462152b0004838d99b4a529ac2dfd328b19a68c6afd40a547 status: experimental description: Detects traffic or activity related to http://78.31.250.12/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.31.250.12/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.110.115.3/nuts/poop id: auto-3117aa8edc3c8a4503e305234bbf346383d54eafd79cd343cfb18468240badcb status: experimental description: Detects traffic or activity related to http://77.110.115.3/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.110.115.3/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.215.48:39703/i id: auto-a695bc31e0403a464205fe4399d3acb43ecaa1f5d5f745d33f928f2a87729822 status: experimental description: Detects traffic or activity related to http://222.138.215.48:39703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.215.48:39703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.12.15:50934/bin.sh id: auto-abfeafba69bf8efa63eec22da655ee8bce2514e9bfad7f57f394906f25b1ad3f status: experimental description: Detects traffic or activity related to http://219.155.12.15:50934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.12.15:50934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.99:58645/i id: auto-a200c885696bd8b25aa5b2c6c1645b7a2e1c9a959ac75a1639693d6b01a14ca2 status: experimental description: Detects traffic or activity related to http://110.37.104.99:58645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.99:58645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.11.134:41306/i id: auto-a15863a6b97b738b462a47fdd67dda9769869d09138e3e61e47c71fb42933695 status: experimental description: Detects traffic or activity related to http://60.18.11.134:41306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.11.134:41306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.64.84/nuts/poop id: auto-55c1a2945f7dd2216b94f6d76eb5840ec8386add5e7e3eefeb45cde9f0876a25 status: experimental description: Detects traffic or activity related to http://143.20.64.84/nuts/poop which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.64.84/nuts/poop*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.215.48:39703/bin.sh id: auto-784e5040e2fdc7e8ed0dced2588cdd5e8e8f39b2fac7c956738e134bd0f42455 status: experimental description: Detects traffic or activity related to http://222.138.215.48:39703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.215.48:39703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.79.209:34403/i id: auto-c77cffc35d22f1bd23db3a04173bd78c95264f6a6ee88207ba236c82b4e6419b status: experimental description: Detects traffic or activity related to http://182.112.79.209:34403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.79.209:34403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.11.134:41306/bin.sh id: auto-2d5fd7833a0aa9d29e19641d506d3e6188d29795a01678949474d477713a3afe status: experimental description: Detects traffic or activity related to http://60.18.11.134:41306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.11.134:41306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.0.100:50222/i id: auto-b2ee544c40a5fbf94094e2e831d5ef1e616d755086c4892d32b20e95de1ec957 status: experimental description: Detects traffic or activity related to http://113.237.0.100:50222/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.0.100:50222/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.164.63:33578/i id: auto-9442f0792be3ad64d9ebc90dcf82728472eb7f5814a2eac681dc966f26aa6901 status: experimental description: Detects traffic or activity related to http://182.123.164.63:33578/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.164.63:33578/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.50.57.143:45041/bin.sh id: auto-9ba0692352ed240d1932aca48e30163a6144e25fe680ee80846301f7acaa88f8 status: experimental description: Detects traffic or activity related to http://212.50.57.143:45041/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.50.57.143:45041/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.105.195:53952/i id: auto-dfabadc8483f75983d7122c120fbcccbc1bcee560256e9621a5fa4eaf3c4a79d status: experimental description: Detects traffic or activity related to http://123.9.105.195:53952/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.105.195:53952/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.177.152:50401/i id: auto-ee661090a5de5cc3e2e667945d31df23dad217a7b735d7e09e8afda6152498bc status: experimental description: Detects traffic or activity related to http://115.63.177.152:50401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.177.152:50401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.229.129:56987/i id: auto-cc5a4d4e8411586bf52d51736111c7b3a805318a99e6fd5c03ae779d6146661c status: experimental description: Detects traffic or activity related to http://123.12.229.129:56987/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.229.129:56987/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.105.169:58440/i id: auto-6df658ff417fd31a542cb2471e2092e2db4f61e82d8a8def0020b5ba823a800f status: experimental description: Detects traffic or activity related to http://110.37.105.169:58440/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.105.169:58440/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.146:60720/i id: auto-9cbe45e7f449e0a6caffa405a0cd1249f738a7fc05f6a52d7005423716844a9d status: experimental description: Detects traffic or activity related to http://221.15.4.146:60720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.146:60720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.53.31.41:50433/i id: auto-64fb615499535d502cbeb1543427d2d2a9e00b9f78d494635475e7ce92d8ea0e status: experimental description: Detects traffic or activity related to http://116.53.31.41:50433/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.53.31.41:50433/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.232.51:45108/i id: auto-8eaba43addfc94128cbbc40deca1185fa91ee17fa2fe4ff8f17fe2f0d7cb7701 status: experimental description: Detects traffic or activity related to http://182.122.232.51:45108/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.232.51:45108/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.59.160:33965/bin.sh id: auto-e47ea1a82a9ecc02c9ec84cbffe5e7ddf8648b5eaf14ab0a31d222ddf910bee0 status: experimental description: Detects traffic or activity related to http://42.53.59.160:33965/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.59.160:33965/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.79.78:38770/i id: auto-e384d76900ae29f558aff0ec44d98b5514a413b783413371d2cf24ced46224a0 status: experimental description: Detects traffic or activity related to http://42.231.79.78:38770/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.79.78:38770/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.115.12:46654/i id: auto-2fcc54d7e72c426bbeacfd9dd89966224e8a8e0b5e6b31e87f7400472865578b status: experimental description: Detects traffic or activity related to http://110.37.115.12:46654/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.115.12:46654/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:54254/i id: auto-60d1a81261691d7673a3bc4d9d66a55e955980a1f8c68694b9a1e399beb6a33a status: experimental description: Detects traffic or activity related to http://110.37.42.225:54254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:54254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.116.114:49322/i id: auto-a74d9002e4cd31493d9c0330844f8af2c5839cd09882cf97a8fbcb915420e43f status: experimental description: Detects traffic or activity related to http://175.149.116.114:49322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.116.114:49322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.251.158:39199/i id: auto-a8d2de321fcf4bacafaf454907100936aa4f52ab0743934f381b6e3645544f39 status: experimental description: Detects traffic or activity related to http://42.52.251.158:39199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.251.158:39199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.42.90.127:56735/i id: auto-de983cf6b9370c723a93de146ecec5c99b4c7f43490e9b65a75cfd67ae2e2b1f status: experimental description: Detects traffic or activity related to http://59.42.90.127:56735/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.42.90.127:56735/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.79.209:34403/bin.sh id: auto-f632d6a3fa534f52517b0f2306cb8ce11dd109fd20776deaa308a05f68f10ce2 status: experimental description: Detects traffic or activity related to http://182.112.79.209:34403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.79.209:34403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.118.160:39535/i id: auto-7410250f640c42065bc1c8200572e2391890e34e796b9d6f1f66a110820e2fc3 status: experimental description: Detects traffic or activity related to http://125.42.118.160:39535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.118.160:39535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.231.205:42631/i id: auto-3fe78475377317bd1b82f2c8d8aa7f946e347693162dfb93935df73f7c96bc38 status: experimental description: Detects traffic or activity related to http://113.231.231.205:42631/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.231.205:42631/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.105.195:53952/bin.sh id: auto-84b68c8bab987d7ebffdab1a610077133ae261284609b4f62ef267411f2ab67d status: experimental description: Detects traffic or activity related to http://123.9.105.195:53952/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.105.195:53952/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.221.197:36131/i id: auto-72c287da4ac1553964aded5f5653320a1a3272a294f9a5a8465da847e3f8bc52 status: experimental description: Detects traffic or activity related to http://182.122.221.197:36131/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.221.197:36131/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:35861/i id: auto-ff28c94f42248b766638d2d3333e64f42af6d88e268ce2f0b20eac6bcf57268b status: experimental description: Detects traffic or activity related to http://110.37.52.120:35861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:35861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.42.90.127:56735/bin.sh id: auto-5da597a6f92ea9377c49627a153e0f148021cdd32287b24604c66208bc46c3b8 status: experimental description: Detects traffic or activity related to http://59.42.90.127:56735/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.42.90.127:56735/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.arm7 id: auto-3a23033b4120235b7db49f4c3cdcc14705a03eb6aa0e8d6761a8546f053b054e status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.78.38:54675/i id: auto-5f7f205357633b0d111d2a589440201c2910f25fd33dcc8e9ff93bd66c5c4665 status: experimental description: Detects traffic or activity related to http://119.115.78.38:54675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.78.38:54675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.81.175:34276/i id: auto-22e15aeb85974dbe2417668a73d73ea03dc33cd3a0977d773895850b12972bde status: experimental description: Detects traffic or activity related to http://42.178.81.175:34276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.81.175:34276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.243.11:60591/bin.sh id: auto-4beef34031d347b005509dece9cea09b3f272843a1a2f876acf4a4f6f08f2593 status: experimental description: Detects traffic or activity related to http://42.225.243.11:60591/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.243.11:60591/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:35861/bin.sh id: auto-f333e7928d73938e113f1c117c9655ec1ae31040a6e1651bfaaa2b6688e72bae status: experimental description: Detects traffic or activity related to http://110.37.52.120:35861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:35861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.81.175:34276/bin.sh id: auto-197f1dc35cf8f20d082c0b3bbb8309c1679d6c83d166e207f13dd9893ecd6550 status: experimental description: Detects traffic or activity related to http://42.178.81.175:34276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.81.175:34276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/arm id: auto-525dedc90b9f7772b7f7bbfbf20f48fd440675e9403d933532d3d98ab8eecd02 status: experimental description: Detects traffic or activity related to http://45.83.207.173/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/mips id: auto-0d091711f5ddc83a0a562cea9c7b6e095da91d1f199d26c1dcec755e51b427fb status: experimental description: Detects traffic or activity related to http://45.83.207.173/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/arm7 id: auto-48e78674a88c488cb7acccb2a8b53cfadb5e859d6d83bc4a70a54b84b7da1df1 status: experimental description: Detects traffic or activity related to http://45.83.207.173/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-2248872e36845f2702c256429339059a4ff82eadd0939146fff6c8554dc5a129 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://helpradardps.shop/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-4102ddc96d1d04072795b23c49205df5281d04144e4506776a7e1fd0f61ef9a0 status: experimental description: Detects traffic or activity related to https://helpradardps.shop/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://helpradardps.shop/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dps-radar.sbs/DpsRadar.apk id: auto-7be3aa635a7f1c2b1f015d0e2174f8e3bad0c0de29ce95b2561dd811c524185c status: experimental description: Detects traffic or activity related to https://dps-radar.sbs/DpsRadar.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dps-radar.sbs/DpsRadar.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.118.187:39679/bin.sh id: auto-fb03cd99d4d32b0d922c6ac809017dac1500f7f6d26e345f780587a8f31274ee status: experimental description: Detects traffic or activity related to http://42.86.118.187:39679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.118.187:39679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://co-emas.com/receiveharsh/changebusiness id: auto-78342c8be1f2448375fa88d21db9200ff977ab9738b4e78bff6c3c1f33621c2c status: experimental description: Detects traffic or activity related to https://co-emas.com/receiveharsh/changebusiness which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://co-emas.com/receiveharsh/changebusiness*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://co-emas.com/x/s id: auto-6e76fd027dc587ddcb4f421c60699899c3c2c1a8c20a6e5e689742f7b299e10a status: experimental description: Detects traffic or activity related to https://co-emas.com/x/s which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://co-emas.com/x/s*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://help.get-upgrades.com/last.php id: auto-9c9c3853ce64e8a6ea3b2d70a0cb8ded282b5fe52c3802aec34bf743b36a89c9 status: experimental description: Detects traffic or activity related to https://help.get-upgrades.com/last.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://help.get-upgrades.com/last.php*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.25.21:42119/i id: auto-e3c60b48ce4b8d05ca26bb415fc1721f5bae5f60acb85c520d2d3d52ecd00ca3 status: experimental description: Detects traffic or activity related to http://27.37.25.21:42119/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.25.21:42119/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.225.246:48480/i id: auto-654c3a6dd9bdffdf31caf786d9c88b8f71681875bcb75af8c14bbfe3858274db status: experimental description: Detects traffic or activity related to http://125.41.225.246:48480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.225.246:48480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.190:55477/i id: auto-0e34aa3ac119d8a4d28deb511a1da679af622c6452cd6679dbaa25f11282d7a1 status: experimental description: Detects traffic or activity related to http://110.37.38.190:55477/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.190:55477/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173///arm5 id: auto-f786b5279686f9af9c1125e6225a2dce4c0273eba7fe0f41e1932bb2f2b2fa01 status: experimental description: Detects traffic or activity related to http://45.83.207.173///arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173///arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.25.21:42119/bin.sh id: auto-604dd488a5005771783de51b6ed8d759b32c8a6b686c155f9307d6e7255a56b2 status: experimental description: Detects traffic or activity related to http://27.37.25.21:42119/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.25.21:42119/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.225.246:48480/bin.sh id: auto-46ec1cb2abe91ecfd285d99a48760864de3a5941a94d13ba190f07d6b064c52d status: experimental description: Detects traffic or activity related to http://125.41.225.246:48480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.225.246:48480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.190:55477/bin.sh id: auto-d4529fe7640591ea879007f90901cf052d6c0bb2959c84953007b9afdb863092 status: experimental description: Detects traffic or activity related to http://110.37.38.190:55477/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.190:55477/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.46.180:46642/i id: auto-0a6755bfc5986757bea0b2c94cf5808db9968db94bee59af7f005ccd80f02779 status: experimental description: Detects traffic or activity related to http://115.48.46.180:46642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.46.180:46642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.165.191:59970/bin.sh id: auto-212432a6004a6244d622b9f9070c33af5b7b6a275b3470d28585b3c5c6051ae3 status: experimental description: Detects traffic or activity related to http://182.124.165.191:59970/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.165.191:59970/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.58.143:41207/i id: auto-e425931bf070d9eb9a2d61bb0b75aa792a5209cd6dd801f96fd889929d3ba200 status: experimental description: Detects traffic or activity related to http://123.8.58.143:41207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.58.143:41207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.46.180:46642/bin.sh id: auto-230095011115f4d5eed38c3149cc48701ccf51439ea4403598ca69161fd42d22 status: experimental description: Detects traffic or activity related to http://115.48.46.180:46642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.46.180:46642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.216.84:55377/i id: auto-30a1a1a7a3867173ebb24019e093de8302d889fe897000f03de5c09f6d89d318 status: experimental description: Detects traffic or activity related to http://42.55.216.84:55377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.216.84:55377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.221.197:36131/bin.sh id: auto-d2a1d3817d6f1e6f76bcfdc1bb513f429212be7ac4524f6041d4fec6b029ec12 status: experimental description: Detects traffic or activity related to http://182.122.221.197:36131/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.221.197:36131/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.137.199:46715/i id: auto-a315a2915c1c65bb3e179af09e5c1c9d39d20917360c192395db31d0828094b6 status: experimental description: Detects traffic or activity related to http://125.41.137.199:46715/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.137.199:46715/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.219.230:50078/bin.sh id: auto-9cfc440821202eadc3dfbf05e3d26bd18e8777c3c273ebdfa9f3dbcaac3d9c8e status: experimental description: Detects traffic or activity related to http://112.242.219.230:50078/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.219.230:50078/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.161.184:49525/i id: auto-08c55605b0b45ab37c680a8ca5a0220a51b54f8600ef1de23b2f3d81a1b1dd76 status: experimental description: Detects traffic or activity related to http://42.229.161.184:49525/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.161.184:49525/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.200.60.108:49805/bin.sh id: auto-c6917ec028c156318b342ea23a62bc55c76e42670763b8f5dcda177f667cab02 status: experimental description: Detects traffic or activity related to http://46.200.60.108:49805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.200.60.108:49805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.57.140:38854/i id: auto-3ed71fafbb17a3e849af5a4154d18423ba511206b5490a0e1a6d65657d8f00da status: experimental description: Detects traffic or activity related to http://42.224.57.140:38854/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.57.140:38854/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.211.68.247:45675/i id: auto-abad48b7473c3e6070f3dae3fe491b670ff162caf2665c30f71781b097f6f356 status: experimental description: Detects traffic or activity related to http://60.211.68.247:45675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.211.68.247:45675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.161.184:49525/bin.sh id: auto-e3e2d71316c8b8e1d15ebe9d6e428e0ff0fc331ee316ee5fe4a4464dc8cb4f77 status: experimental description: Detects traffic or activity related to http://42.229.161.184:49525/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.161.184:49525/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.152.219:48906/i id: auto-b7ae67f66b83bfd461c9e724f25d436541c83114833741caeed4b346843d3b9f status: experimental description: Detects traffic or activity related to http://222.137.152.219:48906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.152.219:48906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.72.4:40827/i id: auto-08e5499aef4c1597f54d09cab3c9f376272a9afdc66a75ab46c3e707cc294ecc status: experimental description: Detects traffic or activity related to http://182.121.72.4:40827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.72.4:40827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.152.219:48906/bin.sh id: auto-b2a4c141b6df55cc9410d2267aa0f0c69f53d70a7f001c4ef6e62977eee6c828 status: experimental description: Detects traffic or activity related to http://222.137.152.219:48906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.152.219:48906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.39.112:53695/bin.sh id: auto-34632a01ddc97dd105938136cff794b4f986a4fdd8eb479d5e3c2f937fa6d853 status: experimental description: Detects traffic or activity related to http://27.207.39.112:53695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.39.112:53695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.229.15:37948/i id: auto-c7485c26e1297ddbe5b323b4bba42a633476d021c9d0e9e8d5998aae0bf7a32f status: experimental description: Detects traffic or activity related to http://125.41.229.15:37948/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.229.15:37948/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.254.187.163:37772/i id: auto-921f490828fe3a9145d59a13cd93ccef377a02948e8d2559e695063ef2805492 status: experimental description: Detects traffic or activity related to http://180.254.187.163:37772/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.254.187.163:37772/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.137.199:46715/bin.sh id: auto-b944ce4a2fd79354009a86089f9f6fbe73abe1eceab817b0fa03b31550cd53e8 status: experimental description: Detects traffic or activity related to http://125.41.137.199:46715/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.137.199:46715/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=a32&stage=true id: auto-03cf0de9330e228c64a217ec7546a114275962f597617cfa755c12ca7b0e5c0e status: experimental description: Detects traffic or activity related to http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=a32&stage=true which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=a32&stage=true*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=l32&stage=true id: auto-b05fde666c99c68064dddd897fb4b00ddaf8b9aaf0fa69a631c3a762fdf19768 status: experimental description: Detects traffic or activity related to http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=l32&stage=true which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=l32&stage=true*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=a64&stage=true id: auto-880520a55dc50bd7f85b0e4bb84bc0eb138b6c61957580bb4d4f6ef430cb0cf0 status: experimental description: Detects traffic or activity related to http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=a64&stage=true which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=a64&stage=true*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=l64&stage=true id: auto-5633245b52bec01dcef7c5276cf179c9a70102d4f12c34b268cb134edb276ee6 status: experimental description: Detects traffic or activity related to http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=l64&stage=true which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.226.135.117:6554/?h=23.226.135.117&p=6554&t=tcp&a=l64&stage=true*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.106.157:40158/i id: auto-08047e6273f094ba92a53f61b6fe8570c213e48a128d47f893001c741a10ab67 status: experimental description: Detects traffic or activity related to http://182.121.106.157:40158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.106.157:40158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.229.15:37948/bin.sh id: auto-32d60f5851442f41a9104b79ef1e07cf1ad04d0db0b4d9f44ad60bbc5add0655 status: experimental description: Detects traffic or activity related to http://125.41.229.15:37948/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.229.15:37948/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.254.187.163:37772/bin.sh id: auto-5102b7ae722dd46149387048623102d42bc09995e102d3dbdd755094d7c96103 status: experimental description: Detects traffic or activity related to http://180.254.187.163:37772/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.254.187.163:37772/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.217.124:32979/i id: auto-f92acab8c8992ea9ffce4229069a16b386817ab41c1dfd07beabbc0b28270c8a status: experimental description: Detects traffic or activity related to http://182.113.217.124:32979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.217.124:32979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.226.135.117:6554/slt id: auto-41a7fd3ce21a28d0a367074d48b885c151078a81f0c70e63394983d9e3c2f586 status: experimental description: Detects traffic or activity related to http://23.226.135.117:6554/slt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.226.135.117:6554/slt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.0.104.232:33788/i id: auto-a7645d9cc22b17f881ba7fd2f683e8e6502238e23d10fdc07c6f09fb98436d29 status: experimental description: Detects traffic or activity related to http://61.0.104.232:33788/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.0.104.232:33788/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.207.227:53441/bin.sh id: auto-273ae2b317a2cadbe736cc4551d8cbd37f8c963c4aeb2986098d5355048f98b8 status: experimental description: Detects traffic or activity related to http://175.168.207.227:53441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.207.227:53441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.78.16.134:60940/i id: auto-ce9135de13ba312624043345ad89961dfd16e33b7ae477bcdca2bc7dd0b9fc25 status: experimental description: Detects traffic or activity related to http://39.78.16.134:60940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.78.16.134:60940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.117.154:52705/i id: auto-bfa37802127776be431192d43251a8db1b20186eee2a2b68055cf5e0542189a0 status: experimental description: Detects traffic or activity related to http://123.13.117.154:52705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.117.154:52705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.12.15:50934/i id: auto-aefc9e1b6023fd22feb5dd32081b49f5209630fc650ec3ecd126a3b5f990c1da status: experimental description: Detects traffic or activity related to http://219.155.12.15:50934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.12.15:50934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.52.55:54679/i id: auto-e89c130c167a44a5df5738cb8a0af7e6b9dbe0afcd42a710d0ec5bc24007ac16 status: experimental description: Detects traffic or activity related to http://42.235.52.55:54679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.52.55:54679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.50.57.143:45041/i id: auto-69623dea3a853be61661a961add03c927b9eabb0d8e00c716aa9a4e00ef12378 status: experimental description: Detects traffic or activity related to http://212.50.57.143:45041/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.50.57.143:45041/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.211.99.72:34596/i id: auto-21c36f40df6d8242db0b5043329f4efbc97fe20fd645d5cae2e20b8655ae7552 status: experimental description: Detects traffic or activity related to http://60.211.99.72:34596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.211.99.72:34596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.217.124:32979/bin.sh id: auto-b853aaab34c05cb1f2e68ec014f4f9d96d0fc9e7a47f70c1ff93704d612f4e3f status: experimental description: Detects traffic or activity related to http://182.113.217.124:32979/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.217.124:32979/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.106.157:40158/bin.sh id: auto-b0a093638dea430d7b64e1fe4419b2c0ab56f70711ebf4c6fbdbd8ea5d09e2c0 status: experimental description: Detects traffic or activity related to http://182.121.106.157:40158/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.106.157:40158/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.0.104.232:33788/bin.sh id: auto-31e98af564fb36e9d5d25ab50dd761b7d9bff6c06de3240274714d3a935381a4 status: experimental description: Detects traffic or activity related to http://61.0.104.232:33788/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.0.104.232:33788/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.50.152:50300/i id: auto-054061f0237df88f3a67384d3196f12dc1253cd8cafa0e80e4f391ab6c5de69c status: experimental description: Detects traffic or activity related to http://117.215.50.152:50300/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.50.152:50300/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.241.93:59972/i id: auto-94ef39027a8bc148f0fed1aa9e16a60f67d21a33b7ff968eea2d61bf9a3e4a7d status: experimental description: Detects traffic or activity related to http://123.9.241.93:59972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.241.93:59972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.225.139:54728/i id: auto-e84fc19d54db76326cd61fddc434374629193c5ffc7c3ec08ad2e1a16825ef87 status: experimental description: Detects traffic or activity related to http://182.123.225.139:54728/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.225.139:54728/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.113.23:56466/i id: auto-f8dbc87510c3016439ae009d832e9be5d8578b76a84e5b82699a29c37f333b0a status: experimental description: Detects traffic or activity related to http://123.188.113.23:56466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.113.23:56466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.50.152:50300/bin.sh id: auto-ec3a0b1d717c65c1511c0f54b048fc4a839436214e4dbf2bb08ee8e1a9c42c73 status: experimental description: Detects traffic or activity related to http://117.215.50.152:50300/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.50.152:50300/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.241.93:59972/bin.sh id: auto-f43844287e4f614588f9794bcea6fae4c0d52bbc308823a1d15482f08e8d8bf7 status: experimental description: Detects traffic or activity related to http://123.9.241.93:59972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.241.93:59972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.27:38741/i id: auto-d0ac6f337a9ef7fdfa4be9b1702798d5a8b58d32fd97fe1b50d85b1a953451a6 status: experimental description: Detects traffic or activity related to http://117.209.95.27:38741/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.27:38741/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.22.200:41231/i id: auto-8ace905ce4ae555aa988177409b85550ad52cff8a083775de6937f2a76094dc3 status: experimental description: Detects traffic or activity related to http://123.9.22.200:41231/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.22.200:41231/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.225.139:54728/bin.sh id: auto-71a80e8ac217c240db6b137c4db03d523a6e3e5b9efc9532f06d0cbc538728bb status: experimental description: Detects traffic or activity related to http://182.123.225.139:54728/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.225.139:54728/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.100.40:56245/i id: auto-d5748463152d4bdd2dc1ca7534494f241dd525d27e4d7b61a0bef3c21141bb75 status: experimental description: Detects traffic or activity related to http://113.228.100.40:56245/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.100.40:56245/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.13.157:59585/i id: auto-476677951b8ff679817173a1df9d471632c707c5ec28037e2d507d82198e7122 status: experimental description: Detects traffic or activity related to http://182.119.13.157:59585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.13.157:59585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.27:38741/bin.sh id: auto-b48f4b7b021ce01118cc5c651d78adb877b94d329314ce86de83650b421275f1 status: experimental description: Detects traffic or activity related to http://117.209.95.27:38741/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.27:38741/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.22.200:41231/bin.sh id: auto-b0b83efff618874cc7e876ae7ba00a7686acf3fcd3d07f18e9c03238f1fc2e6e status: experimental description: Detects traffic or activity related to http://123.9.22.200:41231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.22.200:41231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.100.40:56245/bin.sh id: auto-a99fb586804a692dd5fc8c8924d9c739e9fe457cea2f03dd8498e5bae7eff26b status: experimental description: Detects traffic or activity related to http://113.228.100.40:56245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.100.40:56245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.100.46:36285/i id: auto-2d1785dc3fd4f52ca6b5932f7fe0abab61951c9a93b2138c26304beb559757c7 status: experimental description: Detects traffic or activity related to http://42.54.100.46:36285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.100.46:36285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.13.157:59585/bin.sh id: auto-29cec44a1216ba5990ae26afac003d97e0bf1b165a235e6f65d68a099a174a6a status: experimental description: Detects traffic or activity related to http://182.119.13.157:59585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.13.157:59585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.105:43874/i id: auto-d923c1fed83a7ad59e06316cb3170e7f978f8e8c654d6de0cca540ba17ad0b07 status: experimental description: Detects traffic or activity related to http://110.37.37.105:43874/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.105:43874/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.90.203:53544/bin.sh id: auto-b10829a67c4f11b4971172813c63deb4e6bdb369e48f29b6d22e22b85e36f729 status: experimental description: Detects traffic or activity related to http://42.59.90.203:53544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.90.203:53544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.mips id: auto-082ce7c51f888b470ea1436e9ab202cec5b884aee620bd287ef402497cbd99bb status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.arm5 id: auto-bc98bb7ac6c543cf4dd1b7204e06a2554047ada932e6cd02ae7c0b8ae026cdc6 status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.ppc id: auto-74c6b1a8a17469a2961b576d104472f486bb3558bb25d2dbd825a2413243349d status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.sh4 id: auto-bf95a452279781e3e633688a8a89c394027142467c414727db41d967b420de8e status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.x86 id: auto-fe28d4514dcc4290bed3deb2a81ca5c482d6ff4bab75f51c46d3a9b1da5b00c1 status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.m68k id: auto-e67ab4d5494d2b041768e280c96b0d8f9f5db476ca7a0f6ce704c191530570e3 status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.mpsl id: auto-fc8203a433c822baa20ee346bbd097f64fd31790e69ba671440b99fe4d46c60f status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.spc id: auto-13134b5c8abd3ae5699e954a4b1081ccc7d65c8bbd26acbe0b284aac14132c2f status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.arc id: auto-67f4f22404efc156b762e05ccaacece409bb9d00fc63103e428198a76d185b8d status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.arm id: auto-49dc03c9d7e64b419d3653549f7bd4db5af93c85b0f90c53f6452dce8ea456cd status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.230.84/hiddenbin/boatnet.arm6 id: auto-429cb76c6a7d43947e608b02b8635030dd4c3460878500111945ba38c90712a7 status: experimental description: Detects traffic or activity related to http://150.241.230.84/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.230.84/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:53662/i id: auto-da22a66c44cdf4a9aaffa294acb1fda71bfbca662893924b78ab4361af1984d8 status: experimental description: Detects traffic or activity related to http://110.37.76.189:53662/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:53662/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.151.197:49355/i id: auto-49ae6246166a47c0d130faa5ec714393e3202bc22d004cecff86140403f43fb1 status: experimental description: Detects traffic or activity related to http://108.170.151.197:49355/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.151.197:49355/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.245.201:33214/bin.sh id: auto-0e1563f0a976bece98d1931ccd9ed218003cf74b772af617f5fddedde0feeff7 status: experimental description: Detects traffic or activity related to http://123.14.245.201:33214/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.245.201:33214/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.148:44716/bin.sh id: auto-56bf06a3aba6d517732b398079330ef354eb6f81f917916120aa28a035863564 status: experimental description: Detects traffic or activity related to http://60.23.235.148:44716/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.148:44716/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.238.172:46402/i id: auto-ad38ba00525b2032f6fc116b199b37133dc63a84356b9872301aa654e969c0bb status: experimental description: Detects traffic or activity related to http://42.59.238.172:46402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.238.172:46402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.255:39775/i id: auto-931b6d5a4df904d22c5b349f58b77d06115ac1dc630c2cbadf2bef54ed788a1b status: experimental description: Detects traffic or activity related to http://59.96.137.255:39775/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.255:39775/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.238.172:46402/bin.sh id: auto-0ae26b27a3ada758e0d0c9e7e58169165ff20a104bf2a2f59cd5f7d7ca6d572a status: experimental description: Detects traffic or activity related to http://42.59.238.172:46402/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.238.172:46402/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:53662/bin.sh id: auto-66553f66a5a69f52fbb71d83f30fb5d6e201ca3befe4ca5bfb091221cddd9dfb status: experimental description: Detects traffic or activity related to http://110.37.76.189:53662/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:53662/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.93:58925/i id: auto-4132109d0daea0781733d05bfb8bbb49aad6e344c5b236cf36b2979ef4b64f8a status: experimental description: Detects traffic or activity related to http://59.97.250.93:58925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.93:58925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/shard-manager id: auto-7e0eff73b7622d69f9b7505e23fdd1fe3d5d091d9c41535561d26462e476c76c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/shard-manager which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/shard-manager*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.63.147:53310/i id: auto-2553b77993dacd3d9aadadfbe4d84b9a0e52249e6e6070c27c97906667cfb5a3 status: experimental description: Detects traffic or activity related to http://115.55.63.147:53310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.63.147:53310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.60.9.106:47826/i id: auto-d2ee6b9649be19efdb12de0facc0e41916bb2e716fa2234565bc55634a9bf31a status: experimental description: Detects traffic or activity related to http://182.60.9.106:47826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.60.9.106:47826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.188.28:46256/bin.sh id: auto-c1cf581490dd4e823ba8b512be583a8c737bbec6394b61bb816d7abff0fb4b7c status: experimental description: Detects traffic or activity related to http://59.92.188.28:46256/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.188.28:46256/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.119.74:49481/bin.sh id: auto-0f166119e21feb9369c6b500b17a846ade4629d149ca588c9be63f38f9e0e839 status: experimental description: Detects traffic or activity related to http://182.116.119.74:49481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.119.74:49481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.93:58925/bin.sh id: auto-cbaea6b29fdd38fad5e8c377863b5d4f3061b0e58b4ded2c20fee795f6496c74 status: experimental description: Detects traffic or activity related to http://59.97.250.93:58925/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.93:58925/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.160.255:34062/bin.sh id: auto-dc5c22b4a5138626d72382929082e9c2ed3761edf6e4b81ac22305501dd94b0f status: experimental description: Detects traffic or activity related to http://115.48.160.255:34062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.160.255:34062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.28.248:36609/i id: auto-0ebece124ab261f852c643b3b7a2103b313e5ba940373a3ebb8f5a89081fc628 status: experimental description: Detects traffic or activity related to http://115.52.28.248:36609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.28.248:36609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.63.147:53310/bin.sh id: auto-b0d2b07b04f7366a870c70d947ed98b175a99a9ac0c2f857cc30eb723a3a0dbe status: experimental description: Detects traffic or activity related to http://115.55.63.147:53310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.63.147:53310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.60.9.106:47826/bin.sh id: auto-d909d7ca7d412b12bad72d39b99a4e8ae74ca8f862a9dbe815c8df9faf4ab528 status: experimental description: Detects traffic or activity related to http://182.60.9.106:47826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.60.9.106:47826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.186.48:34623/bin.sh id: auto-62ee56579a27aa91d0f6c95b42494ee21ab00e17601c739bab0ad5f948df1873 status: experimental description: Detects traffic or activity related to http://112.248.186.48:34623/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.186.48:34623/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.173.70:46421/i id: auto-223d501ffedac39f05cc4718bee46153bfa439886ca04fd967d07f8945e8b624 status: experimental description: Detects traffic or activity related to http://117.199.173.70:46421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.173.70:46421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.145.242:38819/bin.sh id: auto-708d530eaf1c3f666efff57598d5aab975e9bb461888d0072edeb81b2e6f04f7 status: experimental description: Detects traffic or activity related to http://115.48.145.242:38819/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.145.242:38819/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.28.248:36609/bin.sh id: auto-314fc7e81aa15e612618b78cd06aa8849c570ca65860fb2f6d30e4da7cc0924c status: experimental description: Detects traffic or activity related to http://115.52.28.248:36609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.28.248:36609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.79.193:57629/bin.sh id: auto-a57a1ff5cc87322f571ae2b2359067d959c650c1ff7bf8146c8c9f4760719d63 status: experimental description: Detects traffic or activity related to http://222.138.79.193:57629/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.79.193:57629/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.89.33:58971/bin.sh id: auto-6ddf9e73d0146d1af31eab84487a154cfad6ba02044a1bbda0b6ca0edb8e4cac status: experimental description: Detects traffic or activity related to http://42.59.89.33:58971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.89.33:58971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.29.158.172:60296/i id: auto-7f044b41283ff3ad8de22aa217b57ba53736e008d5380d71895c21ea071b9434 status: experimental description: Detects traffic or activity related to http://88.29.158.172:60296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.29.158.172:60296/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.252.150:44974/i id: auto-cca82d155d6d87ef18f76a2693d494c5ba21f12ddc31114ea9619864f147dc35 status: experimental description: Detects traffic or activity related to http://221.15.252.150:44974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.252.150:44974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.133.221:56366/i id: auto-1ba06dd1f82492b82a0d035770a8e407873c762b2d5c51f89a9e2f9dd026f40e status: experimental description: Detects traffic or activity related to http://123.10.133.221:56366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.133.221:56366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.210.97:47928/i id: auto-4ae5e17cda00cdad6d6f502e080a15f91b92abdad51f6ee5a4b76c1bf085714c status: experimental description: Detects traffic or activity related to http://120.28.210.97:47928/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.210.97:47928/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.161.47:33137/i id: auto-7977bd193fca21ea72590539917e67bb08da2e684336f304ea5b0c0043b4b557 status: experimental description: Detects traffic or activity related to http://182.119.161.47:33137/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.161.47:33137/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.14.27:43460/bin.sh id: auto-0de0bc65437dbf0f333c8370de565bf3d616745387b6ee74971f3e9cc3e49537 status: experimental description: Detects traffic or activity related to http://182.116.14.27:43460/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.14.27:43460/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.29.158.172:60296/bin.sh id: auto-cab9c30e398d302004a0ab9fcd42f7e00f0da27b4d1e20025b4e8f305febcb87 status: experimental description: Detects traffic or activity related to http://88.29.158.172:60296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.29.158.172:60296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.252.150:44974/bin.sh id: auto-76063e21e7038886762a520d6c3486337e01be4cd8167e57f742a805393e0ab8 status: experimental description: Detects traffic or activity related to http://221.15.252.150:44974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.252.150:44974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/replication-worker20 id: auto-0703a6c5bb37c317fbf3afd49dae07c17605d27a434605b10eb0150d54a7f73c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/replication-worker20 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/worldstate-27-delta-vsync/replication-worker20*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.104.59:35384/i id: auto-3cf5deb6f3fa0f75413845d4b43e679e38ba9b153db049b1f49068fbbc53e080 status: experimental description: Detects traffic or activity related to http://182.121.104.59:35384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.104.59:35384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.210.97:47928/bin.sh id: auto-da5bba2efaf82c30e68b703628c452af8baa6479e8a4a39dd854617b31e84108 status: experimental description: Detects traffic or activity related to http://120.28.210.97:47928/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.210.97:47928/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.161.47:33137/bin.sh id: auto-08e857ab2b4315ba48f5e533f14215e9d1030ef2be414b5d26cb93d38d0d3220 status: experimental description: Detects traffic or activity related to http://182.119.161.47:33137/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.161.47:33137/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.114.245:39601/i id: auto-df8bba8be6ea24f5fd45fe8606e70889f1b31424391a1e8be157348313c59c03 status: experimental description: Detects traffic or activity related to http://182.124.114.245:39601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.114.245:39601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.19:53008/i id: auto-38ccbe48b4ae6b510c36fad993b9290f324f39ce4faf6717044d292d9245df99 status: experimental description: Detects traffic or activity related to http://117.209.15.19:53008/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.19:53008/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.180.47:33518/i id: auto-f698a83e869f9cc2f79acfc38316a2676d94dbefe52a09ec4e22a5caad725ca7 status: experimental description: Detects traffic or activity related to http://115.54.180.47:33518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.180.47:33518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.104.59:35384/bin.sh id: auto-a70e5f7d67b79c5755e4812e50764363cce14567cda3a65221886225c73a6027 status: experimental description: Detects traffic or activity related to http://182.121.104.59:35384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.104.59:35384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.114.245:39601/bin.sh id: auto-b807f186f8d0a12d9c373444cc19541b24240f86d7e08bf263df509ed1cb14f7 status: experimental description: Detects traffic or activity related to http://182.124.114.245:39601/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.114.245:39601/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.29.187:44981/i id: auto-567f1c7aadab5c49ed74f4a5f2ca11e5095e2a17ca659987bb3ff9ac085fe08e status: experimental description: Detects traffic or activity related to http://202.107.29.187:44981/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.29.187:44981/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:51849/i id: auto-e7de47bcafb381fc4238e966c27de35bca61c35a831927a13717e876b5f5814b status: experimental description: Detects traffic or activity related to http://36.64.174.50:51849/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:51849/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.160.82:44901/i id: auto-be967ebb6eae38e31b30033858464769e59bec49a4cd74dc8310da64fd5cb05f status: experimental description: Detects traffic or activity related to http://60.22.160.82:44901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.160.82:44901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/boatnet.mpsl id: auto-807fc2499a3b343e96f979be5dcf5066773e6da5e7b2eaa5b5f5cf87851169e6 status: experimental description: Detects traffic or activity related to http://216.126.237.216/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.79.168:36135/bin.sh id: auto-63dbe3095e7443052d17ca3b508176228f915354cbe125a82c8ab1c0c79f72b5 status: experimental description: Detects traffic or activity related to http://222.137.79.168:36135/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.79.168:36135/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.236.155:41691/bin.sh id: auto-76b7f33c2dbb6c71b5501271e1c73ac8335404232beaec96b73967e0aba97e83 status: experimental description: Detects traffic or activity related to http://42.178.236.155:41691/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.236.155:41691/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.214.39:53303/bin.sh id: auto-00f2016002a434d0e736e983402d9b5d1fd8cc17299fbee13172cbedfd3ec46a status: experimental description: Detects traffic or activity related to http://120.84.214.39:53303/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.214.39:53303/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.108.241:33172/bin.sh id: auto-ba9c92245e19812a24d987032b9721dea333828e593519a3e92c56b3302dc0db status: experimental description: Detects traffic or activity related to http://116.138.108.241:33172/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.108.241:33172/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:51849/bin.sh id: auto-c1854111e59710e367b5a17c1b4192bc4291b6ddfc0c676956f3c4909702c6dc status: experimental description: Detects traffic or activity related to http://36.64.174.50:51849/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:51849/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.152.178:34737/bin.sh id: auto-fd00aed94806436a8f72c5f79882fe727f48d2414c4b1b93ff1668592092c49a status: experimental description: Detects traffic or activity related to http://119.114.152.178:34737/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.152.178:34737/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.205.42:45017/i id: auto-2b2637faee4015e25764af8437c5c06f2b1a7edcebc824362bdb2758097a9617 status: experimental description: Detects traffic or activity related to http://222.138.205.42:45017/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.205.42:45017/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.99.60:53717/i id: auto-a83845789183617f03fc50ec15c75c3faa34a1af06d772adc175cf4b6e990917 status: experimental description: Detects traffic or activity related to http://115.58.99.60:53717/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.99.60:53717/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.5.31:59653/bin.sh id: auto-165b3ea007167682c95309b898f9b0f177ca0e28b3d90ced4ca306f4a706bfb6 status: experimental description: Detects traffic or activity related to http://123.8.5.31:59653/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.5.31:59653/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.sh4 id: auto-12ab508579fa3f65a349d71e71af4ba8e25775bd825d0b24839f0f2d1ca41c7a status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.mips id: auto-d90f88bd658291823d4a6221e60468564ade112612041d4596a0e535acfb8677 status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.x86 id: auto-9965bbf1b40b50eb24a7d5698f27e717c87cbabe0414b5e9836c9b0574e02490 status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.arm id: auto-3c2982b9428e15263f803239c1522e3aa114a4096233bfe0c7d15903b0c45c93 status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.97.157:48034/i id: auto-99637e99cc830baa1d5ebd449ec6ff1c7b0dc8631cb5a6ff56b104c82ec24f67 status: experimental description: Detects traffic or activity related to http://175.169.97.157:48034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.97.157:48034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.90.115.236:11137/Mozi.m id: auto-e409e90fe63db38c2b0f2e49b381e09d76414dbc1ecb63676541fe3c1c2b9532 status: experimental description: Detects traffic or activity related to http://176.90.115.236:11137/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.90.115.236:11137/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://96.66.24.241:50125/i id: auto-5bab035485e5d8a95ef97212deca43cbd5ff2f15f2463781b2213012c579759f status: experimental description: Detects traffic or activity related to http://96.66.24.241:50125/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://96.66.24.241:50125/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.s390x id: auto-943e6ff7ecff88148a9ded1db955faa7b0412050e1819823ef64088b41a88025 status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.s390x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.s390x*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.mipsel id: auto-d4bf245c3883f14568342df63864ad481db4dde23419a46f0e8b71620e7323aa status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.158.198.175:8080/bot.arm7 id: auto-6e8f1eec01f5595528198f0402d923f10fe5a3374b24534f004a11e21bf3940c status: experimental description: Detects traffic or activity related to http://34.158.198.175:8080/bot.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.158.198.175:8080/bot.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.192.244:48855/i id: auto-a7c38d28870a1bb6ea878a0a28035719f536fb5dd5f61eed18aeb91c64e99e3f status: experimental description: Detects traffic or activity related to http://123.9.192.244:48855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.192.244:48855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:43149/i id: auto-a01b84239cdb2a853951d168340bdaae034cd9be123a21e7fb3607fba115a768 status: experimental description: Detects traffic or activity related to http://188.38.158.163:43149/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:43149/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.50.57.143:45041/Mozi.m id: auto-c25966ae54a580db7fe2c8caa01711df094aad473a6e0d77e055be5754ded94f status: experimental description: Detects traffic or activity related to http://212.50.57.143:45041/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.50.57.143:45041/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.86.5:55557/bin.sh id: auto-a207c204ed0822b91491988a0d8b3f60da8b018176c487f42436bfb6d1ff5d2b status: experimental description: Detects traffic or activity related to http://175.165.86.5:55557/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.86.5:55557/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.75.0:47268/i id: auto-0a1f9bead2ddcd6b2a0aa759213cff7f3b51ea6a54470e7443626ae5d52b5f93 status: experimental description: Detects traffic or activity related to http://175.174.75.0:47268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.75.0:47268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.86.5:55557/i id: auto-7c208fbb382caa990b248ee66b17ceeeecc5376822307644a9b43268ac9eb782 status: experimental description: Detects traffic or activity related to http://175.165.86.5:55557/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.86.5:55557/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.214.105:59808/i id: auto-7f7d1836f2882ce2d0b16a77943d2853d5e8e7a221aa363f6bc11c9bcc14b7e4 status: experimental description: Detects traffic or activity related to http://115.57.214.105:59808/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.214.105:59808/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.29.162:51239/i id: auto-7b7aa42868855b3234eeabc3a9796ab74f3b0a3a5c360633ea38077a9627976c status: experimental description: Detects traffic or activity related to http://182.112.29.162:51239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.29.162:51239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.66:57495/i id: auto-a6eb664dc9d18e34e49c8ea87d0160de965d6bf2b558f3161dd22b8b029f61e6 status: experimental description: Detects traffic or activity related to http://110.37.118.66:57495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.66:57495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.173.194:53104/i id: auto-5ec8dbb746e7eeaa70bf0f4c404669aabf4659f53470e60c499e29cf823ec0d9 status: experimental description: Detects traffic or activity related to http://117.205.173.194:53104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.173.194:53104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.89.163.39/hiddenbin/boatnet.mpsl id: auto-1affb5723601d6ebaeec55fed4edfc34593678234b70281fa5aa2b5a6ab2de5e status: experimental description: Detects traffic or activity related to http://64.89.163.39/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.89.163.39/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.163.130.252:60134/bin.sh id: auto-7658023a20e2c0e5a6476e575da61b4604e98d9b75a75452a298a6db39195fb6 status: experimental description: Detects traffic or activity related to http://61.163.130.252:60134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.163.130.252:60134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.177.104:38201/i id: auto-11e5c0c679b2e0f3452c80ba3847d8082e2599af1879fbc781b05ec078613cf1 status: experimental description: Detects traffic or activity related to http://112.225.177.104:38201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.177.104:38201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.156.143.62:53440/bin.sh id: auto-fe688eecfeb106d68a58e6abc95e503511d5b124eecf72c3ca134848f37a7da4 status: experimental description: Detects traffic or activity related to http://122.156.143.62:53440/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.156.143.62:53440/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.194.203.96:55838/bin.sh id: auto-8e15748639598b81d62773766dc11b136da7311c7c57f97c7f3c19a8c799599f status: experimental description: Detects traffic or activity related to http://27.194.203.96:55838/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.194.203.96:55838/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.234.127.43:18254/i id: auto-260380c01d633aa2d12bba61ba9ceedccfdb06487904874420ede6c613baba5c status: experimental description: Detects traffic or activity related to http://85.234.127.43:18254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.234.127.43:18254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/feel354-wool1364-carol-739/iguana-v274 id: auto-ca409ebb6bc68797f9a80ede3ad1e84636b57ab9daa31e4116a5e2508b08e926 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/feel354-wool1364-carol-739/iguana-v274 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/escalator82-12-facecloth-junkyard/feel354-wool1364-carol-739/iguana-v274*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.177.104:38201/bin.sh id: auto-191cb61620f22630acb45268457106dcf258eeb61798704e2fc85eafdc94bdf2 status: experimental description: Detects traffic or activity related to http://112.225.177.104:38201/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.177.104:38201/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.251.200:38279/i id: auto-697ddce817e85359ab37ee5d27aec0ab9ed457ee1c1e9dac5cc0c24611bb052d status: experimental description: Detects traffic or activity related to http://175.167.251.200:38279/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.251.200:38279/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.211.94:57235/i id: auto-86434bb022e75f99d870462e6f6cd08ddb36dd1c564f779bbc5fc3b58bc3350e status: experimental description: Detects traffic or activity related to http://176.226.211.94:57235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.211.94:57235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.251.71:32875/i id: auto-3cfda1a3001dce5551e59ac6ba8fe3c6e2379e3311cce2214fd3741a24227422 status: experimental description: Detects traffic or activity related to http://59.184.251.71:32875/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.251.71:32875/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.251.200:38279/bin.sh id: auto-b24c8643c92d7162631a2479cb6d08631f5b06b2a7dce18a9c86d0b87fa63c84 status: experimental description: Detects traffic or activity related to http://175.167.251.200:38279/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.251.200:38279/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.214.29:50154/bin.sh id: auto-f3ec43f1553ff35d3d824d96223fbd1ec934e907d5b3a0eca620ab4581806609 status: experimental description: Detects traffic or activity related to http://117.247.214.29:50154/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.214.29:50154/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.19:53008/bin.sh id: auto-3bfca4ea5cb95f3d003349742d5c376cf4069f9a9b02d097f30cc42c32076d25 status: experimental description: Detects traffic or activity related to http://117.209.15.19:53008/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.19:53008/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.88.61:38060/bin.sh id: auto-e5a5e3d72219ba0dfa3f3de012916667709f0e6d17dc5ac8b446a01647f9c9ce status: experimental description: Detects traffic or activity related to http://125.43.88.61:38060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.88.61:38060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.71.108:33872/i id: auto-aad61159353e36aa579f347cb104f63a3a9eb71f2cabf1064c50b02a41509ed4 status: experimental description: Detects traffic or activity related to http://61.52.71.108:33872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.71.108:33872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.209.231:40693/bin.sh id: auto-6c62c036b1102fdb59c7de4cc6ed6dd366591d73e289bc1f5a18fb2c7dc964ca status: experimental description: Detects traffic or activity related to http://125.44.209.231:40693/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.209.231:40693/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.8.128:46729/i id: auto-9a1eb59d4e662ada8fc167d57f932c730de2a7c9c0f324c925a43eb54ba88bca status: experimental description: Detects traffic or activity related to http://115.56.8.128:46729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.8.128:46729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://docsmoonstudioclayworks.site/docarmazem/installer2.zip id: auto-4aecc101f5e39b8b98d681b7109b1d425fd09cf5e36e75ed8bfd9836e4ae131b status: experimental description: Detects traffic or activity related to https://docsmoonstudioclayworks.site/docarmazem/installer2.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://docsmoonstudioclayworks.site/docarmazem/installer2.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://muller.help/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest id: auto-114c6449458e9698922ff39f74da4f1e0777bc2658e6051c09b53536be8fee24 status: experimental description: Detects traffic or activity related to https://muller.help/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://muller.help/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.71.108:33872/bin.sh id: auto-d64f577663c33429d0d5a6c593815fa5ff7d3aa65c376af1e60a20b9310ac6b5 status: experimental description: Detects traffic or activity related to http://61.52.71.108:33872/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.71.108:33872/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.199.92:48110/i id: auto-30555ce012016be366a3bde3015b94ab4a003bdd5f5455fcc2a8be51de4cb16f status: experimental description: Detects traffic or activity related to http://222.142.199.92:48110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.199.92:48110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.30.46:44686/bin.sh id: auto-a0c094bdbb9e2a384ca8fe6b6bf883912f6dc819ce91076444154ef972ad01cf status: experimental description: Detects traffic or activity related to http://61.1.30.46:44686/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.30.46:44686/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.209.231:40693/i id: auto-16dd0062a967cd19dc96c7b7ac7bbef3eaf1c81258a32603c71ccbfb4496b0c6 status: experimental description: Detects traffic or activity related to http://125.44.209.231:40693/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.209.231:40693/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.8.128:46729/bin.sh id: auto-8d986d4c23f1d92c1285937dd54742e82c48d2bbb22248b1e02508f470000d72 status: experimental description: Detects traffic or activity related to http://115.56.8.128:46729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.8.128:46729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.86.96.183:443/02.08.2022.exe id: auto-d3dba395e0af252235cc4f50a99394418e83c5644d2404fb42f3b43f89c80363 status: experimental description: Detects traffic or activity related to http://47.86.96.183:443/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.86.96.183:443/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.69.199:50181/i id: auto-5d9d51184bbdad9dde8d6e650600fbe6546e4cf72904db022841084909d2d9ca status: experimental description: Detects traffic or activity related to http://42.235.69.199:50181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.69.199:50181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.98.253.102/02.08.2022.exe id: auto-8f7b610246c62527e26af096e7d45032f9c2a1459f1cb360a2b11cff5e2bd57b status: experimental description: Detects traffic or activity related to http://47.98.253.102/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.98.253.102/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.109.59.81:8888/02.08.2022.exe id: auto-fca623a306dc59d58fe78ba38dea78e4790db412fd89d261320017285bafe799 status: experimental description: Detects traffic or activity related to http://47.109.59.81:8888/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.109.59.81:8888/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.192.97.230/02.08.2022.exe id: auto-86f8c468e6a3bf085297c0b90bf04a41470634aa1548228819159537c0b24fbb status: experimental description: Detects traffic or activity related to http://45.192.97.230/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.192.97.230/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.159.183.246:8080/02.08.2022.exe id: auto-a4b970fd5708274920f5c101cfede250f1ab1c4dd26f1f1d58d1adb7a4702505 status: experimental description: Detects traffic or activity related to http://139.159.183.246:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.159.183.246:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.56.75.239:59945/i id: auto-e88db41b6841f7936ef2feff7236734afb56e15c13762d927e07384e2cd1fdcb status: experimental description: Detects traffic or activity related to http://14.56.75.239:59945/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.56.75.239:59945/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.170.234.202:46099/i id: auto-4a2c91c80de4827f88383523b9fb6811e792642dea67097a64d4a591f478d316 status: experimental description: Detects traffic or activity related to http://152.170.234.202:46099/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.170.234.202:46099/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.109.171.2:22455/i id: auto-b67569732d351a9f15625a8e8fcb536d6453fbc7b6fed6a4fe60f9989c9c084a status: experimental description: Detects traffic or activity related to http://116.109.171.2:22455/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.109.171.2:22455/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.226.213.234/sshd id: auto-4689009e2091749f7a38a9e9c0bf5358245aa11eb8a331c0b44cde7ca608fe1a status: experimental description: Detects traffic or activity related to http://171.226.213.234/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.226.213.234/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.200.97:8081/sshd id: auto-ccc839c5cce1f1b66755b52a91c99f1a499a7be269984d9101bdf8635b2c3488 status: experimental description: Detects traffic or activity related to http://120.157.200.97:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.200.97:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.71.21:86/sshd id: auto-4ee6f1f9693fc3720cd553ee393fc7f11bddd67c4bd5b60d092f1187c96daa00 status: experimental description: Detects traffic or activity related to http://120.157.71.21:86/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.71.21:86/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.33.135.212:59968/i id: auto-6827d1df8e36be46003eef89f279746f2d583ca3ff1a40e3ec31ec435215a310 status: experimental description: Detects traffic or activity related to http://118.33.135.212:59968/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.33.135.212:59968/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.23.205.198:61406/i id: auto-2438ab7bdcbbc41fd02c15839bcbcfbcae271e4c21f76cab61e64f21879e47e1 status: experimental description: Detects traffic or activity related to http://89.23.205.198:61406/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.23.205.198:61406/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.182.204.67/sshd id: auto-1e1ab29c2bd911787dcb1326fde0641e609333cb08e89a1123b9b10738f960a8 status: experimental description: Detects traffic or activity related to http://113.182.204.67/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.182.204.67/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.98.158.86:15251/i id: auto-b19005702c067a101639d5be7e6e3c090c24896b09a16d729a0531d80da18fca status: experimental description: Detects traffic or activity related to http://86.98.158.86:15251/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.98.158.86:15251/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.236.242.226/sshd id: auto-c79b17b362529aacd795cba653d54b855d146601130e3e0fd65bd9f666eab9b9 status: experimental description: Detects traffic or activity related to http://14.236.242.226/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.236.242.226/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.90.38.99:35173/i id: auto-c886c675f9e79dbf8f73a977424ba997acda8c3d79bd40f12567681ddea4ef2a status: experimental description: Detects traffic or activity related to http://103.90.38.99:35173/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.90.38.99:35173/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.124.36.81/sshd id: auto-953923bd659f55445d9e0f42b60c0beef52be7714f7f5c3c9317251fe169ddd2 status: experimental description: Detects traffic or activity related to http://46.124.36.81/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.124.36.81/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.151.36/sshd id: auto-125545f8b7e86d8f82aadc1b11f6907f00af8ec38f98716f6d60850636d88a59 status: experimental description: Detects traffic or activity related to http://83.224.151.36/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.151.36/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.139.126/sshd id: auto-fc1f52e5bb155460030fddd83032f38d6d2cb82dcd7e271313cf899ea02bdcd4 status: experimental description: Detects traffic or activity related to http://83.224.139.126/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.139.126/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.49.65.8:34735/i id: auto-acdfeb67238898def42e03d726ac0b415b0360c25ecf3ce406435ab66a6362e6 status: experimental description: Detects traffic or activity related to http://36.49.65.8:34735/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.49.65.8:34735/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:35583/bin.sh id: auto-505ba46a48a65465205ef692a8a60cc52cd7d075c4cea862446183a37283666f status: experimental description: Detects traffic or activity related to http://110.37.78.200:35583/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:35583/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.176.236:36057/bin.sh id: auto-1fef582e584bf4ad52124b8130d95f23fbaf1b9617a819fc402079798ebe7483 status: experimental description: Detects traffic or activity related to http://112.249.176.236:36057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.176.236:36057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.69.199:50181/bin.sh id: auto-0b240436f40adb75f3275a06d505eb55f95ff731ab989f7008feb8f851212ed6 status: experimental description: Detects traffic or activity related to http://42.235.69.199:50181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.69.199:50181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.208.191.240:41374/i id: auto-c1f3e4fa240efc3b3d866196c76272705fcc35954996635b18cd12816ae30ce3 status: experimental description: Detects traffic or activity related to http://58.208.191.240:41374/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.208.191.240:41374/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.90.245:35660/i id: auto-9e9512c0f373e3e3c42362540cc3dfadbecdd380ff68b4d02f55951477a483c7 status: experimental description: Detects traffic or activity related to http://42.55.90.245:35660/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.90.245:35660/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.208.191.240:41374/bin.sh id: auto-aeb2cc34ed4003f1e94a35e42eaedccbbcf51d54cc58043ff3685e2c65a0d56a status: experimental description: Detects traffic or activity related to http://58.208.191.240:41374/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.208.191.240:41374/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.mpsl id: auto-efbf1a9bc4b662dfa7dd74068b69b1107329bedfcf47fe603fe946db1b945c8d status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/baoocpb.txt id: auto-59435f5f99aaaafeca38a48e267b8027755464ad93f62141f2022bfd1b508214 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/baoocpb.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/baoocpb.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/jIkgoge.txt id: auto-7c3b66d662ee22ca2ec76cdf8deb3ab6faba6d7f1d42502a521258cde40247d7 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/jIkgoge.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/jIkgoge.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/mdcfedf.txt id: auto-27500e7d8965b3bc39acb303d04c0dfd350daa41a5909f3900e50bdc94919d4b status: experimental description: Detects traffic or activity related to https://softwarez.site/text/mdcfedf.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/mdcfedf.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/miSjbge.txt id: auto-3da22f03ed705b9eb1f77948ea235928f9ba4d28ad7365fb4f4d6af14026db77 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/miSjbge.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/miSjbge.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/SpfcpkS.txt id: auto-586c69074e3cfcb90fc95b8d5ccff301da94eee5f942a3b96e8245f3c50eee27 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/SpfcpkS.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/SpfcpkS.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/hjImiig.txt id: auto-e3f4e91d50427db87f9a3cb1210db8917e6ac844cd684e50f8fe00c94c84e757 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/hjImiig.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/hjImiig.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/FkkrfhS.txt id: auto-bdaac9485fa17e56b2a040645cf110f80718ca2c830c781eb6e825ac1236765e status: experimental description: Detects traffic or activity related to https://softwarez.site/text/FkkrfhS.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/FkkrfhS.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/Iemekid.txt id: auto-f6de120a723ba749b021823372a2450c92f89a62406aa4a0921478ff75afa697 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/Iemekid.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/Iemekid.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/gkoemdI.txt id: auto-6969e6107f6ef4bcf755d4e05e5f9037e44036dad00a8386ec7f38411624b215 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/gkoemdI.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/gkoemdI.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/ggcgcSo.txt id: auto-6f0f1e8bf5c99e1bdddb9a81b941b7a74787fbcbfeb9bb8e2b0b60196bcce6a4 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/ggcgcSo.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/ggcgcSo.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/coAkddi.txt id: auto-e10923c3927075c4ee279d675696f18e656cedee2eefd1edc1cb522ddaa45ae6 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/coAkddi.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/coAkddi.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/wealthyman.txt id: auto-53a39a4044bf78d6e8ed20b6a69e302346267a5cfe05e480b6612915926b3be8 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/wealthyman.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/wealthyman.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/mcFmaAr.txt id: auto-b892119684b357708c216cf54ab904b5b27aa1c71b33759fca72318d459b3a0b status: experimental description: Detects traffic or activity related to https://softwarez.site/text/mcFmaAr.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/mcFmaAr.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/ecpdSbo.txt id: auto-f20f7f2b9d84cda99ebc9dd9c43e6265b9a9e9997ba0bdb8294d50b84dbca402 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/ecpdSbo.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/ecpdSbo.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/optimized_MSI.png id: auto-a4d3ca3f5600e815f9dff2ab8efc06fe9361eeec90db1b3bb61cf2da15d11ef5 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/optimized_MSI.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/optimized_MSI.png*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/dSFhrIa.txt id: auto-c5e3c6e6c3d88bdc0fdec08c5fe7501c69bee4be068567bc42fcbaed0003d1ea status: experimental description: Detects traffic or activity related to https://softwarez.site/text/dSFhrIa.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/dSFhrIa.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/alldriveskelly.txt id: auto-098552e7de3fca08b147142b0a971b9196ef491831e34cfd023a2e73e4414d62 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/alldriveskelly.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/alldriveskelly.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/gdhFbAa.txt id: auto-64d9f465e9db336157947bb788cfc91082fb329ad2b82648e9ff23f066589cfc status: experimental description: Detects traffic or activity related to https://softwarez.site/text/gdhFbAa.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/gdhFbAa.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/onedrivers.txt id: auto-451a12457fd32541d2ac7a6ff6467e73452ad7f39944a21653286bb763d4f4c7 status: experimental description: Detects traffic or activity related to https://softwarez.site/text/onedrivers.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/onedrivers.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/ddedkaj.txt id: auto-a11d807fc8b103fdf2aa88985222b824217d76a90f92b8873ad9de200223a27e status: experimental description: Detects traffic or activity related to https://softwarez.site/text/ddedkaj.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/ddedkaj.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bub100.s3.cubbit.eu/01/don-snake-vip-01upload%20(2).txt id: auto-5201e18a6a4fd7817eaf5de9f1b2c8178e0f5ecc05e64213ce5de3757da2f12c status: experimental description: Detects traffic or activity related to https://bub100.s3.cubbit.eu/01/don-snake-vip-01upload%20(2).txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bub100.s3.cubbit.eu/01/don-snake-vip-01upload%20(2).txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/remasd-6c702.firebasestorage.app/o/image.jpg?alt=media&token=f478957b-d4d9-440a-9c14-9e2d4868d760 id: auto-74b9591ddb2c78ddaa7455bdc7eaab0b52546e652eaeae32c49a63844852eede status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/remasd-6c702.firebasestorage.app/o/image.jpg?alt=media&token=f478957b-d4d9-440a-9c14-9e2d4868d760 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/remasd-6c702.firebasestorage.app/o/image.jpg?alt=media&token=f478957b-d4d9-440a-9c14-9e2d4868d760*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://softwarez.site/text/acrekoc.txt id: auto-c3d311159babce7bf140b0c04da9b24bcb277193036c306b31b59dcbc81de82a status: experimental description: Detects traffic or activity related to https://softwarez.site/text/acrekoc.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://softwarez.site/text/acrekoc.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ia601704.us.archive.org/1/items/amd_20251218/MSI_PRO_with_b64.png id: auto-5902414863251cb9a448c5a6a4b73132cd99678ac9ed4c55351ec0152e56c2be status: experimental description: Detects traffic or activity related to http://ia601704.us.archive.org/1/items/amd_20251218/MSI_PRO_with_b64.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ia601704.us.archive.org/1/items/amd_20251218/MSI_PRO_with_b64.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dialkwik.in/BD232/ENCRYPTED.ps1 id: auto-dcfc83606a40a3f70d51cbb8c7a8bed0e7d0e48b612b5a86ced0809a4b003869 status: experimental description: Detects traffic or activity related to https://dialkwik.in/BD232/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dialkwik.in/BD232/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.208.105/aarch64-linux-gnu id: auto-270a619d5ec2c172ef4e3e5887fa3cee1f91a062cd775d023638327d4af51455 status: experimental description: Detects traffic or activity related to http://46.202.208.105/aarch64-linux-gnu which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.208.105/aarch64-linux-gnu*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.45.161:39675/i id: auto-f84296ed2f5603b16eefbe1184f9b731da487a10ac2e175a445bd341b7d48d24 status: experimental description: Detects traffic or activity related to http://42.87.45.161:39675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.45.161:39675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/622tf4.ps1 id: auto-17669207feda832db952891b12d2a11017ba063cd5a5e213e9a98b27bca3d273 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/622tf4.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/622tf4.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.90.245:35660/bin.sh id: auto-60308b86ec7f650e0b870c7b9acebb13d49cdf7d2241e5ffcc5b043ff1675e5a status: experimental description: Detects traffic or activity related to http://42.55.90.245:35660/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.90.245:35660/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/nigazzzz-e9f50.firebasestorage.app/o/Cdddlean2.jse?alt=media&token=a9d22454-5f23-4c8d-84bf-7787abb2c2ec id: auto-33daecfdd951cd64d3b6909d09d754d409511c5fff1cbd08ee9a74a1e3d81840 status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/nigazzzz-e9f50.firebasestorage.app/o/Cdddlean2.jse?alt=media&token=a9d22454-5f23-4c8d-84bf-7787abb2c2ec which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/nigazzzz-e9f50.firebasestorage.app/o/Cdddlean2.jse?alt=media&token=a9d22454-5f23-4c8d-84bf-7787abb2c2ec*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/ugofour/ugox/FfgGD2hgtDEGHwog.js id: auto-4e65c65ea8a0fbaa3ec2500a38e51698c25f45eeaaa4a539de3780e90f4b357d status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/ugofour/ugox/FfgGD2hgtDEGHwog.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/ugofour/ugox/FfgGD2hgtDEGHwog.js*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.mediafire.com/file_premium/7rq6zy4kzhzq4ls/ConvertedFile.txt/file id: auto-7dc8b14eee5a47cfe50f4e9a71337060e4c629e65b2049048397b579f641d24f status: experimental description: Detects traffic or activity related to https://www.mediafire.com/file_premium/7rq6zy4kzhzq4ls/ConvertedFile.txt/file which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.mediafire.com/file_premium/7rq6zy4kzhzq4ls/ConvertedFile.txt/file*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/1ca41f.ps1 id: auto-2fabe15a8527130595a09e6e9c73628ce16afda4a0bb85ee110d6aa8cdad7469 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/1ca41f.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/1ca41f.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/gubfdm.ps1 id: auto-53ad246bc88e39585bfab9c5044eeac878ea0ea0873c797a293a59a17557f751 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/gubfdm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/gubfdm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/gi563t.ps1 id: auto-68c6e1e0086dbf66279c5f3c880642a1bdf8eab680d151ee2c58b4ee84b4c823 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/gi563t.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/gi563t.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.3.171.243/2/ConvertedFile.txt id: auto-1e8603315a0059090b50636e9df49285c7151a48abcbf77236abb971789e296f status: experimental description: Detects traffic or activity related to http://192.3.171.243/2/ConvertedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.3.171.243/2/ConvertedFile.txt*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/td09u9.txt id: auto-ff1541dbbff40743ace1877997dfe91d6bd0a08c29020ddce4f5f4512f0bdbba status: experimental description: Detects traffic or activity related to https://files.catbox.moe/td09u9.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/td09u9.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://copresco.com/ConvertedFile.txt id: auto-daa2efd222738c434157d87b9c2516df4e1a3d71329413d6a4fe3b0809f7cab0 status: experimental description: Detects traffic or activity related to https://copresco.com/ConvertedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://copresco.com/ConvertedFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/xis.txt id: auto-9390bdfd40526467e3f2c902692d068d0ae8aa1d48c4a6d644ed3b076da5bee3 status: experimental description: Detects traffic or activity related to https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/xis.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/xis.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.220.78.81:52789/i id: auto-8bc042cd40a8208583c4fcf08551f8b52b0755ff1982a5817bd03f0f4fff65ae status: experimental description: Detects traffic or activity related to http://117.220.78.81:52789/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.220.78.81:52789/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/e48uej.ps1 id: auto-dd73d5df21aebfdc4b8d500a9058d1d8e3eaf236f4a7a0889b53f32689f62e68 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/e48uej.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/e48uej.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/wdg0h2.ps1 id: auto-122ea116a44b1ac0f5d88ce3ca22e45b2e25a1e217882ac63052e362a7ea0a9b status: experimental description: Detects traffic or activity related to https://files.catbox.moe/wdg0h2.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/wdg0h2.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/o8ero5.ps1 id: auto-6cec453fed0f5b21e191487a59080bf8bb4c5ef1162afd22220926f8202d913e status: experimental description: Detects traffic or activity related to https://files.catbox.moe/o8ero5.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/o8ero5.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2FJS.txt?alt=media&token=8121d613-fe58-4418-80dd-328896b66ad9 id: auto-423594ecd3d2f38a911de7492bb8448284ba9c6cd064ebda884ae3fd520ead26 status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2FJS.txt?alt=media&token=8121d613-fe58-4418-80dd-328896b66ad9 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2FJS.txt?alt=media&token=8121d613-fe58-4418-80dd-328896b66ad9*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/SV%2FjsGeorgia.txt?alt=media&token=defe7278-6441-4cf1-b0ff-d7ee24652110 id: auto-2dff18e01b698e514e66f7d8c7058bb1715262db6b248bc6a9935740801fbfca status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/SV%2FjsGeorgia.txt?alt=media&token=defe7278-6441-4cf1-b0ff-d7ee24652110 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/SV%2FjsGeorgia.txt?alt=media&token=defe7278-6441-4cf1-b0ff-d7ee24652110*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/Pe%2Fperodita.txt?alt=media&token=b760e899-9f74-479a-9502-005740540108 id: auto-27fb42b97155da7a59fd6d6cf96e8ae9ab892d7c2ef8bdb207518c5eaaf8ee93 status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/Pe%2Fperodita.txt?alt=media&token=b760e899-9f74-479a-9502-005740540108 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/Pe%2Fperodita.txt?alt=media&token=b760e899-9f74-479a-9502-005740540108*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/fRUGJQaxaRlf195.bin id: auto-46ab9e2b976916ae2c82342335ae5f0984f1d0e583378ba95c7a8b7a20b33ec4 status: experimental description: Detects traffic or activity related to http://192.227.135.219/fRUGJQaxaRlf195.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/fRUGJQaxaRlf195.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/QjhOmaGLCRcS249.bin id: auto-c37ddef078da9b4f5aad9f3e514a100881b1e5160503f0bdd8073b07c9ac424d status: experimental description: Detects traffic or activity related to http://192.227.135.219/QjhOmaGLCRcS249.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/QjhOmaGLCRcS249.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/Hjem.psm id: auto-b4a0a58ea8e3c81ce274ca731236ab7d9747ca5b6cd0f42b481b51ca234a475b status: experimental description: Detects traffic or activity related to http://192.227.135.219/Hjem.psm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/Hjem.psm*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/slingnonf.psp id: auto-122e85bf37a2f85737f3747e20659853228aa2717d3ef424eefedaa3527c6035 status: experimental description: Detects traffic or activity related to http://192.227.135.219/slingnonf.psp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/slingnonf.psp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/Hjertefrek.dsp id: auto-d40211b882d2e6a202cd6ce426d21119bc2dc78c0ef338b949ece60e2451d7b7 status: experimental description: Detects traffic or activity related to http://192.227.135.219/Hjertefrek.dsp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/Hjertefrek.dsp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/Tildelgono.sea id: auto-2ec7bd082241953d44a5d03936202e0f28768347ec1966fe1f8bf838adc0de7e status: experimental description: Detects traffic or activity related to http://192.227.135.219/Tildelgono.sea which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/Tildelgono.sea*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/cybRgAsIuJiEUIWwhQenea30.bin id: auto-8cadcf36c2b3342604220043e787fd0c38ae7356ac593f26e198bf1a0ba40739 status: experimental description: Detects traffic or activity related to http://192.227.135.219/cybRgAsIuJiEUIWwhQenea30.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/cybRgAsIuJiEUIWwhQenea30.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.227.135.219/oIwpuDrY46.bin id: auto-1ddc010e403d5aa5ef2b341db3c5eab147ff0fba95b87b1f8fc916f261ae4f53 status: experimental description: Detects traffic or activity related to http://192.227.135.219/oIwpuDrY46.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.227.135.219/oIwpuDrY46.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/yhxgp9.ps1 id: auto-dd9d4d07e61c81c4d372c87277a98ebe096704491249471e9c46c276faee887e status: experimental description: Detects traffic or activity related to https://files.catbox.moe/yhxgp9.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/yhxgp9.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/w96404.ps1 id: auto-d33edae38a211f8e9a6af0f3cf652d70701a0f6494c037adc4c279c783fca11c status: experimental description: Detects traffic or activity related to https://files.catbox.moe/w96404.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/w96404.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/z7b6i4.ps1 id: auto-109470e82397c4ea1927b8f964b1233677f827cb72f9c64459987618051fb41a status: experimental description: Detects traffic or activity related to https://files.catbox.moe/z7b6i4.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/z7b6i4.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/kdw0z9.ps1 id: auto-ab3dafce41723a09ba6dc90f204f3425f8ef3ac9bdaaf4c3d1a9fa3757c86553 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/kdw0z9.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/kdw0z9.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/fn05hm.ps1 id: auto-0912b0b56932677125f36706f293405da86e47b08e38e6a5c81b08c6885aa5b2 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/fn05hm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/fn05hm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.1.108:55463/i id: auto-bcc8d92dcea481c461df020b3680dabc0a094372c8f4f8deb334bb115b81d967 status: experimental description: Detects traffic or activity related to http://125.40.1.108:55463/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.1.108:55463/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://my-jin.s3.cubbit.eu/oriv1.7.2.0-31a301upload%20(2).txt id: auto-dd59405ae17c60443bc868e15de3266b758e51a4a3eb6d3c628e3454df16d28a status: experimental description: Detects traffic or activity related to https://my-jin.s3.cubbit.eu/oriv1.7.2.0-31a301upload%20(2).txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://my-jin.s3.cubbit.eu/oriv1.7.2.0-31a301upload%20(2).txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://asdetinweb.xyz/zi/tgmult.zip id: auto-dadcdfb3a56ba23f8718351a2d887c64d60e3b9cd192b8ae67ce10c9a7018d5f status: experimental description: Detects traffic or activity related to https://asdetinweb.xyz/zi/tgmult.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://asdetinweb.xyz/zi/tgmult.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.189/deals/xwormsolu2026.txt id: auto-88e1f7e787001caf1141cd76c9fc657c5762ce308c0a43162e6cd1dfa0b3a89b status: experimental description: Detects traffic or activity related to http://87.121.84.189/deals/xwormsolu2026.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.189/deals/xwormsolu2026.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/ofu.ps1 id: auto-0745f26c2483250d31785970a992042859921cb66c19ee6b74d5fe7fa2849eb3 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/ofu.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/ofu.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.220.78.81:52789/bin.sh id: auto-bf8748c7eac9ff367b72c30ed11a973e759419c91e8742e5ac5af2885c026526 status: experimental description: Detects traffic or activity related to http://117.220.78.81:52789/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.220.78.81:52789/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/ugofour/ENCRYPTED.ps1 id: auto-2639945b4dd19d27ce7c95e5dd17948850f779b32b68a2c65deacdd70fdf3e82 status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/ugofour/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/ugofour/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/obione/ENCRYPTED.ps1 id: auto-9c68b46a23111f4823b5670c7d752b80ec644ebfc48d03bec0b7cc6172b2425e status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/obione/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/obione/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/sarahh/ENCRYPTED.ps1 id: auto-f41dc198a6fc366011a701d392817d954291710f5026bf6fe98f00329d3ecd71 status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/sarahh/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/sarahh/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.208.105/x86_64 id: auto-456ba23523e2b3f7971f511be092e6ded445a8534fb3efd633e87cf3ac60e4d9 status: experimental description: Detects traffic or activity related to http://46.202.208.105/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.208.105/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.1.108:55463/bin.sh id: auto-ddddb6636f2ce184c96a2c771bc8185b7d4ecfe94cf5197d7395a9f47c48b380 status: experimental description: Detects traffic or activity related to http://125.40.1.108:55463/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.1.108:55463/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.131.194:49232/i id: auto-9ad4b4062cb8849de9729dd77fe1fea43ebad35877ef98afc42ebcb319615249 status: experimental description: Detects traffic or activity related to http://123.8.131.194:49232/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.131.194:49232/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.245.108.32:39155/i id: auto-8981fcbf2f4bc029c8bc8a552a0695e5fb2d76eb305a5756b92ae36c87caadf6 status: experimental description: Detects traffic or activity related to http://123.245.108.32:39155/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.245.108.32:39155/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.245.108.32:39155/bin.sh id: auto-a9c4f9b65866534729f9b82f0008625c49eb71c7fb95ab208ff9bfabd4dd955a status: experimental description: Detects traffic or activity related to http://123.245.108.32:39155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.245.108.32:39155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.131.194:49232/bin.sh id: auto-588eb93df1a81f473bad00cf3cbd43d15fd7b2ecbe622c2d2b2da89c4b960564 status: experimental description: Detects traffic or activity related to http://123.8.131.194:49232/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.131.194:49232/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.m68k id: auto-caba35e04f5435942e93bb473fa3431b6267a33bd00d08fe7cbf8ed6e2e48078 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.arm6 id: auto-f706002662e5790cc749219c99de1c961a7bf4e9ee918e6d860297a512f907ef status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.i686 id: auto-773af7f0462196f58611fd0a7e9746fc84b1fa2a18fa41a0a2bd4ac20ea6cf67 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.sparc id: auto-ddf426153c499157c8cb79cfdbda761f670c7a5bacae7c5c4b3ebf73f5edfe76 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.mips id: auto-310384e4bc5216718015622d56ac6bcd027277a78dfcf92aa620b621660586e2 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.arm7 id: auto-5d254f44c203fa651c14874a33b37ccec498e1d0814ae38c07adc7882369a128 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.x86 id: auto-4a20e3369cee6dc6ba0aeace15ff564d8237d105f270b00a39a37d485e332de8 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.arm5 id: auto-ab57434e52278cd7ba9655f8ecbd889d32e28c69ad17499fc7908e682f992aca status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.mpsl id: auto-0b89cd346c900c27442e39947dcb7f44dc0ca031ebe51acb75f8f7cabfc17887 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.ppc id: auto-114ab1df4901c1d4df566da7092a91eccf6311a17a54487ad1b8298a1dc66029 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.sh4 id: auto-3f2f4499ae33b86d8669bb785adb567c020fdbdf13e6235eba7ca4d22e9fe27f status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.arm4 id: auto-af7f2a2d7436eb3ec5602f8ba525d3c960fb9549b7c4b5528839860aff34f43a status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/Okami.i586 id: auto-a433796049376ce0d0ac7fae44e2b9c28641355cc3fe2ea9c7a18b82830fb814 status: experimental description: Detects traffic or activity related to http://176.65.132.121/Okami.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/Okami.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2:6677/main/bins/arm5 id: auto-34f73cbf9d56e65acebc08fbdd9cd1c67858d6cfd3e997fd434a52eadfffbb4a status: experimental description: Detects traffic or activity related to http://130.12.180.2:6677/main/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2:6677/main/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.arc id: auto-8fe88733e6454d7c0b7f116aa38b12182362a179ea0c44330246ece9cbef6163 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.i686 id: auto-ed480abff49d302503c70a019fea9df1f7a6988bbacf44e0033f53cf7e6b472e status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.spc id: auto-0a959980a24b8b4c843893e74c2a974ccc47a8aebd26f7b0fbb7e545cc9d0460 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.i468 id: auto-9f2a60d159bc7462b7c3b9e7722ae41225b135cdca56cb2da72684a78b471a58 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dm.pminer.top/xmss id: auto-dd4a93be2a1b724788c7d45e45c796bde72baafbdba36ee79ba79a8954b21eec status: experimental description: Detects traffic or activity related to http://dm.pminer.top/xmss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dm.pminer.top/xmss*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.134.36:49761/i id: auto-73c0c3d8b309fb92fd338f0a227a9a7de4f68be93b086a1296d613b862a2aa3d status: experimental description: Detects traffic or activity related to http://61.3.134.36:49761/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.134.36:49761/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.134.36:49761/bin.sh id: auto-2ce024d94441f17e1bb545f1e281fd85965083168dafac71dfb2d23a4c038395 status: experimental description: Detects traffic or activity related to http://61.3.134.36:49761/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.134.36:49761/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.5.31:59653/i id: auto-c666a092fbd97955ebdb5b8f982ef0fedc3a7dd98f67d2563e7c8c41b1341bc6 status: experimental description: Detects traffic or activity related to http://123.8.5.31:59653/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.5.31:59653/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.231.246:46163/i id: auto-f4272750bb5153400d8d79742e44e4132df5a70ca44c9af5fb9d45c54a83e206 status: experimental description: Detects traffic or activity related to http://42.225.231.246:46163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.231.246:46163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.106.115:49220/i id: auto-153331a08003b779fb9f6c970459ee433ff9dbc094ac7d714815be4dd638355b status: experimental description: Detects traffic or activity related to http://5.59.106.115:49220/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.106.115:49220/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.37:56772/i id: auto-eaacc713e1933d692b6880f57c9685effcf4f9ab92086cc7f490d5a837f89fe7 status: experimental description: Detects traffic or activity related to http://110.37.0.37:56772/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.37:56772/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.39.112:53695/i id: auto-cb6d9d01eb44bb9971658425b8f68f9fba1ccbb518ae40789c8b2a51d7e2309f status: experimental description: Detects traffic or activity related to http://27.207.39.112:53695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.39.112:53695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.186.48:34623/i id: auto-32e3ce4bd34fa144d2a376bb53803f7f3ae9da342ddf2ffbc205072ef9792352 status: experimental description: Detects traffic or activity related to http://112.248.186.48:34623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.186.48:34623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.mips id: auto-d16a823bbf27760583fc1bc6c72a0e259f8b6e6e1b4bca4730fa1f403bc10500 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.arm id: auto-d9a8a89532899857ef7aa642513a2fee3da79a0655c7f217f303e032c40850fd status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.m68k id: auto-b9fce08ccada098ac37fa3f690f35392efca8381da3db2d28197eae1aadd03c1 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.arm6 id: auto-0cedd8038695195d241c06c4f16ac39d9af78a04f46a0a07c4486ebc41153b58 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.ppc id: auto-db239c0787f3903a81f759f385cc54883b55b96b930a34d4f1dd8af6dc98a581 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.arc id: auto-acf00e90764f4e2fb7bc7de4ee58fcfb020be543a4309e141237f62556127813 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.arm7 id: auto-b5b2fa56477b72f4e87bfec839f1fe9716ead964facf68907c415566f1676fd0 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.sh4 id: auto-6f49d97c5504877b7655a9523ce81fae53716d1a24ff9641bd9cef70ffc662e8 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.251.183:42527/i id: auto-1a23929b18bf048daf44043e3cbf97338d971b729dfa5290ea50ff48181af065 status: experimental description: Detects traffic or activity related to http://182.114.251.183:42527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.251.183:42527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.187.17.22:51139/Mozi.m id: auto-2e844e0368fdcda40184797ce20434011e1d3ba9a31e35c09db77f7644f93bc4 status: experimental description: Detects traffic or activity related to http://78.187.17.22:51139/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.187.17.22:51139/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.x86 id: auto-ba11ce2e3879942c38f125898295668537d751c8b726569aebbc93056c11ad04 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/hiddenbin/boatnet.arm5 id: auto-22f8bd51f6f9bce09a44444773251e50b92e16862ec2d8038e1b8f9ea6836b25 status: experimental description: Detects traffic or activity related to http://216.126.237.216/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.173.70:46421/bin.sh id: auto-d9d2b1b84c88f186ce7de6253dace0e2b7979b2b6c26ca2b430828ffa460c012 status: experimental description: Detects traffic or activity related to http://117.199.173.70:46421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.173.70:46421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.82.155:56085/bin.sh id: auto-85afa0ceaeb404cb1bea65ca4c7243cf844bd9e73e9d8d7bf9c648626433e340 status: experimental description: Detects traffic or activity related to http://113.237.82.155:56085/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.82.155:56085/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.66.202:55497/i id: auto-c6d39acd0de7e6265455c3dbd0371d6f749546e9ca59846ebfe2374731e296cb status: experimental description: Detects traffic or activity related to http://42.226.66.202:55497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.66.202:55497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.180.47:33518/bin.sh id: auto-03a2e7c4501feb80817637e2574ba614e53fb839a95217378a151e1cbac62f24 status: experimental description: Detects traffic or activity related to http://115.54.180.47:33518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.180.47:33518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.8.118.17:59236/i id: auto-c3aa08a0a3da9c709f8a102b835d5ad3a777b345039de15897e279abd56c8a82 status: experimental description: Detects traffic or activity related to http://45.8.118.17:59236/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.8.118.17:59236/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.66.202:55497/bin.sh id: auto-003c259479f1473f1dc682edbc78303885b76ec7b21fac04c7c6b23bc820118b status: experimental description: Detects traffic or activity related to http://42.226.66.202:55497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.66.202:55497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/opnic.exe id: auto-07e72c8c7955fbbc72497d5387781abd4bf2042b768c619c9880bb74ee92c735 status: experimental description: Detects traffic or activity related to http://62.60.226.159/opnic.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/opnic.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.105:43874/bin.sh id: auto-a9f86180ce2f264aa1b7abddcdc31e567c6ae0b997499cd6fc5461c3f2b602f0 status: experimental description: Detects traffic or activity related to http://110.37.37.105:43874/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.105:43874/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.27.66:51687/i id: auto-b1ea939660226c6e6565d8df252cf105bda579fd887584d04e8f6bfe42d9d735 status: experimental description: Detects traffic or activity related to http://59.93.27.66:51687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.27.66:51687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.194.201:45710/bin.sh id: auto-3d9ac69bd9cd3bde3ea6037b34631455ce25ef1ac9de14ff733f7527844acfde status: experimental description: Detects traffic or activity related to http://182.114.194.201:45710/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.194.201:45710/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.128.85:52576/i id: auto-741e78b6abe57e888920237dc21c62ee9862c88bb7caccaef0ab56c4ad0acbf8 status: experimental description: Detects traffic or activity related to http://115.55.128.85:52576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.128.85:52576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.arc id: auto-9accee4615a963eaaea0de06e24a04ad70353111fc2f0bb3ae345ce12a6d0f87 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.armv7l id: auto-977b1385e866e3cc1b6edc652e169d2ef12517fbc10910a26bcb5ab38f857a84 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.aarch64 id: auto-b7de3cbe4a359a5af1a6541c619708d5e00a10faa3a108793729f9cfba968442 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.x86_64 id: auto-61abf56b86e6040c0ee1e134bfa90a46fcaa2d10920e38b8b25bad4eac93a46d status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.armv5l id: auto-48d292052e930bba68e4e1dc22feb259118653f2b7c5d79573150ac401a2f72d status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.powerpc id: auto-6c690340e8f1826f882ee7df2007949c7716b8d16165ee005e9896d1a01fcaf4 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.m68k id: auto-84117447586187c521725159ab87d6de4a47acdd977d529fb3b212e58ec315fe status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.mips id: auto-7f795933e62b8806852575fa48fb6479ca0d1daed5702240a2726eca60e17357 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.armv4l id: auto-45c79e0a48d5cc9bda1549111aa9e72176b933784cd3b6099f1c5f924f045a97 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.armv6l id: auto-d5759d532e30928c210b335c005a5c6982a82981e4a0e2b2a1e38467c8594a8c status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.sparc id: auto-54240c83558a62878631ea486861dc47299d9f3d3c9d5f0066b8340204e2803f status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.sh4 id: auto-5721ff44330e20839341d1750016cf7b5c5b6d18475c006d1fc3ae325e40f4bf status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.mipsel id: auto-504a69025a01c905374df24097c54c33fda356997daa1fb7c9ff4941c955ae7a status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.80/iran.i486 id: auto-aa7e2823d0524fd825f5916de3b2377c7546dac756e6446646606652637f73d9 status: experimental description: Detects traffic or activity related to http://130.12.180.80/iran.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.80/iran.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.99.60:53717/bin.sh id: auto-e7ae0cec772686f08100addb1d9b8b0cb8141045d8a3f4fc78ee1584926916e8 status: experimental description: Detects traffic or activity related to http://115.58.99.60:53717/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.99.60:53717/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.27.66:51687/bin.sh id: auto-feeb089d7efe3eac84a03b09b8c7716acf157451ec83e4389efc38a432a7e700 status: experimental description: Detects traffic or activity related to http://59.93.27.66:51687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.27.66:51687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/sanding40-unsworn8-claim-s3/riverbank id: auto-19990272e1be07eb0212dd5db3a955da172638a5b636ae956a169d912b6fdb75 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/sanding40-unsworn8-claim-s3/riverbank which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/sanding40-unsworn8-claim-s3/riverbank*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.213.109:35442/i id: auto-81f24d0140b426fcaf22bc81dcc6d6846da220ff070b527122e6d21ee2ec76d0 status: experimental description: Detects traffic or activity related to http://125.41.213.109:35442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.213.109:35442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.18.90:46968/i id: auto-a0503629983f13f5a5a38fa14978ee7d25978fa36ddd094ab9130c0eaf43dd4f status: experimental description: Detects traffic or activity related to http://220.201.18.90:46968/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.18.90:46968/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.213.109:35442/bin.sh id: auto-3a302332fb2c7e67381831f0ded5e8be237dd0634b6a3387bd302fac0dedf161 status: experimental description: Detects traffic or activity related to http://125.41.213.109:35442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.213.109:35442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/heavily22 id: auto-bfc065cf7fd6da21b6910aa28dbf40a7908793da263b2b22c9258824fdac3942 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/heavily22 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/heavily22*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/unnamed82 id: auto-9f26f16c5e2c53f2477272c728db909f52c2b467fa6236def928680141217d99 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/unnamed82 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/unnamed82*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/unnamed80 id: auto-d6010ade5a0afce6cc57303b44b9e672ffa232e36c4c591915cd5d593c946cac status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/unnamed80 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/unnamed80*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.128.85:52576/bin.sh id: auto-f6856ab305b00496a742d363340cc52d4a22356f147bd69d2cd78994ad7a32db status: experimental description: Detects traffic or activity related to http://115.55.128.85:52576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.128.85:52576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://techhkonnectt.top/Bin/ScreenConnect.ClientSetup.msi id: auto-88a2e3247200388a5ea3b5a93c9219a60981a0dd5d2f3a8acca677a494640645 status: experimental description: Detects traffic or activity related to https://techhkonnectt.top/Bin/ScreenConnect.ClientSetup.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://techhkonnectt.top/Bin/ScreenConnect.ClientSetup.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ahnbbd.com/MsTeamsUpdate.msi id: auto-d64fc476ab412b0e4079c7c29ee7fd3bd2f5a1cb758024ff1bbfced6f1891788 status: experimental description: Detects traffic or activity related to https://ahnbbd.com/MsTeamsUpdate.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ahnbbd.com/MsTeamsUpdate.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://web04zoom.im.web04zoom.us/file/ZoomWorkspace.ClientSetup.msi id: auto-92bed2392fc1499ff1834124ef45672669441dd2e00eae9f262d19415a6abd5a status: experimental description: Detects traffic or activity related to https://web04zoom.im.web04zoom.us/file/ZoomWorkspace.ClientSetup.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://web04zoom.im.web04zoom.us/file/ZoomWorkspace.ClientSetup.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frvrefrigeracao.com.br/Adobeclientsetup2026.msi id: auto-d5bafe3a4eee89de24ac718fc5c30f8fe9ee22e8ffb742caa756d0c64e27f18b status: experimental description: Detects traffic or activity related to https://frvrefrigeracao.com.br/Adobeclientsetup2026.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frvrefrigeracao.com.br/Adobeclientsetup2026.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://coreylinkservices.com/meetme/Windows/download.php id: auto-57b67377106a0c35b2f906cd96e5977ee0a478a36dfb285b899750110c3ee4c3 status: experimental description: Detects traffic or activity related to https://coreylinkservices.com/meetme/Windows/download.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://coreylinkservices.com/meetme/Windows/download.php*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://play-apps.cdnreversconnect.world/17a8637e-5b03-4945-bde8-97c815d0c800 id: auto-538e2d5a4ed20b4b0a6a7399a841f0828ad2c4e772e2fb0bdba9c2e2a857accc status: experimental description: Detects traffic or activity related to https://play-apps.cdnreversconnect.world/17a8637e-5b03-4945-bde8-97c815d0c800 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://play-apps.cdnreversconnect.world/17a8637e-5b03-4945-bde8-97c815d0c800*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://play-apps.mx-maps.digital/cc19e009-7f77-4958-85e7-f76f1b1b7d25 id: auto-952633e0c7f6ddb06275178175e8b2f1e5a75c7a18d6b5768a8d13d476983eb1 status: experimental description: Detects traffic or activity related to https://play-apps.mx-maps.digital/cc19e009-7f77-4958-85e7-f76f1b1b7d25 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://play-apps.mx-maps.digital/cc19e009-7f77-4958-85e7-f76f1b1b7d25*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://play-apps.ads-analitics-cdn.digital/25108c12-378a-4133-af80-ed32d1f7514d id: auto-3f54feb69203e15f51c3845f818b8813a7d65f30c36979208b8fd819369eb15d status: experimental description: Detects traffic or activity related to https://play-apps.ads-analitics-cdn.digital/25108c12-378a-4133-af80-ed32d1f7514d which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://play-apps.ads-analitics-cdn.digital/25108c12-378a-4133-af80-ed32d1f7514d*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cold-na-phx-10.gofile.io/download/direct/37aeab19-2473-4ede-8588-4f4edd159bb6/ZoomWorkspace.vbs id: auto-601df9b8b671e631ba38b1c9ef7a715b55c831a75d479b32380cb03345c80483 status: experimental description: Detects traffic or activity related to https://cold-na-phx-10.gofile.io/download/direct/37aeab19-2473-4ede-8588-4f4edd159bb6/ZoomWorkspace.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cold-na-phx-10.gofile.io/download/direct/37aeab19-2473-4ede-8588-4f4edd159bb6/ZoomWorkspace.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/bins.sh id: auto-27917cf69c5eee24d78f3c76e424fd49de25ead7d9675d6a481fb38433d025d6 status: experimental description: Detects traffic or activity related to http://176.65.132.121/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/bins.sh*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.18.90:46968/bin.sh id: auto-313d393a20abdbda79eeeecb1f86cf41d438a93df2dd701ae6c8bebd8b63367c status: experimental description: Detects traffic or activity related to http://220.201.18.90:46968/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.18.90:46968/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/grid-enabled_7888.43.58.91_INSTALL.exe id: auto-5eef74ffef95556b8b82d1df3116fb9dc39e773faec981df7e84c9ca9a3c860b status: experimental description: Detects traffic or activity related to http://62.60.226.159/grid-enabled_7888.43.58.91_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/grid-enabled_7888.43.58.91_INSTALL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/Polarised_97.74.8_INSTALL.exe id: auto-02a82624dc16ec1145b7132550cbe18089731897823485aef5299c07dd0c74cd status: experimental description: Detects traffic or activity related to http://62.60.226.159/Polarised_97.74.8_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/Polarised_97.74.8_INSTALL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.121.251:54526/i id: auto-4ae7fc9a5c91d1a2b1737f8a9e9244a310daf5161b4d8da6f1e83855243fbf44 status: experimental description: Detects traffic or activity related to http://175.173.121.251:54526/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.121.251:54526/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.67.138.196/bins/mynode.m68k id: auto-f84093426561641cbc5f7f9d3ffc828378c5851e855bdd1ae9269b0b55078b59 status: experimental description: Detects traffic or activity related to http://45.67.138.196/bins/mynode.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.67.138.196/bins/mynode.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.67.138.196/bins/mynode.x86_64 id: auto-df24f291d972e97ecef3bb76bedfccc2e4cffb7c7469bb55d46af6cb3cd67ca0 status: experimental description: Detects traffic or activity related to http://45.67.138.196/bins/mynode.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.67.138.196/bins/mynode.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://thebrandmantra.in/SA/saa.php id: auto-051b47dd22a48059cd90c1226f851d8aafea7b3d9ad227e01a2b65025dcbc443 status: experimental description: Detects traffic or activity related to https://thebrandmantra.in/SA/saa.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://thebrandmantra.in/SA/saa.php*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.longfeng188.com/static/upload/other/20220313/1647160611412907.apk id: auto-0a4e9158a4a785bccb96a880300fa45cc88be6e5eb005ebdad604e80bd040abf status: experimental description: Detects traffic or activity related to http://www.longfeng188.com/static/upload/other/20220313/1647160611412907.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.longfeng188.com/static/upload/other/20220313/1647160611412907.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://n.vs108.com/down/laizi_wzzdh.apk id: auto-2b28042a15ec32a5e1a12141d52d4f7b097ae121f283b08a9655253bdc41fbe8 status: experimental description: Detects traffic or activity related to http://n.vs108.com/down/laizi_wzzdh.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://n.vs108.com/down/laizi_wzzdh.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jlwz.cn/bbs/upload/1000/2017/03/16/202395_1101210.apk id: auto-8c4ba91a22edcc8b7a440c5ef36d07dc8476301b2123d6c0e80e0d005f8963a0 status: experimental description: Detects traffic or activity related to https://jlwz.cn/bbs/upload/1000/2017/03/16/202395_1101210.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jlwz.cn/bbs/upload/1000/2017/03/16/202395_1101210.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://genii-purple.s3.us-east-1.amazonaws.com/payload-hta-enc.zip id: auto-1062a76f624e5f2c2299100a41a28c6221c25a4c4e14f03fb936bb2e61d5e85a status: experimental description: Detects traffic or activity related to https://genii-purple.s3.us-east-1.amazonaws.com/payload-hta-enc.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://genii-purple.s3.us-east-1.amazonaws.com/payload-hta-enc.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://agent188portal.live/aplikasi/Agent188.apk id: auto-ded768528abe59dfbde5c948fb9259bd2a4ef3948a8050878b3e0b56adafdea2 status: experimental description: Detects traffic or activity related to https://agent188portal.live/aplikasi/Agent188.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://agent188portal.live/aplikasi/Agent188.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tykitoks-uzb.sbs/TikTok18.apk id: auto-639abcb53fa329e09eb3efb6e82b955b823445718269e3939868a615b47f3627 status: experimental description: Detects traffic or activity related to https://tykitoks-uzb.sbs/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tykitoks-uzb.sbs/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://inomailerhe.net/WORDPRESS%202026.zip id: auto-28aa5c343e64c55feeb13b7ab7d600a9b3522caca1921a960bf483da0b9d308e status: experimental description: Detects traffic or activity related to https://inomailerhe.net/WORDPRESS%202026.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://inomailerhe.net/WORDPRESS%202026.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.r57shell.net/shells/c99.rar id: auto-7832206b6a17b4332cab1f7e4aef009587781030bb6dec2431e13dc955c08a1d status: experimental description: Detects traffic or activity related to https://www.r57shell.net/shells/c99.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.r57shell.net/shells/c99.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://agentportal188.work/aplikasi/Agent188.apk id: auto-a4f56b52442d94bcd02f3ae04a3dd2ea4fa70f8a576f037d667301fa5987530f status: experimental description: Detects traffic or activity related to https://agentportal188.work/aplikasi/Agent188.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://agentportal188.work/aplikasi/Agent188.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.38.42.187/systemctl/bin.armv6l id: auto-0d09ab5d5bf97851daf857cfc66eed98dfeddfba2c96c77ec83fad734db7675c status: experimental description: Detects traffic or activity related to http://45.38.42.187/systemctl/bin.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.38.42.187/systemctl/bin.armv6l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://agent188menyala.shop/aplikasi/Agent188.apk id: auto-9c77a96934a315445006558e1bb2cc30db6a0e56b3053c0be3c795eb76a06665 status: experimental description: Detects traffic or activity related to https://agent188menyala.shop/aplikasi/Agent188.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://agent188menyala.shop/aplikasi/Agent188.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://51la.zvo2.xyz/a2.txt id: auto-c4c3f58b9aa815374807c96f9732d4c1b3ae7f72f55a30eb3c0ef1f05e42f6db status: experimental description: Detects traffic or activity related to https://51la.zvo2.xyz/a2.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://51la.zvo2.xyz/a2.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.234.128.173:59280/.i id: auto-2f28a17f917554ee357123ff3f3c1638879a2c3948fc62f91ecbfc94aaa4c0ce status: experimental description: Detects traffic or activity related to http://124.234.128.173:59280/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.234.128.173:59280/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:41417/bin.sh id: auto-36b9fd5cd15a8cc60d68a323f1411c7b0ebd6d01ef95e6231149f8391b9d5ab0 status: experimental description: Detects traffic or activity related to http://110.37.59.132:41417/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:41417/bin.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.68.148.99:41579/document.URL id: auto-2fef460cff205688ee069737d83cac258a923d89986769af6299694c7f7de262 status: experimental description: Detects traffic or activity related to http://39.68.148.99:41579/document.URL which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.68.148.99:41579/document.URL*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.121.251:54526/bin.sh id: auto-fa90e71bd3522a97631c8ac457dc0790106fcb013441158627ec461a874b0775 status: experimental description: Detects traffic or activity related to http://175.173.121.251:54526/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.121.251:54526/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.237.216/boatnet.x86 id: auto-23dacb158a60d5f175956ec3b691fa1d43f63b1d00794fa07ad6eb33bc41ad78 status: experimental description: Detects traffic or activity related to http://216.126.237.216/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.237.216/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.69.51:53384/i id: auto-013898a586fc27ae94fbd23d6a513d9e4283bd3a1a594d4393cb05ead44669ad status: experimental description: Detects traffic or activity related to http://182.121.69.51:53384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.69.51:53384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.69.51:53384/bin.sh id: auto-1ea0fb036c3fe15b4c609c805ee521e4afe9f711b799178f284e4f4268f0e753 status: experimental description: Detects traffic or activity related to http://182.121.69.51:53384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.69.51:53384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.65.36:46269/i id: auto-a897cbddb40896ba68681f39dc0af70814e102344b54312f2eafe24c1f733c73 status: experimental description: Detects traffic or activity related to http://117.244.65.36:46269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.65.36:46269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.23.140.93:40361/i id: auto-8459a15bb3fa95eb0c47289f8bd3b2121b3181f33787317eca9fdb4390cf699f status: experimental description: Detects traffic or activity related to http://183.23.140.93:40361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.23.140.93:40361/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.200.113:50619/i id: auto-c7f0fbe344502cc530dad4f52eac438daf2debd65b783f6c6f2319432a7fc0bb status: experimental description: Detects traffic or activity related to http://42.57.200.113:50619/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.200.113:50619/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.65.36:46269/bin.sh id: auto-6eb75b6f0bf6382f85a56f1788801b494ddbc9b1c0b60f88b158f1633187c10c status: experimental description: Detects traffic or activity related to http://117.244.65.36:46269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.65.36:46269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.200.113:50619/bin.sh id: auto-ef6bf9ec6839b93e0852f24c416c4c6df8e4ddee6a718167a746faada68cf09d status: experimental description: Detects traffic or activity related to http://42.57.200.113:50619/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.200.113:50619/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.199.92:48110/bin.sh id: auto-85a705d5468b7ab3a8f40ac064828e8843fa64c489f170f0e1dead16e136fff2 status: experimental description: Detects traffic or activity related to http://222.142.199.92:48110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.199.92:48110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.65.67:41771/i id: auto-f8d7bbf46e513d8986e38142e84a8b114c0f3a670a646931f44c363aa9313d12 status: experimental description: Detects traffic or activity related to http://125.45.65.67:41771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.65.67:41771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/ssh.sh id: auto-95597080f2a4d55b6c24a24cebddebe3f83fe9e7a92d1d18c71ca6ddcff6fd79 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/ssh.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/ssh.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.65.67:41771/bin.sh id: auto-4712cd52bcc53c6facfad22f6471eab5db455c3e2d7aa8dafebb6b0935b417fe status: experimental description: Detects traffic or activity related to http://125.45.65.67:41771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.65.67:41771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.152.178:34737/i id: auto-0b798a6bb4aea30c2555ae40196f1f09dc2529b054e829f4dc1d9819e38a26c3 status: experimental description: Detects traffic or activity related to http://119.114.152.178:34737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.152.178:34737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.66.181:42049/i id: auto-a0ff9554b2b1774af91e5460398d974fc9bc58874c7573da8500acb7dabe2d32 status: experimental description: Detects traffic or activity related to http://59.182.66.181:42049/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.66.181:42049/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.75.65.240:26181/.i id: auto-314ba0639ea06ad7e14e6650652db3f803b7cd4ac70b17c2285e222b817e987e status: experimental description: Detects traffic or activity related to http://151.75.65.240:26181/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.75.65.240:26181/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.43.96:42889/i id: auto-963842058be6ec2575a108a87eb8c50680231cede3ea470a888fc2eb85ac3f9e status: experimental description: Detects traffic or activity related to http://61.52.43.96:42889/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.43.96:42889/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.121.37:47397/i id: auto-273504af7eb0ec112c7cc8f4f45fc835afe7e7f78de652434cb1bf15f9e577b7 status: experimental description: Detects traffic or activity related to http://182.119.121.37:47397/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.121.37:47397/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.66.181:42049/bin.sh id: auto-4ff725895cfb001fbaf48a6571e292707c13ce13f1cb1f17850d6201d25cc887 status: experimental description: Detects traffic or activity related to http://59.182.66.181:42049/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.66.181:42049/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.88.61:38060/i id: auto-e2200ef94d92ac2c977c115545e03067e883ea96ba531914fbaacaab1cfb299a status: experimental description: Detects traffic or activity related to http://125.43.88.61:38060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.88.61:38060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.209.129:57812/i id: auto-b00ec3a857a734d196dfeba7009cf83b941077198663be463e8eb81236ada502 status: experimental description: Detects traffic or activity related to http://222.137.209.129:57812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.209.129:57812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.208.138:45608/i id: auto-bfb999689e19a50d873d2b35d7ffc282be3aa83a9c50ee4d3928898f3872dcb0 status: experimental description: Detects traffic or activity related to http://27.215.208.138:45608/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.208.138:45608/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.207.227:53441/i id: auto-0b81dc82de0a3d0e36c65a1ccf9dcaa4387eb8edb208b3da0d7036c68fc7d622 status: experimental description: Detects traffic or activity related to http://175.168.207.227:53441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.207.227:53441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.236.70.50:45012/i id: auto-be24cf630bc0d24853da7e8f43f6a33c65765f36a8b2ca0e25f93eada8bea1a0 status: experimental description: Detects traffic or activity related to http://178.236.70.50:45012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.236.70.50:45012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.233.79.165:40346/i id: auto-9164e0c7ea6aa710358c31443352fd34843283ef50dd19af1947be286a737393 status: experimental description: Detects traffic or activity related to http://123.233.79.165:40346/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.233.79.165:40346/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.184.147:53952/bin.sh id: auto-8378317749e839a88b20e37c40a1e692444bd07ac27ada5bd34ccfafc8520d5c status: experimental description: Detects traffic or activity related to http://123.4.184.147:53952/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.184.147:53952/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.176.113:49801/i id: auto-6aca4e946a40f50f1cf99acf5c32e73df90bc848439cafa4855ff7f081c75be8 status: experimental description: Detects traffic or activity related to http://123.14.176.113:49801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.176.113:49801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.14.150:47369/i id: auto-5884baa1ae93ee12b75eff8f8c2c799eb5ffef2422ab0f3d4de9b214dd35e483 status: experimental description: Detects traffic or activity related to http://219.155.14.150:47369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.14.150:47369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.90.89:45707/i id: auto-bf85c6062a7582f7abe089e47c64cd972b9464eb427e1fc7fbea96896acefb0f status: experimental description: Detects traffic or activity related to http://182.126.90.89:45707/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.90.89:45707/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.43.96:42889/bin.sh id: auto-3bce3aa7e49e67faaf4c8b45245f8e0cb7a0339c81ad6bd26bbbd5131174eb37 status: experimental description: Detects traffic or activity related to http://61.52.43.96:42889/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.43.96:42889/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.121.37:47397/bin.sh id: auto-6beee273647c45e9046c2c4a991e43e07407681253f1a2720e44e143c463ae13 status: experimental description: Detects traffic or activity related to http://182.119.121.37:47397/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.121.37:47397/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/gulersevinc413-cell/sdafds/raw/refs/heads/main/inat%20TV.apk id: auto-9561a43213535ee6b710b554160e49f2503c9f0e6bb6701be79ce6e020c826fd status: experimental description: Detects traffic or activity related to https://github.com/gulersevinc413-cell/sdafds/raw/refs/heads/main/inat%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/gulersevinc413-cell/sdafds/raw/refs/heads/main/inat%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/selimsallaks2-blip/aaf/raw/refs/heads/main/foto.apk id: auto-9fe1a678b187ec9bc7c360c40ce017fb0e2509a02535af53a97a5f0c6a91e77d status: experimental description: Detects traffic or activity related to https://github.com/selimsallaks2-blip/aaf/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/selimsallaks2-blip/aaf/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/amorboxtv/amyicin/raw/refs/heads/main/inat%20TV.apk id: auto-ab90db8a54d3a7c9b074d117780bce4270bcb1fa437c06612643667aa086b5d6 status: experimental description: Detects traffic or activity related to https://github.com/amorboxtv/amyicin/raw/refs/heads/main/inat%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/amorboxtv/amyicin/raw/refs/heads/main/inat%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/olurmerve6-cloud/yyyy/raw/refs/heads/main/foto.apk id: auto-a1f15472a93295a6f013b692217f4c878a0b08ee3604e31b662f911982c49fa8 status: experimental description: Detects traffic or activity related to https://github.com/olurmerve6-cloud/yyyy/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/olurmerve6-cloud/yyyy/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.137.200:35409/i id: auto-888c3fcb3b8a5661a7c64fc8af0b541cb74d29ac1b24cd3c9b8cd54dbb73bd6a status: experimental description: Detects traffic or activity related to http://222.136.137.200:35409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.137.200:35409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.160.255:34062/i id: auto-636cac25a52545a3153a60a62b59ba3f709a19a3a384fed34b7e569c21399a9d status: experimental description: Detects traffic or activity related to http://115.48.160.255:34062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.160.255:34062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.237/rletysru.JS id: auto-b65a402d27c4e12415219ab128fa817fcdc6904cdacff72c5decafeef5da1ea1 status: experimental description: Detects traffic or activity related to http://91.92.241.237/rletysru.JS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.237/rletysru.JS*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/forg id: auto-2e4fb2d78d6e8d5500cc640b5977557833190e3a2c7ca6d9db78d951618a3fc2 status: experimental description: Detects traffic or activity related to http://195.178.136.19/forg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/forg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/improved-doodle/read id: auto-dda44a2c9589a7ccb0852adeccea18caf6824f224c0da38b2d418add8b0f40c3 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/improved-doodle/read which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/improved-doodle/read*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.251.151:58324/i id: auto-0ecb4574f68988bdb35e22563649729517f26204a6574352e47b4bcfd1acd634 status: experimental description: Detects traffic or activity related to http://119.179.251.151:58324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.251.151:58324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.220.235:15628/i id: auto-1dcdfd715550db41511eaeaf97a5a48c2707ae655d4b4d3d6d1c41bd06606de0 status: experimental description: Detects traffic or activity related to http://221.13.220.235:15628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.220.235:15628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.137.200:35409/bin.sh id: auto-9ad837f603417cb5611b89a7df22959f6d0c0a592e6e59df1df050dd457919f3 status: experimental description: Detects traffic or activity related to http://222.136.137.200:35409/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.137.200:35409/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://102.212.42.208:33872/bin.sh id: auto-c5c540d616eb0b47681742bc4fc4ead5bba55ac32eeca1088f02112b0665495e status: experimental description: Detects traffic or activity related to http://102.212.42.208:33872/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://102.212.42.208:33872/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.251.151:58324/bin.sh id: auto-a71c385374c589a05b43ee7da3e1e5f1f93b6fafc9df80e74ea3c471e1b03136 status: experimental description: Detects traffic or activity related to http://119.179.251.151:58324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.251.151:58324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.220.235:15628/bin.sh id: auto-e1801245860c795abb50c7c8f28b650af093ea46de588cefbf484366dbf411fa status: experimental description: Detects traffic or activity related to http://221.13.220.235:15628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.220.235:15628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.72.125:39210/bin.sh id: auto-d44cc9513ec95465da404c0ff05f2e05422bf3379882dbff3ed23033606f29c0 status: experimental description: Detects traffic or activity related to http://125.47.72.125:39210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.72.125:39210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.149.187.81:1287/1.exe id: auto-9b78fa3e6752ee37e5b0ac2f4a908ad0b1b3217c1018fe7cb5a515361a00c2d8 status: experimental description: Detects traffic or activity related to http://193.149.187.81:1287/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.149.187.81:1287/1.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.36.57:44008/bin.sh id: auto-ac2fbb3e96b4220311481432294568d4f0b52a205e5508ae9b00197d9d2577d2 status: experimental description: Detects traffic or activity related to http://115.63.36.57:44008/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.36.57:44008/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/tesseract/AV.lnk id: auto-15e37816850af8911b812b2da9cf51c81eca2c2ebfcc0117022702b87f00d723 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/tesseract/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/tesseract/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/fonts/AV.lnk id: auto-372990f0161be30e259527953bf25e61ce1703ee9c980d4d830b93a472d41e45 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/fonts/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/fonts/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/Photo.lnk id: auto-3decb7a0a184e5a3922460566f099c296756c95fb655d5c6539cc75a07766ab0 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/modules/AV.scr id: auto-efa0f3e9a0f61e18abe3929b10f2f64385b86fc04cf6b17368073a6a9ed77cdf status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/modules/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/modules/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/AV.scr id: auto-119a84f77c43dda23f8ca0671e0e6a937f2d71683ffe801a776a155338d729d7 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/AV.scr id: auto-a318b75b77780a313ce9d03fdde5df4390e4b40bf2234cdf495ef1f5df8b444a status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/images/AV.scr id: auto-d1756d60b795254cb807a8a3d88436bf0544af1768cd42bb1995bcaa75de2140 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/images/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/images/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/AV.lnk id: auto-7f947fb0524ee22af0cfcee163bdc8a162e3f57fdfdf18900b50acf81c9b8dff status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/modules/AV.lnk id: auto-d7351e9039a56830d7e468536308f1b6c6fbd068953b38b8e8918d4adbe16fe3 status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/modules/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/modules/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/images/AV.lnk id: auto-7ceb4a26dc01869a7228c6b01e69f2d97652f4bde0dc78df570fdd067b0a95bf status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/images/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/images/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/forge/AV.lnk id: auto-95b4c49f2b24dd22ace88884e4ca5bad7cbb0b0de255ac2acd7e2d0d51eec11d status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/forge/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/forge/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.177:81/assets/AV.lnk id: auto-1ac6b7d7b086b2d356410d669c208bdf3208b6ed140e9709cd721bab7974327d status: experimental description: Detects traffic or activity related to http://182.143.113.177:81/assets/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.177:81/assets/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/upturnedevict id: auto-0e3037b5f31f579626b041fce78fe117722d8377cc181ca1418fec623159d267 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/upturnedevict which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/upturnedevict*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/routing78-fabric43-euw3/a4-g89-dc01-eu/refs/heads/main/revivalscraggly id: auto-908bbffd7a8778de9993a8cde61d2eecb762befdf9ba3a1ec35c5b6ed4e6dd78 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/routing78-fabric43-euw3/a4-g89-dc01-eu/refs/heads/main/revivalscraggly which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/routing78-fabric43-euw3/a4-g89-dc01-eu/refs/heads/main/revivalscraggly*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/routing78-fabric43-euw3/a4-g89-dc01-eu/refs/heads/main/uncrownslicing id: auto-272a79e45449e8e02e7abcabb02b147653483758536b888fee30f14e675da928 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/routing78-fabric43-euw3/a4-g89-dc01-eu/refs/heads/main/uncrownslicing which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/routing78-fabric43-euw3/a4-g89-dc01-eu/refs/heads/main/uncrownslicing*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/unlovingconcrete456 id: auto-76b4c90984e672a4b80bacf771a9f3a112fb1312acd2dfdc95a5fc31cf7c49e5 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/unlovingconcrete456 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/unlovingconcrete456*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/ruckusbox id: auto-859cd4c9677066ce05f14c21f92ac3389da37b6ef74ac1abc95f9eba7ee79811 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/ruckusbox which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/refs/heads/main/ruckusbox*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.29.28:50093/bin.sh id: auto-a95359dbca7ca5e12471d5e62932f0ebdf872f6c6bd4202da78c9f58afd459e1 status: experimental description: Detects traffic or activity related to http://219.156.29.28:50093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.29.28:50093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.74:60256/i id: auto-c956882086c9896c3fb61afa64fc0e61eb566e0925139f972dda6b81f7ab0694 status: experimental description: Detects traffic or activity related to http://110.37.3.74:60256/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.74:60256/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.0.75:60633/bin.sh id: auto-79f095c3c064f003ceba351bc1ef3865d41a3b553837ff67590f743ca6e37bfe status: experimental description: Detects traffic or activity related to http://124.94.0.75:60633/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.0.75:60633/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.219.155:45285/i id: auto-ec410ee3ff2d1bb9b58c023fe040f0264e6c95de7c40dc0859323f5b0410ad6d status: experimental description: Detects traffic or activity related to http://110.38.219.155:45285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.219.155:45285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.74:60256/bin.sh id: auto-43b0d024a61f3b17173664228400a7b429a370b747925815b20a2bfea0ee8ff6 status: experimental description: Detects traffic or activity related to http://110.37.3.74:60256/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.74:60256/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.64.107:36092/i id: auto-ace15d36f3541183b959b82356385f85f25e7c1bfb3a8d1a8d15f9813df37264 status: experimental description: Detects traffic or activity related to http://42.226.64.107:36092/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.64.107:36092/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.219.155:45285/bin.sh id: auto-151822aa003c6e677e8d88e03fa85eae2d882036b3109446b5601ead7eb83c75 status: experimental description: Detects traffic or activity related to http://110.38.219.155:45285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.219.155:45285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.105.101:45851/i id: auto-7147e17f10ae9982aae74f3dd8e4c10ff0c6669a63c96c5ea523e99608cf5b6e status: experimental description: Detects traffic or activity related to http://60.18.105.101:45851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.105.101:45851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.64.107:36092/bin.sh id: auto-ef1b7a4b196b43e62732851132471f28f3f6ed118cee6c97d90a214d8911a078 status: experimental description: Detects traffic or activity related to http://42.226.64.107:36092/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.64.107:36092/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.35.219:41294/i id: auto-7788081c1d7a5df7de354111542b26fd55ac9942aeb5ae0fd32304ecdd7c42a3 status: experimental description: Detects traffic or activity related to http://182.114.35.219:41294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.35.219:41294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.105.101:45851/bin.sh id: auto-f554c8fb243ff3cf6b1110dfdf4657e994ad615458011de0fb658528f1330084 status: experimental description: Detects traffic or activity related to http://60.18.105.101:45851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.105.101:45851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.209.113:40822/bin.sh id: auto-cf370484edbd8b3a05e9a172a9046dd2d74e94682016612170d66f01b8fea473 status: experimental description: Detects traffic or activity related to http://125.44.209.113:40822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.209.113:40822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.44.107:35219/i id: auto-3c1ba7996e60404f51dd1e1bbd454754ee404f92b6d30959d10a35e04ba3950f status: experimental description: Detects traffic or activity related to http://42.57.44.107:35219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.44.107:35219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.224.172:37948/bin.sh id: auto-f1685156f7b043355288304cab643c41d30f8cdc70bf9f74c698e0390625fe8d status: experimental description: Detects traffic or activity related to http://125.41.224.172:37948/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.224.172:37948/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.143.166.224:45234/bin.sh id: auto-ef39c6cdb4aa2bc7a4215ad54566cbbeb735671c98f13b513a78c1c2a0f61a3c status: experimental description: Detects traffic or activity related to http://5.143.166.224:45234/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.143.166.224:45234/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.44.107:35219/bin.sh id: auto-8746c4619e177b26c35b5327230c0ad1e84c8f9cdc3872a647df354e73a698b9 status: experimental description: Detects traffic or activity related to http://42.57.44.107:35219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.44.107:35219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.136.202:55425/i id: auto-e6e7e356f17b05a434f92568a83df401f82c0e3f1fb9ddb1a700f1e9c579c030 status: experimental description: Detects traffic or activity related to http://36.88.136.202:55425/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.136.202:55425/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.204.94:40818/bin.sh id: auto-0f5e8db4047eeef10d21cec91908afe3e06f02c2eaa204c04d71d7e0e2a1cb6e status: experimental description: Detects traffic or activity related to http://123.5.204.94:40818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.204.94:40818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.136.202:55425/bin.sh id: auto-2b1081b8d0d2e6c7d83299e85dc350c2b28feff59899b250886122810d2c456e status: experimental description: Detects traffic or activity related to http://36.88.136.202:55425/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.136.202:55425/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.177:60914/i id: auto-2e8e599f84a1aaf58c0e47d7075e21c1215eba154d7e6d39d9170190f217295e status: experimental description: Detects traffic or activity related to http://117.209.30.177:60914/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.177:60914/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/xd.sh id: auto-5498739f7d920a22171a1e0d30d27d2eb7d930359549c78649bd5da4e9df4b01 status: experimental description: Detects traffic or activity related to http://91.92.241.10/xd.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/xd.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.177:60914/bin.sh id: auto-e365f4a03406921283020392ee38898fae765def28fd43d497d4318495e7ac9a status: experimental description: Detects traffic or activity related to http://117.209.30.177:60914/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.177:60914/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.186.81:45909/i id: auto-f5c23616c5b72edcb50d2082617bc1a2a8dd1c5672d073a356affa288ee8d89c status: experimental description: Detects traffic or activity related to http://222.140.186.81:45909/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.186.81:45909/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.80.88:54746/i id: auto-8bfd9d9a02fb91e79458664dfe32796568bf43d383e391b74763518b2e7d847e status: experimental description: Detects traffic or activity related to http://175.173.80.88:54746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.80.88:54746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.170.164:58680/i id: auto-22e2bc47efdad325c550ccab6427980214fa6231ee9508437fa99632369f8809 status: experimental description: Detects traffic or activity related to http://42.53.170.164:58680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.170.164:58680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.146.214:57148/i id: auto-0720d405e884f4156ce5a6aa6ccda4b4ba40baea9a882c6a03ab55cf4963f99a status: experimental description: Detects traffic or activity related to http://42.235.146.214:57148/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.146.214:57148/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.170.164:58680/bin.sh id: auto-9765dbb707925b45efa2cf1c616e200a370adbcf267e8128777231e91168d2d9 status: experimental description: Detects traffic or activity related to http://42.53.170.164:58680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.170.164:58680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.194.4:35370/bin.sh id: auto-ccdb4bfe55a0b9f0ec9e66655e7ecaf784690d851c573f19b22ee59c5d4d6909 status: experimental description: Detects traffic or activity related to http://182.124.194.4:35370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.194.4:35370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.14.71:46645/i id: auto-20f1c71955d0b749cd3d79e9897d9d21f9939aebfb7e95049ddb81f7d594544e status: experimental description: Detects traffic or activity related to http://219.157.14.71:46645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.14.71:46645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.163.119:57777/i id: auto-7e6996f5b9b2cc7b95221b358444519f23174112df24d9c2e82d03452d37be28 status: experimental description: Detects traffic or activity related to http://119.114.163.119:57777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.163.119:57777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.14.71:46645/bin.sh id: auto-d5b987c793198acc52a72368330c9b9f19d14064f21bbfa303d903ecd46024cb status: experimental description: Detects traffic or activity related to http://219.157.14.71:46645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.14.71:46645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.146.214:57148/bin.sh id: auto-55f32c2cf6c577347cf80ad5fcb866643798f420384739ce0979d616f4d9450a status: experimental description: Detects traffic or activity related to http://42.235.146.214:57148/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.146.214:57148/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.152.94:40498/i id: auto-5f019209986734e5ae5fd13983e2f319aecf56a1b3fa6301a15a03d51d402c1e status: experimental description: Detects traffic or activity related to http://123.8.152.94:40498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.152.94:40498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.145.242:38819/i id: auto-d50385f9a3511a82a90c9e2b27246b46739ad737f5fbda450142f9a06c0e5bd7 status: experimental description: Detects traffic or activity related to http://115.48.145.242:38819/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.145.242:38819/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.35.92.151:34470/i id: auto-48be1b231772debb6d55c9ee2327f0b4b80dc07388937290f381c5ad59c21bd1 status: experimental description: Detects traffic or activity related to http://59.35.92.151:34470/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.35.92.151:34470/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.184.147:53952/i id: auto-341725c25ad086dcdcd467f35caa315808f7d8bcf902ed7655038f4d4f52e876 status: experimental description: Detects traffic or activity related to http://123.4.184.147:53952/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.184.147:53952/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.6.78:56076/i id: auto-742c58584e48a1a753d1827a0e820ebeadfe3135cdc0c173c731c272243ea2ae status: experimental description: Detects traffic or activity related to http://115.55.6.78:56076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.6.78:56076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.79.168:36135/i id: auto-51d9107689f41a17572cf621dd758baa047a0e0d7d73af9981c779c338e0a1ad status: experimental description: Detects traffic or activity related to http://222.137.79.168:36135/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.79.168:36135/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.247.48:43271/bin.sh id: auto-9063558ad399889f27a64c2dc5e0e1e675aef7c3d406803634a296d22928b8e5 status: experimental description: Detects traffic or activity related to http://27.220.247.48:43271/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.247.48:43271/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.86.181:36761/i id: auto-450fd20351edae9adba3ef3191eec5943840f640eb6002c594e4ed022f99fba3 status: experimental description: Detects traffic or activity related to http://125.47.86.181:36761/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.86.181:36761/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.60.139:50946/i id: auto-c12c16133e9f0fc73e56ff0ad33e6cac2a8b24c0006084288f7f47d48b5be8be status: experimental description: Detects traffic or activity related to http://182.119.60.139:50946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.60.139:50946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.205.243:40093/i id: auto-2563d39582d9b38b560aafa87642f76a65bab322c02b709e3580549d7bc38602 status: experimental description: Detects traffic or activity related to http://175.146.205.243:40093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.205.243:40093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.56:43666/bin.sh id: auto-3dfec57be72f47f99c9d9d9d6662ebd6fb8129c9d86f4af812c71cba2c80b8cc status: experimental description: Detects traffic or activity related to http://61.53.84.56:43666/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.56:43666/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.56:43666/i id: auto-ed5a33c3891539915a593a1f2e84d98e5a6c3c6bd31db183d0036e43fabe5cd8 status: experimental description: Detects traffic or activity related to http://61.53.84.56:43666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.56:43666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.51.46:54679/bin.sh id: auto-86889177339cf2cc93ac02687255614727bc5c1fe2b737aa193175d9eb25f12d status: experimental description: Detects traffic or activity related to http://42.235.51.46:54679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.51.46:54679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.245.7:42182/i id: auto-f0187f1420205313f3e415fa792062a16af83fac2c8fc2309a4bb4222eb97822 status: experimental description: Detects traffic or activity related to http://42.59.245.7:42182/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.245.7:42182/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.113.255:53265/i id: auto-d758099bc5bfdf99573d307ffefc87a990b069ea98083929edadd32b7a6589a4 status: experimental description: Detects traffic or activity related to http://222.139.113.255:53265/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.113.255:53265/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.176.236:36057/i id: auto-29a7add5d4bdbc53572e4dc812a4cd29946b4012b0b452fe166b0af7c6261739 status: experimental description: Detects traffic or activity related to http://112.249.176.236:36057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.176.236:36057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.46.107:40393/i id: auto-10243fed4f74c01195fbf5d395bb3ef7c1b89786e21ca1e32ecd55cafa78cad4 status: experimental description: Detects traffic or activity related to http://42.230.46.107:40393/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.46.107:40393/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.44.162:54855/i id: auto-69360cbf7ff4f4c6b163b52b33dcea1fbad03e26f7351ddbc2173fac12aba553 status: experimental description: Detects traffic or activity related to http://182.121.44.162:54855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.44.162:54855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.44.162:54855/bin.sh id: auto-b7b60eb0f5f3fed924873de831128cbe63da916f48a16913bfdfc9d33d54b848 status: experimental description: Detects traffic or activity related to http://182.121.44.162:54855/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.44.162:54855/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.133.180:56011/i id: auto-1c9cd888a30fd89914b7da60fe2a1a772d2574f7aafa251b170aaf6a0c6940f6 status: experimental description: Detects traffic or activity related to http://196.190.133.180:56011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.133.180:56011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.152.94:40498/bin.sh id: auto-a7ee2ba2a543b2e0c2c38524668318152a7c07d5e0dec0624297ff2d57a96a99 status: experimental description: Detects traffic or activity related to http://123.8.152.94:40498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.152.94:40498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.163.119:57777/bin.sh id: auto-944a993f0e655ee08729c2a780023f40eec0ab4af922ee50f6f3b47b5acd41b7 status: experimental description: Detects traffic or activity related to http://119.114.163.119:57777/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.163.119:57777/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.103.105:51705/i id: auto-b3736c86ea963eb9f9c6a015b9dd23111b3a8028a96e677e452c6c86d8df85e6 status: experimental description: Detects traffic or activity related to http://61.53.103.105:51705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.103.105:51705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.245.139:45034/i id: auto-d08efef634fae7b26702dcb01d3e3a32aaf2bc86b4756dce43b6597b4a1d8cec status: experimental description: Detects traffic or activity related to http://115.55.245.139:45034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.245.139:45034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.182.95:49722/i id: auto-a0c7364e2f2f8907fab2b52356b81920ac63e7eba7334f321d603fc1e40ffbab status: experimental description: Detects traffic or activity related to http://182.121.182.95:49722/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.182.95:49722/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.159.89:34646/bin.sh id: auto-2d26e860580cfa794e10162c363e451324cb3130fcc00b3d48d79bccaece6150 status: experimental description: Detects traffic or activity related to http://61.52.159.89:34646/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.159.89:34646/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.103.105:51705/bin.sh id: auto-3fd3cd213b7a0385965a5c42610e597f9d35a2a7e5d081d110fdaac785a031c0 status: experimental description: Detects traffic or activity related to http://61.53.103.105:51705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.103.105:51705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.182.95:49722/bin.sh id: auto-07e2a766f218d429c77296b60a5ec31c691cc7d36685bcf6f782d8fa9e170181 status: experimental description: Detects traffic or activity related to http://182.121.182.95:49722/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.182.95:49722/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/barbecue id: auto-73d5318b1f9a1290b17ed18c212ebd44e9089f299f32ab8a9c6585f3520b3705 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/barbecue which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/barbecue*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.85.190.189:52499/i id: auto-c092837cf813bda97ba501391d39eaf162c3a115b2e3e5ce608c52ded0b304cc status: experimental description: Detects traffic or activity related to http://117.85.190.189:52499/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.85.190.189:52499/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.27.117:47520/i id: auto-7d93b48875a994bcfc74fc321188512beedef4d1fc3d15eff800b54c015344fb status: experimental description: Detects traffic or activity related to http://110.39.27.117:47520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.27.117:47520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.23.140.93:40361/bin.sh id: auto-9ddb29144928feec1be9a7072ddb4bc7272f1f287bdb4989aced0e3425cdf99a status: experimental description: Detects traffic or activity related to http://183.23.140.93:40361/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.23.140.93:40361/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.85.190.189:52499/bin.sh id: auto-671c90df2d1a74d7bec2383af68d029bd4906ee274a565dd990fa9e60b9032b8 status: experimental description: Detects traffic or activity related to http://117.85.190.189:52499/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.85.190.189:52499/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.4.77:57231/i id: auto-084a64496d852fb1fc7e9bd7bcd11761e7ccadb6aee51091b511cdd0f29a807a status: experimental description: Detects traffic or activity related to http://42.179.4.77:57231/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.4.77:57231/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.27.117:47520/bin.sh id: auto-0af444ad75b5d29c8e1b36f695bc66b7c9072836d195b732bc2ed4ef55b5b43f status: experimental description: Detects traffic or activity related to http://110.39.27.117:47520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.27.117:47520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.84.101.162/mipsel id: auto-d7af8774a6b1187cfa0fd3dff9c9c0e76dd6e5fe18af11ada54e03e39ca4746e status: experimental description: Detects traffic or activity related to http://208.84.101.162/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.84.101.162/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.74.48:50101/i id: auto-f4ce6e75fff28d5124f0d4b145b8cca48e01b341d10f6561f7039f28a9738431 status: experimental description: Detects traffic or activity related to http://123.14.74.48:50101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.74.48:50101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.138.214:34258/i id: auto-cdbb71ee7cc99fa0cd7ebb6cab5c8b77c4d2138c510c87627aeb548ae28e9a8a status: experimental description: Detects traffic or activity related to http://42.87.138.214:34258/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.138.214:34258/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.55.151:52998/bin.sh id: auto-f6df9fdf309320fe0108130f2c1b69cc68bebae1179ec1230e5bd305cbaf274c status: experimental description: Detects traffic or activity related to http://125.45.55.151:52998/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.55.151:52998/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.4.77:57231/bin.sh id: auto-d564da18da59bf7163b9ab85ae6bbd734aa29e964c775c252fe54f94c5fa92e9 status: experimental description: Detects traffic or activity related to http://42.179.4.77:57231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.4.77:57231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:50160/i id: auto-9a009e2f0bf6f6c762b0ea59571b37c5774b6b3bebf00f2be4f07245f7c34443 status: experimental description: Detects traffic or activity related to http://110.36.0.104:50160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:50160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.164.224:33500/bin.sh id: auto-ee75b4f490bec3a15651a789b7a867ae74456506d8c108055e32ed6678a58cea status: experimental description: Detects traffic or activity related to http://123.132.164.224:33500/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.164.224:33500/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.132.5:33091/bin.sh id: auto-a48ded13642483834c3afdd9f994825ff9e633b6d3f1cf04262b493458cfe0de status: experimental description: Detects traffic or activity related to http://175.148.132.5:33091/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.132.5:33091/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.231.156:57095/i id: auto-2bd900598186987994c6eafd4b45c5e1a2c3fcd0d25fe33a0259ca156d1d1ebf status: experimental description: Detects traffic or activity related to http://125.43.231.156:57095/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.231.156:57095/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.24.129:60158/i id: auto-74b05529660c9a641e7b1dd8823f0b4146b8ed7431467e65fddb880e25404519 status: experimental description: Detects traffic or activity related to http://59.93.24.129:60158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.24.129:60158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:50160/bin.sh id: auto-22ba9f49cb7e993e5cbcd794935ea4d6d9ddea66768e1116182542c2286ead69 status: experimental description: Detects traffic or activity related to http://110.36.0.104:50160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:50160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/similarlygrove id: auto-1be8ee091c8816e6670ea01797e907097c65eaba963d7b5f220e9abf54fe84fe status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/similarlygrove which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/sd45-h9-wter12-b1/similarlygrove*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.231.156:57095/bin.sh id: auto-093d4c2c54a47f8cca221faef1ece25b4ec56ce31da278d11ecd94f42137c9ae status: experimental description: Detects traffic or activity related to http://125.43.231.156:57095/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.231.156:57095/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.31.45:55380/i id: auto-8de039f97b8a49e88b2aeeda41e427cfb4065620a605e175a1cb10820e7707a1 status: experimental description: Detects traffic or activity related to http://182.127.31.45:55380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.31.45:55380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.42.199:46181/i id: auto-fa04992e2346accc1e74518204027f7cd1afb0962ce5f2721a8379fb4c07402c status: experimental description: Detects traffic or activity related to http://219.155.42.199:46181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.42.199:46181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.214.103:55591/i id: auto-598ba82085aa5de0f7718854ffdebacb0e9bac9d800e1cc0222ec7ae12ffb10c status: experimental description: Detects traffic or activity related to http://113.239.214.103:55591/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.214.103:55591/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.31.45:55380/bin.sh id: auto-b9cce773ced592bbb932ddcd0b465b0ce78e633fdb22a20faf72685ada9f9a91 status: experimental description: Detects traffic or activity related to http://182.127.31.45:55380/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.31.45:55380/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.59:8080/mipsel id: auto-f3f3767461e1e0d6785970e03f4ff0446c73b8e6a7e710c736c883847bc2bfcd status: experimental description: Detects traffic or activity related to http://87.121.84.59:8080/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.59:8080/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.0.7:59185/bin.sh id: auto-020db2d4303957bcec9c7ccb254d427336e05ad157365518f63b9a54840481f9 status: experimental description: Detects traffic or activity related to http://117.216.0.7:59185/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.0.7:59185/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.186.80:42844/i id: auto-8acb1e396a610accc5a8b1f18ccb5159680bb4b322d080f930de6f9f1de3bbfe status: experimental description: Detects traffic or activity related to http://42.54.186.80:42844/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.186.80:42844/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.42.199:46181/bin.sh id: auto-a7843eb880ac2d551259971c31c78525a808891a384debc6915926b50243cc6b status: experimental description: Detects traffic or activity related to http://219.155.42.199:46181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.42.199:46181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.152.38/xfit.sh id: auto-76bf9ab3d09570f336ee3bc77d2d61e739fa7bee3973e458daaaa39723ed872c status: experimental description: Detects traffic or activity related to http://89.125.152.38/xfit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.152.38/xfit.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.152.38/xfitaarch.sh id: auto-54303c73ab84cbbda9e2de58f44a785147fb29accff2cccb8e318c9c1b7e0ba2 status: experimental description: Detects traffic or activity related to http://89.125.152.38/xfitaarch.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.152.38/xfitaarch.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.172.46:50991/i id: auto-cdf11b6caa0dd93ccc8ffa2dc4c7a4c741aedee2ea2fe1eafc2affd00269d0ae status: experimental description: Detects traffic or activity related to http://182.122.172.46:50991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.172.46:50991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.152.38/xmss id: auto-94ef7cea0c89d8b96a2e5e1661048322ff3e4b84e8f016e0c3f86c6db554a6f5 status: experimental description: Detects traffic or activity related to http://89.125.152.38/xmss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.152.38/xmss*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.152.38/1.sh id: auto-9344c5aa9b70601ab40450e29f3f7e11ca993f02590b235f8ddd4277e9bb620f status: experimental description: Detects traffic or activity related to http://89.125.152.38/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.152.38/1.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.186.80:42844/bin.sh id: auto-536759556db11ff5c2d7236feb20b2d79f4b0d7c56fa69a09a1682f1c413b721 status: experimental description: Detects traffic or activity related to http://42.54.186.80:42844/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.186.80:42844/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.141.107:57296/i id: auto-965f57ff5a376b2bf64706ca2cb2e8b5463ee5939b0cc2297efc3cb5e20a03a3 status: experimental description: Detects traffic or activity related to http://117.196.141.107:57296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.141.107:57296/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.172.46:50991/bin.sh id: auto-67ec9e4c87a48fb646fa3b9d2cd3df223689028d42d2b1031723400fdfa09bfa status: experimental description: Detects traffic or activity related to http://182.122.172.46:50991/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.172.46:50991/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.247.241:40251/bin.sh id: auto-b18a22658949447b6d45408a7252c9643b1679ebe03a8767832f6e5b2f77d0f7 status: experimental description: Detects traffic or activity related to http://112.248.247.241:40251/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.247.241:40251/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.26.87:36609/i id: auto-c0eab8db275ff114d67a058d9c32281e784127d5869637251d76b4f6e88853b0 status: experimental description: Detects traffic or activity related to http://115.52.26.87:36609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.26.87:36609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.27.240:47538/bin.sh id: auto-c158b9d36b1a18b9b5b6dd83b209d487a9deb8fde4c91d1f6016646b9bc05486 status: experimental description: Detects traffic or activity related to http://115.49.27.240:47538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.27.240:47538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/studious-octo-fiesta/stillness id: auto-89035aa166e90d55a2adb9739333e7c1045e83d6c87efd782ca815543b2ce768 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/studious-octo-fiesta/stillness which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/studious-octo-fiesta/stillness*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.243.100:56937/i id: auto-c15a6f4c59206bc7b7a9084044a4ac811b21369f24a1635d8736e2c830e987d8 status: experimental description: Detects traffic or activity related to http://42.238.243.100:56937/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.243.100:56937/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.243.100:56937/bin.sh id: auto-4ba6083ecfa7e8c561dace48f29279960920929abafb437b6828a518e0c97c18 status: experimental description: Detects traffic or activity related to http://42.238.243.100:56937/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.243.100:56937/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.26.87:36609/bin.sh id: auto-f7ef6c749cfde79a00177fc4c379bbabfe1e637b9ebf337f611e52d42c832419 status: experimental description: Detects traffic or activity related to http://115.52.26.87:36609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.26.87:36609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.165.191:59970/i id: auto-fb4dc843969db3a41a22d188784165d9e1c9accf33d2d17610edb7a0ab875525 status: experimental description: Detects traffic or activity related to http://182.124.165.191:59970/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.165.191:59970/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.219.166:41378/bin.sh id: auto-0377820f870449e562f9d53857183dcf0285ff72977018fad347f65e5fd180f4 status: experimental description: Detects traffic or activity related to http://42.230.219.166:41378/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.219.166:41378/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.224.172:37948/i id: auto-fecbde65e66648ce2bd36eeeea2081e35bae7639f522419321bea85fb763dd76 status: experimental description: Detects traffic or activity related to http://125.41.224.172:37948/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.224.172:37948/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.107.51:46163/i id: auto-0b7342a203073fad0db41246881eab3ca833e96cb834df12f990a500447b47f4 status: experimental description: Detects traffic or activity related to http://221.14.107.51:46163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.107.51:46163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://meeller.com/js.php id: auto-d4bdb5d15b0038fb4855abd8f0c83688da5668b82199975681002ae57769eb01 status: experimental description: Detects traffic or activity related to https://meeller.com/js.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://meeller.com/js.php*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:34511/i id: auto-0a8c90257f3991a91ca35c25b3179f6f2df7dc37a931df83fc901cce05e34383 status: experimental description: Detects traffic or activity related to http://110.36.15.184:34511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:34511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://meeller.com/7h4s.js id: auto-0e744850934cee6cd2038772b50d691e008a57d5c33d00ba0a6765d197523d1c status: experimental description: Detects traffic or activity related to https://meeller.com/7h4s.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://meeller.com/7h4s.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cerkery.com/js.php id: auto-653a4a7bfab8e4d3c5cc831d6476efce6270f1a1fc1e995829f9e020b4c07d6f status: experimental description: Detects traffic or activity related to https://cerkery.com/js.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cerkery.com/js.php*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cerkery.com/7y7y.js id: auto-3b6077cf50c59cbcc37a4787363b6d671af535e4034cf6a5bb5be611d1df1d90 status: experimental description: Detects traffic or activity related to https://cerkery.com/7y7y.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cerkery.com/7y7y.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.241.64.23/hiddenbin/boatnet.arm id: auto-231d20dae5c5f63c58d7fa4a9ffd4b935fde3808bd7b5aec2974fcb30853a3e8 status: experimental description: Detects traffic or activity related to http://176.241.64.23/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.241.64.23/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.46.20:45259/i id: auto-09659ea91226a454c15fa345d1a88515f2a7458e20d8bfce72d90f9131ef06af status: experimental description: Detects traffic or activity related to http://123.4.46.20:45259/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.46.20:45259/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.241.64.23/hiddenbin/boatnet.ppc id: auto-a459c9bfadb25b2b9a136fad8ff44087793cc51d6ae79a2481e43fef434cad64 status: experimental description: Detects traffic or activity related to http://176.241.64.23/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.241.64.23/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.55.151:52998/i id: auto-4bbac0492383507cb640b2b4a1de54b82240d68cc34d15644079ce358523b235 status: experimental description: Detects traffic or activity related to http://125.45.55.151:52998/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.55.151:52998/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.241.64.23/hiddenbin/boatnet.arm7 id: auto-6726873717a355967fb408d2302c6ba1d8972a6897472dd1269d2fa9ab40c3cb status: experimental description: Detects traffic or activity related to http://176.241.64.23/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.241.64.23/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.46.38:56644/bin.sh id: auto-3de48411d520efadc4530a1794e9aa558f2c047fc7218dccbe49ea15427ed095 status: experimental description: Detects traffic or activity related to http://182.127.46.38:56644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.46.38:56644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.109.50:33715/i id: auto-0bb3d668905f9e2f7292a9098c748a97b7f7f7c7ba4d27df04d5906f82146933 status: experimental description: Detects traffic or activity related to http://110.37.109.50:33715/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.109.50:33715/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.219.166:41378/i id: auto-6932944708ff63eefcb9eb44ec78b10767349aaa7534325a5ea08a6c56ddf5a0 status: experimental description: Detects traffic or activity related to http://42.230.219.166:41378/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.219.166:41378/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.54.138:43244/i id: auto-971cb188f13a277acc566354be0b829d93309f8cf9f7395a6d6233ad2bae67c3 status: experimental description: Detects traffic or activity related to http://42.6.54.138:43244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.54.138:43244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.229.155:48480/i id: auto-9cabee3a47d638bad0e31fa396da4bda00b7604880ba59b932631732f1c523c9 status: experimental description: Detects traffic or activity related to http://125.41.229.155:48480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.229.155:48480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.252.159.78:43749/i id: auto-f1f078b09406d1fb0b248d845560955e4b12521ebb1f2ffab4340c4e3745e0d2 status: experimental description: Detects traffic or activity related to http://43.252.159.78:43749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.252.159.78:43749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.73.31:47744/i id: auto-63ce66630eb03120f2d441fb66f1fcbdcd98627380e4adb1da6aa9909d4d2bc9 status: experimental description: Detects traffic or activity related to http://61.53.73.31:47744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.73.31:47744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.176.113:49801/bin.sh id: auto-306810a4b1899f6bd735375059bd314fe4a12c5d59c970c71f673283c78490ee status: experimental description: Detects traffic or activity related to http://123.14.176.113:49801/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.176.113:49801/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.61.25:58311/i id: auto-584435f5cb10414229acc5bd46ed5c45158be17659833746cfef3543390b1995 status: experimental description: Detects traffic or activity related to http://113.237.61.25:58311/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.61.25:58311/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.61.25:58311/bin.sh id: auto-6f9a6328537420d468e2ceccebb871861789a23eae190343e6491773333b2979 status: experimental description: Detects traffic or activity related to http://113.237.61.25:58311/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.61.25:58311/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.192.249:55525/i id: auto-704f8bce9f909acbe6a0597694f00bf9ec778234a3f6b45b85835335a2564e3d status: experimental description: Detects traffic or activity related to http://85.12.192.249:55525/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.192.249:55525/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.219.30:43094/i id: auto-52b6f8cabef7bcd96ff05fb9b1d8410b4a15050180931da6a25da693ef263352 status: experimental description: Detects traffic or activity related to http://182.122.219.30:43094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.219.30:43094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.192.249:55525/bin.sh id: auto-445a9e9d7c3c33ac5151828c842866866721842ca620468d298b73db46ba69a6 status: experimental description: Detects traffic or activity related to http://85.12.192.249:55525/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.192.249:55525/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.141:60089/bin.sh id: auto-e2baeaec068f03d8df10cf6e18e2c3e5fc8f806ac4bb01787f039638ac5f549b status: experimental description: Detects traffic or activity related to http://117.209.93.141:60089/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.141:60089/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.26.84:43060/i id: auto-4b56550962a040b51a79c8251927a91b18739d1c134c5c4f1210c49dd0d7a485 status: experimental description: Detects traffic or activity related to http://222.137.26.84:43060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.26.84:43060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.68.239:46271/i id: auto-57d51d3990c57b58a434c2cf5135e5120ad4a8069f45abd23df4ed13e6246bd3 status: experimental description: Detects traffic or activity related to http://196.189.68.239:46271/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.68.239:46271/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.74.13:58329/i id: auto-52b283896c2b3412002a6c0bf05cea014195c5dee8e824cd9171e56080783732 status: experimental description: Detects traffic or activity related to http://175.165.74.13:58329/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.74.13:58329/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.183.23:42678/i id: auto-8731b31c7804dce9278f05acbbe1a059587efddfbfe161b900c2fecf9e91ca96 status: experimental description: Detects traffic or activity related to http://222.141.183.23:42678/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.183.23:42678/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.219.30:43094/bin.sh id: auto-94d676157ef094d926425dccde3f358b6074f8fddd1a8ab100154a4da18981a8 status: experimental description: Detects traffic or activity related to http://182.122.219.30:43094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.219.30:43094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.69.238:39682/i id: auto-d3d88352d3a9adda5f2fcd74f512493d3d8b7fc866adc764a45d63e1bed1f20f status: experimental description: Detects traffic or activity related to http://113.239.69.238:39682/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.69.238:39682/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.68.239:46271/bin.sh id: auto-550665fd29bb586d16629716b386d7183e7949e078e0c2a4c8f6da14aeb6cef7 status: experimental description: Detects traffic or activity related to http://196.189.68.239:46271/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.68.239:46271/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.26.84:43060/bin.sh id: auto-72cb11528797c5f3c4a12fb2a23cb02d143d781db8410fddc6f394b12a16e698 status: experimental description: Detects traffic or activity related to http://222.137.26.84:43060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.26.84:43060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.74.13:58329/bin.sh id: auto-15c95b43735e3b93bbee0e39a25ba5eb88e6e3e24cc880c622aed980a618bfc1 status: experimental description: Detects traffic or activity related to http://175.165.74.13:58329/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.74.13:58329/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.15.236:48052/i id: auto-80c9096234693889d747d8c2a561d5fd4b0980499792b430f9e540efa67b2802 status: experimental description: Detects traffic or activity related to http://221.15.15.236:48052/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.15.236:48052/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.183.23:42678/bin.sh id: auto-9e9c9e2543444bc88c8a890314e930bc834c577819f150321d0e6a629281bb21 status: experimental description: Detects traffic or activity related to http://222.141.183.23:42678/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.183.23:42678/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.5.168:40275/i id: auto-0daa6ab3c70297f65b62b2dab9da6cae7e251ef6d79828dd6b6842a9e868540f status: experimental description: Detects traffic or activity related to http://42.52.5.168:40275/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.5.168:40275/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.0.9:42988/i id: auto-a29fa29cc2ff24e7273a4f172c0ae387b206139a803c3c6cde346a61a3e79c9b status: experimental description: Detects traffic or activity related to http://42.55.0.9:42988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.0.9:42988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.5.168:40275/bin.sh id: auto-2f3fae43d4092cdd585f791e23e2a2d61e41a6b5d467794470335b93e568e02b status: experimental description: Detects traffic or activity related to http://42.52.5.168:40275/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.5.168:40275/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.69.238:39682/bin.sh id: auto-6814773bc3b78a314b46cd6b2b7e02fa5ac4942454a78c8155da5a6ece639064 status: experimental description: Detects traffic or activity related to http://113.239.69.238:39682/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.69.238:39682/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.15.236:48052/bin.sh id: auto-45872adc6128447b4a0f3d687382c71a15b428bf0ea2d77624f3b422d69a824e status: experimental description: Detects traffic or activity related to http://221.15.15.236:48052/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.15.236:48052/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.76.194.131:10000/02.08.2022.exe id: auto-12fbf351fd2cf8ff9b6c5a4223ca6df177f8a84354c8fd70861c0d80be3b1a5d status: experimental description: Detects traffic or activity related to http://38.76.194.131:10000/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.76.194.131:10000/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.124.236.185/02.08.2022.exe id: auto-cfed8970b00097cbd3a9c2d3fa084a54eab6c12f48c73b4ecf0bb8a3ad6f5460 status: experimental description: Detects traffic or activity related to http://20.124.236.185/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.124.236.185/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.201.180.191:4444/02.08.2022.exe id: auto-f3870671a3cbc838077c2b5a92a2753fbf720f8a612aa1ed41453431757ad01c status: experimental description: Detects traffic or activity related to http://101.201.180.191:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.201.180.191:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.105.193.156:4444/02.08.2022.exe id: auto-69c6450841391766297d6716853a5805b2c701ebcaa46c0b98d7228e263646ff status: experimental description: Detects traffic or activity related to http://39.105.193.156:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.105.193.156:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.245.143.128/02.08.2022.exe id: auto-6ad4c06e5c84e0cff84973f2071f183f9d1a3c242d048853e48747638f1b1cf1 status: experimental description: Detects traffic or activity related to http://165.245.143.128/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.245.143.128/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.220.162:3212/sshd id: auto-3f7149e78de84512772b05db6a5f2f4c2e4581647ba5925974dc000dd866f238 status: experimental description: Detects traffic or activity related to http://120.157.220.162:3212/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.220.162:3212/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.121.214:2000/sshd id: auto-d9116bddbb24e2be7f218feef65cf5e739e4c6f70d7ec6a46d3c5165d5611689 status: experimental description: Detects traffic or activity related to http://59.182.121.214:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.121.214:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.165.98.184:8729/sshd id: auto-6f1f126dc6de86fb66104aff5333494e76b61097de37fa899cddd497a089bc59 status: experimental description: Detects traffic or activity related to http://189.165.98.184:8729/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.165.98.184:8729/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.16.246:8082/sshd id: auto-cfe43ad4ac8c49fa0a9248a82320a12ab63f69a901ee7e72961d9723ef0e161c status: experimental description: Detects traffic or activity related to http://41.146.16.246:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.16.246:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.16.246:8081/sshd id: auto-04d6ba7a562d055c83a565cabf098b8d2bad731b475672af19e48502cd1a5779 status: experimental description: Detects traffic or activity related to http://41.146.16.246:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.16.246:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.16.246:8083/sshd id: auto-965ffbc86e4cbfc58678feb0a9f88313ac6ad2f672a9662a45ab424831cb8fe8 status: experimental description: Detects traffic or activity related to http://41.146.16.246:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.16.246:8083/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.121.74.229:91/sshd id: auto-ff9a8989bb6f23149b90fab68d036d8f26c8424ab90492798bebd2976213e9d2 status: experimental description: Detects traffic or activity related to http://95.121.74.229:91/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.121.74.229:91/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.135.169/sshd id: auto-ccf624f0fd0652aeb4d285b6f3dcb635bb339d50f31032e6d1ec4834602139a7 status: experimental description: Detects traffic or activity related to http://83.224.135.169/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.135.169/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.86.179.71:10092/sshd id: auto-b9ab3d9c9169a6043b48b93de53e1336e9a102e7ac8e52946e05dee14378391a status: experimental description: Detects traffic or activity related to http://85.86.179.71:10092/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.86.179.71:10092/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.138.10/sshd id: auto-a9395e9d452193a903c45a5b4c4cc5a38b27d146b6c9f939e837fda3a45c8040 status: experimental description: Detects traffic or activity related to http://83.224.138.10/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.138.10/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.22.175.166:8080/sshd id: auto-251516130c5b0686dbc2e564b4e3103b545373e6efb6d401bbd41b7a331453ed status: experimental description: Detects traffic or activity related to http://113.22.175.166:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.22.175.166:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.142.100.221:22276/i id: auto-24496e253d39e7e99924cb0bc6b25c5cb587f08adfc63cf7dfbece553c83b33e status: experimental description: Detects traffic or activity related to http://82.142.100.221:22276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.142.100.221:22276/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.88.228:8024/sh.bin id: auto-ea0dbba482285b4e81780698fe29dc5ea42f1599d707c97ffba07907b1f1ac39 status: experimental description: Detects traffic or activity related to http://38.54.88.228:8024/sh.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.88.228:8024/sh.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.221.32:47665/i id: auto-c73ed92d3c37954b880114aa031e7f5f8fd56d7e1e6dfcebb17627e949d9ce17 status: experimental description: Detects traffic or activity related to http://120.28.221.32:47665/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.221.32:47665/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.221.32:47665/bin.sh id: auto-bf9e45d586e24ea73ca0a75e856db93875f5c23cec507f9ebfca53f51b177864 status: experimental description: Detects traffic or activity related to http://120.28.221.32:47665/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.221.32:47665/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.0.9:42988/bin.sh id: auto-1442dda785327362e7431bdc88f12a463716afcd7230ca1a823eb15aef51fb43 status: experimental description: Detects traffic or activity related to http://42.55.0.9:42988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.0.9:42988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.45.91:43616/bin.sh id: auto-468a853c2147795952f122a85e7b50e19ca4a1045635884297f31c5df8087f96 status: experimental description: Detects traffic or activity related to http://115.49.45.91:43616/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.45.91:43616/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.45.91:43616/i id: auto-933ebd15ab538dd97fb6295b0dfcfcb56205d5b0e065b748cb9806481efdd2a4 status: experimental description: Detects traffic or activity related to http://115.49.45.91:43616/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.45.91:43616/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.107.59:40491/i id: auto-e3c199e78b7e45ff7dd03236082554387c83d7c7d001f97e1c44664fb5477d48 status: experimental description: Detects traffic or activity related to http://5.59.107.59:40491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.107.59:40491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.199.72:39372/bin.sh id: auto-9ef4b15857cb25b71a75ccc137f5516f2e3e444ba6dd1650d5417879f9069f18 status: experimental description: Detects traffic or activity related to http://61.52.199.72:39372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.199.72:39372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/webshell.war id: auto-dfe7066e36bee755ba7473c40c2d824b73efb06978ad391be593849bba71482e status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/webshell.war which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/webshell.war*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aliyundunupdate.xyz:8084/?h=aliyundunupdate.xyz&p=8084&t=tcp&a=l32&stage=true id: auto-5152ee0c9d5450624baf7789c4070bd85628ce0d6c794a6dd6840c5115b41687 status: experimental description: Detects traffic or activity related to http://aliyundunupdate.xyz:8084/?h=aliyundunupdate.xyz&p=8084&t=tcp&a=l32&stage=true which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aliyundunupdate.xyz:8084/?h=aliyundunupdate.xyz&p=8084&t=tcp&a=l32&stage=true*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/dbs/linux.sh id: auto-3d1cfecf22a7b8db76d4ee15b653abff5b23fdd55e48c356ee864090d6b2e34b status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/dbs/linux.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/dbs/linux.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_mipsel id: auto-496d4da5af0fe0a6e6f9b02829a7b3f00e2e986b165df778440e0532f9735ff9 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_mipsel*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_aarch64 id: auto-0eada15af1b0360b7c821e4221bffe048822b65d5bf372ab0385c22572b00305 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_aarch64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_mips64 id: auto-cfd459ed80afe5cf45b078494eb691efb019265dbd743e0e789ed6057bfbb2b7 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_mips64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_arm6 id: auto-bfc9d59645bee9ef81ef27ffc9795038fa3f66a4787d43a47a68ea69ed08d186 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_arm6*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_mips64el id: auto-610a899b8d0c258df330b1687bd958417ed5637b918551aa5eede07888dfe9c1 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_mips64el which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_mips64el*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_arm5 id: auto-d57eb90338be3732d117689903fde71c7b70d34cdf3ff46ef5619eba7ecf3575 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_arm5*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_arm7 id: auto-317cf4e07c55334b5f5a8450072de07844d60fcd899bce5002a6f4f957bc7f1d status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_arm7*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_amd64 id: auto-1b0aef4433f1eab655e62c3cbce9e0ca3f1e236a348a557363d64179202257d6 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_amd64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_386 id: auto-13720376ce6792b80b6942e19f9f223ab63f0d07d9dca697397c3412b9e1bbb3 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_386 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_386*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/linux_mips id: auto-d9861bbf669a3946043d50fcbf2bdbbe3391ff691a38a984e7ebe49fdb2d0939 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/linux_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/linux_mips*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.61.139.34:65532/xxa id: auto-8f83f6ab03d43788abed93b461809119f0dd1ec0019ba8b64ae8c3cb84b19402 status: experimental description: Detects traffic or activity related to http://202.61.139.34:65532/xxa which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.61.139.34:65532/xxa*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://aliyundunupdate.xyz:8084/?h=aliyundunupdate.xyz&p=8084&t=tcp&a=l64&stage=true id: auto-d6a9c08bcf11da829afb1e3fac337a9942c6b5a252ae64f6cd38006f44acc0b0 status: experimental description: Detects traffic or activity related to http://aliyundunupdate.xyz:8084/?h=aliyundunupdate.xyz&p=8084&t=tcp&a=l64&stage=true which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://aliyundunupdate.xyz:8084/?h=aliyundunupdate.xyz&p=8084&t=tcp&a=l64&stage=true*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.119.213:54448/i id: auto-d12ac77a4fc4944d853d80df90c6ffddb276c2982043f7d45c7c360fcda27360 status: experimental description: Detects traffic or activity related to http://222.138.119.213:54448/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.119.213:54448/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.242.158.72:59806/i id: auto-3aad446acf42c1dc620104dca5d928bde130ed45fc00b803a5842a4e81a251d8 status: experimental description: Detects traffic or activity related to http://42.242.158.72:59806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.242.158.72:59806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.97.187:50756/i id: auto-7852ea6248072b445dc1cec3ea5a4ad5e2716e84d207b977979e56c0a945111a status: experimental description: Detects traffic or activity related to http://202.107.97.187:50756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.97.187:50756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.128.162:44206/i id: auto-628d773029138cdd6a6463f22486fdb196c6971602d6cdf32fbf1c8f5526af69 status: experimental description: Detects traffic or activity related to http://115.58.128.162:44206/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.128.162:44206/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://101.127.184.185:8443/sda1/Video.scr id: auto-4d40aac5bb1dcdc550951fc0ada5758adad2acebe78a396da88da5d468b70028 status: experimental description: Detects traffic or activity related to https://101.127.184.185:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://101.127.184.185:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://101.127.184.185:8443/sda1/Photo.scr id: auto-c67f452bca50e530a00c91142b5825df60a82cf0a4845c2287a00374a643ed44 status: experimental description: Detects traffic or activity related to https://101.127.184.185:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://101.127.184.185:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://101.127.184.185:8443/sda1/AV.scr id: auto-3ab98c233f747689a437dde9cde1ce92f67c0440016d254134ed00dce21096a0 status: experimental description: Detects traffic or activity related to https://101.127.184.185:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://101.127.184.185:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://101.127.184.185:8443/sda1/AV.lnk id: auto-f740db4e6612fd8ebda29f16617dceb3ff2a477ed071db270a7d35434dc089dd status: experimental description: Detects traffic or activity related to https://101.127.184.185:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://101.127.184.185:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://101.127.184.185:8443/sda1/Video.lnk id: auto-0af187a99d2e68043e11575740fed275d82fa3bffb86baea07bc2da92c1d85e3 status: experimental description: Detects traffic or activity related to https://101.127.184.185:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://101.127.184.185:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://101.127.184.185:8443/sda1/Photo.lnk id: auto-7158775f5744779e54085da079958f455ccdcfae7b7d1747ddec5b940b1a677f status: experimental description: Detects traffic or activity related to https://101.127.184.185:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://101.127.184.185:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.164.44.117:8443/sda1/GOT/AV.scr id: auto-90ea3b4b81572619f5e1ff862c0cae4ff026385deede47025e6ddb3bd3cd7d97 status: experimental description: Detects traffic or activity related to https://94.164.44.117:8443/sda1/GOT/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.164.44.117:8443/sda1/GOT/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.164.44.117:8443/sda1/GOT/Video.scr id: auto-af3eac0bb5311648b6ccea66df5394b0aca740aafb55e4263a544bec79080648 status: experimental description: Detects traffic or activity related to https://94.164.44.117:8443/sda1/GOT/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.164.44.117:8443/sda1/GOT/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.164.44.117:8443/sda1/GOT/Photo.scr id: auto-db07bf072f28688ba293dfd8626db19ca35793f63247f121d92721a768646b97 status: experimental description: Detects traffic or activity related to https://94.164.44.117:8443/sda1/GOT/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.164.44.117:8443/sda1/GOT/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.164.44.117:8443/sda1/GOT/AV.lnk id: auto-cad214bc37eca8db473469b0a4c5557f6dc1dc3e9600048f62f3efcdc6dd6e2b status: experimental description: Detects traffic or activity related to https://94.164.44.117:8443/sda1/GOT/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.164.44.117:8443/sda1/GOT/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.164.44.117:8443/sda1/GOT/Video.lnk id: auto-96ad4b8a97b9c30b9add105e621b5ce5eb592dd907367fc79a182a9073117fd4 status: experimental description: Detects traffic or activity related to https://94.164.44.117:8443/sda1/GOT/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.164.44.117:8443/sda1/GOT/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.164.44.117:8443/sda1/GOT/Photo.lnk id: auto-db33d0b7b836950962ad62e80325c6fa3155f26c706b173dd8ca48a84607b425 status: experimental description: Detects traffic or activity related to https://94.164.44.117:8443/sda1/GOT/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.164.44.117:8443/sda1/GOT/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.107.59:40491/bin.sh id: auto-4038a3099151733512d01f3abfdb95365cc9ba3dd6e10d607c80f3750978ee10 status: experimental description: Detects traffic or activity related to http://5.59.107.59:40491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.107.59:40491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://115.131.219.91:8443/sda5/AV.scr id: auto-bcd3e753d862f554836a500f020ff7e110f6e5709a1e20bb52b9f05c19a275ac status: experimental description: Detects traffic or activity related to https://115.131.219.91:8443/sda5/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://115.131.219.91:8443/sda5/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://115.131.219.91:8443/sda5/Photo.scr id: auto-9736e29a79a3c9dad8ab6fc4f6a7f97de4d031f1223dacc738b55e322846e050 status: experimental description: Detects traffic or activity related to https://115.131.219.91:8443/sda5/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://115.131.219.91:8443/sda5/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://115.131.219.91:8443/sda5/Video.scr id: auto-e11f458070129f797ead76e35f2da2c409d5f5868a70b2dab12f6745ad2270a1 status: experimental description: Detects traffic or activity related to https://115.131.219.91:8443/sda5/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://115.131.219.91:8443/sda5/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://115.131.219.91:8443/sda5/Video.lnk id: auto-852ce1afd381646521179e6574c1ac6288efa1635b9374ae64aacef180bdba43 status: experimental description: Detects traffic or activity related to https://115.131.219.91:8443/sda5/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://115.131.219.91:8443/sda5/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://115.131.219.91:8443/sda5/Photo.lnk id: auto-b875c3780bdd0fa2bb8404ed0607802f7c985e5215d25b595d409b80c1b80493 status: experimental description: Detects traffic or activity related to https://115.131.219.91:8443/sda5/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://115.131.219.91:8443/sda5/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://115.131.219.91:8443/sda5/AV.lnk id: auto-76029e0f50899dd68a8631c9b7bfa3ef218869d776adb15d625613e73cfe4a52 status: experimental description: Detects traffic or activity related to https://115.131.219.91:8443/sda5/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://115.131.219.91:8443/sda5/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.48.39:53408/i id: auto-de19ca6048c5fc4f068a76499bc747d56e1b0e90be5f628e54ebbd41b166a9f0 status: experimental description: Detects traffic or activity related to http://27.202.48.39:53408/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.48.39:53408/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.149.187.81:8888/lnk/1.exe id: auto-ca082b141098c11eeab76ef067fa39af3f9f7aa1f268dc9482c3533c8626f603 status: experimental description: Detects traffic or activity related to http://193.149.187.81:8888/lnk/1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.149.187.81:8888/lnk/1.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.149.187.81:8888/exe.exe id: auto-29db1d090d4fe867d22d6e2672afa38b6e8b33b4936727946d92acba74193a26 status: experimental description: Detects traffic or activity related to http://193.149.187.81:8888/exe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.149.187.81:8888/exe.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.149.187.81:8888/lnk/a.bat id: auto-fc8fb524ca6f83532670186094a705db6eec9939b1652f711ce61f0e910a9a38 status: experimental description: Detects traffic or activity related to http://193.149.187.81:8888/lnk/a.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.149.187.81:8888/lnk/a.bat*' condition: selection level: high tags: - attack.t1587.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.148.75:49525/i id: auto-a6efa9cb00350834f3d7df3c4028104f32ec51550e34e9c40995a9a99f0422a4 status: experimental description: Detects traffic or activity related to http://182.117.148.75:49525/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.148.75:49525/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.128.162:44206/bin.sh id: auto-a10422dc801463c9f33973246bde53902b90c1d704d4ec814e248060b001cbf5 status: experimental description: Detects traffic or activity related to http://115.58.128.162:44206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.128.162:44206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.165.19.116:8443/sda1/IMG001.exe id: auto-c0ddc3c8c3e0469b7335a56afa64cc1afd17cd49dee04f87975e97723889a7c0 status: experimental description: Detects traffic or activity related to https://94.165.19.116:8443/sda1/IMG001.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.165.19.116:8443/sda1/IMG001.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.64.202:47486/i id: auto-c53e44204787842fb03bd6284cedd4ab77adba74ddf96aa151bbb6b086682cdd status: experimental description: Detects traffic or activity related to http://117.206.64.202:47486/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.64.202:47486/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.237.55:45928/i id: auto-37b68848d94825dcbf2754165626cb59a00db3aaa4f67202bf470237faa535b5 status: experimental description: Detects traffic or activity related to http://42.227.237.55:45928/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.237.55:45928/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.97.187:50756/bin.sh id: auto-811bf4346e742fc202df7a1d9501a4b3b26b5f9f213dbcaa1a2df8ea9fbd3e62 status: experimental description: Detects traffic or activity related to http://202.107.97.187:50756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.97.187:50756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.75.2/actu.exe id: auto-e9887f454772dd3cb37c067676895b8e3e5e3965ecacb98d0b5740bfc8d4c2f3 status: experimental description: Detects traffic or activity related to http://186.169.75.2/actu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.75.2/actu.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.75.2/31agosto.vbs id: auto-aafff8d1dd86c96857758a9e58bb3c78b1ae991a637f0306e4641f2ebf20c3dc status: experimental description: Detects traffic or activity related to http://186.169.75.2/31agosto.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.75.2/31agosto.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.75.2/sostener.vbs id: auto-7c853ae1757f453ff614ceee57b8928dfec5ab64ac7831c13b5adfba53eb083e status: experimental description: Detects traffic or activity related to http://186.169.75.2/sostener.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.75.2/sostener.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.75.2/andre.vbs id: auto-25a2d4c225fe169383195781aaf714862263c2dbb145ed89f3f4b8d3bb8a5009 status: experimental description: Detects traffic or activity related to http://186.169.75.2/andre.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.75.2/andre.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.64.202:47486/bin.sh id: auto-737b738b84e08601ea10574ac72b0ef43812c6c8801c551d8848d83afa082af0 status: experimental description: Detects traffic or activity related to http://117.206.64.202:47486/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.64.202:47486/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.242.33:55861/i id: auto-c531291a71eacd30e33b5e49aa63d3a6db3b1dec0086e7320c8d51b0dbf5f7d3 status: experimental description: Detects traffic or activity related to http://119.185.242.33:55861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.242.33:55861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/23.sh id: auto-e7e8e4f0207c2870ee5fa725710ebaa69401a296247db4a5b08ea96304a8d82e status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/23.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/23.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/23.sh id: auto-4023bb3e0e65ef0919b1b4f0ae8021c382637d226a3684f2c543bae9dc459c35 status: experimental description: Detects traffic or activity related to http://5.59.248.100/23.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/23.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.237.55:45928/bin.sh id: auto-7bfba95158e42061210afdcfe5cfcb5778ba23dc587b1bb4e8fc211459a1b928 status: experimental description: Detects traffic or activity related to http://42.227.237.55:45928/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.237.55:45928/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.161.215.22:8000/ZeroTier_One.msi id: auto-86816c13ad336b637aea91d3801580be265485ccd24031b31f19ff7ff01ffd55 status: experimental description: Detects traffic or activity related to http://43.161.215.22:8000/ZeroTier_One.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.161.215.22:8000/ZeroTier_One.msi*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.arm5 id: auto-9b685fdb8a05c5cc8e916f1c48d46aefa0cd00c0fef76db84d11efb8acd1546f status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/a4-g89-dc01-eu/revivalscraggly id: auto-1fbc5038888f92f7182d97557e533ee93e406246d35729eec2ca98bbc71f8f3b status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/a4-g89-dc01-eu/revivalscraggly which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/a4-g89-dc01-eu/revivalscraggly*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/a4-g89-dc01-eu/uncrownslicing id: auto-0091092cb4f9726079211d41848922620fe900cb64512d354d486c219c47bc9a status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/a4-g89-dc01-eu/uncrownslicing which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/a4-g89-dc01-eu/uncrownslicing*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.x86 id: auto-72b59caa75298e97a9915cd1ffbd55d904c2fdf187a2e956b089eeca40a43051 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.mips id: auto-c39ef84615224d8c03daf5e1cf3e1495a2647152c804097a1d52f5f3f5f72a56 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.x86_64 id: auto-5f59618b347b4f68d1e06139c680a41c553b36b801314ca6bb65c24c09c9a2a0 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.arm6 id: auto-332db853f1cc746c229f42a71d4122dca6e78381962730b823871c0d80521574 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.arm id: auto-0879b0fab081e83b3cccf06aead55d935b2af0a9a7ddf0e1ed1483f1a7235617 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.ppc id: auto-eaa56046344b7d3207a397241deaa682141a63b84667a124661b515ca76a5c83 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.sh4 id: auto-a56a1c041a075276f3bbbf6ccb5a95836403a6e604b421d67f945d44cfff8902 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.arm id: auto-0e6e685dbba17682c44dee2ee9f21759d2f89b30964a13e8e41dd38bdfe300c0 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.arm6 id: auto-a082ac5bc63704a71ae1e4b4a290de8c3ab371ba92cc0944b32cefcccf5e63d9 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.mpsl id: auto-628aa34f91e373331bbdd84f5f3d467128e525768f0ede6a4a634285db043571 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.arm7 id: auto-fa7d32afc574584c66ceff539d471f52e124705c58a5a1239acdfdcf892c3dc5 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.arm7 id: auto-fbcfaaf6255d55b0e04eb440aaca176a3d9d8ad772a80a17175116f4b8ead106 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.x86_64 id: auto-5710b03ef4700a595bc415fcc43ee374337984842f7c0383a08e3e1db2dffbe0 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.x86 id: auto-782e0e71aeb1cf3b270249279e779930aabe2fddebc00a4c845f0146440c6892 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.m68k id: auto-d03e00f2c12efb1fbed5b042c4728b428c9ecde43a0c7a020970cde5496d209e status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.arm5 id: auto-249b9a7c88a4395985628279f2271637161a1062af645c6cefdef768282d94bc status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.mips id: auto-490dc9ce2f711728d38e44f00344d3f8672b49161d977e15fb211dc88b8d6a16 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.ppc id: auto-2c0d3c31cf47e6ed25d83e575ae19a5b80168154f96065422afd6d05586f135f status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.sh4 id: auto-2df4ac76a70deeefa8bcab5500a62e44297cb7b02b299d5f5589b52fc381715d status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.248.100/djmario.mpsl id: auto-674b4a18f13920ef94dcbf9b2ab7fc92aa635b4f33844498e41e81e1748882a8 status: experimental description: Detects traffic or activity related to http://5.59.248.100/djmario.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.248.100/djmario.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dhcp-100-248-59-5.metro86.ru/djmario.m68k id: auto-fcea50976c76b3438671dd4221c9a49a040dbf28f4d0fc731dfac69ff4fe7606 status: experimental description: Detects traffic or activity related to http://dhcp-100-248-59-5.metro86.ru/djmario.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dhcp-100-248-59-5.metro86.ru/djmario.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/nigga.sh id: auto-6de0609c702fc1d106113167adaffd05e0c9ea7304f041d99be1df22af334695 status: experimental description: Detects traffic or activity related to http://130.12.180.2/nigga.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/nigga.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.148.75:49525/bin.sh id: auto-fb746ace3de12d85c30bd77d62ac891281e8b992e918a96a0ab1c32d0dafabf8 status: experimental description: Detects traffic or activity related to http://182.117.148.75:49525/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.148.75:49525/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.137.133:47421/i id: auto-f2586b8866e1ea353d769830e3181eb9ce415f6a0a0e40c7562ba189d44b2492 status: experimental description: Detects traffic or activity related to http://42.86.137.133:47421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.137.133:47421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.8.143:40893/bin.sh id: auto-c1637b1e750781283ae025d569d4bf533a4be4f8ac2d95befee1e63f513777f3 status: experimental description: Detects traffic or activity related to http://59.89.8.143:40893/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.8.143:40893/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.marketing.bebe9mayotte.com/cgi-tmp/Service.ps1 id: auto-d94e0dea15a2d8f0fb5c4ed78507a4f6500451ed2b5c2fda9ff86e8d635a226e status: experimental description: Detects traffic or activity related to http://www.marketing.bebe9mayotte.com/cgi-tmp/Service.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.marketing.bebe9mayotte.com/cgi-tmp/Service.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.marketing.bebe9mayotte.com/cgi-tmp/Host9271.exe id: auto-89bca2cc2c24fe3aba9dcd9840b11244a8531ca3aeef38959fa907e3b68a6e21 status: experimental description: Detects traffic or activity related to http://www.marketing.bebe9mayotte.com/cgi-tmp/Host9271.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.marketing.bebe9mayotte.com/cgi-tmp/Host9271.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.marketing.bebe9mayotte.com/cgi-tmp/Team-oriented_5.3.47.98_INSTALL.exe id: auto-33839873c40cfd9a6446aa50889e8b6fb40b5d57ab7178c60f2d9272a1ecac41 status: experimental description: Detects traffic or activity related to http://www.marketing.bebe9mayotte.com/cgi-tmp/Team-oriented_5.3.47.98_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.marketing.bebe9mayotte.com/cgi-tmp/Team-oriented_5.3.47.98_INSTALL.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://daili.1756520.xyz/ntp.txt?key=jxtddos id: auto-1003989b36ae20a692ceb4544bbf7a1ded5ba0bd2376cb6c858c56e8f5191eaa status: experimental description: Detects traffic or activity related to https://daili.1756520.xyz/ntp.txt?key=jxtddos which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://daili.1756520.xyz/ntp.txt?key=jxtddos*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/fixingmanagment/tweaks/raw/4767135e25ca0173d0ec84e4fef44bc34c3d9f31/Chrome.apk id: auto-25f048b492ae65431396183cbcf1d6727e7cf6c08562be6b5c112169de99d644 status: experimental description: Detects traffic or activity related to https://github.com/fixingmanagment/tweaks/raw/4767135e25ca0173d0ec84e4fef44bc34c3d9f31/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/fixingmanagment/tweaks/raw/4767135e25ca0173d0ec84e4fef44bc34c3d9f31/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.244:37242/bin.sh id: auto-9879293bb2741fa107dfeb44288daa365ec22a0599cb93a84022df4024cbfd7b status: experimental description: Detects traffic or activity related to http://117.209.16.244:37242/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.244:37242/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.x86_64 id: auto-d7bc2a39f65a0693cae09ad90a19f518942bcfa8a1ddfe6f3e0f4f1d6cb7728d status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.i468 id: auto-62eafc41336712c9d297a066c105cd2edfe4b5bd6ac461ad1d76be275f222504 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.arm4 id: auto-1e6c81595a0529170cf43930edc44fa4497e628723c9f66e8c1395dfddda680c status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.i686 id: auto-2446d9c6cbfb48a0aa61067142425b76751eecd3c4d85d7a6c0374c97b71297e status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.137.133:47421/bin.sh id: auto-15d9199afb529f0a7600799688b2f5f82bb4921df27ed1b77da643ed46756f0c status: experimental description: Detects traffic or activity related to http://42.86.137.133:47421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.137.133:47421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.38.88.162/Client.exe id: auto-e28ed7fc50c251add4c455630836675c06eccbd12b19c19450764b81655d734a status: experimental description: Detects traffic or activity related to http://212.38.88.162/Client.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.38.88.162/Client.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.2.132:34573/i id: auto-e744093ff12edf0357afececb161a2fbe8f40ede92cda1b1613c674e7d23dbe3 status: experimental description: Detects traffic or activity related to http://60.161.2.132:34573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.2.132:34573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.173.187:59543/i id: auto-e49ee9b7849b0af09bab78255e1859a5f4130418332f0b81bd76ff4549b51280 status: experimental description: Detects traffic or activity related to http://222.134.173.187:59543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.173.187:59543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.134.136:45571/i id: auto-6e7e982827cd7a54ddab6bee561b354ddcd2f0ccdd72cb6f92977fc039ef7be3 status: experimental description: Detects traffic or activity related to http://123.129.134.136:45571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.134.136:45571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.2.132:34573/bin.sh id: auto-c6a4e6e775b1f73ea9e4816ff54d5df4553055114d5fac62b29bf26cd287bfd2 status: experimental description: Detects traffic or activity related to http://60.161.2.132:34573/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.2.132:34573/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.7.149:37804/bin.sh id: auto-be518aa6aa1349178854f16d298a61a9c0e6cb0a9a8ada0dd1da8dec1f587a23 status: experimental description: Detects traffic or activity related to http://123.190.7.149:37804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.7.149:37804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.148.202:39445/bin.sh id: auto-6954d983604e2a79d3781578420425d468c2f87f99abd37dd1c9fb10dd50c4ca status: experimental description: Detects traffic or activity related to http://115.58.148.202:39445/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.148.202:39445/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.46.38.118/lanny id: auto-9a72e874114ea1fb8f003a7da7b5b16293f94999e7e7136a3e969956af44e8a7 status: experimental description: Detects traffic or activity related to http://89.46.38.118/lanny which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.46.38.118/lanny*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.26.195.93:39706/Mozi.m id: auto-952c19edc6827c9d8124ca935001b6a87effd2cd3c700c75a2f015604dd805b5 status: experimental description: Detects traffic or activity related to http://5.26.195.93:39706/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.26.195.93:39706/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.209.113:40822/i id: auto-5e7c493c4c1c96aa7f96a83b8a3cac77f63b3a86aa28350fcee2d821415b5523 status: experimental description: Detects traffic or activity related to http://125.44.209.113:40822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.209.113:40822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.169.208:36190/i id: auto-a2dfa5e7dab2e5389739d933a8b8e2e8867ecbc73dd5b53da856cdf70c913405 status: experimental description: Detects traffic or activity related to http://42.87.169.208:36190/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.169.208:36190/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://76.72.238.154:58120/bin.sh id: auto-1e311f6b290d8ae80d10558348f9958d6f97ff178d6f7a2249ca0ae213ff6266 status: experimental description: Detects traffic or activity related to http://76.72.238.154:58120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://76.72.238.154:58120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://76.72.238.154:58120/i id: auto-6e210c80545021773b802baad37f1f66f4f5416816d309eb2f838e2274acd56e status: experimental description: Detects traffic or activity related to http://76.72.238.154:58120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://76.72.238.154:58120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://211.93.86.176:51490/i id: auto-6a4b356eb8afa84fcad41370045409ed93237475929ae0f0354c57d4433f23f2 status: experimental description: Detects traffic or activity related to http://211.93.86.176:51490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://211.93.86.176:51490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.45.234:57454/i id: auto-1ca1706aebbed5805793f1551718df7a75c9f51ac76b4e31104ea627f59f31bf status: experimental description: Detects traffic or activity related to http://113.221.45.234:57454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.45.234:57454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:52301/bin.sh id: auto-e93368be7b6b8f6f523d5a360422748b3906f5fe15617a6da761f40dc9600ea8 status: experimental description: Detects traffic or activity related to http://110.37.76.189:52301/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:52301/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.236.155:41691/i id: auto-81d2fddef00ef1fe27630aac444e424606a42bfd37ffe7c2c29963f65d28b0f1 status: experimental description: Detects traffic or activity related to http://42.178.236.155:41691/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.236.155:41691/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.213.43:60276/i id: auto-77dab94b3c0ec51a4cc34debf5194c88b9ae745c7d04537297a1543cd8bff7b6 status: experimental description: Detects traffic or activity related to http://110.38.213.43:60276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.213.43:60276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.50.148.169:59797/i id: auto-08325f7ab562b734fb7df25cfeb51c2988105fc95323060726f7bc43ddd00e8f status: experimental description: Detects traffic or activity related to http://185.50.148.169:59797/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.50.148.169:59797/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.221:51450/i id: auto-c2361aaa44b77534143d3551b1f7fa0594e73c02899e9e173aa46d9c999619b4 status: experimental description: Detects traffic or activity related to http://59.96.143.221:51450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.221:51450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.88.83:35982/i id: auto-61e26b4a3f67b8c397da9dd79fa7b993bfd40539812d2a7893c978ea14cf88b9 status: experimental description: Detects traffic or activity related to http://124.131.88.83:35982/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.88.83:35982/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.110.96:39841/i id: auto-00784f97c6534bd54cba7b7d073b319bed51052852cc86d5b9e0fd6643183fcf status: experimental description: Detects traffic or activity related to http://42.87.110.96:39841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.110.96:39841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.38.84:57270/i id: auto-d60907cfd87ec53047b6a14b23129a2ec85b002dd5ef4339d9ef9d06cbcc27e5 status: experimental description: Detects traffic or activity related to http://59.88.38.84:57270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.38.84:57270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.221:51450/bin.sh id: auto-f239ba9811238e05a9d7ffb5469a32df37048698050f0099be8e0702ccd220f7 status: experimental description: Detects traffic or activity related to http://59.96.143.221:51450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.221:51450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.38.84:57270/bin.sh id: auto-a2af663b2696f473ed5a50688476f4b3e34f7e889d9fcf8fcbaa8bb5c660ad49 status: experimental description: Detects traffic or activity related to http://59.88.38.84:57270/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.38.84:57270/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.110.96:39841/bin.sh id: auto-70425056a6316b6e2ad06cf250102cbf181a6ad9e8f4715977ca3c6f21c1eb72 status: experimental description: Detects traffic or activity related to http://42.87.110.96:39841/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.110.96:39841/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.88.83:35982/bin.sh id: auto-7591520accfe70fdb5335f561ee71859939128b94d218e02de26453bd278d714 status: experimental description: Detects traffic or activity related to http://124.131.88.83:35982/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.88.83:35982/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:40447/bin.sh id: auto-7be0d260651aa52e39a0415ad81c47861557604899840b30668269b6d4f52d22 status: experimental description: Detects traffic or activity related to http://118.232.137.101:40447/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:40447/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://105.111.210.91:41173/bin.sh id: auto-95c8a073605eb4fdf4663c5485b9862fbd3fde18d2a740878e104534a7004650 status: experimental description: Detects traffic or activity related to http://105.111.210.91:41173/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://105.111.210.91:41173/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.52.54:40285/bin.sh id: auto-1ec009755b43984369df9ef214ac719f3ebf247c78e9e41d613ec17d6df7430d status: experimental description: Detects traffic or activity related to http://115.63.52.54:40285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.52.54:40285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.116.114:49322/bin.sh id: auto-b2cb83020e55e76e123e754701ee383c3c151b9aa1ba562c325d9342bfff2dcf status: experimental description: Detects traffic or activity related to http://175.149.116.114:49322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.116.114:49322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.134.136:45571/bin.sh id: auto-4d6f4bf69e1848a89a7d7eb81462b8fe3ae930adfe548834f41aef70400764a8 status: experimental description: Detects traffic or activity related to http://123.129.134.136:45571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.134.136:45571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.217.145:34556/i id: auto-3d9917281a5c6d6767c53459e9cd0e92711be1f47e25ea24ce771717c2ed91a6 status: experimental description: Detects traffic or activity related to http://113.231.217.145:34556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.217.145:34556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.106.113:49179/i id: auto-a18b41b72d5cbd233ce326b2dadf446f14979ad6afaf9aff755e57c889d84795 status: experimental description: Detects traffic or activity related to http://42.233.106.113:49179/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.106.113:49179/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.237.106.194:51455/i id: auto-4673cbaece51380f1376cecd0e7514d7970eb3ad2c857e66df2cf1ea0b952bb0 status: experimental description: Detects traffic or activity related to http://122.237.106.194:51455/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.237.106.194:51455/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.186.81:45909/bin.sh id: auto-0d1cb683874f6c909b381c9fac63a167f04902bb06c111e92b3f2cf6ac4124fc status: experimental description: Detects traffic or activity related to http://222.140.186.81:45909/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.186.81:45909/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.0:48718/bin.sh id: auto-a52d0ce6c01f0f033285986d6500eebc45720642122a970b3527cef0630d4820 status: experimental description: Detects traffic or activity related to http://110.37.1.0:48718/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.0:48718/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.226.46:52342/i id: auto-5b96911bedc697540c56a15fc711e4c0224f9f5b1f58b5ac9b35c1626c0669fa status: experimental description: Detects traffic or activity related to http://42.59.226.46:52342/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.226.46:52342/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.204.42:33637/i id: auto-97a84c598e0ed08ffaa05862b71a17a3d324a6cb51d3fb8f2639a3769e2fc364 status: experimental description: Detects traffic or activity related to http://59.98.204.42:33637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.204.42:33637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.237.106.194:51455/bin.sh id: auto-a927450d275363f9c02086dcdb8cc30076f08ea96261b8aedf023afda4818f07 status: experimental description: Detects traffic or activity related to http://122.237.106.194:51455/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.237.106.194:51455/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/ohshit.sh id: auto-0326dce408e1016a474150522bd7655fd616a509b5afe1fc1b33eaccc4daa7bd status: experimental description: Detects traffic or activity related to http://144.172.110.33/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.106.113:49179/bin.sh id: auto-340aadfca4600097037d6653627243b14ef986faa681418eb5a312b18049e88c status: experimental description: Detects traffic or activity related to http://42.233.106.113:49179/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.106.113:49179/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/mipsel id: auto-ae7c17cd1eb6d9957c695f5f4230d3a73475126598297ec5e05480367ed06b94 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/76d32be0.sh id: auto-a8c182cfa61a3ed8b152b1a474de154f3a64d45b8528a29a963a32cde11affcc status: experimental description: Detects traffic or activity related to http://130.12.180.49/76d32be0.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/76d32be0.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/jaws id: auto-f51997a9c7fb8b8c5b7a382d6f3effe1d81426f717ce58e78445f71ac9246bf0 status: experimental description: Detects traffic or activity related to http://130.12.180.49/jaws which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/jaws*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.0.75:60633/i id: auto-bf35b0c1f0b3f9d8ed9e7bbba7f2a3e4718ebc2627de8951d769a9b054d8c3ef status: experimental description: Detects traffic or activity related to http://124.94.0.75:60633/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.0.75:60633/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.226.46:52342/bin.sh id: auto-eb1484155567e24145766328c3af90447eb34106907dc75d8cf3b07f3804965d status: experimental description: Detects traffic or activity related to http://42.59.226.46:52342/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.226.46:52342/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/blossome-clock-dig/studious-octo-fiesta/neck id: auto-11af0fb5d9e3ac17401a37aba7d7fe6b19080fe4132ec8777d67c82b629ddb2f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/blossome-clock-dig/studious-octo-fiesta/neck which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/blossome-clock-dig/studious-octo-fiesta/neck*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.mips id: auto-1b4dec3545b189fdc58a9b8edbffdc7c77202441802a90e9a8dbc3db87dd0d7a status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.x86_64 id: auto-b860d760a6f2a18ce250eac224b23c48ad06d80c4bd96693c0d74351a574c7c9 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.i586 id: auto-f6fbe6b904da7bc381baa343499395cbf7d3b584abd1b99e212fe31e5bc559b1 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.i686 id: auto-37af3dcbb1e7b87816fb76a5537583340060e2df6ac4a7ec0da08f903803383b status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.arm7 id: auto-61ba032bd34b7b2360e4870734c20a59f0f58f0581cb0c37b830113a011551d9 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.arm6 id: auto-09a72a04c49ce068fee737019411a1f06cda2199da2db34383e9c439fa166c63 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.sh4 id: auto-62724f3c82483c2bc35b0ab1171d3d90569028b97ef6489da76f1948b1745330 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.arm id: auto-a28379ce481cf49bdb92e4c9ade80f82fcd78f6618285fa924e91a5bb3259872 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.251/001010102020120254563/sumrak.arm5 id: auto-bfa99f4b8816fe9c893b3a7dcf19391ef584cbbd81eeba08b39393c0dc3a6287 status: experimental description: Detects traffic or activity related to http://91.92.240.251/001010102020120254563/sumrak.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.251/001010102020120254563/sumrak.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.163.130.252:60134/i id: auto-41eb2b1ecd387280afdfa5fdd91a13b34a73c1e40f69c6bad18a32170bdcb577 status: experimental description: Detects traffic or activity related to http://61.163.130.252:60134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.163.130.252:60134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/8UsA.sh id: auto-e98c982926cc40d3dd188d27166761ad889bc5b1434de3eb40446e704564f6f4 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh id: auto-ea1547a95c831e4f6947bc90271760292e03edc47e9374f72b7f3aed44b80e7d status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.95.63:58576/i id: auto-f85ac7d96d1b736dff0ba81e1f4919edc40e67257e0ddff567cd6554ba26701e status: experimental description: Detects traffic or activity related to http://219.156.95.63:58576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.95.63:58576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.mpsl id: auto-70ef1e48d7798f80f92443c8a74eedd7fc9832a8817b7e65bbe50516d868af8f status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/8UsA.sh id: auto-e73602cf50cdf65e0cd65a1c38bc15806708bb634fac297cd7e5d86deb8fb101 status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh id: auto-1e0ea4035e978b1927cfeab8ed755087f93c4c44be86d7427fb6ac77b5c96093 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/8UsA.sh id: auto-6be54dde728b1b6978073f95dd0537d2af2eb4b1c06c40d43b72d302b1a5912c status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips id: auto-43dd489242337bc9c6aa88dcbefe5d1bdacbcc797d328f2387df125189e8ad71 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.215.200:41157/i id: auto-8fd11d16773fbd311595c2267ac46e5a4250924e24afd2a94cc13a30fbe552eb status: experimental description: Detects traffic or activity related to http://42.230.215.200:41157/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.215.200:41157/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/8UsA.sh id: auto-4f0f8d1934f39c885a17674b9d675da7360d4a83e399f29561862eb37009f4f6 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl id: auto-6777e667bfbecc384a30e7722e8381b5bca6057a2d847e18c880fac0312a6676 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/8UsA.sh id: auto-8bccc1dbfe787bc7bbc01382f0e459d012c3f1377a90a527d201959ff9bb28c7 status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh id: auto-03680f35bcc5a31dd1d2b0f510174fa3737f7109d66265876b83cd0ca191df78 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 id: auto-51bcf40951507f6fb77b92240974909147dc38ec1a9fdfa465311314e235051b status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 id: auto-3708a4b819d391d8238feb8f0080e06fd4a654c44f2dc0d4b496bf1808aa1215 status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl id: auto-cd1f357fb56a8ceba4d7dd79267efd2e759fb03d5592c3376bd7450ecf0a1768 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.sh4 id: auto-524c98cd491d73c385293ffdc68805dcff9a05881018f37e538a10f65c7afcb3 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.arm7 id: auto-2e033d15690b3bac6461ebf3595827deab9299c72b2699487ea2c9c41ec37052 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.x86 id: auto-7eaed89c2806d3fec46df4cf7bde69b605ff1732aa461fa5695522d8d2d27416 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm id: auto-9e6965396816ae9d80d36488daf96f73354864834b63092f0ede7188ec88d3d2 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm id: auto-9dac80f9b2299b5c21948308681325ac1018df168019007973e7c234a5ba384f status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.spc id: auto-27e033202fb0b8ced7116795634e6f4941097664043465b316a8c535e01daade status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm7 id: auto-7cf97c6ca4cc6343d8c08486e0087af4121ded8d85d9ca1236c695709e5c90c5 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl id: auto-48f1e0750af97a4d2231d1b2c5410fb4c190cc3af01189584cbefc0a4476d9e9 status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.mips id: auto-aa244005cdcb897f7ba269ff36b6abc56a2fbb32477942d1af65285cd068e9cf status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm6 id: auto-a5e4da080ee3604eb9beb7589abdd8a045264921b746405ae5a4c0d052adf8ee status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k id: auto-c41aed9878aa855eefd220a6c16b3064d0665645336c055c33c3a9b454d7a5e1 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.m68k id: auto-160493b7fcfdc598c7f48cdbbcbba336e12248a4bd00aafe552df24af9fd88f9 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm5 id: auto-51ba1d6f065ef8a548cff110718ad316652cfe3d1158ab4e7142e650b1485bcf status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips id: auto-942334e56bfbed62e25dc8635b4c09dd36b510a6d81d1e6912d4db7b4179888a status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm7 id: auto-628c731c8b0dd3dc9e6566c805204c23f0e5bd3deb3bbbb8afb5c68f27e1130d status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 id: auto-1e31f784e091c6660777e0635c77e6a344621a7a211bfdf7a24dea9bf290fe7d status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.mpsl id: auto-0935ecd37dbeaa783ee5513769bfab74c66daa1fb501907ea54b565fc1717e97 status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.ppc id: auto-51cc2431dbd2aa6843809b2c9ef182ffea479bf83602a2048ccd509899a065ad status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 id: auto-9e84b4b4c0ff973b0f07822f4aa1ed178bf96ea134b8d2818c85c033d2a223cc status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.m68k id: auto-a618a8bbe7247b765cfc2f3f20f6cf6716a99ca996d1249d6cdaa570ff2a283e status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 id: auto-31d65f979e6f2055b82f2172a84802e62a3c5671ddfe242ca49339b80388ef74 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc id: auto-cfa091678519b744c711d9a1511e77cd9f8cd06b7349c8d4bda5555740fd32d8 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 id: auto-8aebaee91d3dbc084a6ba337a44a33841b1e5fe409c20a034ca29fdc3b39f4c3 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.spc id: auto-933c0dadfc602dc6f6ee7de760959276ad4885c9abe507f4b4b8e240fe94a1b7 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.spc id: auto-fadc2caef243c0f49ac6a001fcdcfafd3df25cc90bc1833ae09214ea8330d33f status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.mips id: auto-0f5c43e4bb641f9879a82906665c20a47eb25a4b5f604f5110cc78e830cca9ec status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm id: auto-59f481eb019ad7bf298b6bc59bea273c749a121c760a6319a475bad67e7e38ff status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.mips id: auto-39bd556083114dfbee76e8e64a6f14e0e3958444ab8d4dd2248737f1feb67fec status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.arm6 id: auto-62e797fb35410d5fb30ab42f6cfe8c198610eab1d1163560dafd1b2e092f655e status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.mpsl id: auto-bd715eb9abb67ea45642b95d692095b2a98f7bf7df557decad78cc34ea425d8c status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.x86 id: auto-05e797fa55601b63766f3a7b72d82132bc55592e749d37065bce0240b567d065 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.arm5 id: auto-f8a8cd168dfe2061c086e22c63aed2ff36092add3bd3cd551b946b63365d2b72 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc id: auto-d970bbeb451fd4a0b92bad57f57b9562a5eb67478004343c2167c84410e7ec22 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.x86 id: auto-90fef1f84d673f4258a4eb3c7501f221de54272db26c6d07af16d7c57fb413c4 status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 id: auto-de2c9c8a61878c0bb3e44873694c7a05c3f61f0e9ad647309b261b7b8073f56e status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm6 id: auto-b9de91616494ec56779a74914f56db8cd60190bb0220f959087872f63aaa4f18 status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm id: auto-055e355405ae69a97f7ed9c2a1e156b10e9293b8a5adbc121a2c28866265f50d status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k id: auto-33b5406eeef485832fd4cb299d26edc437d2547351694397a4d6bbc4d0870194 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.arm6 id: auto-61219269028262c6f9fe2909158f015ac9409b81c0c4be59891c8f4891f38841 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips id: auto-c682c0da892d6173abfdead74710b84ffe1979a565f6fa7acf46c3dddc024693 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 id: auto-2fffddaa630c90c245c45cfaae8b78e81deb48de81bd796b3e35aefec81dd028 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.sh4 id: auto-b56bc7a336cda3851c8d37b2bdeddac6ca3aea6630e29635c8a3c5e2c817a4e5 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc id: auto-8ede688d89fed6757f61f85b7aa0a9419b3fcb323f26d2e522cf79efed88a260 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.spc id: auto-2e90a4cdf4164703006cc85d0efca42ef095329133f580d46eb49940b833fd72 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.arm id: auto-02de956e3a00cefdada5bc6c1e0f5b752957f8a5349be9de4ab7e74c633c0a4d status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.ppc id: auto-f2241e75dab4ca640603f41d3e9f36440af7812ab0dbe9697645826394fa0727 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.m68k id: auto-eadcd0af26b8f3bbea621fb9220a52146e2a626ea28685e6bac09a3cd592a835 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k id: auto-fd25d8ceee920534e3b7f1fa2a8b84b37a512e269c5964e30940073369598b6b status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.arm id: auto-db4079af53dedd4e9d9a9cfbe8a627b5c25ca17a7bcf0cd2aa91d11d2ea62ea6 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 id: auto-d46351cf26c3e21350293587c610b55eb7ab5a18be94c65e070680e98fa5c63d status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc id: auto-9649870d44d9cee24be8a2a1a575d2d2b32381d80ec47a3b1a082f9b5c91ec40 status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.m68k id: auto-a11e077b59898b8b79efe08a9581691604024d57336a7909ba0b429c3bce2d76 status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.mpsl id: auto-35b2ef2b941b4d1fcf5dafca5810231b0a204c614621d8817a8071d7314698b7 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl id: auto-d380dd46539acff6973a147b3d247815436663962ac1863a15bd9c3f99610ce0 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.arm id: auto-bfde43b0b0d35c0567a974ffd5e4bc7c9858920780d6f30ed9c6bba53edb6288 status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 id: auto-3336b9632238627f07f60fd5e35ec7a80d165b75e6838a5c5c62ab7784cc1349 status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 id: auto-0ae3457d1213ed2473dad11eeeaea52ec4d867cdfec6a7afca630a5c4fdac68a status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.sh4 id: auto-04b2766736e72f39305b684370a9d1d103cc5c56de13c8800e337a125c9f683f status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.sh4 id: auto-c851d42e2419236c32701a1019ba02427815563f7f0d92cae9af88acf8714f00 status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.mips id: auto-9767d684d50afdd1c5437c4f2b1f2045dfc6fd2a009994d0f29127af0b752207 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.arm5 id: auto-ad28b6cb61d85810fe8e71c4a2578b2eaf40d939f32eea9543dc4c186a98cec4 status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37-60-225-5.cprapid.com/bins/UnHAnaAW.ppc id: auto-3483056da2c1dbbb049ca02c6445c17a6827aadf66f830fd576df114c69890f5 status: experimental description: Detects traffic or activity related to http://37-60-225-5.cprapid.com/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37-60-225-5.cprapid.com/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.x86 id: auto-2e54aa232ebfd907db5d01ed8212a94400349ee26cb943cb14c915192071562c status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.sh4 id: auto-9acabe44cfea63590840e5ae2cbe4081d69eb1e2b8f6a909e8a4cada98fa310f status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 id: auto-c0fcd8ab4ed7fee52402adcc2d6336d3f07309390dccd9755a683391df450d08 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.mpsl id: auto-b458ba531fd1d3992c89158267528a6e5c3ce5453b363fed6ca041297eb78170 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc id: auto-d431df51d6c90b7798ad4342e7bb65e1c5fc05cee474efe571fdfd57a2fd15b8 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.spc id: auto-1b6b1f866dd94cd59a30ca69f71bae7a05fc105d728ae7d61b8a5f4b32d12b95 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc id: auto-b7316fa5ac7a75e4041f2665c79634d7b087c68fbb0708580de5cd71cb3d116e status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 id: auto-861e42e8ba828bbf4c8ed92786a9fd4dc2ca43e9be30eba17eae4aff5862a118 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm id: auto-939476f6a171ee5e51be3c41a8056495be58fc3bf912c6928766d4906ccce30b status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc id: auto-2d3678a42381a1469b1a2566fcaa266129127a2100375f50ca6a49470084ddd2 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 id: auto-2b6df3400638713902b648ced7ddf09389735352ab0ebb6e469790c38a31ff13 status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 id: auto-f4acf2d3c070ce2596f0aec21927833a06e6a927b24fe88d43852e31619207df status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips id: auto-a4c053b9d03e4c04e909af0edceef4eb2aae4d9ee3d475eb1a01fb59836adcc0 status: experimental description: Detects traffic or activity related to http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://webdisk.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 id: auto-02aa8b9eeff506525dae0e7cb78970dc602a693af4e34253f99f0e5c69e1b5be status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc id: auto-beac1067394733b14740029454f907a1e992527c4232e925252463d982a6f1bc status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 id: auto-f435d2ad4c453d1d7a8428eb64906c8ac3016e4f181d3415d44254ccc2216b78 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.x86 id: auto-ca385946e9394fbc0482fc39dfcee282f5473b372fc56bd21ee844137ff603f0 status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k id: auto-2c8f07ba905257a12bb4acb3141058d3c0b8dd9ebc99ad2dba98d06e23701696 status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.mips id: auto-e4e77f65da09f5451e95a3f2e9128e59ba0e2368cc5745b5f8e8ccf2b70615d3 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm5 id: auto-8a4b4967eaa08c05b08f32e8a8574864a9147641ba897038e685a059cf434bf8 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm id: auto-7edeab346ae98f4cc0b4fcb7ee70c85f07ca9b1ccb38b6b073e3be0b465bf2ed status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.arm7 id: auto-f1f37abf97c22e91f9caf70ace08bda09a0d99d8399e76d96fdbdf8202fad386 status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 id: auto-3ae6388a56e0f0b36528e65a3a20a64d7514ec65348bee44924a011aec9b78a0 status: experimental description: Detects traffic or activity related to http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 id: auto-0be656c444111b959740539c0bfe8b34cb2ae346d848dd321ab2d3aa8f2025f1 status: experimental description: Detects traffic or activity related to http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpanel.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 id: auto-366f40479fe671162472359ae187b0bef33945a1623961d8e94beebdb1d065dc status: experimental description: Detects traffic or activity related to http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cpcalendars.wpt-l0zf.37-60-225-5.cpanel.site/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vmi3015523.contaboserver.net/bins/UnHAnaAW.ppc id: auto-84a78601f8c6a3d9005ffce9c28d15c7dd0f0af42829cfdca7fc4cec0a64d441 status: experimental description: Detects traffic or activity related to http://vmi3015523.contaboserver.net/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vmi3015523.contaboserver.net/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server7.padyhost.com/bins/UnHAnaAW.arm7 id: auto-a7483ce4e11a83f1e9963138526893fba008e4450fd579cbba57a6c856e30bf2 status: experimental description: Detects traffic or activity related to http://server7.padyhost.com/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server7.padyhost.com/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.arm5 id: auto-4a1403ea71e97a5c5f342649021641b43150d16d12124ef31b2df79bbf94987e status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.m68k id: auto-c9b928f052a2531e8ceac54a67e45ad72196ee842ede27122b4a9b08e63e1bac status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ns2.padyhost.com/bins/UnHAnaAW.arm6 id: auto-33f3d6942917249fac12e8b894454c5cb794157303325cdf592d78b84c0e096f status: experimental description: Detects traffic or activity related to http://ns2.padyhost.com/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ns2.padyhost.com/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.server7.padyhost.com/bins/UnHAnaAW.ppc id: auto-cfd2165bb551ab2b8f310327f254b22c0b54830819e046dd16fe6546e69347b9 status: experimental description: Detects traffic or activity related to http://www.server7.padyhost.com/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.server7.padyhost.com/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.27.30:37060/i id: auto-7d97acf61219f4eb4a0dad1282029a84f516d19f54085cb42910766a7e96c309 status: experimental description: Detects traffic or activity related to http://123.8.27.30:37060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.27.30:37060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.215.200:41157/bin.sh id: auto-db0c199e779fd022ec576c3184cd8692e277ed6732a0f08eecae0583ffa99451 status: experimental description: Detects traffic or activity related to http://42.230.215.200:41157/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.215.200:41157/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.194.199:39788/i id: auto-536fd5b2c1659dd4e487f82c31e74f2e8f158eb418ee8fec30b684517cc0a661 status: experimental description: Detects traffic or activity related to http://115.57.194.199:39788/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.194.199:39788/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/x86 id: auto-6928832d70a8a68263a9fb44d552af1f8a1730d6546cf542dd5b23a0c17dc84d status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/m68k id: auto-4af4f1d9bc0dc0269d26a7f5564f36572e6e3fbf0ce15ca61a0b1632bc99c481 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/mips id: auto-6f83f05dbcfa29302f73232c5890a81650286554ec43dccf963d4c1db09ae7af status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/arm6 id: auto-bd8fd0b664fb184ee954b13ceb27f0c41128f9879fcb2988375ff95cb90761b1 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/sh4 id: auto-18cd7a0f0a0e131d591a06346ebf1418653e26bc0c17b28b2f49156eb5653373 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.mips id: auto-c12c3367a799886cc7c37cef4a50661ada43bb158c79bc2702db9700b580d301 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/spc id: auto-c4dcced75a9a95e119fb7be7ca93734148c935756a3c8bb8d2f35ac67369fe8e status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/arm5 id: auto-e85cf17ed4bfbc35889253dac916c33aa0a7a04a901835c1955e93aa4dc9df98 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/arm id: auto-89d09a843e6e5913e841cd6985bd5f6561ed143c6525fc9a63554cf1ea0acd67 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/arm7 id: auto-87666617850388d0e65b87b0a5130983f599366c88cf6542ed456a4523e988ef status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.mpsl id: auto-276473f6e7ca762a73da79bf29896c6c65099c70aea62c11f91ae398e02325cb status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.49/bins/ppc id: auto-715ed097a51aa248aa82ac6f15288eb6cb0508e0fb9e576b530adf876cc68a81 status: experimental description: Detects traffic or activity related to http://130.12.180.49/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.49/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.arm6 id: auto-7886eb3ccf6db84d7308228ad6878e8a2654cc064e0ed2ffb1d21fd7bcf1b4e6 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.sh4 id: auto-8801d512732e8787707546476807b47b7bb9e9a152c63e2cc533a237cdd83784 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.x86 id: auto-b3be4628d94fb935d7eac326d2c76a77866126158af0f30bc93404a8cd3e33ed status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.arm id: auto-cb0f580d05c2a5d71462091e76326406077d43cf438affac58e9fe9ce7658a15 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.arc id: auto-da732a2e59c0e572453868e7d5f9161fc5b61edc9d4a81ec11cc77f97c55c9a5 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.ppc id: auto-6b2cfc3d555dd9fc7de638a693e54b735a64637256d2b4847e1344ee3976d7f0 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.m68k id: auto-813ff22caf7ba5386d652b904e0047e3b85b0d5e56d4333c04fc7a39c33fbcb0 status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.arm5 id: auto-213005453d5f9b7b4434f5836a7c5081743d1160a6712f1c3dadbf09811712ef status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.110.33/hiddenbin/boatnet.arm7 id: auto-99789e8d59fdc0fbac3ab959d90f6a37adf4ab48f69740037e9080466d237b8c status: experimental description: Detects traffic or activity related to http://144.172.110.33/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.110.33/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.27.30:37060/bin.sh id: auto-60973a2411cad9993028d09947ec0ee93e4806abca991eeb4cf3f27ea8b231d0 status: experimental description: Detects traffic or activity related to http://123.8.27.30:37060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.27.30:37060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.ppc id: auto-66b78e1af02f97b19d9901106a3f6ec4a4100f2475598fd97f72478daab5189c status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.arm6 id: auto-e74e4b453f084d1804d64ca4f3d7203d1fd911d61055e7d6daafdff55d310a81 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.m68k id: auto-f7f786c675c4a5667d424dba1aa8e92198ff8eb14e118178aa3e7779a811c505 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.sh4 id: auto-f0f76ac084570696738abaa6b7050b44ac9d47fe5263b25838eadad338e0569d status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/8UsA.sh id: auto-f345924d5fa34aa691103fb652043a49f70f8d8132a14f490782803863b358c0 status: experimental description: Detects traffic or activity related to http://37.60.225.5/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.mpsl id: auto-65c6307d077957d37d1fcc98bb17ee00b5b7c7434b0a7dbb9ab82f2c2f6db679 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.spc id: auto-d0831e6e113fa21251cffdce72093de841d70487145eb05e18d5508e4ccfc259 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.mips id: auto-f0ec200fb1b77f8811e552ac160053b2666790959f31330a3cf1d5eff58da02c status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.arm7 id: auto-230de73fe1447ec81efc136e7842b01624c77eecb9745f5d8666c581a0dba793 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.x86 id: auto-07d05a84c533208c14de4cd9abe66f2ae6e910c50014e591b8238aab68021676 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.arm id: auto-e31b30afb054086665fd5fe4e333eb2c16640f90687219e0a1938b4f9135f593 status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.60.225.5/bins/UnHAnaAW.arm5 id: auto-202bdaaa22dd7c63d09a69f2c69e6bc7f9b6239a767e95cd7117d706bed6dfdc status: experimental description: Detects traffic or activity related to http://37.60.225.5/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.60.225.5/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.29.162.146:99/buding/dbghelp.dll id: auto-0fdf2c5a029ef8b5a9b66d1c18efbbb14fc5ade954e29ab108e501207ebaba56 status: experimental description: Detects traffic or activity related to http://119.29.162.146:99/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.29.162.146:99/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:49032/bin.sh id: auto-225cd29c024b18ea231e8f3f07d7239eba880ee5c3fe62ef8d0790844993a1e5 status: experimental description: Detects traffic or activity related to http://110.36.16.78:49032/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:49032/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.194.199:39788/bin.sh id: auto-09c427706cbcb84fee0615580a08b6b5719b7e18ea5c0920d82bf7d2f9fb6a56 status: experimental description: Detects traffic or activity related to http://115.57.194.199:39788/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.194.199:39788/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.sh4 id: auto-65c32af51bba9d64db415e6cd7782502f1615b8e28ccc7ae42fd2e5e95591b27 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.arm id: auto-b435a0c8d3aa45e8391ab30591622e9c75f06b27598c24025a93c95f4f158008 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.mips id: auto-1b68bb79a49485da8bde6291504e972959ba8b6fc7dbd2629b27cbf3170a54ea status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.x86 id: auto-87d3941424fd00315fbac2cf924e2cc8859441cae48256ce127886ce39e6045a status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.arm6 id: auto-8eef6aa15da82b6fbf78532b266ef34bbc161be2c6a2539477fe78c84ffdf45d status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.arm7 id: auto-17ca71a5538a5c4daa0cdd2d7bc92a726d42ebcb7b976f4a8eb35f1ff61cf690 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dialkwik.in/j1/ENCRYPTED.ps1 id: auto-38704843602a9618779e99cc9b0160da5e71af3d56d015e458661edd17dc85ad status: experimental description: Detects traffic or activity related to https://dialkwik.in/j1/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dialkwik.in/j1/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://aggrowtlh.com/OWEN.ps1 id: auto-c2da003a09059597359ee70edd89d1a91823e76500f46ccc603a1452984f87aa status: experimental description: Detects traffic or activity related to https://aggrowtlh.com/OWEN.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://aggrowtlh.com/OWEN.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sifi.co.in/assets/js/mor/bs/doc/ id: auto-9abc8a4f363b534ed047bf2684f30a91263cea6547d82cfa0a47bf7c73f3ebdb status: experimental description: Detects traffic or activity related to https://sifi.co.in/assets/js/mor/bs/doc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sifi.co.in/assets/js/mor/bs/doc/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.158:36061/i id: auto-4196d92d5a43c6367d8ea81c37f9239eaf24ee3058c7f18728e2c55913ff27c1 status: experimental description: Detects traffic or activity related to http://115.55.50.158:36061/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.158:36061/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.158:36061/bin.sh id: auto-8b9c59f0519f22b9549f5f6c09b348b9e2711f0fcc1afe849d2fbf8047767d90 status: experimental description: Detects traffic or activity related to http://115.55.50.158:36061/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.158:36061/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/h9s78k5pry id: auto-8eef0fb0085be39e6dade631973f6896ae0e7b341f27db3fcbf8c7da26da6ba3 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/h9s78k5pry which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/h9s78k5pry*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/51q638eo0i id: auto-52c22279d774228b8ebc1439e419771b0ef6e3a86d5117bdcdcb7e38f88f2ed6 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/51q638eo0i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/51q638eo0i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/kl2w669hoa id: auto-a1a1eb1a8474f51d7a358d3ffe2e07fcf0ca4b68091ce3392d5ade5667799981 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/kl2w669hoa which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/kl2w669hoa*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/c74rmo09rp id: auto-fc28651c9544bb31e17a73905cf26d57beeb03e1c1b4e41941ed17a9f92d6312 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/c74rmo09rp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/c74rmo09rp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/vw2g22to0f id: auto-308e90acf3d2edc8020851029cf0af093c1369eb83e817611eca2cffdfeaed5d status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/vw2g22to0f which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/vw2g22to0f*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/npl5h1u1kw id: auto-9f499af34cfeb7b4277cb3ad762781a6334dcd79df56b24746759c7be56632c5 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/npl5h1u1kw which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/npl5h1u1kw*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/su552aq3og id: auto-ea5223d5014fca6c50c1fe265f87468f0a1b94f5fc6c0e99166aa5518bef5f56 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/su552aq3og which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/su552aq3og*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/di7n0tmrr5 id: auto-412d1bb0609f2bc954323e72f87284b3e7cc38bc2796df57f172cd0a2c3fefde status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/di7n0tmrr5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/di7n0tmrr5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/ycqq89f5sd id: auto-6b51d80551f2178ac8a451a4ceaf42ce5cc8ec83f6db326febe37686f0c968b5 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/ycqq89f5sd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/ycqq89f5sd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/cd4wtp0w0yza/assets/js/7vjkteq40g id: auto-8eb6f5dc4a83c635948782cc6eaaf59d4ed2402f863887a9ddf72219b83ae7d6 status: experimental description: Detects traffic or activity related to http://130.12.180.71/cd4wtp0w0yza/assets/js/7vjkteq40g which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/cd4wtp0w0yza/assets/js/7vjkteq40g*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.104.189:45108/i id: auto-d261497dae9d08f2434e4c4fb5baea07ddec3360240884b74ebafac3b67835ba status: experimental description: Detects traffic or activity related to http://182.121.104.189:45108/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.104.189:45108/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.148.100:33879/i id: auto-3e3886b82ac4ad9bd6e61b754d76cc49662546f835cdbe09f99ebd4e565462e1 status: experimental description: Detects traffic or activity related to http://124.131.148.100:33879/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.148.100:33879/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.162.178.90:46518/i id: auto-46f30aaf1815d6b0e9ae9307595c0b8d22e6f7092ca6e657811add4d17344718 status: experimental description: Detects traffic or activity related to http://124.162.178.90:46518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.162.178.90:46518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.241.151:51511/i id: auto-304cc31ac219859b853be784f7d58fb07c1d98af55c184355c5965899196a8fd status: experimental description: Detects traffic or activity related to http://115.52.241.151:51511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.241.151:51511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/logicgl.sh id: auto-93e6167c5952db823ec92db2bfe914acae8144c577783156a4390328b8982ec8 status: experimental description: Detects traffic or activity related to http://91.92.241.10/logicgl.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/logicgl.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.126.177:60991/bin.sh id: auto-abe7b3b24363d4b1d93d0fcccf0edf5e460513b53aefd3e5a71e6f0c8eb9f447 status: experimental description: Detects traffic or activity related to http://222.139.126.177:60991/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.126.177:60991/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.79.220:45963/bin.sh id: auto-9b2881eac639fe763621a832e789494c46a5828eea2d370f2b9ce3c2f4a96a38 status: experimental description: Detects traffic or activity related to http://182.117.79.220:45963/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.79.220:45963/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:43857/Mozi.m id: auto-2d29077b9bc4c2784012def926fe7befbfbdd931a525ecd5fd09579ca2e121de status: experimental description: Detects traffic or activity related to http://188.38.158.163:43857/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:43857/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.79.220:45963/i id: auto-091331bda377a094dc7986b1c3b50846750e118f33a1f53293f43100d29fbd0a status: experimental description: Detects traffic or activity related to http://182.117.79.220:45963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.79.220:45963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.143.58:33794/i id: auto-8e6f3d745fa335074cdaa1dd4527e52663939d4a36eabefe42ef5eb9ace8b15e status: experimental description: Detects traffic or activity related to http://115.48.143.58:33794/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.143.58:33794/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.193.245:45495/i id: auto-36d0f828fd31d7dd85f9fcf3929ae4cb1e87a2770011eefc9bc5afcf3465cc5c status: experimental description: Detects traffic or activity related to http://221.214.193.245:45495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.193.245:45495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.143.166.224:45234/i id: auto-8d90ac32e207b890702f4e6676e1490256e944a3a8430c9af4ec6c6873e86c08 status: experimental description: Detects traffic or activity related to http://5.143.166.224:45234/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.143.166.224:45234/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.194.203.96:55838/i id: auto-8f53ec1d2a7c286034854ab37bf7cc5a6b72866cb804f2d35c2110be86a947db status: experimental description: Detects traffic or activity related to http://27.194.203.96:55838/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.194.203.96:55838/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.68.119:57629/i id: auto-304f4efdb61ab704e15a98b4907594db45516eb7238b9442449be2d60c3f0918 status: experimental description: Detects traffic or activity related to http://182.117.68.119:57629/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.68.119:57629/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.150.255:51030/i id: auto-b32b63270143f0fee8972d173459acce7bf8aaa2e120b4e6a2e679c82e1921dd status: experimental description: Detects traffic or activity related to http://117.247.150.255:51030/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.150.255:51030/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.14.34:36544/i id: auto-b93da8647525f4d34a0cfd3a4066ccb0f29f842ba7e1adccafbb1d4b157b3fe8 status: experimental description: Detects traffic or activity related to http://182.120.14.34:36544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.14.34:36544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.133.75:56366/i id: auto-252315965b064f2b6ae9aa9bae2bf470754bfe8314586306ab97a8f0408d0171 status: experimental description: Detects traffic or activity related to http://123.10.133.75:56366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.133.75:56366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.177.97:60277/i id: auto-8dc55b0b6e26e3c71d4c230f613dd7541db0cee323e3c762c146349f6dfef5fc status: experimental description: Detects traffic or activity related to http://182.127.177.97:60277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.177.97:60277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.234.25:34991/i id: auto-b514f64ff27a0166f3aa507362e89667b5bc1848254518f53817d66c1e6bb85a status: experimental description: Detects traffic or activity related to http://39.74.234.25:34991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.234.25:34991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.104.189:45108/bin.sh id: auto-5e189a35e4d1069c2b2a571cab3d0494ed91415f81ae898848451e17ccd57191 status: experimental description: Detects traffic or activity related to http://182.121.104.189:45108/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.104.189:45108/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.184.222:49033/i id: auto-b2557ed34aaae5f93924e2f512e71eb30ceba560c3be01081bd1cca65cc477db status: experimental description: Detects traffic or activity related to http://42.227.184.222:49033/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.184.222:49033/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.150.51:40692/i id: auto-ca3d846a71b257e28551694dfcc9b634f394031f98064e5fd7db528dfa519cd0 status: experimental description: Detects traffic or activity related to http://222.136.150.51:40692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.150.51:40692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.31.236:55599/i id: auto-e82c2bd52cd04a89752e8d9cdf0b0d34c462e64e61315b8a5c8437ae94bf4e5d status: experimental description: Detects traffic or activity related to http://42.224.31.236:55599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.31.236:55599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.150.51:40692/bin.sh id: auto-b79bd1a2d407bac84db4e3a8901a6c12577f946dd83feaec5f9b3754ca171358 status: experimental description: Detects traffic or activity related to http://222.136.150.51:40692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.150.51:40692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.219.71:55148/i id: auto-90ac3e867d1bb4b02211b7c6a326cce9086901aa99f2c4bcefd49b86a8e2aaa5 status: experimental description: Detects traffic or activity related to http://182.112.219.71:55148/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.219.71:55148/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zyhunkenya.co.ke/arquivo_20260114083005.txt id: auto-81de77fe88f74de2ef93a87a335276c32eca2cdf5ff68df705ee308095bc70ec status: experimental description: Detects traffic or activity related to https://zyhunkenya.co.ke/arquivo_20260114083005.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zyhunkenya.co.ke/arquivo_20260114083005.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.147.15:54223/i id: auto-c4c04f55ef152cc594eb2c6e2957affa5a5d8f2af16830e321f6b6cbcbe5b51b status: experimental description: Detects traffic or activity related to http://125.40.147.15:54223/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.147.15:54223/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.5.246:52189/bin.sh id: auto-8f899ac7e4f665308115f7cf07c60a1da7cb74b3623f21fce7dce240fa303f01 status: experimental description: Detects traffic or activity related to http://115.59.5.246:52189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.5.246:52189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.155.246:40158/i id: auto-706a8b3feb639472237b97d6d376abdf9dae13e395277815bd1ed0c8a0ab06df status: experimental description: Detects traffic or activity related to http://125.40.155.246:40158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.155.246:40158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/johnscorpio.txt id: auto-5659a2650735b47d8b0574cbc708e8215a7f59d8b1df6ee863fc2fb46540505b status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/johnscorpio.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/johnscorpio.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/ugoone/ENCRYPTED.ps1 id: auto-1b2a82ed014243b96867b4fbeacae66d17e71398c544c5d23eba81154c58c2fe status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/ugoone/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/ugoone/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/qzni6t.ps1 id: auto-4a7be26d088040c389a6af16c1dc1566e12c93d69410a24a266ab8ae0c56aa0c status: experimental description: Detects traffic or activity related to https://files.catbox.moe/qzni6t.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/qzni6t.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.189/deals/yuxworm2026will.txt id: auto-31ded0be38923bf0a2e892ce6141b5afb3779e27329125059e05795401bcd258 status: experimental description: Detects traffic or activity related to http://87.121.84.189/deals/yuxworm2026will.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.189/deals/yuxworm2026will.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/ugotwos/2hwoFfgGDgDEGHgt.js id: auto-64c44c4a31f38e9730a9480151a8f794b6dca7a47237ac656617491ffce77693 status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/ugotwos/2hwoFfgGDgDEGHgt.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/ugotwos/2hwoFfgGDgDEGHgt.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/plugmantwo/GjghfgGDgDEGHgt.js id: auto-81629ad87cb679c69a81e4ed3f5bfe35190fb2402c324a791bf4fe18b97c0112 status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/plugmantwo/GjghfgGDgDEGHgt.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/plugmantwo/GjghfgGDgDEGHgt.js*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.254:7777/91.92.243.254/sarahtwo/sarahz.js id: auto-632346ba95f91c149cde7f8d50f061a5cdc59562e0a8053fb6fda7a7f5cd9cfa status: experimental description: Detects traffic or activity related to http://91.92.243.254:7777/91.92.243.254/sarahtwo/sarahz.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.254:7777/91.92.243.254/sarahtwo/sarahz.js*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/johnny2.txt id: auto-e9993e859aec620eb02078abda5ce6f48cf520220a66a46b26f7fe59d179f5ca status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/johnny2.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/johnny2.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/manadanaxworm.txt id: auto-5abe529b6afa3ba06b1617ff00c6458de94cf8e773edf54874d3adc5babb481e status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/manadanaxworm.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/manadanaxworm.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/johnny.txt id: auto-f7b09578bfaa447e22257ed3f117993a8259dae6d36b1c6dde21fb9ca1c17529 status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/johnny.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/johnny.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/johnxworm3.1.txt id: auto-af121fd4ab5fb9e8f0dd7733d99a3a232c5d2980197dcebef89ef4736ebac3a8 status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/johnxworm3.1.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/johnxworm3.1.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/johnxworm.txt id: auto-547b58da8927436bc9704aa2d94e7b22be730eefebf0d2f7479ad70695d98793 status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/johnxworm.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/johnxworm.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/johnny3.txt id: auto-982c143029074aff9b9060ff5839b82769b683836b95b15d006ea749a32ca28a status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/johnny3.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/johnny3.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://news4me.xyz/protector/davidxworm.txt id: auto-d0cbab1fcddf3862ef568ccd3d00225040d70bd3b4e5d24eeb914e06d3734e64 status: experimental description: Detects traffic or activity related to https://news4me.xyz/protector/davidxworm.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://news4me.xyz/protector/davidxworm.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.29.147:39005/bin.sh id: auto-3b1054cdc4ab719473073c90913a63ad26e3dd0cf8d1a665e12ab52b77071a2c status: experimental description: Detects traffic or activity related to http://123.190.29.147:39005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.29.147:39005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bub100.s3.cubbit.eu/01/don-snake-vip-01upload%20(1).txt id: auto-2af1fd48bf110aa162059f90b733490a2a8cf491f1313e103dd6cdada3d53eec status: experimental description: Detects traffic or activity related to https://bub100.s3.cubbit.eu/01/don-snake-vip-01upload%20(1).txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bub100.s3.cubbit.eu/01/don-snake-vip-01upload%20(1).txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://proestimating.us/INV123243254/ENCRYPTED.ps1 id: auto-459d97cd8c1a51190a5f7c3a02e5f27194152f1c796c5800b6c6e6e36ee6a902 status: experimental description: Detects traffic or activity related to https://proestimating.us/INV123243254/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://proestimating.us/INV123243254/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2Fprueba%20signo%20dll3.txt?alt=media&token=21cce499-67ec-41ea-8334-f4d8df39aa22 id: auto-99ef7a576a6e8e3c51cd16af21737b069e62355e7ebecc4ad80e4bdd9131b392 status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2Fprueba%20signo%20dll3.txt?alt=media&token=21cce499-67ec-41ea-8334-f4d8df39aa22 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/rodriakd-8413d.appspot.com/o/dll%2Fprueba%20signo%20dll3.txt?alt=media&token=21cce499-67ec-41ea-8334-f4d8df39aa22*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.197.167:43782/i id: auto-ad7bbea938d921b68500d93cabe6fd96a227143dd66bf88433ebe7dd760d4326 status: experimental description: Detects traffic or activity related to http://42.224.197.167:43782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.197.167:43782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pastebin.com/raw/JYJ8xrzi id: auto-cc5f364135781832931413d8eef59b3fda759373ccd60dad85b40587c0df9d37 status: experimental description: Detects traffic or activity related to https://pastebin.com/raw/JYJ8xrzi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pastebin.com/raw/JYJ8xrzi*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/4090ar.ps1 id: auto-a66242196ed2f303adc42fd577ea198fd9cfe10d589a44897965f3d54ad723a1 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/4090ar.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/4090ar.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://neccgroup.com/arquivo_20260114000902.txt id: auto-d66c7ea97b06a3464192607740bef942fa6191423be8a9942e81d19cb93b7a8b status: experimental description: Detects traffic or activity related to https://neccgroup.com/arquivo_20260114000902.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://neccgroup.com/arquivo_20260114000902.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://neccgroup.com/assets/img/optimized_MSI.png id: auto-e3ea4cddbd523b52cfd7f8471379415e5d7cb16068c697a305d2389863baa446 status: experimental description: Detects traffic or activity related to https://neccgroup.com/assets/img/optimized_MSI.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://neccgroup.com/assets/img/optimized_MSI.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/oveead.ps1 id: auto-4f0ecd4d54e09fbb756d1d36525ab335bc99b154d4f72bf3fffdeca70a09df27 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/oveead.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/oveead.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/w7cba5.ps1 id: auto-16af022f4b0fb33550fb016df8dd6c979f9ed45ebe67d982a437dad31b1afad6 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/w7cba5.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/w7cba5.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://step-ksa.org/ENCRYPTED.ps1 id: auto-006aac4749cf60a332a5c766a1f67131be5b6a070ae8a9534207fe755fd77494 status: experimental description: Detects traffic or activity related to https://step-ksa.org/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://step-ksa.org/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://aggrowtlh.com/KEN.ps1 id: auto-de922fbc75ee0c5145d8a58d7e6673996f14ab0c6f21f3783ee6dc109bc375c1 status: experimental description: Detects traffic or activity related to https://aggrowtlh.com/KEN.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://aggrowtlh.com/KEN.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/357u7r.ps1 id: auto-6b571ba460ea8068ed11381bcb0fc99f07a5bc9c385c92edb98c7442961bfdf4 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/357u7r.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/357u7r.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/w1cshg.ps1 id: auto-fb351d1293cd8c41f61afd076f3ab670cbd6c8bd45c4777e279ea5cf078cedc0 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/w1cshg.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/w1cshg.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://aggrowtlh.com/ENCRYPTED.ps1 id: auto-9bb49fc45f78ca30d2c917ad2a71b3b79fa9522756b900037b8fcc8e73f18768 status: experimental description: Detects traffic or activity related to https://aggrowtlh.com/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://aggrowtlh.com/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://almacensantangel.com/ENCRYPTED.ps1.ps1 id: auto-184fd624b2d9cee36a6c860af20f65e36f6d607a9596cf5f80ce1e0766c1058a status: experimental description: Detects traffic or activity related to https://almacensantangel.com/ENCRYPTED.ps1.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://almacensantangel.com/ENCRYPTED.ps1.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/lfbrgm.ps1 id: auto-3eed6b5632fc5c785e92b4005aca864a5a1389e5fd1317e8fd94c310ed4d0d6c status: experimental description: Detects traffic or activity related to https://files.catbox.moe/lfbrgm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/lfbrgm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.219.71:55148/bin.sh id: auto-0c92b0a1f129f3797825baa0e1de12c1f3d1921b4e8594a469134b866876c928 status: experimental description: Detects traffic or activity related to http://182.112.219.71:55148/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.219.71:55148/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.241.151:51511/bin.sh id: auto-8c9f1535067564f2806b1164e782de733d1df9fcdb42c46c5c4bd3ad1146e1ad status: experimental description: Detects traffic or activity related to http://115.52.241.151:51511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.241.151:51511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/qg8ffm.ps1 id: auto-0cb4a609a36eebeab46f0613531c0f6332a35ac888e5990b1a7067d350b73c6a status: experimental description: Detects traffic or activity related to https://files.catbox.moe/qg8ffm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/qg8ffm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.251.236:34539/bin.sh id: auto-89d427ccc55dd3c24e5380d6cc231c1727dd90e862aba8134cfd003f86a0130b status: experimental description: Detects traffic or activity related to http://219.155.251.236:34539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.251.236:34539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.155.246:40158/bin.sh id: auto-9e1146b26882ae5b1ee7954ee74833ed1a973580f2bf85ca299269e75e1e9c2d status: experimental description: Detects traffic or activity related to http://125.40.155.246:40158/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.155.246:40158/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/protv18/tv/raw/refs/heads/main/lnatpro.apk id: auto-9aef49d6b67d19840da1c20bc47a686a08096f5bb4294bda9c36be1e3d6e978b status: experimental description: Detects traffic or activity related to https://github.com/protv18/tv/raw/refs/heads/main/lnatpro.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/protv18/tv/raw/refs/heads/main/lnatpro.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.69.54:53794/i id: auto-b3e0e17d65f9d48c1d8ab26f8cf10d58af3d0f89095915609f47a2980ef9c45a status: experimental description: Detects traffic or activity related to http://42.238.69.54:53794/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.69.54:53794/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/test.ps1 id: auto-dacce3c7d62aa45b74fa5b99d268fa3836298c1321ef012f7a18cee2fe564ffb status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/test.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/test.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/tuananh.png id: auto-800ca2f4795d8e7a9a732ea5ea0454592f0693cbbeab316dfa68acbf3f007293 status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/tuananh.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/tuananh.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/test.vbs id: auto-b0c38c85868385e90146a03a210a4a6faec143979c16a372ede18feca10c9f46 status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/test.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/test.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/test.png id: auto-0fa0fb5ef87635db160d0c9d45341da39909e50091f03c03309c7a64e5722cdd status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/test.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/test.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/TuanAnh.xlsx id: auto-397439da0c735396d2bac69a402e717f317769ffa337edd47454fb3fc802a00c status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/TuanAnh.xlsx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/TuanAnh.xlsx*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.121/defender.png id: auto-0d3447210261955a93552dcd978f470070c85aad4d3569af918d28021a775231 status: experimental description: Detects traffic or activity related to http://176.65.132.121/defender.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.121/defender.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.69.184:48919/i id: auto-7e75dc5519c19d0c5d1812f52a49cd0269234bd4ded3992063ec94a1b93425d7 status: experimental description: Detects traffic or activity related to http://115.50.69.184:48919/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.69.184:48919/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://emartinez.gamer.gd/arquivo_20260113172152.txt id: auto-f3c37375fce039929af46c12006852696bea1160ee9230c4f36010a525bcc784 status: experimental description: Detects traffic or activity related to http://emartinez.gamer.gd/arquivo_20260113172152.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://emartinez.gamer.gd/arquivo_20260113172152.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/KfbTEdBwgn128.bin id: auto-e94a3e461c41d664220b27c7233b06de5527822824b7d647a6e7fe9c1b8a3e34 status: experimental description: Detects traffic or activity related to http://107.172.135.9/KfbTEdBwgn128.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/KfbTEdBwgn128.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/pBVtpgFjCD147.bin id: auto-afb4d1b4176be17fb9c7f075e659476f643409dbd092570fc97865023d3ca8c3 status: experimental description: Detects traffic or activity related to http://107.172.135.9/pBVtpgFjCD147.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/pBVtpgFjCD147.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/Belaanin.psp id: auto-c708924855e4ae5e23ecf9c9924bd82b84491f172087a47f5a531db091eb088f status: experimental description: Detects traffic or activity related to http://107.172.135.9/Belaanin.psp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/Belaanin.psp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/Ddpunkt.u32 id: auto-267c3498f0b411ccd9a7acead2695ebab3c1fd1157f5ee83e2d65a9f90a9bac2 status: experimental description: Detects traffic or activity related to http://107.172.135.9/Ddpunkt.u32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/Ddpunkt.u32*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/MCmpsuR206.bin id: auto-5aac697bf2eb3a41cde4bf763d489cd0851eeab1977ad8542a1d248fe10068f3 status: experimental description: Detects traffic or activity related to http://107.172.135.9/MCmpsuR206.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/MCmpsuR206.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/pFiOZuGlv13.bin id: auto-a14c92d96cfef7067d54f609e53e1c9c42cd21190f778e698041de488b71e431 status: experimental description: Detects traffic or activity related to http://107.172.135.9/pFiOZuGlv13.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/pFiOZuGlv13.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/zyFzHKdU38.bin id: auto-709430d8b6ed0fa40eccac4d070730365ded2c53e044bd66c694d6e4588445df status: experimental description: Detects traffic or activity related to http://107.172.135.9/zyFzHKdU38.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/zyFzHKdU38.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/YfRxEWFEd36.bin id: auto-a80d72f609f7ef9af95913fabe21ce75de8439326df93cf97f28b366f245faed status: experimental description: Detects traffic or activity related to http://107.172.135.9/YfRxEWFEd36.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/YfRxEWFEd36.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/Linjeres.ocx id: auto-f6dab2d8f2d277362859ecf6097ce69ec0402e396d82590a470d837064e2df1f status: experimental description: Detects traffic or activity related to http://107.172.135.9/Linjeres.ocx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/Linjeres.ocx*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/Biblio.rar id: auto-f1bc7656695f795af403962ea0422ce090a4f6cae8062146565415bc9a535751 status: experimental description: Detects traffic or activity related to http://107.172.135.9/Biblio.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/Biblio.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/Indfle.pcx id: auto-66109a3104a4069e82abc5484e3b5abae4c9c2b8ff845913b5ae29fa3a85a974 status: experimental description: Detects traffic or activity related to http://107.172.135.9/Indfle.pcx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/Indfle.pcx*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.135.9/Enke.dsp id: auto-4cbb78a15a6246308425ba9fbadcf82d0edc636d5a2bb78378bd6237b40a7c06 status: experimental description: Detects traffic or activity related to http://107.172.135.9/Enke.dsp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.135.9/Enke.dsp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/richard.ps1 id: auto-9ff781a3e4f6c9f2e7e6e08ee5c73f7c556f727eecce81bbc09898944cc409de status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/richard.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/richard.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/sweet.ps1 id: auto-e694b8348b00f2bd2a71a4e68f79821183891ef0df7e55205256b221a2f2bbfc status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/sweet.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/sweet.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/eazyy.ps1 id: auto-a1ee0edcc9c7fdb367c930de44ad69d6abc0fd87de9b247513316efe98947688 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/eazyy.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/eazyy.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/EASY.ps1 id: auto-d4fb372c3ce8bca449e274f019f31bd74f6fb292f5fbec0fd5b780137b9355d3 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/EASY.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/EASY.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/STEINFTPP.ps1 id: auto-1663f4d8f0d472d8a5528ee0a33d5dba48e8e1f885119c5acdb3692b98917634 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/STEINFTPP.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/STEINFTPP.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/eaz.ps1 id: auto-4e96bbf80ba41804c1f8c3663cb0b5dd3c762eae44fc008d879b8d44c2aec9a3 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/eaz.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/eaz.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/ikmero.ps1 id: auto-9292a16b4d8d653f906f1a50c7c0b24afe582cc0f166c1a5fe7e54bf05f4e874 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/ikmero.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/ikmero.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/eazyyyyyyy.ps1 id: auto-f2164084a15467e1a3c4502d360e4279f74881034ee6dc38eed4499275b06720 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/eazyyyyyyy.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/eazyyyyyyy.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/SECOND.ps1 id: auto-fa77290c1262d412003014efd5b5481218ae379822139f6763fd44f680896e9e status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/SECOND.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/SECOND.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/tesst.ps1 id: auto-a8a6cc2ba93826450424c0a4cdbbbd20f7c9d6f45d9eae13abf7001c86888dd0 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/tesst.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/tesst.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/ENCRYPTED.ps1 id: auto-488afbeea9caea431b60b93f76428b0ca8ed8c7dcbd4209c2e1c95d2583b5af7 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/CU.ps1 id: auto-64f308eb25ca6ed33eeaa435901d14c18ad8a1e071487f336a0cba941d2b9edd status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/CU.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/CU.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/newww.ps1 id: auto-7a2ac81b7cb00b91b4e26cf70e52e0553fb0882f8345f45269e06576b581384f status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/newww.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/newww.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.144.212.54/BIN/tessted.ps1 id: auto-6956554b423d6abaa060f962b7d16de12ffbe201d1a3e3b09fcb1cafc247d2a8 status: experimental description: Detects traffic or activity related to http://45.144.212.54/BIN/tessted.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.144.212.54/BIN/tessted.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.69.54:53794/bin.sh id: auto-6b81635d4aaccd99624c7b3fc306e40750e151e749623b7bfa5d5c0f9e63795a status: experimental description: Detects traffic or activity related to http://42.238.69.54:53794/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.69.54:53794/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.52.54:40285/i id: auto-990314a14ea4ed3a195b603e2ec34d3db1782aafee0f414a09284577abdee22d status: experimental description: Detects traffic or activity related to http://115.63.52.54:40285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.52.54:40285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.147.43:58187/bin.sh id: auto-da359cc9d2f320fcb69eaf1d8119a93a8d40f965f21529067b0beee930921461 status: experimental description: Detects traffic or activity related to http://123.10.147.43:58187/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.147.43:58187/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.95.59/nnKVMr44.bin id: auto-0f1cfda0ca87a60e623da0f1de0aca394dee9e69c5595623244cf464c386e23f status: experimental description: Detects traffic or activity related to http://172.245.95.59/nnKVMr44.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.95.59/nnKVMr44.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.95.59/AFGohjJa146.bin id: auto-e0aac392546bc6c99647db07bf9a99b6442a4ff026551e0b813620d5ff417f3e status: experimental description: Detects traffic or activity related to http://172.245.95.59/AFGohjJa146.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.95.59/AFGohjJa146.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.95.59/QxeXNeZddr46.bin id: auto-f9fb3d9335854ddb71e0c397b2557338223954f561b60459b180904e3049d86f status: experimental description: Detects traffic or activity related to http://172.245.95.59/QxeXNeZddr46.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.95.59/QxeXNeZddr46.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.95.59/KqKtBvWpZxKFHiSwBJhtxRaX43.bin id: auto-20210351af9b75b1ce365ed4f1b0f3d780f6f5f752157cb03f5b0bdd64d1b4ae status: experimental description: Detects traffic or activity related to http://172.245.95.59/KqKtBvWpZxKFHiSwBJhtxRaX43.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.95.59/KqKtBvWpZxKFHiSwBJhtxRaX43.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.95.59/qHHClEbTZg63.bin id: auto-16eb7cf4a844db77b33a81771ce89f4d104fbb99efe31a75302d94711869eba4 status: experimental description: Detects traffic or activity related to http://172.245.95.59/qHHClEbTZg63.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.95.59/qHHClEbTZg63.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.245.95.59/rpzsrPH79.bin id: auto-2bb6c401776f2a7836d6e3c39be08ee86997293465a6d9d2a9c9382199cab35e status: experimental description: Detects traffic or activity related to http://172.245.95.59/rpzsrPH79.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.245.95.59/rpzsrPH79.bin*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.217.104:37350/i id: auto-0ad4c8892cad2cb004a3f1a4f669097bea348a9986a32229dadca8c4ebe2828e status: experimental description: Detects traffic or activity related to http://117.245.217.104:37350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.217.104:37350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.217.104:37350/bin.sh id: auto-6d1363d1d9f091913ab786f5de762fef16d8c383836cf72bf4fb8fe9821bf0db status: experimental description: Detects traffic or activity related to http://117.245.217.104:37350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.217.104:37350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tvlerer/tv1/raw/refs/heads/main/inattv.apk id: auto-ac5b3502af907e426622fb1197bad2bf1b93e63276a283a836505318c83ab3b2 status: experimental description: Detects traffic or activity related to https://github.com/tvlerer/tv1/raw/refs/heads/main/inattv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tvlerer/tv1/raw/refs/heads/main/inattv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/varetet/vilaret/raw/refs/heads/main/inattv.apk id: auto-2b2afedbd8211ad6f6512c0be3cc16a60292186cd3404f965478dca906796e15 status: experimental description: Detects traffic or activity related to https://github.com/varetet/vilaret/raw/refs/heads/main/inattv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/varetet/vilaret/raw/refs/heads/main/inattv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/selimkalla813-ctrl/aaaf/raw/refs/heads/main/foto.apk id: auto-734bab7eb260eee0d768dbe2d70adf0bdfc4ecf37e4d155355fcd522a49767f3 status: experimental description: Detects traffic or activity related to https://github.com/selimkalla813-ctrl/aaaf/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/selimkalla813-ctrl/aaaf/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/fatihtv1/tyret/raw/refs/heads/main/inattv.apk id: auto-8af4c28619c2405b355817a942772c62069452bfc335e5e7c434030766eb05da status: experimental description: Detects traffic or activity related to https://github.com/fatihtv1/tyret/raw/refs/heads/main/inattv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/fatihtv1/tyret/raw/refs/heads/main/inattv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.69.184:48919/bin.sh id: auto-5b05f93ca845b2c395b6e43ce0250a75656018391c82cbe2d6b4bd115ce16169 status: experimental description: Detects traffic or activity related to http://115.50.69.184:48919/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.69.184:48919/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.142.162.84:52783/i id: auto-51bd412d6b678194d8f67ab3d82fc585941a51ebb6bb968ed4311ef4e9de2a94 status: experimental description: Detects traffic or activity related to http://41.142.162.84:52783/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.142.162.84:52783/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.108.241:33172/i id: auto-38d4d90acc151033c67f2a6e62f2f6975d9c4dc108ce1627fd37295a1a0d989b status: experimental description: Detects traffic or activity related to http://116.138.108.241:33172/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.108.241:33172/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.71/ngetyi.sh id: auto-6fbdaf8c8ff4545ea41cabfd37c3ade3f1e6fa7eddec8db876ef707458a979d6 status: experimental description: Detects traffic or activity related to http://130.12.180.71/ngetyi.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.71/ngetyi.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.206.175:35305/i id: auto-aca55e157c369011c29ead2c4d9400ffb52610f58275d746663003a159babdc2 status: experimental description: Detects traffic or activity related to http://42.227.206.175:35305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.206.175:35305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.245.163:42407/i id: auto-82be781ef19a57aa0e6c0ec45df91b7900d0a33651e7292043b98b82e771c3dd status: experimental description: Detects traffic or activity related to http://42.5.245.163:42407/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.245.163:42407/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/six.txt id: auto-6eefbe6d4b68ad0163e7a71926dc2748d5c5c3a802e839f0d8628d9bacc0ede7 status: experimental description: Detects traffic or activity related to https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/six.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/six.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://hostphpwindowsapps.ydns.eu:8011/data/optimized_MSI.png id: auto-695da1e27cb4ab83e6cefb091a76579a8693278b7abdb273450f7cde37969e3f status: experimental description: Detects traffic or activity related to http://hostphpwindowsapps.ydns.eu:8011/data/optimized_MSI.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://hostphpwindowsapps.ydns.eu:8011/data/optimized_MSI.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.206.175:35305/bin.sh id: auto-6740764e1325c2975d0ec33879825a24222db559f8daa944440309b0b53bf306 status: experimental description: Detects traffic or activity related to http://42.227.206.175:35305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.206.175:35305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/hznetanyahu-ai/r/raw/refs/heads/main/foto.apk id: auto-2a22840dd477924ed45e25447f3bb948ebf7489c111533ea6cfeff281f3703e6 status: experimental description: Detects traffic or activity related to https://github.com/hznetanyahu-ai/r/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/hznetanyahu-ai/r/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://microsoft-telemetry.at/ozo/vilta.exe id: auto-8f0f0e75659e225c67a6bdf649d0d66c5df11ee70af440de77b5796e7a92b6a8 status: experimental description: Detects traffic or activity related to http://microsoft-telemetry.at/ozo/vilta.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://microsoft-telemetry.at/ozo/vilta.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frost-tree-nord.base-blockchain-ground-false.in.net/submission-start id: auto-e7e84b466ae9de17503373aa4a90798dbfafb81f0ccfc62f6ceb39fa80494bcc status: experimental description: Detects traffic or activity related to https://frost-tree-nord.base-blockchain-ground-false.in.net/submission-start which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frost-tree-nord.base-blockchain-ground-false.in.net/submission-start*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://marsalek.cy/paste?userid=213 id: auto-3105f7ab465abdd95391dcc8bf1008855e68284c5aa89e85e34de37f140d5809 status: experimental description: Detects traffic or activity related to https://marsalek.cy/paste?userid=213 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://marsalek.cy/paste?userid=213*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/clock-cheking/expert-barnacle/refs/heads/main/brand id: auto-b1c61f6578cafd0202d5f09c6711decb52c8fe147934d76f27ccc994a5411afc status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/clock-cheking/expert-barnacle/refs/heads/main/brand which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/clock-cheking/expert-barnacle/refs/heads/main/brand*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/clock-cheking/expert-barnacle/refs/heads/main/load id: auto-2f969d95ea4ccb7a4dd9670c0d589eb1379554bfc2f80fbd7964316a72148ed9 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/clock-cheking/expert-barnacle/refs/heads/main/load which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/clock-cheking/expert-barnacle/refs/heads/main/load*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/malliagranss/GoogleChrome/raw/736395613a8761e60c325d209cbc79bc8a8a7ee0/Chrome.apk id: auto-2fcaf786cdbda72112f4bffc805c405b3002b872730d66bbe1aacbbe86f19734 status: experimental description: Detects traffic or activity related to https://github.com/malliagranss/GoogleChrome/raw/736395613a8761e60c325d209cbc79bc8a8a7ee0/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/malliagranss/GoogleChrome/raw/736395613a8761e60c325d209cbc79bc8a8a7ee0/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.124.165:53490/bin.sh id: auto-525545eeb29150e32fb14047e54c390f2d7988c2ec6822292f48b0508f761f5b status: experimental description: Detects traffic or activity related to http://112.248.124.165:53490/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.124.165:53490/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/hzmusamus-hue/z/raw/refs/heads/main/foto.apk id: auto-323f37070a87fa9d19b14387ceaece7458eacfacf2686225ec2204a4d9a798f2 status: experimental description: Detects traffic or activity related to https://github.com/hzmusamus-hue/z/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/hzmusamus-hue/z/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.249.142.93:44646/bin.sh id: auto-5e546ff178eedc6b1a0483ef9dc00ba023f046310b5284c2b9a547111fdeae43 status: experimental description: Detects traffic or activity related to http://2.249.142.93:44646/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.249.142.93:44646/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.245.163:42407/bin.sh id: auto-d074241f801934f87fc40cf60774917563b0f16f41eada27def0b295ebafaea0 status: experimental description: Detects traffic or activity related to http://42.5.245.163:42407/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.245.163:42407/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.228.172:39596/i id: auto-64866dcdf2ccde3ac6ea36ebe287c5fcc2b731f84ca641cf522c305d05ec086d status: experimental description: Detects traffic or activity related to http://115.55.228.172:39596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.228.172:39596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.171.103:37646/i id: auto-7496846dd1b8a24dce03aa4ec306c7322d0522d9c93b98be9b7acdd5ad4c8bbc status: experimental description: Detects traffic or activity related to http://42.87.171.103:37646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.171.103:37646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.51.46:54679/i id: auto-e61e496ae02b2ad15b2d0a615a750a0c3d0f7d0910a09b8f15ed78b78d76112f status: experimental description: Detects traffic or activity related to http://42.235.51.46:54679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.51.46:54679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.247.241:40251/i id: auto-6036152278805cf863ebc280bb1133e428babf74cb8c72b1ec29b1b6d16671fb status: experimental description: Detects traffic or activity related to http://112.248.247.241:40251/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.247.241:40251/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.228.172:39596/bin.sh id: auto-7bc1699e30dd67a1d4e66ff4d332836cec50c102e5c0504552c1ac391d48e868 status: experimental description: Detects traffic or activity related to http://115.55.228.172:39596/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.228.172:39596/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.112.179:46698/bin.sh id: auto-4c3aaa22d54df5bea81894857081a2cb9961adc038e691979a155665087577c6 status: experimental description: Detects traffic or activity related to http://175.165.112.179:46698/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.112.179:46698/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.197:40925/i id: auto-e27c13def99d2bdca9441b00309985382c828a2dbe5cb7c0dc67b4097e734d81 status: experimental description: Detects traffic or activity related to http://117.198.12.197:40925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.197:40925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.25.27:53045/i id: auto-fd6aadbea066c1e3e13bc02b65717d4f052fef59d573d4169234d46443727981 status: experimental description: Detects traffic or activity related to http://219.156.25.27:53045/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.25.27:53045/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.171.103:37646/bin.sh id: auto-8a2bd0e8f13af117681acf57c78641a523ea22b7168625c4ba9ac19a2d832ae7 status: experimental description: Detects traffic or activity related to http://42.87.171.103:37646/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.171.103:37646/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.200.117.247:48902/i id: auto-e4eef079e7ef023fc781ddea9be6af6520ae192700b25e9536705512da162a8f status: experimental description: Detects traffic or activity related to http://221.200.117.247:48902/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.200.117.247:48902/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.200.117.247:48902/bin.sh id: auto-fdfa5b872046d434f5832dbcaf52edef11f8961f63145d4d903f587242d4ac75 status: experimental description: Detects traffic or activity related to http://221.200.117.247:48902/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.200.117.247:48902/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.152.111:41344/i id: auto-3a81e80e8c949daea41dfe9c181391cc7adbb2bee3ac691cc0d3903026dbc5a2 status: experimental description: Detects traffic or activity related to http://117.211.152.111:41344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.152.111:41344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.12.197:40925/bin.sh id: auto-871bdc25a4d1b946b70acbd4b89c97f6c6e5409c1f3f9a4e7d517138458dccfe status: experimental description: Detects traffic or activity related to http://117.198.12.197:40925/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.12.197:40925/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.ppc id: auto-d880f7a218d9e4910d36f86a59d4eedf2d9b45d84deebc5583419e7f3f5aaa72 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.arm5 id: auto-f0f56b2dc5628672a8ee5046f88ef1126bb633973db25627e709db8d572fbd2c status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.mpsl id: auto-00ea574b6e9249d539e190d38ac66ed21309d6da135dc43a4199814ccb6692c2 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.spc id: auto-02dfa7a37af2f81ca23cd350f52589c39cd7ddf2e807cc17410cc619f646b7e0 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.192.76/bins/dlr.m68k id: auto-2a17b2a21a324110230895421204daaf93990c95b8348321204e912718c46ea4 status: experimental description: Detects traffic or activity related to http://45.150.192.76/bins/dlr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.192.76/bins/dlr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.96.173:53302/i id: auto-0bdaa246e9ce781ecc7765e4e572f5e4543eed5ba834025f7eea074e78e26e1f status: experimental description: Detects traffic or activity related to http://112.239.96.173:53302/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.96.173:53302/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.96.173:53302/bin.sh id: auto-cd194bf684370b8765510fcaee039ae0314bf01caabfe368ba0335d93b27580d status: experimental description: Detects traffic or activity related to http://112.239.96.173:53302/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.96.173:53302/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.85.201:42095/i id: auto-b7c538236fae18879c0481c818b7a9163d65141a3f98d157adfb84ee0b6924dc status: experimental description: Detects traffic or activity related to http://61.53.85.201:42095/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.85.201:42095/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:52287/bin.sh id: auto-3b319139b990f3841eda010824154d12bb5685272de60046369e6b2d273d37f1 status: experimental description: Detects traffic or activity related to http://173.28.101.7:52287/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:52287/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.75.129:53063/i id: auto-b4e150cbb537197c63155032187781478b2f2f796db7d1f895b48bfbd2833cda status: experimental description: Detects traffic or activity related to http://61.53.75.129:53063/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.75.129:53063/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.226.101:57056/i id: auto-2c0fa25efc6d770e717a5d391c34e0f2288ac1fe7e860df5ebdca9e49b9c3ebf status: experimental description: Detects traffic or activity related to http://115.49.226.101:57056/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.226.101:57056/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.246.189:44599/i id: auto-832e00a86618fb8840f83435ab8c2ddc411857319485c66aa5193e7cb7424d13 status: experimental description: Detects traffic or activity related to http://42.57.246.189:44599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.246.189:44599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.76.39:38771/bin.sh id: auto-129b511fadcb598a67f46a999e53237d9607095e31303e85ad106e96f5e1fada status: experimental description: Detects traffic or activity related to http://222.141.76.39:38771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.76.39:38771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.29.147:39005/i id: auto-6ec773447a68b895ee3e7484e84c7bc0e1b8d02a7c39e7da9234399644d394eb status: experimental description: Detects traffic or activity related to http://123.190.29.147:39005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.29.147:39005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.75.129:53063/bin.sh id: auto-5de3fad87d884777275adcd6c4c0affdd85d7b13e3770349d68ab1d0135dac32 status: experimental description: Detects traffic or activity related to http://61.53.75.129:53063/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.75.129:53063/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.226.101:57056/bin.sh id: auto-7ee196edef3596c46ddb7b83817ccdcafccc0893381d1d599957b604361d521b status: experimental description: Detects traffic or activity related to http://115.49.226.101:57056/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.226.101:57056/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.36.57:44008/i id: auto-01d0614efefa04768c1ae2e1ca68b662f15d23ea00d0182f125ffd3826e1e937 status: experimental description: Detects traffic or activity related to http://115.63.36.57:44008/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.36.57:44008/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.23.15:49257/i id: auto-c17131262c6abb289f7cdb8b62d8feab9b8a352f82c0675a55990147d69eb91a status: experimental description: Detects traffic or activity related to http://117.223.23.15:49257/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.23.15:49257/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.133.40:50341/i id: auto-950ad455a57dffbb4814d6953806d396be4287ccd06f77da2fb8d3d8cb14be50 status: experimental description: Detects traffic or activity related to http://42.227.133.40:50341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.133.40:50341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.214.39:53303/i id: auto-a51dead307f7fe340405af1df7dfee4dd06c6947ea557cf1e52fcd841b0560ab status: experimental description: Detects traffic or activity related to http://120.84.214.39:53303/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.214.39:53303/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.136.155:33879/i id: auto-1321c3f1a94b53d7b5cdfa18bac66bd6d12f7f412d61b25020c98828d1cf3977 status: experimental description: Detects traffic or activity related to http://108.170.136.155:33879/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.136.155:33879/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.153.230:48906/i id: auto-2864ab8ec3830e23340584ae776f53a191a909ee486804eddcb9a44c80ccf23a status: experimental description: Detects traffic or activity related to http://222.137.153.230:48906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.153.230:48906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.162.150:34062/i id: auto-3f6637a0e7a0bc13816d2326596fcd63811329ffb634aea2cbc98791694e6d3a status: experimental description: Detects traffic or activity related to http://115.48.162.150:34062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.162.150:34062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.124.165:53490/i id: auto-dd7bac91790559ad05bd6ac7e9e82e998ce3cc693d09a492d1b527018184d11f status: experimental description: Detects traffic or activity related to http://112.248.124.165:53490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.124.165:53490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.204.94:40818/i id: auto-b91c3345c2301a99818ecacdfc66b572d8947cd9cf6ad1e6cca0525369944687 status: experimental description: Detects traffic or activity related to http://123.5.204.94:40818/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.204.94:40818/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.126.177:60991/i id: auto-b1137dcdf8ca488d48d79d1ac78a219ee3eaabedda71a1bdb92a5fd141a01371 status: experimental description: Detects traffic or activity related to http://222.139.126.177:60991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.126.177:60991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.46.38:56644/i id: auto-5f0394ff17fdc6a943b8c421955713159606c786e0ca7d533825ca839b03a819 status: experimental description: Detects traffic or activity related to http://182.127.46.38:56644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.46.38:56644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.224.143:49824/i id: auto-6bb9de4e68dc7960b02c7f89cdf6ab07d979b7d3a0d0f901d96c45ce9949f910 status: experimental description: Detects traffic or activity related to http://27.202.224.143:49824/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.224.143:49824/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:49032/i id: auto-8ed56d69a65ba7af0bdd231ff6313259fbd488aa5d4ca37c11a0d64e61d6008d status: experimental description: Detects traffic or activity related to http://110.36.16.78:49032/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:49032/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.76.241:45777/i id: auto-b7478ceb84a97542735543d2a9b186a7f364b7bd198cdd25b5de0a864e99673a status: experimental description: Detects traffic or activity related to http://115.49.76.241:45777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.76.241:45777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.246.189:44599/bin.sh id: auto-3087f4c25ee82a2c4d844838c28074d22f4ed22ae279a5a88b506f4ba3292e1e status: experimental description: Detects traffic or activity related to http://42.57.246.189:44599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.246.189:44599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.106.152:38099/bin.sh id: auto-8ab5c5cfc5362e26b6a5dfbc7276c0299511ddebec59c032ea459323b3b22c10 status: experimental description: Detects traffic or activity related to http://125.43.106.152:38099/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.106.152:38099/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.163.48.188:46249/i id: auto-7c4bfff02a77d227522c68a7b9f8038ae7c2012393caa52e118f423a042433a7 status: experimental description: Detects traffic or activity related to http://174.163.48.188:46249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.163.48.188:46249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.157.215:46520/i id: auto-73b75f3109d54734202aafb5d714d8704ed6150fee036fec8a57f405b6ec54e0 status: experimental description: Detects traffic or activity related to http://42.180.157.215:46520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.157.215:46520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.241.38:33641/i id: auto-ea409ff30dbf8b0ba9d1377e065a32787762b72f5743dc7955e8948f725fa308 status: experimental description: Detects traffic or activity related to http://119.189.241.38:33641/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.241.38:33641/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.163.48.188:46249/bin.sh id: auto-fb546953167764f0857cb1dd81cb52d17729f8994f1661239103ea8d654e7048 status: experimental description: Detects traffic or activity related to http://174.163.48.188:46249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.163.48.188:46249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.153.79:33831/i id: auto-62aec255aa3396afff6a8eb6acd73eeb68368bde99808c6a28e5458bec78b804 status: experimental description: Detects traffic or activity related to http://117.247.153.79:33831/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.153.79:33831/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.76.241:45777/bin.sh id: auto-2eb52b7b02d3640b12ac853d86659712508c732ea1162431133a53a7c0ef8799 status: experimental description: Detects traffic or activity related to http://115.49.76.241:45777/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.76.241:45777/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.162.178.90:46518/bin.sh id: auto-d76c4ab44242332e37ed1720f8535856ad8867aa14b0fa4d80f8d9843edc0e81 status: experimental description: Detects traffic or activity related to http://124.162.178.90:46518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.162.178.90:46518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.157.215:46520/bin.sh id: auto-81ecfd714167ac9546885fd394178d75145fac3677994d3c38ac653d57d72f7d status: experimental description: Detects traffic or activity related to http://42.180.157.215:46520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.157.215:46520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.241.38:33641/bin.sh id: auto-c0f22996ef9a5f9024f022f35fd8e68ba1a4ce16d084bf5f37ca7af6c3251004 status: experimental description: Detects traffic or activity related to http://119.189.241.38:33641/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.241.38:33641/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.98.252:45034/i id: auto-74f6bfa30f68842cd3fcd2498a1bad82b85fbb2988850f35738077f6b2ffdf81 status: experimental description: Detects traffic or activity related to http://123.190.98.252:45034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.98.252:45034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.148.202:39445/i id: auto-e653f052e08ca9df41043a8f04a10fe99954b825e99c6ae2565b3d33579ea8bd status: experimental description: Detects traffic or activity related to http://115.58.148.202:39445/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.148.202:39445/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.106.152:38099/i id: auto-70c6c06e41ed3c04c2d5a88b76e4ad3a0d767f1729a20387d96937544c67dc85 status: experimental description: Detects traffic or activity related to http://125.43.106.152:38099/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.106.152:38099/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.137.202.197:34324/i id: auto-b6167755737b22619ce94990213f697377f7a0263e9cd41caee9cc9b753d6e28 status: experimental description: Detects traffic or activity related to http://61.137.202.197:34324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.137.202.197:34324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.98.252:45034/bin.sh id: auto-6fe1d58182637db763c3c3f3f2a28d39d7f9350c10595885787472c0521c7796 status: experimental description: Detects traffic or activity related to http://123.190.98.252:45034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.98.252:45034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.31.180:45204/i id: auto-26af0e8d462b6717e695f79d90741b06af93dc59cb97e1060b7eba93f466b4f7 status: experimental description: Detects traffic or activity related to http://59.93.31.180:45204/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.31.180:45204/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.137.202.197:34324/bin.sh id: auto-1ae6c557fbcac83f13143f3bb8c43ebbb7a3464a74e8b4fc3eabf7ab22487664 status: experimental description: Detects traffic or activity related to http://61.137.202.197:34324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.137.202.197:34324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.8.235:56280/bin.sh id: auto-3a5afd06c99d4fbf0eb01c1a2b0220f982fc1d5ea25b1229c44b8774a3d485c7 status: experimental description: Detects traffic or activity related to http://115.55.8.235:56280/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.8.235:56280/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.110.99:38391/i id: auto-3b10812a1525552c86e4f75db7eef1cec850aa7d312eba6b2f7c62841ff3433b status: experimental description: Detects traffic or activity related to http://113.237.110.99:38391/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.110.99:38391/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.16.206:41898/Mozi.a id: auto-7d5f8f8cd85766e0e7ba6d701484d2a7d6757b0061fe0b8bdb38a6029e60c64b status: experimental description: Detects traffic or activity related to http://180.191.16.206:41898/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.16.206:41898/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.16.206:41898/Mozi.m id: auto-9970f9b4377d0e867789832f5c38dc42eeaec4d0a1d31a7e1ac362af0a61c99e status: experimental description: Detects traffic or activity related to http://180.191.16.206:41898/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.16.206:41898/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.5.246:52189/i id: auto-c60da8628c75acd14f1e492cf0128dcc8f42f897f7959c993000fdd2f1f6729f status: experimental description: Detects traffic or activity related to http://115.59.5.246:52189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.5.246:52189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.91.246:60432/i id: auto-56897fbd7f2fcf3eecbe853d5b2fa5633945f9d4598bad2d8ea1466ebbf52190 status: experimental description: Detects traffic or activity related to http://123.185.91.246:60432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.91.246:60432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.163.98:35750/i id: auto-106bdee145b105b0ff087e91dbdb58ab19bb73b1f831c6ec90012b0a2507ed33 status: experimental description: Detects traffic or activity related to http://117.199.163.98:35750/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.163.98:35750/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.110.99:38391/bin.sh id: auto-5776a74434710b74e5cc56fca17399e838fee341817544296181bf3979cce6af status: experimental description: Detects traffic or activity related to http://113.237.110.99:38391/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.110.99:38391/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.48.155:45807/i id: auto-6775f84530087874c2c57afff14d58f1e45fce413bf2104cd00e1ed0ebe1ab87 status: experimental description: Detects traffic or activity related to http://112.225.48.155:45807/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.48.155:45807/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.109.130:38442/bin.sh id: auto-e0891ba6100a933a20e2ac08bff968f30c2ec2b02b99bbc1f207acf900c21f37 status: experimental description: Detects traffic or activity related to http://112.248.109.130:38442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.109.130:38442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.187.119:52103/i id: auto-96b7ecefa66e679cb3dee1968ba0b36f172ac786ee46f5262facad9d2a19be98 status: experimental description: Detects traffic or activity related to http://117.216.187.119:52103/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.187.119:52103/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.187.119:52103/bin.sh id: auto-3ebfeceedd138914621eba432048f93ec1b68e2963726ce51dc041a656d92d70 status: experimental description: Detects traffic or activity related to http://117.216.187.119:52103/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.187.119:52103/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.225.48.155:45807/bin.sh id: auto-801ceea67f0eeda1cbda6f54ad8d22c355b038de35d182b6c0b9f1788e35b145 status: experimental description: Detects traffic or activity related to http://112.225.48.155:45807/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.225.48.155:45807/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.sh4 id: auto-5005cf6b49fb2ed9bcd07308572a2dc603ed39b1f792fcdff9f4b627903294a4 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.m68k id: auto-e772678e3c6f9cdfd54f9e634614c777444d3ac30196863caf6d17fab7aac40c status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.mpsl id: auto-8c0e348b0f1f709203424b814a9fa27fa1cac665155110e7ec261af397e1c482 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.x86_64 id: auto-cf7e5b94e523f4a8b8fc02320100355e8e0d63f9ad4532042c19c836a57ec6ec status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.arm7 id: auto-429749e7d0e295cff403a6dd4ff860f6067c4f81c9f52faacba6e7c0d98481bd status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.arm5 id: auto-1324e4f7367c0f5e306fd0e14eb4b4bda4da0050a9c0f6ca350f0c7969e96fd4 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.arm id: auto-4a396ca40068bc430c3874044736c1709ba8b1959e93236860cb28a9ee416e68 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.arm6 id: auto-079687e7a33d8a8a5db23f4616d6da286e80aa83f48eccd9b85d76b9febffa48 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.ppc id: auto-35e828ce25b2676784d9271cbfb12fac9257af84e9dcd834befcf91344f39d98 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.mips id: auto-5dcf7d0c0d968603d98ed0f3815558611431aa6cc806f589e48472ab17df0444 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.spc id: auto-f626b940e3b7a818745e6f63c2860f53697557e713819cbd48286ee08dd95f65 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/bins/systemx64.x86 id: auto-cc6bae812c0cfc6514f52a4e8929ca403afeeb00602f5580256d115188a10aec status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/bins/systemx64.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/bins/systemx64.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/c.sh id: auto-b318ade7804122b470ec504d8ac8198c21610fdc23a48617f780ee5f059b0016 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/c.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/w.sh id: auto-a0eac5309bc6081b8aab760b09e687b4ee487d3cde5e9ac67d0f17cebcddf7c8 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/w.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:3712/wget.sh id: auto-07abb47768d4618b8f668c5fd739b029e9c39017062e93c4584aaa55ce5e4bb0 status: experimental description: Detects traffic or activity related to http://82.221.139.173:3712/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:3712/wget.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.52.152:36376/i id: auto-ae551eee9ee06e3b9ca8129e443fdc6579087bf0a8a121cdbb429e0a7f53f753 status: experimental description: Detects traffic or activity related to http://115.50.52.152:36376/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.52.152:36376/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.52.152:36376/bin.sh id: auto-4fed4d88ca7fe3b06ee2dd4e1f64bee8beb851b45bab55a7776a576e9cc07344 status: experimental description: Detects traffic or activity related to http://115.50.52.152:36376/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.52.152:36376/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.47.241:37007/i id: auto-43f10d0dbb093504b2ce65369dbd67654b225179eeacaf95d70b3e7d5c44531b status: experimental description: Detects traffic or activity related to http://42.231.47.241:37007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.47.241:37007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.47.241:37007/bin.sh id: auto-77cc26adb76565391bcab101aeb09be61ba59c2f376eb932d9d8bf513ef24478 status: experimental description: Detects traffic or activity related to http://42.231.47.241:37007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.47.241:37007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.180.9:37538/i id: auto-b73a9731ad08bb8972bab6418d04dbf481db0af77e854df1a43b89d970288811 status: experimental description: Detects traffic or activity related to http://123.189.180.9:37538/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.180.9:37538/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.85.201:42095/bin.sh id: auto-f5fcc1c1e5ca8822b02cfa85e8f406a4179d43bd301c9c5d28e5a75956d4052c status: experimental description: Detects traffic or activity related to http://61.53.85.201:42095/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.85.201:42095/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.168.219:51567/i id: auto-8753a41216fcf4ad01bbd0cb373c1035a9804d6a7ca9d6dd8deac5b6372363c3 status: experimental description: Detects traffic or activity related to http://182.121.168.219:51567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.168.219:51567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.66:60809/i id: auto-072d4e6e18d29c7099de90d84f52d10efe121810d6b989902602173c65f4660c status: experimental description: Detects traffic or activity related to http://59.97.183.66:60809/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.66:60809/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.168.219:51567/bin.sh id: auto-769f1c7a1cddd49743c78f78d389837f26786a23092a3d874fd4a5b52d0e81e0 status: experimental description: Detects traffic or activity related to http://182.121.168.219:51567/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.168.219:51567/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.147.194:47412/i id: auto-9d4c4e100afe8dab9edc924a1ae7fd4997e55494b17601e0317fe1cccb552ba5 status: experimental description: Detects traffic or activity related to http://39.90.147.194:47412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.147.194:47412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.66:60809/bin.sh id: auto-93f525714750048e995597b2db250145864ff0cfcef7f64d3eea644c8c54789a status: experimental description: Detects traffic or activity related to http://59.97.183.66:60809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.66:60809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.61:33701/bin.sh id: auto-6c775ed7b4b9616947806e48233870025cbcd4fbe673fdbb6eb047d82cb8b413 status: experimental description: Detects traffic or activity related to http://110.37.55.61:33701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.61:33701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.17.226:38880/i id: auto-4cd9c7b38c5821a7d091686ce77649901c67acfa6db96aa51b72ebdc6b7dc114 status: experimental description: Detects traffic or activity related to http://219.157.17.226:38880/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.17.226:38880/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.147.15:54223/bin.sh id: auto-2f49b7746f90cd047b6e8d00634fa5d9dc4d9706b514fe706afde18632bbc2b0 status: experimental description: Detects traffic or activity related to http://125.40.147.15:54223/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.147.15:54223/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.140.141:32978/i id: auto-01506b7bc708e56d11cb218ecf402099f0f278969c8186bbcf1f6479f7011b83 status: experimental description: Detects traffic or activity related to http://220.201.140.141:32978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.140.141:32978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.14.222:55610/i id: auto-0e05e062d2ff6c2889a0dd92264364155f0f6e65f6082c19a839c133f8f0226d status: experimental description: Detects traffic or activity related to http://182.116.14.222:55610/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.14.222:55610/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjppc id: auto-ab83e9687449e19d0a59342387fb505e04d1c9ecbddff80913ad816a69c6cd71 status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwji586 id: auto-e9f4cc34ab543402cc2e3077f6cc85ca19e6bfe1d1f61028798528f6ba3c133c status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwji586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwji586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjarm4 id: auto-38b8f51ea95f52fa448066b0145da23aa90496a5f554ae3d6f15850918ec4266 status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjx86 id: auto-9703aa23a00d2c61f56e1236d03535cc895bb8877397707b3bc0cffa06f3839a status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjppc-440fp id: auto-776b6ba7fbb206a3e1a2f0c2384b2fbdee2da5f82c35ff7410df76983e5d393d status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjppc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjppc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjmips id: auto-c07d1e07ef44a533001b8cf0630d2ed228654e1458ed126277c2629b26e4978b status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjarm id: auto-bb18473a32e57c6aa7ccc714a3f93a6a1e6af35ea0f57a54f6d20da5cd1a8b83 status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjarm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjarm5 id: auto-62088886d027dfce30e57b4487f3df22809ced56acf5a59d29e8fe86d5cc8d41 status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjarm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjm68k id: auto-a29c91acbc3895d4e1cdfc9bbc78576128c4a62046e95cda6ddd673037018b2c status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjspc id: auto-a46d12daf391d919e4d8360421b7ca1a1a38349ffb2b98bcb1a8caf20bdaf02c status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjsh4 id: auto-a5ebbb2394134c0ce1ff2d6b16680ab47dcb4b638d5813ee52bdf296cfc2590e status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwji686 id: auto-b21ac997b6f3420e0118b1471f6ea9f3e361ae5aa2c4fabab3137a2eb8861664 status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwji686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwji686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/2016Nwjmpsl id: auto-8c8b1f81df69e0ccff83f907c7f628d689469cd20a8e052b8713fa4ebe13651c status: experimental description: Detects traffic or activity related to http://78.142.229.7/2016Nwjmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/2016Nwjmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/busybox.sh id: auto-ccd33ef0c79616a298da7d18f0a1b4488339f1a36ae03d4a59ff50c9ecd1ad80 status: experimental description: Detects traffic or activity related to http://78.142.229.7/busybox.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/busybox.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/curl.sh id: auto-5ff2d339cfe30cb54bd2a30e5ead3fd0c00077e87c099bfaf34f9ed8c14029cf status: experimental description: Detects traffic or activity related to http://78.142.229.7/curl.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/curl.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.142.229.7/wget.sh id: auto-025cf72cda2aa8861580fb2d3974a7a66f40adf220aa35aa2b8ed8313cf5ac20 status: experimental description: Detects traffic or activity related to http://78.142.229.7/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.142.229.7/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.147.194:47412/bin.sh id: auto-51462aaf40b121d2140e45313d54bec2946755f05e825c19d5908f57a7e53c10 status: experimental description: Detects traffic or activity related to http://39.90.147.194:47412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.147.194:47412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.61:33701/i id: auto-bf59febfb78a08d8973fb802b66c02994af1b4cf2359fc3ba2e8cb32b544044d status: experimental description: Detects traffic or activity related to http://110.37.55.61:33701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.61:33701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.17.226:38880/bin.sh id: auto-b6a52c8dfa2b2e329ceb5a807581298e099515c6d6cd0fe07cde6149972bf4a6 status: experimental description: Detects traffic or activity related to http://219.157.17.226:38880/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.17.226:38880/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.230.187:55463/i id: auto-e98cf5b8ece51423a177a6e4188aa775bf76d3b4cd09ea40f1475659ee5eeb41 status: experimental description: Detects traffic or activity related to http://125.41.230.187:55463/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.230.187:55463/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.167.38:51908/i id: auto-75cb590b8375b1041a86272c0e3bf7f9792724c8640d8a61a3c45d4078be5b75 status: experimental description: Detects traffic or activity related to http://178.141.167.38:51908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.167.38:51908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.15.5:58096/i id: auto-49a5f6470796340f3ced8430283e806987a2807592ea54d756bf46ed4aaeab20 status: experimental description: Detects traffic or activity related to http://182.121.15.5:58096/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.15.5:58096/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.171.177.193:42496/i id: auto-baaa8baa28c54952aec0f509da6b967393eb5cba450a0d53a69e1490e00fa154 status: experimental description: Detects traffic or activity related to http://45.171.177.193:42496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.171.177.193:42496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.185.44:49120/i id: auto-adac4a6b73dd6c7ecc18dd23b29f02061e34e2e1b4311ea1a4ecdaaecb2920d8 status: experimental description: Detects traffic or activity related to http://180.190.185.44:49120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.185.44:49120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.185.44:49120/bin.sh id: auto-6ceb66e7e0c626f7441508b70ac0635423941da721cf712246beb8b7c8094755 status: experimental description: Detects traffic or activity related to http://180.190.185.44:49120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.185.44:49120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.199.72:39372/i id: auto-9d68d2c55b3e4a987d8f4a90a0fef7083bd6c6996fd438ca24e41f6d5bda0f4a status: experimental description: Detects traffic or activity related to http://61.52.199.72:39372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.199.72:39372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.14.222:55610/bin.sh id: auto-22ab6de8f9f4fee191d50d35eb4bc2e463653a7f86ce28703f1089a84641af19 status: experimental description: Detects traffic or activity related to http://182.116.14.222:55610/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.14.222:55610/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.140.141:32978/bin.sh id: auto-1e0946212330bf7e162b5253087606621a18743ca248af6c09fac6c2c8107d5c status: experimental description: Detects traffic or activity related to http://220.201.140.141:32978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.140.141:32978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.148.100:33879/bin.sh id: auto-09cd9e80beda862ed148cc3e9e650bd42e85e0ff91edb288dbc60b6b248966b4 status: experimental description: Detects traffic or activity related to http://124.131.148.100:33879/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.148.100:33879/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.75.170:36206/i id: auto-44edb0a9927d3c09bb9cbb1b53146490104f13bc6cf6ad4eb750dc3da9133877 status: experimental description: Detects traffic or activity related to http://123.188.75.170:36206/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.75.170:36206/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.42.194:40074/i id: auto-6b6c506421f91df40d31ae0d461684e26037cdcf010c0493c995a6d51588be09 status: experimental description: Detects traffic or activity related to http://123.12.42.194:40074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.42.194:40074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.14.101:53156/bin.sh id: auto-1df49d9d5e157f795ec99dd913fec38da7386fd228d310e8fa90fb465ee06828 status: experimental description: Detects traffic or activity related to http://182.121.14.101:53156/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.14.101:53156/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.81.144:55742/bin.sh id: auto-78f3d6c07965c4a78b226e19829e4b2bd87ea02c07429401a960aff1c1e28904 status: experimental description: Detects traffic or activity related to http://42.178.81.144:55742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.81.144:55742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.42.194:40074/bin.sh id: auto-c580eefeee49efa405c97d84ae0381c958c3ed8f19a6449e4cc35d4f16a1ff6c status: experimental description: Detects traffic or activity related to http://123.12.42.194:40074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.42.194:40074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.10.180:51524/i id: auto-c03761c2cc37486dd79a1ea475dea4f4ebbbed73b6d5594ed58f99818154f009 status: experimental description: Detects traffic or activity related to http://59.89.10.180:51524/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.10.180:51524/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.10.180:51524/bin.sh id: auto-e2f319418b283cdef205da33c0a80e3f3dfd340b2e45b3fcbe0d2ff155559743 status: experimental description: Detects traffic or activity related to http://59.89.10.180:51524/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.10.180:51524/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.75.170:36206/bin.sh id: auto-164e3c826f539507e64e831869d4c678f71809d3675b2eb1b9062c5de33de115 status: experimental description: Detects traffic or activity related to http://123.188.75.170:36206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.75.170:36206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.106.241.72:49749/i id: auto-adfd63ce7e98b4f0e3e91bc247bcc9df6340f4c26ebdb49f018a16f390092dc9 status: experimental description: Detects traffic or activity related to http://176.106.241.72:49749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.106.241.72:49749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.66.105:36838/i id: auto-529c7bbb872fbd7cd42335562a9be78687a798ae6dacd20d8a805c000339c31b status: experimental description: Detects traffic or activity related to http://39.187.66.105:36838/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.66.105:36838/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.22.203:38550/i id: auto-deb6a4d6577e74dd1f7661b7166fd1a058d2bec3e90b01c0692bc8cdc02aa0dd status: experimental description: Detects traffic or activity related to http://61.3.22.203:38550/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.22.203:38550/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.176.175:40827/i id: auto-718d3ad8559dfdc855cfab8e03aa7e9632411e90f3b09dc8d299009b91f4c3de status: experimental description: Detects traffic or activity related to http://123.5.176.175:40827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.176.175:40827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.66.105:36838/bin.sh id: auto-4a38635c1d6a3607beb8d0f9df067524d1e3831852133bb0cb28773ff7811964 status: experimental description: Detects traffic or activity related to http://39.187.66.105:36838/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.66.105:36838/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.86.5:49769/i id: auto-a5c9fdc7eb7ca4223acb502df5f33d1bcda0694388ce216f2e1e2bdfe9154fa7 status: experimental description: Detects traffic or activity related to http://175.165.86.5:49769/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.86.5:49769/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/1.sh id: auto-6d3dd21d509d88fa2f0d78491024f78abae517d4817d82da088f73a2aa15d4c5 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.106.241.72:49749/bin.sh id: auto-61f648b90cc5dd99cc0d2370781cc2a8658c8579fc50733f7db6068d9d3d5b4b status: experimental description: Detects traffic or activity related to http://176.106.241.72:49749/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.106.241.72:49749/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.220.157:60591/i id: auto-cf4278992977516515c46c1321391e393bd91e03ae7a65ac025819333f102bc5 status: experimental description: Detects traffic or activity related to http://222.142.220.157:60591/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.220.157:60591/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.232.133:50862/bin.sh id: auto-8fe606fbb14680c27a83b1dbed6ab29e0b89d5bf3d47f7a21e60005064f85de5 status: experimental description: Detects traffic or activity related to http://42.234.232.133:50862/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.232.133:50862/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.217/xmrig id: auto-feb0cb959f486948ab68d076730d00b7fda56c136b788d614f3bc38bf6919986 status: experimental description: Detects traffic or activity related to http://176.65.148.217/xmrig which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.217/xmrig*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.238.199:34176/i id: auto-22a840b2027919ed72de08db8c4d4158315a525da3eb2c06adad1d2c88461b6d status: experimental description: Detects traffic or activity related to http://42.59.238.199:34176/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.238.199:34176/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7 id: auto-56be924dd772ec2339395babec1cda4b13c6297c958b9d7fe791a753602de1c6 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86 id: auto-848cbb135aec9485440b78f68e098fcb37731436180ca3f751938bb54fc8ff9e status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k id: auto-992240d033f4be4f1d3b588e1891820771949af2954586d6e96949e2e4672a68 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc id: auto-60b36d3a5e685980a0304dc03d22775b0aeaa22d1cb0cf0a2f5e22220affe4d2 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64 id: auto-6e2ba1bc194c7029a62359973f2272a68b87df84d0329f40411427b79873b064 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc id: auto-76f086fedac4f8569d4d37d9e11ebd2ccbefd87be4f94f97f454bfd9011c0cbf status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4 id: auto-1eb009955dd891409cf77ad8b966d9c9a2d2b9f333ec83b2dc8f577fa2dddd2a status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686 id: auto-db2eebc429b02e9a2c6a49829f331c5165ff93dfa64ac21c7c7b5a058a216a49 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5 id: auto-32400c89e42f5c58631ad349194052130378a2e6e289417a1d8dd2260fdf6d00 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6 id: auto-f6086fbc5d625c5a84465335ec0c83638d10cc03a95cfed25b81b3c649c7bcba status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips id: auto-23e84d7bc4c9f449bd8257687be1923e97c39ea71532c5df721be9db0521a2bd status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl id: auto-a210d3eba21f208c05c89ecf7cb8bd160f1090b2c7fe62828d907ccd7923dd13 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm id: auto-58b8f3d47dc2d0c0f3347b2dce5aa78ae086921f2b39fdc50a5bc5edd2533a60 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/debug id: auto-c213ab540c032a34c89d9fc38b1b16a82bc55a08393ed638351c3f85a21af9ad status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/debug*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc id: auto-5ac6c455080a96c5f1306bca6b333a168258cd95839a25c27159d1696f41e365 status: experimental description: Detects traffic or activity related to http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://realityv3.redirectme.net/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/shit.sh id: auto-6df9c37b429db9cc14c22d3db8bac54c029d1718f88fe7ad81c60e48b9961692 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/shit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/shit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.226:33478/i id: auto-8c0d818b94dbd24c00c830edf7de9f1f57d86599035a6802f13ee85a263599b1 status: experimental description: Detects traffic or activity related to http://219.157.67.226:33478/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.226:33478/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/shit.sh id: auto-460ad1e17c9941db822487fdeaec79d5133a92b7600beca0e1bdc40b79cdb7ca status: experimental description: Detects traffic or activity related to https://vexium.vip/shit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/shit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/kworker id: auto-2a92adb2700d015c6871e6bbdba2d1b2ab276a6fa37cb78286ac045cf326e4f1 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/kworker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/kworker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/systemdd id: auto-025c5459309d8a0c83b256542e70a26982d96c5f307968b71700ff879455e7dc status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/systemdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/systemdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/sshdd id: auto-2b73a95aa9bc8b383fa44d2f464cf3dea06383efd164289763842930203ace94 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/sshdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/sshdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/ksoftirqd id: auto-f60b8375e872fa5b9a0817eb215e747adc1b0cd3509c280488da4364c7570973 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/ksoftirqd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/ksoftirqd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/systemd-logind id: auto-de99e6c0e21005de6f140666a96281daa4d6df797fb9b5d0ab590f2fcc302c94 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/systemd-logind which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/systemd-logind*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.22.203:38550/bin.sh id: auto-b2381e57cb6a4d2838d3141d85a517071c03b19c82143157188ac39956573485 status: experimental description: Detects traffic or activity related to http://61.3.22.203:38550/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.22.203:38550/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/shit.sh id: auto-a9c28e075a16c3226dba03c75ac0b5a823af15557dda22c2743fdd73869cb7e1 status: experimental description: Detects traffic or activity related to http://143.20.185.225/shit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/shit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/migration id: auto-3d56d0fd4aa17d08f4ce7377b1ff762ea5c1f2260067c63614459173b41a1458 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/migration which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/migration*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/systemd-networkd id: auto-b06318d2dcb93b4b2db87a61ac89ba1491dd81cb32825bd481190bef60f252fd status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/systemd-networkd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/systemd-networkd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/migration id: auto-35853860e21d24a2936829b3e77a83650f71ffb0776f2fe8675018c4e73704c1 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/migration which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/migration*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/telnetdd id: auto-358372cc81df4be8ae50dac19428e7de0e3a2592a96a849148750c6da409e6a0 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/telnetdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/telnetdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/systemd-logind id: auto-bc9bec0dba9b95c4c5b3afaad82271cfb5ef38458a4c07b012b86ea2d9569131 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/systemd-logind which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/systemd-logind*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/systemd-resolved id: auto-83058ef0b33a7e2807e0c04d8d0083ab3e7b6407b1b03148cf12a606d06e4756 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/systemd-resolved which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/systemd-resolved*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/kerneld id: auto-1143b774d393a81100225939c7b0a22e5d73a13dbbea57dd1593bd0afd35df8f status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/kerneld which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/kerneld*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/kworker id: auto-99524d5dcd4f9090c470df2f3ec87a953d0d632e22f0b5d2d7818aad875dced7 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/kworker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/kworker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/networkdd id: auto-92da01cdff8805c3c15a118acea9b68e5f60439377030c5c23b2a549d13f96c2 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/networkdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/networkdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/httpdd id: auto-7e31293243e726c51277cd7b70ebf3cdaaf84088deb79fb13dd370cd8d76e7b0 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/httpdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/httpdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/systemd-timesyncd id: auto-2a7026634c232ae7a975caaacf938462cc4a15b0c4c2ebcb9d527d6d32732a98 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/systemd-timesyncd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/systemd-timesyncd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/sshdd id: auto-ab575c67eb0e452b27b5e64a05309eb41e6af6a3a38ec4fb5828d54b001bd5ba status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/sshdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/sshdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/rcu_gp id: auto-ddfcf6acd4b8d8da6d55085455aaabeff3e53a8b2f19444bd48dfe3d3a353c76 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/rcu_gp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/rcu_gp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/systemd-networkd id: auto-88e4de4588c7cf0adc53a35eea010cc989a11fa3585263ee0feab267988fa1fb status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/systemd-networkd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/systemd-networkd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/networkdd id: auto-b6603194c606a5f4c3c186efbdbb2378065a5ebf16215a1ef78ebc3c47dfb0e3 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/networkdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/networkdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/httpdd id: auto-bd4585e29122393ef83259f7036a7fb972b4efde229776660a457ba01b116adf status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/httpdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/httpdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/systemd-timesyncd id: auto-9b4e695709204ead5cbff26cc5044b02bb57121470032b73b57376f515dfe514 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/systemd-timesyncd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/systemd-timesyncd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/telnetdd id: auto-b21e0044b9cb2f47219179a1f5559369381448c53add111ef05a4125555457b0 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/telnetdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/telnetdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/ksoftirqd id: auto-a3c0515b25f1d47c6c423d4d4447272aba265286abe92dd965ecf70249bab330 status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/ksoftirqd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/ksoftirqd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/rcu_gp id: auto-98928b783bde8c0e549dd31e054fa141564f4262ebb84bf89a608d9c93c2fa7a status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/rcu_gp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/rcu_gp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/systemd-resolved id: auto-1004475bb3efbc8925314cc2008f3add84f9c30c7e00b4f8369191241a5c4335 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/systemd-resolved which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/systemd-resolved*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vexium.vip/bin/systemdd id: auto-bf7909be05f55b03d234689f951871857509d2465371c569b131b68b493a37ae status: experimental description: Detects traffic or activity related to https://vexium.vip/bin/systemdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vexium.vip/bin/systemdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.vexium.vip/bin/kerneld id: auto-41890343e5ab15b92b37faed4cf564bbc3db82f1a903cf75da487023fea84781 status: experimental description: Detects traffic or activity related to https://www.vexium.vip/bin/kerneld which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.vexium.vip/bin/kerneld*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/httpdd id: auto-52443431b7e64167bd3b76e832a6dd8e1c020802e83ab3667913fa5c39c6e015 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/httpdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/httpdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/systemdd id: auto-20f0faf8bd6067f3789f3f8a616e3aedc8f93263db32b1ba65f64571c421e907 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/systemdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/systemdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/kerneld id: auto-9da07925f783a91c2e54a0753e965dc29bd41e9b1a8a41d1ef1a41ff9edc4fc6 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/kerneld which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/kerneld*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/rcu_gp id: auto-0f4145ac564c92e32c4628bc0080ab08619f604ebf046f62de58b9a5bc223b62 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/rcu_gp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/rcu_gp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/systemd-timesyncd id: auto-871d6e19d9dbc60627bbae2024a7ed38433d1fc90ae9d299c5f5fd0e7de71e26 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/systemd-timesyncd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/systemd-timesyncd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/kworker id: auto-baa6c1b432400ab051f0a8f920cdd4c486ac1aa919990a618795cd7d77a4be2d status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/kworker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/kworker*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/ksoftirqd id: auto-bbb13a0862ebf3880e4cd7407c3b49c7592d858abbb230d282583e7f6f08c08d status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/ksoftirqd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/ksoftirqd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/telnetdd id: auto-513ef7be9c6d07cf44366eefe6a4f865a4229816fba3c0278d663580ff5eca21 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/telnetdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/telnetdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/systemd-networkd id: auto-b7a6c316f5848c9754b836243f7e59ea76a27aa3ee249ab741fca887e0cf12bf status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/systemd-networkd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/systemd-networkd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/sshdd id: auto-98a78b62fceda786814ff5dfc69cb82e998da76f3442731cd18dd7f003aafb41 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/sshdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/sshdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/networkdd id: auto-ed3b8ab779baf46cae0fc4b464bd21eeb7f2c4accf27aeec100eaaabe8c38df6 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/networkdd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/networkdd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/systemd-logind id: auto-980ac9bfe7d505a00c82aa12121589e3e11b11e5b9f3605ba711d09d1d6c1c72 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/systemd-logind which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/systemd-logind*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/systemd-resolved id: auto-07292241da7a4692818dc672db6a9dab8423a75e35191214dd4a302ab281c054 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/systemd-resolved which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/systemd-resolved*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.225/bin/migration id: auto-944d94d55e09c0cb3480e932060073ee90bc66e9a3b5fc495e112a5825fa49d1 status: experimental description: Detects traffic or activity related to http://143.20.185.225/bin/migration which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.225/bin/migration*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.176.175:40827/bin.sh id: auto-eefc48ea493848490a7a91ed1834f0aab740684e85a8a566fd4e9e0e5dfcb3db status: experimental description: Detects traffic or activity related to http://123.5.176.175:40827/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.176.175:40827/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.220.157:60591/bin.sh id: auto-93ae1039a8a3feacc4e142a23530ffb6824e9568cc2282174ecb2f4f367cf050 status: experimental description: Detects traffic or activity related to http://222.142.220.157:60591/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.220.157:60591/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.107.107:60337/i id: auto-948beea290c5f66bff3297c527bc92ada9bf410aa8d46873240e0edb069092bb status: experimental description: Detects traffic or activity related to http://222.140.107.107:60337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.107.107:60337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.226:33478/bin.sh id: auto-35841293b1d77e00ff8c8b8179e5e291cdc4b6476911a291e2298fcd55484e4f status: experimental description: Detects traffic or activity related to http://219.157.67.226:33478/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.226:33478/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.10.198:37569/i id: auto-b8488352a190c0cf6036e2ee7666031754293e252549f65ace5b91d73e1167ad status: experimental description: Detects traffic or activity related to http://125.45.10.198:37569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.10.198:37569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.107.107:60337/bin.sh id: auto-c54ed878e1374a14cb788ffb49d4b66d8d8d38a07ccc2a970d0f85b50262df10 status: experimental description: Detects traffic or activity related to http://222.140.107.107:60337/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.107.107:60337/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.109.130:38442/i id: auto-c834529d7261b14e9ac6be1fcc0bc9a2897f1c6966a7d6b4a3a8236815624672 status: experimental description: Detects traffic or activity related to http://112.248.109.130:38442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.109.130:38442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.14.101:53156/i id: auto-17ae2441ff0dd8472bd3730c2ec43b2480a8489ca578cc1c4c5058f0e0743daf status: experimental description: Detects traffic or activity related to http://182.121.14.101:53156/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.14.101:53156/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.40.198.62:5555/02.08.2022.exe id: auto-99c898e22beb8218c4494813d10ae37c3d90dfd09dda605407d15ef4cccc8fd9 status: experimental description: Detects traffic or activity related to http://110.40.198.62:5555/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.40.198.62:5555/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.40.198.62/02.08.2022.exe id: auto-8cb9bd5090ed61d5c3bed817f0e9d972e2fac8a8e50d0095f31123465710ccbb status: experimental description: Detects traffic or activity related to http://110.40.198.62/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.40.198.62/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.18.176/02.08.2022.exe id: auto-0344da4020a900fc9de3dcae9c222988584c6328a592a6ae8105e3ab32e66982 status: experimental description: Detects traffic or activity related to http://151.243.18.176/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.18.176/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.204.11.247:7777/02.08.2022.exe id: auto-371b44646e49d3c5e6af1a1c02897822cc7ab32615ec2608491fc7d62b9619d8 status: experimental description: Detects traffic or activity related to http://129.204.11.247:7777/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.204.11.247:7777/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.176.63.214/02.08.2022.exe id: auto-50c6a644350319d965ac5a2c021e98327bea06855d3cefbefea06e6596b384a8 status: experimental description: Detects traffic or activity related to http://198.176.63.214/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.176.63.214/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.48.168.57:8080/02.08.2022.exe id: auto-19eedebb986093f715feae15ae0e6cfb9ef47a5510f3effe4cce5b8960d7e688 status: experimental description: Detects traffic or activity related to http://120.48.168.57:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.48.168.57:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.121.29.60/02.08.2022.exe id: auto-f51cd339684ef81ddef710e371ef34c774cd90fb8bc87be284a9759e39d88a5e status: experimental description: Detects traffic or activity related to http://47.121.29.60/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.121.29.60/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.105.193.156/02.08.2022.exe id: auto-06a41b60cecac0e768eece5debdfa64e53afe91419cad080e60ca60cfaabfdd8 status: experimental description: Detects traffic or activity related to http://39.105.193.156/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.105.193.156/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.241.150.218:8282/sshd id: auto-914794a36f55b5f36152aa42d2da28165771c28bf2f47807d4fb8946c800f06a status: experimental description: Detects traffic or activity related to http://14.241.150.218:8282/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.241.150.218:8282/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.110.70.37:43844/i id: auto-dd68ea9076154b96aede066e682e2e2c1646984cd69bd2dc7170ada4068d24fb status: experimental description: Detects traffic or activity related to http://78.110.70.37:43844/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.110.70.37:43844/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.38.56.232:8561/i id: auto-9926b1a8d685d8856982b569db042bd59c3753bde75d3b43796422aa26168f32 status: experimental description: Detects traffic or activity related to http://41.38.56.232:8561/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.38.56.232:8561/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.110.177.37/sshd id: auto-2ce225ecf1c4929d2ab6d74630a3c8186e91e6fc765b296e27aee08c49fb9cc7 status: experimental description: Detects traffic or activity related to http://116.110.177.37/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.110.177.37/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.44.5.122:25181/i id: auto-284718024d998f9c666e2695eea4f003d55d6baa3a9277189fc7d37b8c0e4364 status: experimental description: Detects traffic or activity related to http://80.44.5.122:25181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.44.5.122:25181/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.196.21:85/sshd id: auto-876c7ad2562ef4f8d1ba756cfa4cb9f078529005b1d504101a67474655b75161 status: experimental description: Detects traffic or activity related to http://120.157.196.21:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.196.21:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.110.104.6:43936/i id: auto-6f0af11a7fdab6293829deabd70bc5e3a155710fed44819671ee50bdc7dd7e66 status: experimental description: Detects traffic or activity related to http://87.110.104.6:43936/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.110.104.6:43936/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.220.162:3210/sshd id: auto-89be1f8b2f474c2b63e98b2a95d857c065f60d689cc5f8524febe087a2462033 status: experimental description: Detects traffic or activity related to http://120.157.220.162:3210/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.220.162:3210/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.95.137.155:1876/i id: auto-903db66916cf7a33daa94f756690b900a96dc6e044284adbdd15514cd90b5d9d status: experimental description: Detects traffic or activity related to http://36.95.137.155:1876/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.95.137.155:1876/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.180.188.90:8081/sshd id: auto-6104030ff3ba84eaef900fcf28fb8111a6136f2922b794c9a97ef9efb8883ffc status: experimental description: Detects traffic or activity related to http://113.180.188.90:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.180.188.90:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.214.60.95:18609/i id: auto-549166e2967ba5c1988740dfad3090e561dc68292250a7084afa603531a2e298 status: experimental description: Detects traffic or activity related to http://41.214.60.95:18609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.214.60.95:18609/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.234.131:2004/sshd id: auto-14912966140427ff4dafed3eeb7801530363e7713fd19b84824b901d1ad2bfdb status: experimental description: Detects traffic or activity related to http://59.88.234.131:2004/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.234.131:2004/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.150.11/sshd id: auto-26507876ca1b4f821c7e67ab93e78b23f91579ec369575985e83af5aa0f4e504 status: experimental description: Detects traffic or activity related to http://91.80.150.11/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.150.11/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.92.154.210:31395/i id: auto-4e462e4a39ce43a652988db073296fae69a43a3c3a90d8c029cdd778e7167523 status: experimental description: Detects traffic or activity related to http://36.92.154.210:31395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.92.154.210:31395/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/arm4 id: auto-b15cb6c98399149097a7f64f8ead29e2b29af054ed33689f1704598ccd0953e1 status: experimental description: Detects traffic or activity related to http://45.135.194.89/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/spc id: auto-b6d2b9eddab63377a7658e1a0df522a35aa23862f4bce5c2672d7a95b7bd1051 status: experimental description: Detects traffic or activity related to http://45.135.194.89/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/ppc id: auto-bf37379b299eff20f8c466bd4226a62ee828e33b3983b3c9fbb717a189bed157 status: experimental description: Detects traffic or activity related to http://45.135.194.89/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.7/arm4 id: auto-0fae44782566573f70561887fcdf9d7fd48b4cb08ee38d89799d506e2df42837 status: experimental description: Detects traffic or activity related to http://45.135.194.7/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.7/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/arm/ id: auto-07ec9cca40baab03fea1fb3b722e6de600ac03daa3ad4e23e1dd4743108606ec status: experimental description: Detects traffic or activity related to http://45.135.194.89/arm/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/arm/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/arm6 id: auto-250c9fcb8adbedde624b439e9a7023e7d629b5a978c7f94ab87e2cb28ccac051 status: experimental description: Detects traffic or activity related to http://45.135.194.89/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/m68k id: auto-3a60b2601daea98d23a97d77720944324654a1ae6028f14360d84d417ca8a865 status: experimental description: Detects traffic or activity related to http://45.135.194.89/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/x86_64 id: auto-934d53c88b91b379907d8235924d8071b079adf772e84c6fc349163aeda72f67 status: experimental description: Detects traffic or activity related to http://45.135.194.89/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/arm7 id: auto-c797d7fbab1f50c99c497701489ec9143b69f1ba5ee98e07ba52029115af295c status: experimental description: Detects traffic or activity related to http://45.135.194.89/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/mips id: auto-73013fd3c28ddce975f550ffe9d362b6f3cd01352e8beff92ceab644d13a32b7 status: experimental description: Detects traffic or activity related to http://45.135.194.89/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/x86 id: auto-f0854587513c56e130a936af92d8a08e977debc1ded36ca417a6edab1105e0be status: experimental description: Detects traffic or activity related to http://45.135.194.89/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/sh4 id: auto-a2bfd7af8f5a90ad6270a8dc1b15b548ede7281a2f3f0e252d4fe7783a5a855d status: experimental description: Detects traffic or activity related to http://45.135.194.89/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/i686 id: auto-bcce9ae5bd327cf36bf88672d75d2a172b882c2894865fcb33d57d97c6039816 status: experimental description: Detects traffic or activity related to http://45.135.194.89/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/arm5 id: auto-59c2a91a17c535bb7aec603ffcff7a3079a8f505c11a6f0bc62032ea988de584 status: experimental description: Detects traffic or activity related to http://45.135.194.89/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/mpsl id: auto-e6a74c1515e3116dba2ebccda902e2221c654ae7f8d0f8721b84fd56e380a5a4 status: experimental description: Detects traffic or activity related to http://45.135.194.89/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.194.89/arm id: auto-5bf8782c00f9f107a4ed29b5321d2632480824c31bd055833fce74d2e68112ea status: experimental description: Detects traffic or activity related to http://45.135.194.89/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.194.89/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.73.60.151:51281/i id: auto-b077bc1ba243f256a19c2220706d1c980966409503740028aa056258d8975a61 status: experimental description: Detects traffic or activity related to http://39.73.60.151:51281/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.73.60.151:51281/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.9.42:40289/i id: auto-936c24dd04dbc349bcb1b7f5d687fb3f5c96bcaf8eb4bf1e30b70a5f4850f181 status: experimental description: Detects traffic or activity related to http://42.5.9.42:40289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.9.42:40289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.245.239:38533/i id: auto-43b1bbbd957996eef8c5b45e72f73775ae9535f89ca33f22ba57737719655477 status: experimental description: Detects traffic or activity related to http://59.184.245.239:38533/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.245.239:38533/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/react.o id: auto-51f2a0932035480a7d1f311de0bf7fc5fb2826b509ac667ad043b494b5a3f279 status: experimental description: Detects traffic or activity related to http://158.94.208.27/react.o which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/react.o*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/react.asm id: auto-4b9c104b24749d140b9a99badc986b1e3793f313c6bc7cc3df93ca182d4db3f3 status: experimental description: Detects traffic or activity related to http://158.94.208.27/react.asm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/react.asm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/react id: auto-338e6f51d0aab75a377e8bee917af6f8f58346372acec384e688c0a5be4a704b status: experimental description: Detects traffic or activity related to http://158.94.208.27/react which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/react*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/StormStresser.x86 id: auto-cf15fe3a7f1a66f59d419bc60dd4f4b17741943f9118a265996a1394b8d9838a status: experimental description: Detects traffic or activity related to http://158.94.208.27/StormStresser.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/StormStresser.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.73.60.151:51281/bin.sh id: auto-559dd787fb5f892729c04da4d696049fe1000322b56b125642dc1d622047c067 status: experimental description: Detects traffic or activity related to http://39.73.60.151:51281/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.73.60.151:51281/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.88.211.32:55519/i id: auto-4bd22ac20a49fd84093971be8b764ef4f2885d6f8c9c75fa342d7099db679d93 status: experimental description: Detects traffic or activity related to http://186.88.211.32:55519/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.88.211.32:55519/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.245.239:38533/bin.sh id: auto-f019290f3674ac6e94e68c69b621c86e7347744a9652b00052a789836c2f61cd status: experimental description: Detects traffic or activity related to http://59.184.245.239:38533/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.245.239:38533/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.187.240:34944/i id: auto-80a2273da0f5dfc57457ab50b49431433d2fa95eddeddab6f4c165c375628f4d status: experimental description: Detects traffic or activity related to http://27.217.187.240:34944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.187.240:34944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.187.240:34944/bin.sh id: auto-cf63eff867fefdfc8bf435a6e0e66298a560a9accdcafaf77da1661b0ad02670 status: experimental description: Detects traffic or activity related to http://27.217.187.240:34944/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.187.240:34944/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.88.211.32:55519/bin.sh id: auto-c5b0c551733f71e9268f8d63d2e2904ff4f7bdc095e5fd3befdca1b53e74efea status: experimental description: Detects traffic or activity related to http://186.88.211.32:55519/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.88.211.32:55519/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wittenhorst.eu/tmp/imgs.exe id: auto-e1b36d31bf245b5f40e519e12e94b557d4f88386ccb037af0d292dde3b7ff227 status: experimental description: Detects traffic or activity related to http://wittenhorst.eu/tmp/imgs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wittenhorst.eu/tmp/imgs.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.73.161:52199/i id: auto-e8db07ba914c78731fa0aa6b30a39b5cebdf352929a4065d5a496487617cf281 status: experimental description: Detects traffic or activity related to http://61.53.73.161:52199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.73.161:52199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.73.161:52199/bin.sh id: auto-83aae68c87927ab1ec4f4d71f6fba062a5dba46e65bec79ddf037d5dccabf746 status: experimental description: Detects traffic or activity related to http://61.53.73.161:52199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.73.161:52199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.21.212:42770/bin.sh id: auto-c8ce907bb00202e7abc411d2504a1ca8b63e0e979144eef911bb70ecd4ac7549 status: experimental description: Detects traffic or activity related to http://42.178.21.212:42770/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.21.212:42770/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.38.60:57159/bin.sh id: auto-0973e3729224c2b4c624dd80609ffeec380bf97557c4a8743e4ec99852c07882 status: experimental description: Detects traffic or activity related to http://42.180.38.60:57159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.38.60:57159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.4.219:33822/bin.sh id: auto-a8c211c993e2b9adbe675dbc277e937aa3c99220e83d77efb68ff45e9ce3be48 status: experimental description: Detects traffic or activity related to http://125.41.4.219:33822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.4.219:33822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.188.129:40760/i id: auto-33a89f29e69c6d7570dfca6215ba171c69385f0167b12434274300cd93601d82 status: experimental description: Detects traffic or activity related to http://115.63.188.129:40760/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.188.129:40760/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:52287/i id: auto-9b271dfa443a5f55d426768d8f87c680b33a73ce4668c3648da3f874c1555e2e status: experimental description: Detects traffic or activity related to http://173.28.101.7:52287/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:52287/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.188.19:40314/i id: auto-abb971f708d7634effbe9958f71d6869cffc01364475d1dc87e74ad14dfabde6 status: experimental description: Detects traffic or activity related to http://123.5.188.19:40314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.188.19:40314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.111.116:49120/i id: auto-d78f34ccd211ecaf7b77b842d03ca6c1078f5fe14260f1f22b358fd7f11fa3c9 status: experimental description: Detects traffic or activity related to http://175.147.111.116:49120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.111.116:49120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.188.129:40760/bin.sh id: auto-afd615f41fdc09bff665a68c804ef64780e2e12e18bff342e7c94f92849b6e9e status: experimental description: Detects traffic or activity related to http://115.63.188.129:40760/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.188.129:40760/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.134.205:48930/bin.sh id: auto-6e1a16fbc8239b188cc20892dfe2ddd576e02432e2a9dff967c561273a16ff17 status: experimental description: Detects traffic or activity related to http://219.155.134.205:48930/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.134.205:48930/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.99.106:55714/i id: auto-ceb00d4a394d6e8e4151d0db7f59b930061fcef7f1885877115f3b0209d6a0a7 status: experimental description: Detects traffic or activity related to http://182.126.99.106:55714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.99.106:55714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.157.127:42045/bin.sh id: auto-4b835b4a138444e570b8e684c910a349d3769eb8c819c1880ca53b19be97efb6 status: experimental description: Detects traffic or activity related to http://59.182.157.127:42045/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.157.127:42045/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/bekirsarac78/Google-Chrome/raw/refs/heads/main/Chrome.apk id: auto-06899438e64bbd1a3e3aec35b552a21fa52297cc8438e5101fa819f900328ad0 status: experimental description: Detects traffic or activity related to https://github.com/bekirsarac78/Google-Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/bekirsarac78/Google-Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/iptvisturkey/apk/raw/refs/heads/main/Fx%20Ajans.apk id: auto-809297813add4dc8570fb27c10db06acaca3bc034779ea983b83b8042ec789c1 status: experimental description: Detects traffic or activity related to https://github.com/iptvisturkey/apk/raw/refs/heads/main/Fx%20Ajans.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/iptvisturkey/apk/raw/refs/heads/main/Fx%20Ajans.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/hzisa6423-hash/s/raw/refs/heads/main/foto.apk id: auto-38aa6dab5954b710e0b157b0472a39f24673809792dde073cec77b26095ba525 status: experimental description: Detects traffic or activity related to https://github.com/hzisa6423-hash/s/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/hzisa6423-hash/s/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inatboxtr-34/inatbox/raw/refs/heads/main/inat%20Box%20PRO.apk id: auto-dfebe857ebf74effceb50193ee583c05f76521fc1d300f5c2ee32a57fba83c7f status: experimental description: Detects traffic or activity related to https://github.com/inatboxtr-34/inatbox/raw/refs/heads/main/inat%20Box%20PRO.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inatboxtr-34/inatbox/raw/refs/heads/main/inat%20Box%20PRO.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.242.53:41513/i id: auto-3f421eff9d81c41a5ee805f4ecd01774b58429b4cadd1f90d1c39c5ae197d99d status: experimental description: Detects traffic or activity related to http://119.185.242.53:41513/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.242.53:41513/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.220.182:59789/i id: auto-5b784a83014890c3c0407dc6335c2adf61790df8858c356b024ffe8f81349ebc status: experimental description: Detects traffic or activity related to http://42.226.220.182:59789/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.220.182:59789/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.220.182:59789/bin.sh id: auto-edede501eee3b376776b6ddde3b1d3f5564a44a5956865156775752f9aed4b7a status: experimental description: Detects traffic or activity related to http://42.226.220.182:59789/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.220.182:59789/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.109.85:54104/bin.sh id: auto-7040d423bddf567e3c8e98bb3eef9ad081b457ee564718de78a8e3e343a91da8 status: experimental description: Detects traffic or activity related to http://175.173.109.85:54104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.109.85:54104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.242.250:50412/i id: auto-1d2db0cec6244ca6178c7608e93a6b620f960dc2509f2ae03e24d36d1b465e90 status: experimental description: Detects traffic or activity related to http://61.168.242.250:50412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.242.250:50412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.242.53:41513/bin.sh id: auto-fbf2ae1ee73625890f282187ffdde8d33fad0ad55e1a26b728a0aaf1f841ee47 status: experimental description: Detects traffic or activity related to http://119.185.242.53:41513/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.242.53:41513/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.29.28:50093/i id: auto-2c3f34f4e57a6b04aec379da7935ea7dcc34616cf4caa4de3154fca9aa39793a status: experimental description: Detects traffic or activity related to http://219.156.29.28:50093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.29.28:50093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.251.236:34539/i id: auto-8939f49194f9d952d21d7b2312353f4d2be070e4013404fd3a52f7b7108b1436 status: experimental description: Detects traffic or activity related to http://219.155.251.236:34539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.251.236:34539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.159.89:34646/i id: auto-7bead250d69758ceb1f653ec9a3e09b196e29b09ed1f8a4c2e023383b274cfd5 status: experimental description: Detects traffic or activity related to http://61.52.159.89:34646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.159.89:34646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.86.143:41207/i id: auto-fccb73960ebe5b4f7ad0544b659541d5ce9f0774aed7e5c2a255343a0325c466 status: experimental description: Detects traffic or activity related to http://123.9.86.143:41207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.86.143:41207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.99.106:55714/bin.sh id: auto-71bfbf088c86a08a3ef13944a22dbab3a0326f4d3751f92826bc71f8706a90fe status: experimental description: Detects traffic or activity related to http://182.126.99.106:55714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.99.106:55714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.217.98:42392/i id: auto-c29694f5070bb8155a239ffd703c7bc211e01f1af4b7f8224a336903479d0607 status: experimental description: Detects traffic or activity related to http://60.19.217.98:42392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.217.98:42392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.54.95.49:33940/bin.sh id: auto-0bfdaaa8e791d0faef8d1d7a4e4e920df9bc6e7270ad270883e33e040635212e status: experimental description: Detects traffic or activity related to http://24.54.95.49:33940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.54.95.49:33940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.77.14:46645/i id: auto-fa6fef9427df5cfa337566861d355a9f9f16c92d63ef251849df88e6229b2f48 status: experimental description: Detects traffic or activity related to http://182.121.77.14:46645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.77.14:46645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.217.98:42392/bin.sh id: auto-2be7cfe426310bee3e8b7d59f51bf9477dac38109de70b175b62c7eff3456949 status: experimental description: Detects traffic or activity related to http://60.19.217.98:42392/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.217.98:42392/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.77.141:35216/i id: auto-85556b479f25fa9de69ca7c8a27c98bc8f63628d43811e4097c8b38e4ab5d24d status: experimental description: Detects traffic or activity related to http://123.11.77.141:35216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.77.141:35216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.150.235:53663/i id: auto-81a2565a6899acc1365bc1f2e2abe74957201b23e651cc6f83e32e50fe6745b9 status: experimental description: Detects traffic or activity related to http://182.121.150.235:53663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.150.235:53663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.31.236:55599/bin.sh id: auto-cac3510ad85297121327e8c5e0af733ba0cd347a68004c617d42eb63081d286e status: experimental description: Detects traffic or activity related to http://42.224.31.236:55599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.31.236:55599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.146.92.46:38491/i id: auto-578b3f64e41f581167bc9807c94ba421ca08d08e887e42212cc4f603fe684d34 status: experimental description: Detects traffic or activity related to http://117.146.92.46:38491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.146.92.46:38491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.48.39:53408/bin.sh id: auto-6c2e1e5ebaa7abf8c7859e55932767b46675e9712717a026065c050d5e38d97e status: experimental description: Detects traffic or activity related to http://27.202.48.39:53408/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.48.39:53408/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.158.243:33518/i id: auto-8e882e80b08ca105f813bc6a2fbbe65a49849a0918465d005cbfcd776972af0b status: experimental description: Detects traffic or activity related to http://42.234.158.243:33518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.158.243:33518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.130.240:40822/bin.sh id: auto-03aa44b8d3b0e914adc2d0bedbd5fa13908b3b9002bf3cec5630a3852b2473dc status: experimental description: Detects traffic or activity related to http://222.140.130.240:40822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.130.240:40822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Hakanleymun94/inattvdestek/raw/refs/heads/main/iNatTV%20v17.apk id: auto-c2a778b397a8407b4d340320d8770f3ba2c5af855a4d7628653684a0212c901a status: experimental description: Detects traffic or activity related to https://github.com/Hakanleymun94/inattvdestek/raw/refs/heads/main/iNatTV%20v17.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Hakanleymun94/inattvdestek/raw/refs/heads/main/iNatTV%20v17.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/1cc7ca24ebb638339b69a7ea32f3cf3c.aspx id: auto-8fa7b4768d9589af782942ef34c5b8c992b2a88debc045dd605fef28738f484d status: experimental description: Detects traffic or activity related to https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/1cc7ca24ebb638339b69a7ea32f3cf3c.aspx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/1cc7ca24ebb638339b69a7ea32f3cf3c.aspx*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/a9bea6e5380cacf787b01466d38457bc.aspx id: auto-72e63775d735654b1fcddb5f5224341329ddc599e37869e75b975441bbe2c0c0 status: experimental description: Detects traffic or activity related to https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/a9bea6e5380cacf787b01466d38457bc.aspx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/a9bea6e5380cacf787b01466d38457bc.aspx*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/canlitvr/inattv/raw/refs/heads/main/inat%20TV.apk id: auto-d002f27f2396fd42f51f55549530c67d5456fb28dd74b50d95e915f8c5dfc721 status: experimental description: Detects traffic or activity related to https://github.com/canlitvr/inattv/raw/refs/heads/main/inat%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/canlitvr/inattv/raw/refs/heads/main/inat%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Syrins/ChatGPT-App/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/Inat%20Tv.apk id: auto-2259ebf3b8c6bcfaba2e0b34750bbc0a153d8e0d3e7404ab79d43ba8cad73f82 status: experimental description: Detects traffic or activity related to https://github.com/Syrins/ChatGPT-App/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/Inat%20Tv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Syrins/ChatGPT-App/raw/9d9a3d9ce5ba4eb03b7738f99458773e3b4ce7de/Inat%20Tv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/intvsup/inatprodestek/raw/refs/heads/main/%C4%B0natV20.apk id: auto-1a603e8c0abd1eee77e692e616193c184e9ace525dff607fe570a21ca1de0968 status: experimental description: Detects traffic or activity related to https://github.com/intvsup/inatprodestek/raw/refs/heads/main/%C4%B0natV20.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/intvsup/inatprodestek/raw/refs/heads/main/%C4%B0natV20.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/iptvdizi/iptves/raw/refs/heads/main/iptv.apk id: auto-bf03c6ab5702b8f2725da45b12c60defdfbb1a28efe379a32425f82df4fcb773 status: experimental description: Detects traffic or activity related to https://github.com/iptvdizi/iptves/raw/refs/heads/main/iptv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/iptvdizi/iptves/raw/refs/heads/main/iptv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/9ac9c7f7d7df3a3009edf3128f9709fc.aspx id: auto-698cb502d64cebef4fb2fbac67695afe962f8b81a242e6b6c084ddb9ffc85540 status: experimental description: Detects traffic or activity related to https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/9ac9c7f7d7df3a3009edf3128f9709fc.aspx which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://f02a622c8252f4766d56d5c9267c2e47.pages.dev/9ac9c7f7d7df3a3009edf3128f9709fc.aspx*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://burger-cx-free-work.fun/ id: auto-faea8aeaf309aa984e4ac933b4eac354e1c1343f151ab985dddaeb44d80741c2 status: experimental description: Detects traffic or activity related to https://burger-cx-free-work.fun/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://burger-cx-free-work.fun/*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:59770/i id: auto-94c9aae29745dc72798ddb7d688ae9fa31e6a5e2380e99e3437e378bc62940e9 status: experimental description: Detects traffic or activity related to http://110.36.0.104:59770/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:59770/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.55.197:51884/i id: auto-2b991d61eb9c1373e08f27df54939a69da733d1978d25b5df64d9eba5259fb85 status: experimental description: Detects traffic or activity related to http://182.127.55.197:51884/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.55.197:51884/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.109.171:52487/i id: auto-9a9aba3ebc5780056c7bb144b1de59854df179465fd48124f7567f3bfff3af4a status: experimental description: Detects traffic or activity related to http://175.165.109.171:52487/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.109.171:52487/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.158.243:33518/bin.sh id: auto-75ab4b5a8cac240ccb72dd8888553b299e8955538290fceb3e2b178776c696d4 status: experimental description: Detects traffic or activity related to http://42.234.158.243:33518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.158.243:33518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.222.18:37688/bin.sh id: auto-6f2d1819f437755bdab0beafcf93920c26157e7bafbf803a1edd7fe94023af2c status: experimental description: Detects traffic or activity related to http://42.7.222.18:37688/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.222.18:37688/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.207.99:51727/i id: auto-8cde6b958475a5dc76edd4429dc7504c90663c8324cc8a89e8db0cbdee433d81 status: experimental description: Detects traffic or activity related to http://60.23.207.99:51727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.207.99:51727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.55.197:51884/bin.sh id: auto-241a6c4243c28ec962f67596cfbf7129518b255014f3664dbf27c99f418f978f status: experimental description: Detects traffic or activity related to http://182.127.55.197:51884/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.55.197:51884/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.81.219:43168/bin.sh id: auto-d2eaa33a3a455d4fecf78cebe8545f63bbfde32bb5d8b0d62211856ffdb645fe status: experimental description: Detects traffic or activity related to http://123.172.81.219:43168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.81.219:43168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.203.41:60344/i id: auto-5318b15c768f45be6042b7b19566712190215757a6251db4a1fb678ff8130f56 status: experimental description: Detects traffic or activity related to http://180.190.203.41:60344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.203.41:60344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.109.171:52487/bin.sh id: auto-d422dc274d970f2975db21911e7238ea03a1faef46a640cf1fdf7098dfdd6eb4 status: experimental description: Detects traffic or activity related to http://175.165.109.171:52487/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.109.171:52487/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.207.99:51727/bin.sh id: auto-9a985d4ac13dba3106fd4b0565204543a661b968caff557776a87cd5bca1cb7e status: experimental description: Detects traffic or activity related to http://60.23.207.99:51727/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.207.99:51727/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.10.198:37569/bin.sh id: auto-f998401ec46585e6d4b6c115cf24f6f9ba0190cb070d40af1f122d51f5b7bf5a status: experimental description: Detects traffic or activity related to http://125.45.10.198:37569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.10.198:37569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.203.41:60344/bin.sh id: auto-48c3d2e1a08c6bba0e84d84ae356e7683898377413dab35842be8a651bdb7876 status: experimental description: Detects traffic or activity related to http://180.190.203.41:60344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.203.41:60344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.36.119:54699/i id: auto-710a7bf3ee7a0dea2d928c03ad7e722dbe82327fda69b9d40912008c5ff460aa status: experimental description: Detects traffic or activity related to http://42.235.36.119:54699/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.36.119:54699/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.222.40:45249/bin.sh id: auto-9fc656ac8154ef7221c27f87b5eb41a3bdd36c7d9360071e31e13a97bddc2232 status: experimental description: Detects traffic or activity related to http://123.12.222.40:45249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.222.40:45249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/scar id: auto-1f2cb44492c5f0d45611c47c33b5b1370c0ea5f168cdbcd7af5f80ba8f73c09e status: experimental description: Detects traffic or activity related to http://64.227.48.87/scar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/scar*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.28.129.194/checkmacos.sh id: auto-424d9752ecc1d371bbfcbc5641ff7e1590c3c2769665e26a6c939a0792333ce5 status: experimental description: Detects traffic or activity related to http://149.28.129.194/checkmacos.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.28.129.194/checkmacos.sh*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.28.129.194/macos id: auto-f1b522a35b82776a6a3512ee68abfaa81ee0516a44582f4154cd461dc12c3e0c status: experimental description: Detects traffic or activity related to http://149.28.129.194/macos which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.28.129.194/macos*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/suaybakinci/inattv/raw/refs/heads/main/inatv.apk id: auto-807177d887e1cc0b415b0ee64c08ff5f456145bb4e8b3548ca65dcbef7911dc2 status: experimental description: Detects traffic or activity related to https://github.com/suaybakinci/inattv/raw/refs/heads/main/inatv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/suaybakinci/inattv/raw/refs/heads/main/inatv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tanyeritv/paspartu/raw/refs/heads/main/Canl%C4%B1%20TV.apk id: auto-96a81bcd24bd92906abf6cd9f5ddb695a2b301cecc1f47502758d24e698d564e status: experimental description: Detects traffic or activity related to https://github.com/tanyeritv/paspartu/raw/refs/heads/main/Canl%C4%B1%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tanyeritv/paspartu/raw/refs/heads/main/Canl%C4%B1%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/mpsl id: auto-6aa42f7803b8008bd466a9f23c843d2c5d4f0aba7a781aa349a4d650dc67aa17 status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/mpsl*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.mips id: auto-a9636b15908850edbb223117f8f234f7222163883b14dbc4cb4878124ee6bad2 status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.mips*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.arm7 id: auto-2c44631667ee254c8ebf628d0f5d919426cab6e10e157fee6d5bc9449ba76f03 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.arm7*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.x86_64 id: auto-5b4b1c676c84298c4c66555b6d7d502e0e891143435fb6a6a709e62018a55ec9 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.x86_64*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.i686 id: auto-76049c1719eda2774c9805770f03895a4335a88247937dd5fbc416b09434280d status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.i686*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.ppc440fp id: auto-0859b6f379b7c02acc5806e33e48af0b9fc7771cca5d4d08325beda05be1b6d9 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.ppc440fp*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78:6677/main/bins/arm5 id: auto-73fca52a9384047219f6914eabdb7f57be6f4162269cd3c46b65f33c04e45248 status: experimental description: Detects traffic or activity related to http://143.20.185.78:6677/main/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78:6677/main/bins/arm5*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.i468 id: auto-45f729bb20bddd6528de5e06ab9fbc3e3fe6ccdd80b38b27c94e61734dbea089 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.i468*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468 id: auto-8fc8e40e92733f441cc9e6340def08e30f869ef7a73ada48c2fb50e77fece548 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/canlitvv/canli/raw/refs/heads/main/Turk%20TV.apk id: auto-166f9f4891a5b4e432d41b92158af3e4d4d02e2bac00ef8840a9e712322695a7 status: experimental description: Detects traffic or activity related to https://github.com/canlitvv/canli/raw/refs/heads/main/Turk%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/canlitvv/canli/raw/refs/heads/main/Turk%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64 id: auto-8fc4ecc05bcd320b01a67cad5f16f8658e327235a0ddd1d66985196ad2b104cd status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips64*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc id: auto-c67ab73a2d71179c2714d7891bf389a3c50bcb9cbd73e28f0298117930782c29 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.sparc*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inatboxpro0/inatboxpro/raw/f073f62ca9d0849ee8332381b236fc133fb6f6c4/%C4%B0nat%20Box%20Pro.apk id: auto-715a9d3ded05ee7eec538290efa162b633a7121c425e9dde9b1347de333f2ca3 status: experimental description: Detects traffic or activity related to https://github.com/inatboxpro0/inatboxpro/raw/f073f62ca9d0849ee8332381b236fc133fb6f6c4/%C4%B0nat%20Box%20Pro.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inatboxpro0/inatboxpro/raw/f073f62ca9d0849ee8332381b236fc133fb6f6c4/%C4%B0nat%20Box%20Pro.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/amorx0/inatbox/raw/refs/heads/main/%C4%B0nat%20Box%20Pro.apk id: auto-c1ed1c6436f7b0a6d385a571a613d1a0ca414fcdcae2cfba632203bcbbba8320 status: experimental description: Detects traffic or activity related to https://github.com/amorx0/inatbox/raw/refs/heads/main/%C4%B0nat%20Box%20Pro.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/amorx0/inatbox/raw/refs/heads/main/%C4%B0nat%20Box%20Pro.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.arm4 id: auto-fd5ff703d400ac648be4e7405200850717e795c50350a282b5445ef85875e439 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.arm4*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/canliteve/canli/raw/refs/heads/main/Selcuk%20Sports.apk id: auto-64927831750baba76641b0098a64d5b242dc947e362fc0731a3a8e4363be065e status: experimental description: Detects traffic or activity related to https://github.com/canliteve/canli/raw/refs/heads/main/Selcuk%20Sports.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/canliteve/canli/raw/refs/heads/main/Selcuk%20Sports.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/freetvlink/freetv/raw/refs/heads/main/inatbox.apk id: auto-275776e6440a860188fa007c459965490293f08ffb429eff492093c73683c25a status: experimental description: Detects traffic or activity related to https://github.com/freetvlink/freetv/raw/refs/heads/main/inatbox.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/freetvlink/freetv/raw/refs/heads/main/inatbox.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/mpsl id: auto-af197b1bf8172b7d7814149ff83e7b949ab4297b4789f59517828f810038674e status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/mpsl*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.168.145:34527/bin.sh id: auto-854f11e50af1925b16a60d6ec1fd565c3dd27c47cac4eee37f58294671763cb5 status: experimental description: Detects traffic or activity related to http://123.5.168.145:34527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.168.145:34527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.174.246:42675/i id: auto-eff65799015b5c5b7224e9021c0c1019b12c6f0926abaa5551af406b5558ada1 status: experimental description: Detects traffic or activity related to http://42.56.174.246:42675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.174.246:42675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.36.119:54699/bin.sh id: auto-5f2aad95b2a1f73284d5040c1ff18b88f55a070ccd6fd2be9c2a7575bd78f83d status: experimental description: Detects traffic or activity related to http://42.235.36.119:54699/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.36.119:54699/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.234.156:43616/bin.sh id: auto-f683f391dc5f63d14d786dd52813ce5d2772637f872efb3714018acf75ab5243 status: experimental description: Detects traffic or activity related to http://123.11.234.156:43616/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.234.156:43616/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.162.150:34062/bin.sh id: auto-0cc52bbb390571491344757b1b8e60ee7beb0eaa303f17cb4f70c786d7aac47e status: experimental description: Detects traffic or activity related to http://115.48.162.150:34062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.162.150:34062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.174.246:42675/bin.sh id: auto-dc0a9ace86f7d1ed61b82b101f3a51244363a7464cf37f0a1adf3942d155a436 status: experimental description: Detects traffic or activity related to http://42.56.174.246:42675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.174.246:42675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/clock-cheking/expert-barnacle/load id: auto-386a65a2a7eb7aa4d55a00eba4ee497f7b3b2eca169d0975cafc961ce0abe1e4 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/clock-cheking/expert-barnacle/load which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/clock-cheking/expert-barnacle/load*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.98.213:40317/i id: auto-4370ec6f1f45104fe9a57c715fd3b2d61cc272edb098bf949c94ce20601cf321 status: experimental description: Detects traffic or activity related to http://59.177.98.213:40317/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.98.213:40317/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.213.194:59808/i id: auto-d6a58d966a4527f4bd29a81d9f1c173b58f68e956ef55d7d3504dbfe3f69416d status: experimental description: Detects traffic or activity related to http://115.57.213.194:59808/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.213.194:59808/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.171.23:41327/i id: auto-376019c37440a6630a68c7e93a1479c7dafa785095c929795cec327c8af4d37b status: experimental description: Detects traffic or activity related to http://124.94.171.23:41327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.171.23:41327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.158.166:49494/i id: auto-28ee8b28e088be167ac70cdcfe202aee88dab882fe00831a33b1272d2dc61604 status: experimental description: Detects traffic or activity related to http://175.146.158.166:49494/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.158.166:49494/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.158.166:49494/bin.sh id: auto-4845fb6d602f73f1bce7cb8ffed5de35f76346a4b19961f846cf34f04b591b75 status: experimental description: Detects traffic or activity related to http://175.146.158.166:49494/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.158.166:49494/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.78.10:36135/i id: auto-3917699f2d4695dea15b83ddc0234bc2a673891511c96c7e79c27f8d1c4f3136 status: experimental description: Detects traffic or activity related to http://222.137.78.10:36135/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.78.10:36135/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.171.23:41327/bin.sh id: auto-4bd3fa3057aabd57d771687dc94696792fd5f23413e7f3a04ceb5180d77b6b98 status: experimental description: Detects traffic or activity related to http://124.94.171.23:41327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.171.23:41327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.98.213:40317/bin.sh id: auto-200598d2f8be5414db0e227430273b586203ef981d7cdcbc6fe360f798e1ccc5 status: experimental description: Detects traffic or activity related to http://59.177.98.213:40317/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.98.213:40317/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.213.194:59808/bin.sh id: auto-fe3e437fe89a02a309bcd3bb1c5c8e2bea2fb4d13cb837b973a9056bafc0a68d status: experimental description: Detects traffic or activity related to http://115.57.213.194:59808/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.213.194:59808/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.9.72:51094/i id: auto-4f9254ea6965cbcebbea38393c0a30f5fd45d6dec912a48feb050eebbd364b34 status: experimental description: Detects traffic or activity related to http://182.116.9.72:51094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.9.72:51094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.129/wow2.sh id: auto-e5a798a68c7630e6a2bf52794d23d619bb1a286924737df7abf5153486a91630 status: experimental description: Detects traffic or activity related to http://87.121.84.129/wow2.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.129/wow2.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.251.222:52594/i id: auto-bdb371e91195c2cc09a1b361c3e980bf3af1f2516d8bf6db6ab96f3581d932b6 status: experimental description: Detects traffic or activity related to http://123.14.251.222:52594/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.251.222:52594/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.26.221:47804/.i id: auto-b6561814c1fbc0c4f63c0923806c80dada7b93d6820523262fcb51d685e7ddf4 status: experimental description: Detects traffic or activity related to http://113.221.26.221:47804/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.26.221:47804/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.78.10:36135/bin.sh id: auto-5efe8c65177359907333d19e533909f16d44dae2e7a2f33a5829d87406219a3f status: experimental description: Detects traffic or activity related to http://222.137.78.10:36135/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.78.10:36135/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.9.72:51094/bin.sh id: auto-a43f034bcaf671070190a465e0dff19207f83d4f0ff3d3091090cbb50592d60e status: experimental description: Detects traffic or activity related to http://182.116.9.72:51094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.9.72:51094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.191.104.40:50933/i id: auto-1810e2a31f31f9c7958b21e8d55559bd8395873bea2eb9cbbd8c97478b218e64 status: experimental description: Detects traffic or activity related to http://196.191.104.40:50933/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.191.104.40:50933/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.251.222:52594/bin.sh id: auto-3902611f28a951242c1c6322e54fa93e6e5222e30913088a346ac7f270fc6629 status: experimental description: Detects traffic or activity related to http://123.14.251.222:52594/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.251.222:52594/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.24.15:35384/i id: auto-109af23317635f72909709e81603801d002d681e36de162797d1b376cbdbb428 status: experimental description: Detects traffic or activity related to http://115.50.24.15:35384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.24.15:35384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.177.69:36444/i id: auto-cc8b4b11530c9a8abe456b182e36e4afaca4e9c4d3587981a78b9bb58288195c status: experimental description: Detects traffic or activity related to http://42.227.177.69:36444/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.177.69:36444/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.145.226:47857/i id: auto-bb888278022730ea1f18c9a1c9af7700dc0b6a46685cef7006a8876719917e90 status: experimental description: Detects traffic or activity related to http://182.118.145.226:47857/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.145.226:47857/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.48.182:50644/i id: auto-bd54607ea4e8afde0c9b6fc528cadb3e68b03cb310dd09ef40ed6c9690449404 status: experimental description: Detects traffic or activity related to http://182.117.48.182:50644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.48.182:50644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:38414/Mozi.m id: auto-4b4c0e352b1d136c60340de47d1f4ce0b2e68558ec9f8b322d8b073d336ef86d status: experimental description: Detects traffic or activity related to http://188.38.158.163:38414/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:38414/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.134.205:48930/i id: auto-e01feed517f25a5fb260bb5908b85e8b5f15a2487538871d8ac46055d85fd895 status: experimental description: Detects traffic or activity related to http://219.155.134.205:48930/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.134.205:48930/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.236.148:50976/i id: auto-73d3e88047191942e5aaf2f26cbdf66d6d7356c6a4d7fbd0bda53c627a13a66d status: experimental description: Detects traffic or activity related to http://115.48.236.148:50976/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.236.148:50976/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.130.240:40822/i id: auto-9b5706a99fdd095a00ccc6c97ff99fc651eecf19fa3215491adbdf3843bfff15 status: experimental description: Detects traffic or activity related to http://222.140.130.240:40822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.130.240:40822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.59:52576/bin.sh id: auto-e9b57017725e8451588e4183fea15cb9de0452307a967bdcf5f483eedde88796 status: experimental description: Detects traffic or activity related to http://61.53.89.59:52576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.59:52576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.188.80:48855/i id: auto-2f750db8f85a0a1ba1eda6baed84ccf7c1f0f2be53af283460cf7a4e40e30162 status: experimental description: Detects traffic or activity related to http://123.5.188.80:48855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.188.80:48855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.187.17.22:51139/bin.sh id: auto-f78f415f79f3c6d6e6ce329bcfdf77a128ca27a4f526f5a2b12fce424822c48c status: experimental description: Detects traffic or activity related to http://78.187.17.22:51139/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.187.17.22:51139/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.191.104.40:50933/bin.sh id: auto-df0373fd2d81d56115293a03a19d4d7757ffe52c4183500081123931d57bab89 status: experimental description: Detects traffic or activity related to http://196.191.104.40:50933/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.191.104.40:50933/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/sahanmerkez-byte/tvler/raw/refs/heads/main/inattv.apk id: auto-de06dc27b209560fd9df56bd583e8810a31de8744b43a81a2fd0956abe9a5106 status: experimental description: Detects traffic or activity related to https://github.com/sahanmerkez-byte/tvler/raw/refs/heads/main/inattv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/sahanmerkez-byte/tvler/raw/refs/heads/main/inattv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Selimkukucu12/sa/raw/8d10a82d3c39eec468fe168ed89d52af29ea3744/Chrome.apk id: auto-4aac54fdb15dcb6660ca39b0e9e3a41e78dedf336617b5380ba9f4217d437f49 status: experimental description: Detects traffic or activity related to https://github.com/Selimkukucu12/sa/raw/8d10a82d3c39eec468fe168ed89d52af29ea3744/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Selimkukucu12/sa/raw/8d10a82d3c39eec468fe168ed89d52af29ea3744/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/karaaytac192-oss/sa/raw/refs/heads/main/foto.apk id: auto-e31fbf4dc008ac53b0bfb8da0f31d5eb798b9dadd3588ddea97b51c60bb334ba status: experimental description: Detects traffic or activity related to https://github.com/karaaytac192-oss/sa/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/karaaytac192-oss/sa/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/3pmagneto/inattv/raw/refs/heads/main/inat18.apk id: auto-2a5de24bae6e530cf082a40dabafb9a202f3129018c54bdc68fce157b9294174 status: experimental description: Detects traffic or activity related to https://github.com/3pmagneto/inattv/raw/refs/heads/main/inat18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/3pmagneto/inattv/raw/refs/heads/main/inat18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/turkiyecanliyayinlari/sevkardesim/blob/main/inat%20Tv%20Video%20Oynaticisi.apk id: auto-e594c1b04ee7371b87c7ed59100b6b03250ee6e9db8d2708690a6b185e4adcf2 status: experimental description: Detects traffic or activity related to https://github.com/turkiyecanliyayinlari/sevkardesim/blob/main/inat%20Tv%20Video%20Oynaticisi.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/turkiyecanliyayinlari/sevkardesim/blob/main/inat%20Tv%20Video%20Oynaticisi.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/androtvinat/hasimmiyiz/raw/refs/heads/main/inattv.apk id: auto-3f46a92ccff1e08dd186f3e656c898e056a095572eeb6ce57f4b73acc117da43 status: experimental description: Detects traffic or activity related to https://github.com/androtvinat/hasimmiyiz/raw/refs/heads/main/inattv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/androtvinat/hasimmiyiz/raw/refs/heads/main/inattv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.136.86.90:48140/i id: auto-ad8a50a28d7810b18bab666c8893ef14179109cca8fae102e0f43909ceef53f7 status: experimental description: Detects traffic or activity related to http://61.136.86.90:48140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.136.86.90:48140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.91.221:48321/i id: auto-6f8dea8a4c0792bc0e0e12c5144eadb7bd1693d343733dec28e6aeb446e088d5 status: experimental description: Detects traffic or activity related to http://125.47.91.221:48321/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.91.221:48321/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.136.86.90:48140/bin.sh id: auto-2655826dfda57fe6862c18346650b785cc74bc66ee1983748ce4de778b9f78d8 status: experimental description: Detects traffic or activity related to http://61.136.86.90:48140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.136.86.90:48140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.14.139:54863/i id: auto-861bfe46e2cd4107cc5e562a7923827e5fd654eaac54e68770848145e550d722 status: experimental description: Detects traffic or activity related to http://219.155.14.139:54863/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.14.139:54863/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.94.162:44974/i id: auto-570a571d5a878ddfd7dbccf960087cf9ff313f709b69c3db03992d512288d5fc status: experimental description: Detects traffic or activity related to http://222.137.94.162:44974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.94.162:44974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.65.124:44330/i id: auto-e5d8c21642d92f59d877342a09fd9064f4ef7038364ff147873faa3e6a029b7b status: experimental description: Detects traffic or activity related to http://115.49.65.124:44330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.65.124:44330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.94.162:44974/bin.sh id: auto-cda688b0f36116a01d1166cde350e88d3eba99fbb4163bc0f374c86be8502e25 status: experimental description: Detects traffic or activity related to http://222.137.94.162:44974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.94.162:44974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.14.139:54863/bin.sh id: auto-97a0277c1808f7c8637001b45fae47dac44854ba5455bc04f014790913236268 status: experimental description: Detects traffic or activity related to http://219.155.14.139:54863/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.14.139:54863/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/clock-cheking/expert-barnacle/brand id: auto-1c185a87a5351cf960b17526993a47cdd205b409e65d3d6674aff7e876677060 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/clock-cheking/expert-barnacle/brand which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/clock-cheking/expert-barnacle/brand*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.65.124:44330/bin.sh id: auto-27d4d20ad10a839960d11124b68971ca0aab59b3c0634292f8f30a4313deaa86 status: experimental description: Detects traffic or activity related to http://115.49.65.124:44330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.65.124:44330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.23.81:47972/i id: auto-f0e727352068e1ee1b55d87fc029a69fda0ce02cb6f6c19d9ef6ecddb88522b9 status: experimental description: Detects traffic or activity related to http://42.58.23.81:47972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.23.81:47972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://midnight-forge.cc/ id: auto-2b5b535df60a9ae0c3d6ce25dcb108c0357285dfd858f224117ae991f97650fe status: experimental description: Detects traffic or activity related to https://midnight-forge.cc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://midnight-forge.cc/*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.21.150:41491/i id: auto-f344b30b9be33b62cdef9a4eccafc90408c1634b2e710f35a0f3419aae707787 status: experimental description: Detects traffic or activity related to http://42.237.21.150:41491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.21.150:41491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/05%2012%202025/info.zip id: auto-5e4d767cf978efe9ed933773a7077e6ae080a3c479cf49f96a97e4204084cc23 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/05%2012%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/05%2012%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/05%2011%202025/info.zip id: auto-c02848a6bc5f793ce4f6bb3e7143ed4bdc18f8cc0dd5851b77de27237432482e status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/05%2011%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/05%2011%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/03%2010%202025/info.zip id: auto-745301a915486d4b1ba167f7e2a8f5191d3091f48a0e3d5df7466c3df17b18c1 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/03%2010%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/03%2010%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/04%2012%202025/info.zip id: auto-f9430ffa1e1ff41d6abb3122ad28a0fb76c8222ffe70f4288e9cd47f82fc54f3 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/04%2012%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/04%2012%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/04%2007%202025/info.zip id: auto-9a929ed72d90b6907d836fb53447baa9bc003f23a8a59ec335ee69f64666b0b7 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/04%2007%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/04%2007%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/04%2009%202025/info.zip id: auto-aadb2d9c526138fb1a059da8c7f0f3e8304fc1d236ffcba50e843ab4b3a7deba status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/04%2009%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/04%2009%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/02%2012%202025/info.zip id: auto-0971ae46e5ba0bd81184d2f18c1759c122135a5691d016cbff3469b09d1cadce status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/02%2012%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/02%2012%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/03%2007%202025/info.zip id: auto-4c335e5e11adf57b216572e94f0ac3d59f7f3fb7715abc451edf7a57ae72b32c status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/03%2007%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/03%2007%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/04%2008%202025/info.zip id: auto-3e1ce4fe07e6b88e07ae89019f863ec2dfa4d3145728c5147ab1098b03d23af1 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/04%2008%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/04%2008%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/05%2010%202025/info.zip id: auto-edbcbf81e783730895792b7b338aaebfa0880ae288eb0ad2edfad6669222d64e status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/05%2010%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/05%2010%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/03%2012%202025/info.zip id: auto-ea75b8cb0bccf1c3fa61d5f29841e09c0cd6e934bee445490dcabf3159b20433 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/03%2012%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/03%2012%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/03%2011%202025/info.zip id: auto-0807e952b4d942123453f4ffccaa1b15a9fcb26cdb680ed4adffc0a4109f512e status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/03%2011%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/03%2011%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.163.114.232/Test/info.zip id: auto-2d30f219c89caf5d25c899254d18f57dbe6870fa0ac697d1308c922ade719808 status: experimental description: Detects traffic or activity related to http://182.163.114.232/Test/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.163.114.232/Test/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.174/maybe.exe id: auto-4485ec84f02bb873810bef4d19ff6935391d7dd75a400f7e1c0d08646c40966d status: experimental description: Detects traffic or activity related to http://185.132.53.174/maybe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.174/maybe.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/03%2009%202025/info.zip id: auto-cc04c8eba787e626e3246e3c89f7f6b6e5f4427789dda9fa95b2f010c9901d33 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/03%2009%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/03%2009%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/05%2008%202025/info.zip id: auto-16004b017b6bbce6581ba5dc21df5db447dff1a637272d191266a4ca15f19e3b status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/05%2008%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/05%2008%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/05%2009%202025/info.zip id: auto-3abfc09ebfcb9678e32100685294fef1ac57d1777417de2df8c131a2b87661b8 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/05%2009%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/05%2009%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/06%2007%202025/info.zip id: auto-f280e5e732545f18b14b2348c5769b4fd13f9094158fb3390a344c7d3814b213 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/06%2007%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/06%2007%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/04%2011%202025/info.zip id: auto-ac10234d8c7b8e16094997ffb6d4b4ecedd0702164ca36782d67f8a0b6084e85 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/04%2011%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/04%2011%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/05%2007%202025/info.zip id: auto-1a5f25a4d56a0466b75e65a2399a6fbdcd7fdfd24772d3c237c57fd0cf977623 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/05%2007%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/05%2007%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.42.249.132:5000/R-02-RADIOLE/03%2008%202025/info.zip id: auto-d545962900fc79a49be2ad8afcfe72ee30c0bd8c6f43ce53dc3b4fa307e2db11 status: experimental description: Detects traffic or activity related to http://81.42.249.132:5000/R-02-RADIOLE/03%2008%202025/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.42.249.132:5000/R-02-RADIOLE/03%2008%202025/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tvlerizleme/acarmis2saate/raw/refs/heads/main/%C4%B0nat%20Tv%20Pro.apk id: auto-27c9da73725f382a701b2f2e3de8d2bb09b893ffc3971f621a1d15214a88e694 status: experimental description: Detects traffic or activity related to https://github.com/tvlerizleme/acarmis2saate/raw/refs/heads/main/%C4%B0nat%20Tv%20Pro.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tvlerizleme/acarmis2saate/raw/refs/heads/main/%C4%B0nat%20Tv%20Pro.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/turkiyecanliyayinlari/seyretkardesim/raw/refs/heads/main/inat%20Tv%20Video%20Oynaticisi.apk id: auto-35ea352082c4c86d284515333a909502f16cb18e445c6578099ba63221061112 status: experimental description: Detects traffic or activity related to https://github.com/turkiyecanliyayinlari/seyretkardesim/raw/refs/heads/main/inat%20Tv%20Video%20Oynaticisi.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/turkiyecanliyayinlari/seyretkardesim/raw/refs/heads/main/inat%20Tv%20Video%20Oynaticisi.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.145.117:34637/i id: auto-eb97481f996832f8c1eba93fec2c79786f2e1fcee0a6c248dbaf52ab89b960e7 status: experimental description: Detects traffic or activity related to http://123.189.145.117:34637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.145.117:34637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.0.30:55681/bin.sh id: auto-83c4b487881f4c450bf9a4bcb87cd73e9d4f70fd7ce520b4a0919d3e88f91feb status: experimental description: Detects traffic or activity related to http://125.43.0.30:55681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.0.30:55681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.19.69:47441/bin.sh id: auto-db1f0afe0652bb6a8940510c23132fd9eba79f988f61c20e05fa231653bce5e4 status: experimental description: Detects traffic or activity related to http://182.124.19.69:47441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.19.69:47441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.145.36:47308/i id: auto-871031fad07b07a9271571232bdcb19c604dff6e626a673113240360abc76bac status: experimental description: Detects traffic or activity related to http://39.79.145.36:47308/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.145.36:47308/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.23.81:47972/bin.sh id: auto-ae7a658504bf545e2a70f5a16811b9fb787e37483935507285e0c270972f9b90 status: experimental description: Detects traffic or activity related to http://42.58.23.81:47972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.23.81:47972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.145.117:34637/bin.sh id: auto-b57368edfa07de38b787878bf36fe83b85cef47d17ccf22c4d4ca08c32a494ce status: experimental description: Detects traffic or activity related to http://123.189.145.117:34637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.145.117:34637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.145.36:47308/bin.sh id: auto-13a4acdbfb3705140eaa2d2da214050055cb56db6903a35ed7117f03699cba21 status: experimental description: Detects traffic or activity related to http://39.79.145.36:47308/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.145.36:47308/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/ruckusbox id: auto-666cfe3de77ffa25defc3e5ab3918655192649bf658c17122a3d4431ca3a10d4 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/ruckusbox which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/ruckusbox*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.21.150:41491/bin.sh id: auto-4b872a7906253af41d4c8352a38af1c88706cf1e4820c2b22f1e56b88b0c4b64 status: experimental description: Detects traffic or activity related to http://42.237.21.150:41491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.21.150:41491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.9.113.60:34036/bin.sh id: auto-433bdefd108666239376a4a3ecd0764793fbc2e767c1b0bdbbe5445ec488a009 status: experimental description: Detects traffic or activity related to http://223.9.113.60:34036/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.9.113.60:34036/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.195.215:42663/i id: auto-6dabc8388286b3cd66413262aa8fc40396f2cc20caea939d1353ba8d1665320f status: experimental description: Detects traffic or activity related to http://115.55.195.215:42663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.195.215:42663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.116.236:54493/i id: auto-2b504e0c00a8741c6deba1e183fc303717206455ddcdc0fae5754014fc994126 status: experimental description: Detects traffic or activity related to http://222.139.116.236:54493/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.116.236:54493/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.93.26.110:51198/bin.sh id: auto-3c3f20a068be4bd94c24c2f22c2507ad9c3428d287789408a57613e1e17dc570 status: experimental description: Detects traffic or activity related to http://222.93.26.110:51198/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.93.26.110:51198/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.228.167:43498/i id: auto-0634315d796aa9929e431c338b129a116aa45b7fbd58019e2b1850b46f614ab7 status: experimental description: Detects traffic or activity related to http://123.12.228.167:43498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.228.167:43498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/fernisafuckingddosbossfuckkrebsandshitlabs.sh id: auto-bc0bb4ca9804350f1b71500d1290376ea916525e81dbebcbe2602b93a6a58b5a status: experimental description: Detects traffic or activity related to http://158.94.208.27/fernisafuckingddosbossfuckkrebsandshitlabs.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/fernisafuckingddosbossfuckkrebsandshitlabs.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/react.sh.1 id: auto-b1dfd00169e2eebca66cc70b2276c43e4e925425c1480ef056700bac2761cbfe status: experimental description: Detects traffic or activity related to http://158.94.208.27/react.sh.1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/react.sh.1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/react.sh id: auto-3b31b54359a99805afed47bd63348dddb890ad29e24ce7951a2484e59c4ff57b status: experimental description: Detects traffic or activity related to http://158.94.208.27/react.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/react.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.228.167:43498/bin.sh id: auto-9b9d584f759482b776bccfae2bfa7aa2f33d45be002759a34ca982b3f2a77fa7 status: experimental description: Detects traffic or activity related to http://123.12.228.167:43498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.228.167:43498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.116.236:54493/bin.sh id: auto-0dfe04e65cf2abd2d3c6156fd7ffb78f3257be6c6548f4a6244ed3d35c4e592d status: experimental description: Detects traffic or activity related to http://222.139.116.236:54493/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.116.236:54493/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net///arm5 id: auto-cef1b9009eb80895c69233332870e85bd2912af0772f91c4f2bb969c2a80fc46 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net///arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net///arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.195.215:42663/bin.sh id: auto-51905121ccaf8d6de645b8f6b79578936ea16f267970c7b985515884f41aa2e7 status: experimental description: Detects traffic or activity related to http://115.55.195.215:42663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.195.215:42663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.8.235:49709/i id: auto-d64d0e6143ed25b8892efaffa41bb0651a2dc63d837361db83e74d9d989bf5f0 status: experimental description: Detects traffic or activity related to http://182.122.8.235:49709/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.8.235:49709/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.39.82:43437/i id: auto-b524232800f6b5d397d2ff2138feb011aaf4ac07f6465e489e030fb93755805e status: experimental description: Detects traffic or activity related to http://27.207.39.82:43437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.39.82:43437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.4.60:42527/i id: auto-0e28b99c4b3c28d612e87094e5fd886ba473149f0a0e20d645a24c8c87397448 status: experimental description: Detects traffic or activity related to http://115.49.4.60:42527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.4.60:42527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.219.185:45080/bin.sh id: auto-b7ffef77f46506d80614a649fc7d8bd03b4ecde0cebb519980bddcdac9168acf status: experimental description: Detects traffic or activity related to http://117.247.219.185:45080/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.219.185:45080/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.39.82:43437/bin.sh id: auto-e6841aa090204334bdd3f6d6d4707091cc01192575f5a02958ebffb1ab5034bc status: experimental description: Detects traffic or activity related to http://27.207.39.82:43437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.39.82:43437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.4.60:42527/bin.sh id: auto-43ca8f48d940e25795a716766f1aa712f6606883941ce6ec50fb45f49b4568dc status: experimental description: Detects traffic or activity related to http://115.49.4.60:42527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.4.60:42527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.146.147:55365/i id: auto-81f001d6e95b775b6d3e922e837cfafe84a082253b94604d23c1dc957cf895b9 status: experimental description: Detects traffic or activity related to http://42.179.146.147:55365/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.146.147:55365/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.25.240:39798/i id: auto-fc6999bb15fb0e0afd2cb47774f1c316c536d6d6179d786ec94051e6613fab90 status: experimental description: Detects traffic or activity related to http://182.117.25.240:39798/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.25.240:39798/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/wow2.sh id: auto-ac3b0b2780df3fc40da31d1c102db342af2f411f03b59dae00a810c98b0b90ca status: experimental description: Detects traffic or activity related to http://91.92.241.10/wow2.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/wow2.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.125.40:38130/i id: auto-53cbb7a5bf6dd5b5a91387532e4006ce41925d741f5dc37a043ae00911f61c17 status: experimental description: Detects traffic or activity related to http://219.156.125.40:38130/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.125.40:38130/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.208.206:32979/i id: auto-74ced26e559c65325cfbaecc760a8c9dbb898f0f72dcd75f9087273da94ad307 status: experimental description: Detects traffic or activity related to http://182.113.208.206:32979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.208.206:32979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.83.13:34716/i id: auto-d85bdff917f5499b57c700523520f99301952326c8956c53f4c5f66873b28734 status: experimental description: Detects traffic or activity related to http://175.173.83.13:34716/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.83.13:34716/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.18.232:53733/i id: auto-3836b5e7d1ec1db73905066c2872aa203edc50daee783f3574ec1d8992112352 status: experimental description: Detects traffic or activity related to http://123.8.18.232:53733/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.18.232:53733/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.91.214.39:33550/Mozi.m id: auto-3096777c50d096a8ff0a054c76f87aed88eb26e7794fd7b44a78dee09792dd05 status: experimental description: Detects traffic or activity related to http://176.91.214.39:33550/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.91.214.39:33550/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:44047/i id: auto-62e5896f4c32ddad9fe29298aa3d12684b16579ed5b98e671b1c6ac4c2f2c275 status: experimental description: Detects traffic or activity related to http://36.64.174.50:44047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:44047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.100.46:36285/bin.sh id: auto-43c0300a7c6f702baa27338fc6248a035809ad11655bf5f2ea8bcd97f3935738 status: experimental description: Detects traffic or activity related to http://42.54.100.46:36285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.100.46:36285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.146.147:55365/bin.sh id: auto-4981d6b54e99352a0455854420cd0dba8d9b0393005268d75d1cf7091b48e92a status: experimental description: Detects traffic or activity related to http://42.179.146.147:55365/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.146.147:55365/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.41.138.93:35281/i id: auto-48fee05a4a37377e492e99394ad460cbc3f031df162e919080b7de614d7ce332 status: experimental description: Detects traffic or activity related to http://106.41.138.93:35281/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.41.138.93:35281/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.81.253:42406/i id: auto-185f9f2620825783b7b16a492a3ade95686ebf7404a1d3f749a8198a7c2fff41 status: experimental description: Detects traffic or activity related to http://125.43.81.253:42406/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.81.253:42406/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.77.190:55835/i id: auto-0d647566ed189cdcc8c39cb527d9f37a0ecf5b224f88d27570920e1398e333d8 status: experimental description: Detects traffic or activity related to http://175.165.77.190:55835/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.77.190:55835/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.171.246:50590/i id: auto-6d69a0c7f357176a27e9eed91d580b4669772b68ea830132f70fc85369de7475 status: experimental description: Detects traffic or activity related to http://222.142.171.246:50590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.171.246:50590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-e76a5d6b6af00bfae7acb9fde7848b4252137586ac4056a42f8e92feaa83dffe status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:48495/i id: auto-ad4734cd6094fb30f9204b061a8413dc582ec02d9851bb666a7417ba373329df status: experimental description: Detects traffic or activity related to http://110.39.249.174:48495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:48495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.41.138.93:35281/bin.sh id: auto-244d645e8ac486e65755664053410a478615d271aed075f5d790732b3ad7fe91 status: experimental description: Detects traffic or activity related to http://106.41.138.93:35281/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.41.138.93:35281/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.245.54:37057/bin.sh id: auto-713d6927e75f0cfb10daa7b8be5ce0a7f867b8dcda5335cd3bf5ffc4b63c68bd status: experimental description: Detects traffic or activity related to http://115.63.245.54:37057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.245.54:37057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.81.253:42406/bin.sh id: auto-7107a992088a724b6c9fcde230c7e2395e8e56f99300b5a97fee71b5ab73cb77 status: experimental description: Detects traffic or activity related to http://125.43.81.253:42406/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.81.253:42406/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.77.190:55835/bin.sh id: auto-9a098f37b252e571ab32581a874f7b9a7d3c7c67f27117e1a3c76e925cd437cd status: experimental description: Detects traffic or activity related to http://175.165.77.190:55835/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.77.190:55835/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.70.48:59972/bin.sh id: auto-563dff568a7cfa86b86be7eb40367d2f65919c827db2feac5c4e7e459568be2a status: experimental description: Detects traffic or activity related to http://115.50.70.48:59972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.70.48:59972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.171.246:50590/bin.sh id: auto-2e7f41790a00966f2d33f9422a011a199d2c910487311fee77f9366c53e851ad status: experimental description: Detects traffic or activity related to http://222.142.171.246:50590/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.171.246:50590/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:48495/bin.sh id: auto-cc53b837ca3145244be2a1e5f73fc9b1a700e66db38b38aca0711e6c0450d31e status: experimental description: Detects traffic or activity related to http://110.39.249.174:48495/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:48495/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.140.35:35919/i id: auto-bb48a81668ba53ed2d70be2e61a6d5e95fce3b498175ec0e0f3b6ede8662d3df status: experimental description: Detects traffic or activity related to http://117.223.140.35:35919/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.140.35:35919/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/logicdr.sh id: auto-e3e407445d2f14a81c6aec0eba9fdbf0aa2a7882416038f9877b34ac442fcce3 status: experimental description: Detects traffic or activity related to http://91.92.241.10/logicdr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/logicdr.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.110.19.121:60946/i id: auto-ecd80df3775295b475f278c070cb3fd2bc442a5d9484bbd97b2de3a53bb04bda status: experimental description: Detects traffic or activity related to http://202.110.19.121:60946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.110.19.121:60946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.57.122:58254/i id: auto-238c9fa629a7041b2b575b8bf2828bb975f1a135880c6dc01abc82a20b14613c status: experimental description: Detects traffic or activity related to http://59.184.57.122:58254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.57.122:58254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.226.126:47369/i id: auto-c4374cc46e2c4c8273bd8b9edf90c96e9349c53672a4052e4fbf6784e6d9ad68 status: experimental description: Detects traffic or activity related to http://125.41.226.126:47369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.226.126:47369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.132.16:42707/i id: auto-29cca0661cadc4cfe1864df2021b56b616d33d3303c720a4e00f775facaea0ee status: experimental description: Detects traffic or activity related to http://27.207.132.16:42707/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.132.16:42707/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.53.6:43020/i id: auto-901ce30922299a781c822485f50b0bc71d2d69dc704d562d36f30245cb60117d status: experimental description: Detects traffic or activity related to http://175.175.53.6:43020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.53.6:43020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.132.16:42707/bin.sh id: auto-bb48906082343fd32ee5cdbf376f48bb08af066599280b8c3531990d8752ae16 status: experimental description: Detects traffic or activity related to http://27.207.132.16:42707/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.132.16:42707/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.226.126:47369/bin.sh id: auto-160a2cf0d1050549aaad51c92c01e07619cde4e7e6b469b89dd92b7a4c3860fe status: experimental description: Detects traffic or activity related to http://125.41.226.126:47369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.226.126:47369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.220.214.246:12325/i id: auto-708e36ff9e8645ad5381602a7a4890cd7aefcd49f24c7eda054955a72de15b25 status: experimental description: Detects traffic or activity related to http://103.220.214.246:12325/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.220.214.246:12325/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.220.214.246:12325/bin.sh id: auto-191a60e3df916e0bcc130f380d4d2476b6c67d9f1398ad2f4fd6edcea9ce7f52 status: experimental description: Detects traffic or activity related to http://103.220.214.246:12325/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.220.214.246:12325/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.110.19.121:60946/bin.sh id: auto-ee4c771ae24c0d573edd50f432267cfb74aa14bb3326059d80cab44dfce9b4d1 status: experimental description: Detects traffic or activity related to http://202.110.19.121:60946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.110.19.121:60946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.57.122:58254/bin.sh id: auto-a654743fad3eff1494934f00900210d8244b39c84476d89d05fb803e5ea7ce7a status: experimental description: Detects traffic or activity related to http://59.184.57.122:58254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.57.122:58254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.53.6:43020/bin.sh id: auto-94a2a1e6015754d623130ca86578ce76a4408d44f6e9e140c0cc276a1ebce5c9 status: experimental description: Detects traffic or activity related to http://175.175.53.6:43020/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.53.6:43020/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://destinyalts.xyz/328938582853281/robot id: auto-9ae75ae50fb9245382be3a522c5e35ee260f52116f27c49af2dac9a6c39f2623 status: experimental description: Detects traffic or activity related to https://destinyalts.xyz/328938582853281/robot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://destinyalts.xyz/328938582853281/robot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gistpad.com/raw/2ife-3fgs-3gsg4-wgf2 id: auto-d60dfd57e5c78e0dc3a86f21d40391afddbf9e980197d7f625a7259bc3aaf714 status: experimental description: Detects traffic or activity related to https://gistpad.com/raw/2ife-3fgs-3gsg4-wgf2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gistpad.com/raw/2ife-3fgs-3gsg4-wgf2*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.183.182:53632/i id: auto-66469376d1e1560a78040a9c1edbaa0c07b4605277a57df3b2cb4ea55e1f4686 status: experimental description: Detects traffic or activity related to http://125.41.183.182:53632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.183.182:53632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.206.84.66:47421/bin.sh id: auto-920a0b7634a3e7eb9772372e2f8e9a33c1dd606a53a1fd6d0c6d502c129c32ad status: experimental description: Detects traffic or activity related to http://27.206.84.66:47421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.206.84.66:47421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.141.109:42273/i id: auto-6b02f2dc35b51200b2af2533164f75e35597fec9b70e7e1d97fd7825a7638744 status: experimental description: Detects traffic or activity related to http://59.96.141.109:42273/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.141.109:42273/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.183.182:53632/bin.sh id: auto-a296646bd07ec19e3deb372557b3f37df6b476890ebc8f3b5b06107c061a7289 status: experimental description: Detects traffic or activity related to http://125.41.183.182:53632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.183.182:53632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.100.45:45259/bin.sh id: auto-9e2dc01c234221ff628b23aa91c5113f4f4d47ed6f02e561811740bb6af81ffd status: experimental description: Detects traffic or activity related to http://115.49.100.45:45259/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.100.45:45259/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.48.16:52440/i id: auto-d8a8c27555f682cbefafae73420c596274cfc98751f43caaba7d555998311fc0 status: experimental description: Detects traffic or activity related to http://112.242.48.16:52440/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.48.16:52440/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.152.28:33567/i id: auto-2046ff411bdb0b34123835df41318f9894e6f8353a9291d4b44f85e32e20dd22 status: experimental description: Detects traffic or activity related to http://115.48.152.28:33567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.152.28:33567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.30.170:49059/i id: auto-c6b3514205cc161c80ea88cd03afd7d5cdad89056e655c81f8806044ec943f17 status: experimental description: Detects traffic or activity related to http://123.190.30.170:49059/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.30.170:49059/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.141.109:42273/bin.sh id: auto-c40aa792cda9438a7353b9528409f179c9fcfcf90ca4364978447e5b3f3d19d9 status: experimental description: Detects traffic or activity related to http://59.96.141.109:42273/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.141.109:42273/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.155.167:40630/bin.sh id: auto-cc14d7ec08ab6f1f5e5147572d4389f2512d909775212cd63d4d7ddebf8e1288 status: experimental description: Detects traffic or activity related to http://42.239.155.167:40630/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.155.167:40630/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.208.111.252:45247/i id: auto-8a24229de9b4cc0b6fb57ac397edef9832c312624b6e82c2763ee5540959eb9c status: experimental description: Detects traffic or activity related to http://222.208.111.252:45247/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.208.111.252:45247/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.152.28:33567/bin.sh id: auto-bcd62fd29e01e3f1375f0a66640bdd51f1bb2a52a2adc23c619ca43cfbb5f850 status: experimental description: Detects traffic or activity related to http://115.48.152.28:33567/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.152.28:33567/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.48.16:52440/bin.sh id: auto-97e98f7cec34691bed7a57ee179eba9877d208e9512546e2b0e7093fb4a603b4 status: experimental description: Detects traffic or activity related to http://112.242.48.16:52440/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.48.16:52440/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.6.185.132:40030/i id: auto-50dffb4da6c3136d992a70d53a76172ad19c9e2ce293069e1404d6dcded85cff status: experimental description: Detects traffic or activity related to http://124.6.185.132:40030/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.6.185.132:40030/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.34:34387/bin.sh id: auto-79a62931e53ccce08ca82786be3c98f2e77f07e56e494f840eb2578f1d168877 status: experimental description: Detects traffic or activity related to http://110.37.61.34:34387/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.34:34387/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.77.14:46645/bin.sh id: auto-cfdeaefd1d7b4309e8f50340c2ee63a2ec9e134a7def159fc31c081a07ca3270 status: experimental description: Detects traffic or activity related to http://182.121.77.14:46645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.77.14:46645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.38.174:34334/i id: auto-ed6a22044c5db31fedc21225b5eacbb3b86bdc0b4d19f1ea7b315f37a61786e7 status: experimental description: Detects traffic or activity related to http://125.43.38.174:34334/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.38.174:34334/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.156.143:51441/bin.sh id: auto-eaaa856c98601fb27d08020a4664597a1abad31f0e63838a5a39c5aed414ea93 status: experimental description: Detects traffic or activity related to http://175.146.156.143:51441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.156.143:51441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.198.243:50991/bin.sh id: auto-2fd2a312ab6cda1b770028f4c98bb6f32689877bfa3169ed7519f105635d0c03 status: experimental description: Detects traffic or activity related to http://182.116.198.243:50991/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.198.243:50991/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.208.111.252:45247/bin.sh id: auto-175f99d5fd43eff019ab37f400dbd45b735224dc52792f9a90ba44f080ea95ae status: experimental description: Detects traffic or activity related to http://222.208.111.252:45247/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.208.111.252:45247/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.38.174:34334/bin.sh id: auto-a68ffd855590e1d39101fe10095d212cb68a823c827f9998355536cc30a9b1df status: experimental description: Detects traffic or activity related to http://125.43.38.174:34334/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.38.174:34334/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.224.17:41616/i id: auto-12bb5f73e398c9dd404b35656eafc99916d1cf67ee6dcc8e59f55fa300cc836e status: experimental description: Detects traffic or activity related to http://125.43.224.17:41616/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.224.17:41616/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.6.185.132:40030/bin.sh id: auto-b42b67bbee74fa9d19318fff126d790a52d0f515ddc19bcaebbde46b6af37559 status: experimental description: Detects traffic or activity related to http://124.6.185.132:40030/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.6.185.132:40030/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.10.7:55703/i id: auto-cba6d58ea0a47741ccca0ec15781b493a99069902461bf0b3ce9f9848e8ece45 status: experimental description: Detects traffic or activity related to http://182.119.10.7:55703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.10.7:55703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.224.17:41616/bin.sh id: auto-c2e32efe598e59582f94e8f0e3a3be3eee9875d483b455d43386a66f8acc4aef status: experimental description: Detects traffic or activity related to http://125.43.224.17:41616/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.224.17:41616/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.10.7:55703/bin.sh id: auto-ad26d33b09e4f9f48648041f7c27979243128d71e52e8bba2f9620283eabda4c status: experimental description: Detects traffic or activity related to http://182.119.10.7:55703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.10.7:55703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.246.235:43794/i id: auto-4206de0c04d04d496282560caae04217842d05c9ceaf77bdc19aadc680da68c7 status: experimental description: Detects traffic or activity related to http://42.239.246.235:43794/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.246.235:43794/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.1.153:55049/i id: auto-eb496154a2c4f5e00284f49254dfe995cbed864346da78e08c7c7cd57c3674ca status: experimental description: Detects traffic or activity related to http://125.41.1.153:55049/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.1.153:55049/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.242.1.16:53703/i id: auto-9072b937f7af45ce7003351d3b7122e76445a0ad6258d9a0d867bdfd0942bee2 status: experimental description: Detects traffic or activity related to http://154.242.1.16:53703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.242.1.16:53703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.181.143:49722/i id: auto-cf11d6f4dcd49ce4778091e5be40b9fe464fb68f6fa494d880c7dfd6fccdc1f0 status: experimental description: Detects traffic or activity related to http://182.121.181.143:49722/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.181.143:49722/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.3.136:50861/bin.sh id: auto-a37a527c408959c43092bc4653ba15ce8e70712d092aba48fafaeb4a89034880 status: experimental description: Detects traffic or activity related to http://61.52.3.136:50861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.3.136:50861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.138.233:52514/i id: auto-c6bf6861c5b808fd55ea3cd420d8ed1a2b209f4226a2797726d560b6469e78a5 status: experimental description: Detects traffic or activity related to http://123.5.138.233:52514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.138.233:52514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.246.235:43794/bin.sh id: auto-d17af8b331a49cc058e9acd2661f947b08e6b35e31858ef9bea0e765360f26ac status: experimental description: Detects traffic or activity related to http://42.239.246.235:43794/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.246.235:43794/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.103.112:46221/i id: auto-9041152c6c2e7fabe279746590b3e8bd01062de29b5458a5568184e7105ec9e0 status: experimental description: Detects traffic or activity related to http://61.53.103.112:46221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.103.112:46221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.242.1.16:53703/bin.sh id: auto-97951b0040946be269f213c458abb8aed9a9715c3435891deabedf1ce911d63d status: experimental description: Detects traffic or activity related to http://154.242.1.16:53703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.242.1.16:53703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.1.153:55049/bin.sh id: auto-eac0e0e2c5cbe27ddc81ace579441b098cd96feb1df0da7a2c745ae4f5d719a2 status: experimental description: Detects traffic or activity related to http://125.41.1.153:55049/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.1.153:55049/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.120.151:38074/i id: auto-1aa4f8852f5e04b8f28071788dca72cfe8c6bf1976772abf9f101bbffa8ba792 status: experimental description: Detects traffic or activity related to http://117.195.120.151:38074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.120.151:38074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.34.82.55:23637/i id: auto-f07f5002b89729919fa185b3c41302fab57890f7af89a3c09b8acf0a7e312bde status: experimental description: Detects traffic or activity related to http://36.34.82.55:23637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.34.82.55:23637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.32.83:34324/i id: auto-284e4f04a7573e2c37e35bccdff2da7a52fe78c7b4f55c130f0e469246ba6680 status: experimental description: Detects traffic or activity related to http://125.42.32.83:34324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.32.83:34324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.168.145:34527/i id: auto-4e002e94407c9a1641dde3a7089472070fdeb785de11f4eb58a20063175de3ae status: experimental description: Detects traffic or activity related to http://123.5.168.145:34527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.168.145:34527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:41417/i id: auto-5d106de75a7cdd8e22bebaecd6ff98c2e6f15a6f48214ea41b67f190c7ab7676 status: experimental description: Detects traffic or activity related to http://110.37.59.132:41417/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:41417/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.59.208:44039/i id: auto-4aa40d5b58880b017042d4a8349664bac4af54f76d79c06c3e27a64e018b8331 status: experimental description: Detects traffic or activity related to http://61.52.59.208:44039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.59.208:44039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.100.155:34457/i id: auto-2dc5fe09e8b930ccabb70db884c5fdcabbe2d0864c990ce381aed96c2bae34ed status: experimental description: Detects traffic or activity related to http://222.139.100.155:34457/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.100.155:34457/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.72.125:39210/i id: auto-7e9ec7a3be4b1f6a660bf7057982d0ecd01cc9ac3790b66efe797ee4c6080c13 status: experimental description: Detects traffic or activity related to http://125.47.72.125:39210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.72.125:39210/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.67.246:35268/i id: auto-b7701eb4f50161a7e46a32b31bd97bd1a7d8b8327c4787a615f079e07ca205e5 status: experimental description: Detects traffic or activity related to http://115.49.67.246:35268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.67.246:35268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.181.143:49722/bin.sh id: auto-276848af950e898fb61129e55fcab4c67061a598e32b19041184fa716f7023c1 status: experimental description: Detects traffic or activity related to http://182.121.181.143:49722/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.181.143:49722/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.198.243:50991/i id: auto-49f6b604a286186e4ac284648e793ad6a89e83a32100518b902b1cc8618ead62 status: experimental description: Detects traffic or activity related to http://182.116.198.243:50991/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.198.243:50991/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.133.180:53644/i id: auto-f009f97dbb209abb78132375032ece8ed1d18d1ef33aba743fef176504a62755 status: experimental description: Detects traffic or activity related to http://196.190.133.180:53644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.133.180:53644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.0:48718/i id: auto-ec0441670b4fb985dff0e07ae7997c0b83769c28a59f31b42cf88610453fc983 status: experimental description: Detects traffic or activity related to http://110.37.1.0:48718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.0:48718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.103.112:46221/bin.sh id: auto-4d64aa9a2d1f9325c09b7e39a3d4622e5c8410ee5b165cb12595251f37ea4db9 status: experimental description: Detects traffic or activity related to http://61.53.103.112:46221/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.103.112:46221/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.32.83:34324/bin.sh id: auto-9ca1c128cfedcc49a7bcf46f3e98df2710667ff3627b80b743c1dd1163147d22 status: experimental description: Detects traffic or activity related to http://125.42.32.83:34324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.32.83:34324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.59:52576/i id: auto-adfce6ee909a39be2e200971fb98e1fd40ec0a7154c83cd0958c9ddbfb954c95 status: experimental description: Detects traffic or activity related to http://61.53.89.59:52576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.59:52576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.60.252.63:58290/i id: auto-d44a73cf18e84798bb2845d09bdb26bb5e1617e18a10ea80d74b5327ac66674d status: experimental description: Detects traffic or activity related to http://115.60.252.63:58290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.60.252.63:58290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.120.151:38074/bin.sh id: auto-a3ff315b921304891228ff68e35e1123807a134ff9eb0014e0e0ae1bc7eacfa0 status: experimental description: Detects traffic or activity related to http://117.195.120.151:38074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.120.151:38074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.60.252.63:58290/bin.sh id: auto-9edbdaa7dab03c7585c60e272ae1f95e351b7638ebcd7266d9757057b7acf511 status: experimental description: Detects traffic or activity related to http://115.60.252.63:58290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.60.252.63:58290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.141.215:60134/bin.sh id: auto-c7189ca1fc5ad7170c115ca8465c26dc0c6ca20f5d3fe7c4e959a1a7acd6df3f status: experimental description: Detects traffic or activity related to http://125.41.141.215:60134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.141.215:60134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.158.185:39414/i id: auto-5bd5a6a40cbff104db3f523238c4d71813f563e2dc451fa0c78c45962815a86d status: experimental description: Detects traffic or activity related to http://175.148.158.185:39414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.158.185:39414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/unlovingconcrete456 id: auto-a45bdd77c51ccc10b934b51a3e05bcb04a47f88a88c6ca25d21766df16ca1377 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/unlovingconcrete456 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/unlovingconcrete456*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/upturnedevict id: auto-8a70a0a2f51286cded6fa282ee3347c4a600b84f4ff5e1eb219a978ee1584192 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/upturnedevict which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/routing78-fabric43-euw3/csz54-hrt8-s43-g984-gsdf555/upturnedevict*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.208.213:55769/bin.sh id: auto-b45937499820daf74b30c49ca7ed638594d7415c5a75eedbda82a567a260d4a3 status: experimental description: Detects traffic or activity related to http://115.50.208.213:55769/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.208.213:55769/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.122.240:53063/bin.sh id: auto-8ced47b7b6fb0b7391b76e204673283676120e2c824d3645040a0bedbb574eaa status: experimental description: Detects traffic or activity related to http://182.126.122.240:53063/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.122.240:53063/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.222.77.196:43671/i id: auto-2ba652a6fcaaa3322b472f0426c15a4b29b050a8efc2d8c3c95059e03d90c61f status: experimental description: Detects traffic or activity related to http://27.222.77.196:43671/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.222.77.196:43671/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.25:40746/i id: auto-7710116533b2f054fcaae3eec0583ae29392d2e0de52e3329ce336a8b2bb0d5e status: experimental description: Detects traffic or activity related to http://125.41.6.25:40746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.25:40746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.246.70.168:58330/i id: auto-0d45cc2e06e9bb35bd47c85a2f26b50095de49d41f9a33be4d963d71d7d26785 status: experimental description: Detects traffic or activity related to http://197.246.70.168:58330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.246.70.168:58330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/m68k id: auto-2786e69795bcba823376ef12a27324424fd8591fe86312d1474cdd95d8e42c4b status: experimental description: Detects traffic or activity related to http://109.107.181.28/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/ppc id: auto-ea4839b79930ac8fb8578a3db7b372597efd64c1a5bb05c120b5ffdec5eb70ce status: experimental description: Detects traffic or activity related to http://109.107.181.28/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/sh4 id: auto-60006d6d14772e5db92d1e76ea057fae53d7b6b752f55b2ac9299806cbb650b9 status: experimental description: Detects traffic or activity related to http://109.107.181.28/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/arm6 id: auto-453851e9cb0b32eda77ba200b9acf22b831f40e6d7c29a2816f51508390659b5 status: experimental description: Detects traffic or activity related to http://109.107.181.28/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.246.70.168:58330/bin.sh id: auto-6488e7065f0b2776a0f58f9a4213d3984dca0464605ba5e51e707c0cc45203a0 status: experimental description: Detects traffic or activity related to http://197.246.70.168:58330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.246.70.168:58330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.222.77.196:43671/bin.sh id: auto-5540579bc23998478ed5bd40d0ddccc3f26ac8e1a21e1feca54c632d5d35d432 status: experimental description: Detects traffic or activity related to http://27.222.77.196:43671/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.222.77.196:43671/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.136.202:33435/i id: auto-637ca38b8e83df8071153be415cde8de9a6c50394a4d5cfaa8ee9290485d19eb status: experimental description: Detects traffic or activity related to http://36.88.136.202:33435/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.136.202:33435/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.1.63:57132/i id: auto-e6c33f85e797246f683e42337844a9d1239104839e18e12f9b2c155506d6c562 status: experimental description: Detects traffic or activity related to http://106.57.1.63:57132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.1.63:57132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.30.89:53297/i id: auto-f2589490b2851a729bb31dbe0b41ae7e54af45d37b583af46246a76543545b67 status: experimental description: Detects traffic or activity related to http://42.7.30.89:53297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.30.89:53297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.136.202:33435/bin.sh id: auto-a41b357abbf72e48ec2ea41ebbfa0aecc25057f331cb2a46b1703338b08ff8b2 status: experimental description: Detects traffic or activity related to http://36.88.136.202:33435/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.136.202:33435/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.64.254:54935/i id: auto-e62da5ed6f05565df12cf67e0d4673894116d03ceac8bc5715aaaf82160eb1e1 status: experimental description: Detects traffic or activity related to http://110.37.64.254:54935/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.64.254:54935/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://microsoft-telemetry.at/ozo/teq.exe id: auto-318e63148247ae5a18105357a73c67d7c6095472ac82cd90be5d639d31ac1c7b status: experimental description: Detects traffic or activity related to http://microsoft-telemetry.at/ozo/teq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://microsoft-telemetry.at/ozo/teq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.1.63:57132/bin.sh id: auto-ccd5867fb02889310a8109304bf298a55329f877883a498403bd544229f81636 status: experimental description: Detects traffic or activity related to http://106.57.1.63:57132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.1.63:57132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.30.89:53297/bin.sh id: auto-5dce75cc1f257bc318df307b180064a0ee0f525e6a0460bcb79d458aeb03b8e9 status: experimental description: Detects traffic or activity related to http://42.7.30.89:53297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.30.89:53297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.91.224:49481/bin.sh id: auto-bf8d8581aaca33b256e5856ba14289d028c30a2e193b0c6d0c8ab98422a3461c status: experimental description: Detects traffic or activity related to http://61.53.91.224:49481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.91.224:49481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.64.254:54935/bin.sh id: auto-b321d66b1534d19e91563a28b07c39dc998bac39a72f8e2c435b82662e5e281c status: experimental description: Detects traffic or activity related to http://110.37.64.254:54935/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.64.254:54935/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.49.129:42762/bin.sh id: auto-d2afd7a93a352b9a8f0fc63e9b1844dabb79efdffd5863198dd04a778f0a7dc9 status: experimental description: Detects traffic or activity related to http://115.55.49.129:42762/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.49.129:42762/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.146.92.46:38491/bin.sh id: auto-2f2876da3c6f6972a1b19b687a0960c24861862a8cfd6d0a71bb9ea90f1b7603 status: experimental description: Detects traffic or activity related to http://117.146.92.46:38491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.146.92.46:38491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 id: auto-2e03af9ef1dace3241da62fb199d181fbbf4a79156aee93dfa8c2733c2cb4dc4 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/tuananh.vbs id: auto-4ec076ad642385e62941758237231763d70f4032e5a860259caf6a8320337c81 status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/tuananh.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/tuananh.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/main.vbs id: auto-1807a4f00994a6e3e8c828ec7a072756aeebb360ec50a25e25f9182feab8a5ca status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/main.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/main.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.68.0:60591/bin.sh id: auto-a645a7fcbdfb15b70a595e9fe12396c8b08245db3e8948da6ca246656866f52c status: experimental description: Detects traffic or activity related to http://42.231.68.0:60591/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.68.0:60591/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.181.59:8001/tuananh.ps1 id: auto-bac4ae89fbfa23811ac49faf112b85b5a7a7a142686b74683027e717f8686f58 status: experimental description: Detects traffic or activity related to http://152.42.181.59:8001/tuananh.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.181.59:8001/tuananh.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.223.59.102:8443/sda1/AV.scr id: auto-6b33ee8203d70e205a2b4f1e71daf9f096945ec0d17abc5169cec15fca6f5539 status: experimental description: Detects traffic or activity related to https://194.223.59.102:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.223.59.102:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.1.99:41497/i id: auto-e4406863f0cdadb21e53e33eab1621807c4a57231127140ebcc564db188b7cfb status: experimental description: Detects traffic or activity related to http://42.56.1.99:41497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.1.99:41497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.223.59.102:8443/sda1/Video.scr id: auto-b35d42a1d4f983cd75bf01f119bbd7a4e08a7394eb0b3d7e2fe1e142addaa729 status: experimental description: Detects traffic or activity related to https://194.223.59.102:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.223.59.102:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k id: auto-cd08b721044b62209bc7154e6b2cc5837b61c4fadc65c43bc0b35e336f4d3235 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.sh4 id: auto-a41956ef811bdb87667d4c2272cc1b4109302ed43518ec495d57324d78ef697b status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm id: auto-045563fa8e06b7ca50f51bf81dc983929ff30f58bc9d02d63ae62e6e56082530 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.223.191.245:99/buding/unins000.exe id: auto-ab301bf11b6243ae4d2011480c7c7a56fa2aefb53557eee650ac35e09d6257de status: experimental description: Detects traffic or activity related to http://124.223.191.245:99/buding/unins000.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.223.191.245:99/buding/unins000.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/1.sh id: auto-c7379b99e5c023acfebe53e06539e38f8bf04da3b0bf2820989d1835d0d0aaaf status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/debug id: auto-4e64e5d75cd868f4cb0f58988be2016cd322a4ab3ed48774c81f491d2b897235 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/debug*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.223.59.102:8443/sda1/Photo.scr id: auto-fe2eb7bc4267f2b2f7769bd0f22df280671cb0ff3436aba2a80cd73b9d8d1bd8 status: experimental description: Detects traffic or activity related to https://194.223.59.102:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.223.59.102:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.223.59.102:8443/sda1/Photo.lnk id: auto-cc7db4a1c2231b0946a98e5fa194aa7f293e90862554571141b8e24fd5f5ba19 status: experimental description: Detects traffic or activity related to https://194.223.59.102:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.223.59.102:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc id: auto-d56fc7c28de9581b66ab222b0339b9e76c78b6e60b5078d1861b1b2144235371 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc id: auto-e9d0d062d7d038933f8b1121c8251e5bf465dffecf1bf36f599e0bf2c777ee44 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 id: auto-284ed609a3b3dce4a907d16ee6f81ae84db321f557b376b99d107c979b5a16c0 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.223.59.102:8443/sda1/AV.lnk id: auto-8b6d5c70799dabd14e2fc130cf98db10c48c7d86cd81dd38062dc1f61a76cbb5 status: experimental description: Detects traffic or activity related to https://194.223.59.102:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.223.59.102:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/1.sh id: auto-c5a2173418af18c9a670e4dd6c921f955185ac1df19e3ca0b36c34c2de7e30a0 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.223.59.102:8443/sda1/Video.lnk id: auto-393be1e74f33287398f61cb6110e3861d12c4b504e6f661c2a66967389189e84 status: experimental description: Detects traffic or activity related to https://194.223.59.102:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.223.59.102:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.223.191.245:99/buding/dbghelp.dll id: auto-e498ca23af8d702d152dc6cc6df0f47ff8dfe66263590baaad910005bc7e469f status: experimental description: Detects traffic or activity related to http://124.223.191.245:99/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.223.191.245:99/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc id: auto-ff55ee53135b3c52480370a5f3907a91efd26661a89686be59406c6dfdf89376 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/ohshit.sh id: auto-b1639af826c5679ae4bdd4301bec6a42facbf28bd19cc0096365df29c06e7053 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 id: auto-09afbc06776017cfbc0889e0f9d3452bf3d1e26b7fd3433fd82c68954f4da828 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/1.sh id: auto-b7b91609daefc38acf7e1a2c6a65912c992b7eb0cfe565b92dafbedcdc578ff2 status: experimental description: Detects traffic or activity related to http://146.0.74.122/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 id: auto-e1f52d586a3ecf1cd9a452a25df439e51abe576e3499937f7e73df8bc9b4ead3 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/debug id: auto-bba99f4d35cc825a91673a2ca69039322225dacc56851327ac7f0acf503e8794 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/debug*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm7 id: auto-c3f504439feab3fe5cafaec45fb2d7cff814db9c1892e66825097a904e751620 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 id: auto-f3f50549d1490ffa31c37aa83ad79e3f534d122ae6fe6cdf2716b0a4f1ac6291 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm6 id: auto-4494758e9dfe6ac3cfab844f513ab60c266b8c5ee917c622ed507a3ef41edc7d status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips id: auto-938668bd0024d5b6718644c0cb6cf0fba0dc3808778a1a8f12608ad2a9c31081 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.ppc id: auto-af1cc24f55bd95377fa5f94e8314f9f84527a4e8e83ba1ddef594b2162701a0c status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.m68k id: auto-f19c9346305b98b7242eb95d38342a8b0a01279f29994eee6e31c3f9143a4753 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.x86_64 id: auto-96121af71c248687a17477c1ca009fad010b995636e72c6c61f3d0e1d43dc2e9 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arc id: auto-7a502b16ed9a30e39af5a9c5972682d68bee88daac8a08eb55683e55ab927985 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 id: auto-161edd204c04e5f6ff4b3044a9628389daff1324f024699e01fe9d67c1af4755 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.x86 id: auto-4665c79d7f870908de3fb902ef3ffd72f7c92580d14c38891ca4655f8f42dfa2 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.spc id: auto-7da5833cff87ee33f53b2871c64f5ec798fec5f8f5e59804422d068d774ab3ef status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/debug id: auto-db55bfd04e88887d43f2be32e1b11bec66733bc3c8c3f2f4d0eb3d2a60157b81 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/debug*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm id: auto-8aa1d645a7cc0059414c7ce412551eb7bff6b243d413837538adc92ad6486d3e status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-717631ece7738978a31aadceb5fa12f23260105c99cab3f9c1701cf2ffca77e1 status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.mpsl id: auto-a9d2a6e79d56b835e2b04904840a6cecfff25f4ecd297c526609ac4cad663400 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 id: auto-fc9d2baeef21b12a3d8109fa6f1f9e6de0c8e666fc38a8f5a56e6944e5ec71cd status: experimental description: Detects traffic or activity related to http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://weifang.serveftp.com/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.mips id: auto-5b8a6800870bb89837f82104fa2a5daea4fb9d4463783e570a5e95e8fe5e9e5f status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.i686 id: auto-73188da9a87f95f1688db1ee5db2bf04e1a2a4566d7c62ff1ec201d037353976 status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm5 id: auto-baad62aefe224b93cec470aec352d5de745eae80666b5cd1bbeb7a767f3f126f status: experimental description: Detects traffic or activity related to http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://proxy.zhalenmsl.biz.id/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.sh4 id: auto-9ce7ddd920d9538b1d88ef2fef2198aee3f2e1c1a89e56501c806da45345747b status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://68.64.178.11/update.exe id: auto-1026b887c4bbae725e30b9f7a2d66ced0d888bf6de43a4ded63ed2f7f89c1ce0 status: experimental description: Detects traffic or activity related to http://68.64.178.11/update.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://68.64.178.11/update.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://68.64.178.11/updatea id: auto-df44b14393653d73624e917109bd4abc9778f912cc179e9855a74b0328db806c status: experimental description: Detects traffic or activity related to http://68.64.178.11/updatea which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://68.64.178.11/updatea*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.arm7 id: auto-1bf8e194c39023cadfb1b513be3c28d6408d6ea53c4f72b091f4874c89c5d164 status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.arm5 id: auto-f005db25afa77cd9944e1d129171620d11bc83db08dc1dfaae8c5eb98f68498e status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.237.247:8443/sda1/Photo.scr id: auto-2bed30416c9be56b435920c20d8b0fd52ece62266c30172ab63658800d30374d status: experimental description: Detects traffic or activity related to https://151.15.237.247:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.237.247:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.237.247:8443/sda1/Video.lnk id: auto-a3ad48568d4689910c5a54cbab99fa8ac553b9bc1e1aa44830f76accec40b330 status: experimental description: Detects traffic or activity related to https://151.15.237.247:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.237.247:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.ppc id: auto-56ba5f437b3d86da32f093769215d7257e7420043c23622b6d56dd9dfe5bc5b3 status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.x86 id: auto-ff362a2cbaee9a5bdf3020bcf0f8771d7660735344d053aea33567c18a498a64 status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.arm id: auto-f4a9c838cbd2275bc3cec54ba60049b2b4854710509f728977242fa921b2c98d status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/arm6 id: auto-b8c2456fc9587492f50c5d8ef559e939e94f27e241b54df15a54171dfe9abb75 status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.mips id: auto-b2b00a032e3f44637bfc8f9dab06330aedc93b685bfb8af14613593e7293d368 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.mips id: auto-de3ea16e6330590ebe292b8ca3cfe058345b66794473025c1da2afb951f011af status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/arm7 id: auto-97cc69184587998ddfc1a93c0a047fc5a87737197d8cf0f95fdd25e7e38fc59f status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/mipsel id: auto-29c492c758e66b716e957e5d0d0286960c1549d0612f172c39321f38cedf5f0b status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/mipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/arm5 id: auto-d7727046cb7d0aebfb034544c5779cf33a67670e806006e525d3780952db1753 status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/wget.sh id: auto-6030eca296d723beee70c031600cb41ff52c842e1ae1c874d93b6a14adc98302 status: experimental description: Detects traffic or activity related to http://154.6.197.41/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.arm7 id: auto-006a4a6363b844381e701a07218219999080d2ebacd0043d0bd033594d31d2be status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.ppc id: auto-0dfbcb4f281b2daf295652f5d0619f0403ae45a10a61ce0f6b5287c48b20de4e status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.arm5 id: auto-91aed0349934a65a7162d512f9393e4ed6d96fcfe4d109a5136e0b8339827346 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.mips id: auto-6fcd7098ed1e7b2b976210882e74f04068a9fe8fb12183b9b3ef86f4df3fc5bb status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.mips id: auto-0fd3ab68791f2f1f172bb1840f981e6114b4747e197e71bdf83578b2db0d69f3 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.arm6 id: auto-b3cf16e71bfba66528411f3c0e2ca3f8c8103160860e6b62909e6f955d54e60d status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.arm7 id: auto-d00ba26e15f7bf98a4a7ea62bfd7ff513c381d9878758f75768099de0f4efd5b status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.237.247:8443/sda1/AV.lnk id: auto-9491e6652836b2d183c99e093e3b086d2947dfce32595c1ad7f87e3228b872c6 status: experimental description: Detects traffic or activity related to https://151.15.237.247:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.237.247:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/ppc id: auto-e63f3b48e6dc8490df616ec1ced345db3d7b818af53cc7d80b600a26148ffb2e status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.mips id: auto-88a4a3de80b1750020434c933a9bdb586a2a5a9de033d68ca4f13cbb46a917c6 status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.arm5 id: auto-25bc1e4f92ef3c2b2196703c1ac47d8571363f85be4599c767948771ee51e0e6 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://68.64.178.11/update id: auto-b33d53775cc68b3b112338a00861ccb73d8620e496a98b4f6b4e141cef86d4cf status: experimental description: Detects traffic or activity related to http://68.64.178.11/update which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://68.64.178.11/update*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/arm6 id: auto-53cf941a0e14f1b91b1511c683c5f373a9b01bb31cf802692f5a78fd2d08575f status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.ppc id: auto-02a0866700640d31672e29567daec2cf92116e498c63a6d928fe503faa46872d status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/mips id: auto-a94aa6f4664931c0c18233035b0b3d890e00eaa01a20b298f6c7be5e001a72bc status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/arm7 id: auto-665f99c602bad0035611c11fdc4282005255b55e8078cbdd9bc156a7618fbbfd status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.m68k id: auto-eb1f3a7d0d998e151acd5a1af8b23283d92713332eb014f661bcc2b994186760 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.mpsl id: auto-bf91f37074ea409cf2026194fa5eac4a5733cc288855e4f8dd072a0dafc4bcb0 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.ppc id: auto-99faf3f40c1ce1a95b2bec53ff849bd288dfdb193d4df4002e73e95f65136021 status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.arm id: auto-3a6fad42b162a4b1e856fcf5fffa400bcbf1ccd920063e317d8a84065d466271 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.arm id: auto-8dfa50539832dfb85e797ea1ff660f2d4f52e196094ede7483d8224cbe8b534d status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.mips id: auto-2e9408e7cb70d8fe226db9667e3f0cf75e4cd4e49c1fe4b8f35437eb93cd2e54 status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/sh4 id: auto-383f1606923f6ac70f44e0aec0bc923742d650f5c85813bcea9ae17ddd3a71d8 status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.mips id: auto-e59e04e095842e636c049847ed053a6ee3bd513e4a8c5bc08c6a8877f8b4bd9b status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.x86 id: auto-1643a09488c9d74f7ee91c6192419df3d299d0ce6fe8bc9d0e92979c10ec281c status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.arm id: auto-ad3541e63d7bf6224cb9869491aecfc2fd5b56139891d99dede7334728ef15b2 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.x86 id: auto-9a07f6e1dc78cd94f46c83915417ea67bba53f4431d523019d7e2e79d09145db status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.arm6 id: auto-55751cfe395e2cacaf1071d175106a4da5ccb67bbb600211fc1128c6f593620a status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.202.149:55053/i id: auto-2b16bdcf2da334c5dc9988b2435091d6db207b987cf6a66ac276dc33a7bba512 status: experimental description: Detects traffic or activity related to http://42.230.202.149:55053/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.202.149:55053/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.mips id: auto-f798ae8efac79c98f3b97c92818b8d2f1eb6c9f8898b7da14d883ea9c36289ce status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.237.247:8443/sda1/Video.scr id: auto-a3577a7a68321ae27d2ef8afc862e8d69bc76a748a71c7f3a47b4049b08294a4 status: experimental description: Detects traffic or activity related to https://151.15.237.247:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.237.247:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/spc id: auto-7c477c10c5b08ca79f9ce5b633549da67ee3ca31eced56cc961f2d2445f160eb status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.mpsl id: auto-13e1a55c3f7e8318485d7f2656e0d0d4665e1cc92fdbcaa00a05141625e5e00d status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.ppc id: auto-db32561ff328d0276b031616802a6ab181cc717ce8bdb299de01cb4400c90f86 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.spc id: auto-2f9319fc0d33198d0aceb28d319fdaf837861af681bed243de9804bceb9221a6 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.ppc id: auto-a58df0a0c78d89a6ec908ff1474ba4a172ce0a8ea5b0af0d526b3ab61a7bac13 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://kka.co.za/bins/vcimanagement.sh4 id: auto-7d7540a1d2a73a7e1354a78e630b7387df3820f733525c38386a7f4e25e65fbc status: experimental description: Detects traffic or activity related to http://kka.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://kka.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.arm id: auto-91289ccb963639fe1318b09510d54f7910d4e46dfb5ff0aaf2b2109a1c04a5c8 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://kka.co.za/bins/vcimanagement.arm6 id: auto-57199e5c4447c2bef343558847d0c6fdfe05c42dddf3693664d2c8cc811908bf status: experimental description: Detects traffic or activity related to http://kka.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://kka.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://kka.co.za/bins/vcimanagement.mips id: auto-1f1ea1e24fa012ccfc28f990b4c03ef6c6a034697eeafa90078f2e66102f9c16 status: experimental description: Detects traffic or activity related to http://kka.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://kka.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.ppc id: auto-03a0fac94f7c91ef1f54e92441be88a13ac346692c1310adffc09bdab1263cb9 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.arm7 id: auto-63c8b9427902460629d3753e8528a284b73c6a3122f84e69cead32631ddf64f5 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.spc id: auto-668c878fe36d2715052c4e6fa8d5db06abcec4bca00776565d7657cef7023358 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.arm id: auto-1ec7ca5a436a9ad774b0b55412227e6c84da6c673be3e9b3ef03ea2b3cb5c0d4 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.arm7 id: auto-8eb33d646e590656266b70632b18defd05d6da372325618bf5dcd9116a340135 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.m68k id: auto-fb6add5bb6e91029989c83099fed27d81acb311a0052790c7aafd147c792b72a status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.mips id: auto-596dbd06879e46a696351374e7094a66ff2d775aa38b88753c98e1f645fa2693 status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.arm5 id: auto-a7b4ffba3cf3747a0d0d7b664515022c55d33423cfa19cf3afeca0092f764582 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.sh4 id: auto-a901b8d1230e1ac979589835d97106ca6817d247324f40f573c477f77536db0d status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.arm id: auto-66d0ddb223ffbe3bd02091f457728f2f68c73f684a2354d484a577ef5a6259a2 status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.arm6 id: auto-492bf7bcf72a446155289b4df04a20983bf43daaf6a109b63688b5007c1c8eb8 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.arm7 id: auto-83f40d0569358aea0e22cc5e05f0383fb5c3a41e8da74d9f58308c7772508ec7 status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/x86 id: auto-f062e9182c18321e62a7bea99c9c93f6941726e89d38877315eb712f075f9b7c status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/arm id: auto-162a66f22c02908628628a61464ddb1ea435475c5506d59adce86270c9033cf7 status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.mpsl id: auto-3693bfc2ef672ac0727224830835ae4b73e46be62c40c6cc0a30a0ca690353bd status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/mipsel id: auto-de6649719301ac784920b41715a819bf143c42cdf878509e43684f2100de8ebd status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/mipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.237.247:8443/sda1/AV.scr id: auto-0af72759184f00bbb19d58c3e9f8f75c787b0c4554e5289a60ce8d61a7e2ea68 status: experimental description: Detects traffic or activity related to https://151.15.237.247:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.237.247:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.x86 id: auto-f7debae35ea8e3f06ec5a23f6310d96710b25826d84734a28127e5c8985bc2e1 status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.m68k id: auto-585954559e36a822a4a1c86ea18287e0fa93981eeafdd7178ae8ccf7f408cc27 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.190.4.241:8080/shell.bat id: auto-d9aa50c0b358d07eccdf60049a77a5d230dd42b21afb0fd03774e45306d222c3 status: experimental description: Detects traffic or activity related to http://146.190.4.241:8080/shell.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.190.4.241:8080/shell.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.sh4 id: auto-19696c42400a300429d27e0389b3e992b96b939d1e8f41d35313e4ec2bb1eea4 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.x86 id: auto-df8846fcbfd81fb6aee3bc29194e402df5d4e21077183e263178ca3320ac7e30 status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.arm6 id: auto-cc6b7e381a74987fa42c06b25f8447c4a520877d84d226ca8e85e85a687001e8 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.spc id: auto-3a211a12e0acbf3c8aff5701cb680cc69d5d675e21edd1a118642be1c8c46c2f status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.m68k id: auto-173da7595ec9f168ec2e56ff48309b1939b0afe27d34f10cfe3f8b2802e13d31 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.15.237.247:8443/sda1/Photo.lnk id: auto-df652c76f4ff1ebd9c384f194969149fe8d799d2e51e1c86bbf899a6d3b1455b status: experimental description: Detects traffic or activity related to https://151.15.237.247:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.15.237.247:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.sh4 id: auto-6c3dec98b2f98144919e7926913f587b1abe853f6b5914866bf370de9836078a status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.arm6 id: auto-13accb67c2ba7d2b9541d99e70a16a7d89971628177cbcf888ba7e00726ee4d2 status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.arm7 id: auto-40cf37f2e19147d7cffbac0fe2a4a5c848b4382999f0420ca7a034eb0785ea5f status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.x86 id: auto-5a240d90d4e3206714fe4dcd6b3f79a32fa721763d8d9a6356d73d66f9c191c2 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.spc id: auto-d9542bec9b92d3c7c56439165b1f47dbd7df4d216043b1a6d9a338bd22522818 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.sh4 id: auto-20619ec4f203f2494cd611b96a90851922ae82ccbc711a9aba658b7f68580218 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.m68k id: auto-42eba398ea031b7c0e565d055fe86aea300d309e08e1c632893256ca99838da7 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.arm id: auto-f8e9899fcd2bce0dc424896ebd12680a8b3ebd806fd73a9d3dd8380585bfeff6 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.x86 id: auto-bad44b645c4b6a850712b986712c1144942bddcffdd495f83b4967a1c03b1c15 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.spc id: auto-23e13f500fab363f091b5f088c0d731a94574ecb5fe3f8038560faf2f1a2e417 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.m68k id: auto-5e14cf75c9d8e98ff87d70f2e6ab5eaac3c3be439518bc260525326a1b6a1664 status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.spc id: auto-349cc7bceb285555ba91df9cabce2ca36b5f0c0de642ff834cf98e6c923ee1ff status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.spc id: auto-5d4e81d4c79c173b463b69180c92c28406d9be94767ff156bea3f8aec84e1d7a status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.mpsl id: auto-a77f1ae60cb4dd49a23feac5fd578b343eeb97b14310c2b692279b76f2d62133 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.mpsl id: auto-53dc2e1b60d36f7f6fcfad97a989f4318499384658a3d8ad1ca17d7b1ed4b581 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.sh4 id: auto-50c18bb2a46d879c91eece2cd91f5acb3173cdc2033e831696d70f6c5dd7afc1 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.arm5 id: auto-c3ff8906fe5175d043c33f91d2b765c3f0e4d5b0983e1522fc5a3a978155f830 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/x86 id: auto-c73078b273e060e59febe0283bef8f83ff4c44cc59ad993f042478d48129bab1 status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.arm5 id: auto-5b1a2c466435e452f4e72b79d3f502c76f6e8fbc45e452556fe67672b9564897 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/x86_64 id: auto-174aa9e0ced9ccfea2962fec8d5e8d3f64829433949d5b8da88cf31dd31f575c status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/x86_64 id: auto-57c2893777a53f3dc5c0c673509ff232251077215fece8e2a1b3d213b88f5489 status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.m68k id: auto-9e5fdff63063f1971234f339a8923fac537fc4ecc6c3f0120a32bd776028a65f status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.mpsl id: auto-1e26590c47bece25ae016aeb29ae6e6653aac061ee37518738d86708d28c47f5 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.spc id: auto-4c9630e06f8e5e8658027648c723aad7862c9442e20f242350a99cad8fafcee5 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.m68k id: auto-4b214c701932e4aaee7b002a3dc7498262f99b44a10fd1a6d1a591e27af35963 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.sh4 id: auto-7e627a0f6d425d359932cb86ee722d1515c71cc8874142596212797a9d094be1 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://kka.co.za/bins/vcimanagement.arm id: auto-ed5808eab9428c52a7eb87c52d4f0fc74791424d27411fbdae7e660ec2abac22 status: experimental description: Detects traffic or activity related to http://kka.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://kka.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.mpsl id: auto-a1daaba3c7fa6372723c39590fbc4d62ff5872e66b9751dc1901e5cc6416c11f status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.m68k id: auto-113b2ebce2f11f00ec34150fa4d6fa7cc4c05af6f44d97eef11cd091d55a5fc2 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.arm7 id: auto-cfb33de5234e9228fd22654035d4a86f2effd6f036225310ec4daa5c7c5f6a5c status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.ppc id: auto-64c56a4e33388d9c50a47275c6f52f16cd56c32922e56d5b8cc3ad596cddb0e9 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.arm6 id: auto-8922be729df8693682a293c9197085f58fe18236b8be0fa4ab2915fd45338b19 status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://kka.co.za/bins/vcimanagement.ppc id: auto-6b40941a99909da422974da0c59f9d163a17a2f02cadeeced343276659a7d92b status: experimental description: Detects traffic or activity related to http://kka.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://kka.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.ppc id: auto-e1b14dc42b834449cabbfd9db5523b427ca2b461180cdec644c7ee030785ae54 status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://kka.co.za/bins/vcimanagement.arm5 id: auto-4e8cbeb23140975072b321eeea2fc9cb4e77dda061859c3aae43022185ff9e3c status: experimental description: Detects traffic or activity related to http://kka.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://kka.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.arm6 id: auto-63eaa4a21f50ab82b11d9d6d746241c2321861934588a5fcf5749d0fe347b5cd status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.arm6 id: auto-8c596516cb4557f87b39d4e027e2e7621a0da92ee7fc0464c787acfc20ac9202 status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://docupsign.cybergeex.co.za/bins/vcimanagement.arm7 id: auto-fe2084ee6b94c0f25bdf8a99d0cc8c231fa31cea25c88fba2878476928b20673 status: experimental description: Detects traffic or activity related to http://docupsign.cybergeex.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://docupsign.cybergeex.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ddafrica.co.za/bins/vcimanagement.arm5 id: auto-7f5acfef6291962abbbaa2629da713d6ae099a1129baddb3785e1d47eafcdc4c status: experimental description: Detects traffic or activity related to http://ddafrica.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ddafrica.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/tuxbot id: auto-b2ba810c562e30468720b35002faa80e311f63ff27908b8b0eda33ddbb16c907 status: experimental description: Detects traffic or activity related to http://217.60.199.86/tuxbot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/tuxbot*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://laundryandtextiles.com/bins/vcimanagement.mips id: auto-ebf22e6d649abd4d7cfed5e570f0486acb78ab9c4812d3ca8ca160c9443bf21c status: experimental description: Detects traffic or activity related to http://laundryandtextiles.com/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://laundryandtextiles.com/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://evite.cybergeex.co.za/bins/vcimanagement.mpsl id: auto-d98b2c4484563e8bdf1a9b55602eeca1fc3cc5bb0fb1f5bf4bb0d4ecc13f9a4b status: experimental description: Detects traffic or activity related to http://evite.cybergeex.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://evite.cybergeex.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.mips id: auto-00d04971f6bfa1a8668dea84da37637a12533feeb0c12cb00dd89deabafda689 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/w.sh id: auto-893a6e03f2a2b0b7c0d2888e192cdedf6b64ed1dfa5749c3448080fb233a190d status: experimental description: Detects traffic or activity related to http://154.6.197.41/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://documentvip.cybergeex.co.za/bins/vcimanagement.spc id: auto-6297edab038adada714c122b4922474780b2d7d6815a387aa757a1b6845a52a1 status: experimental description: Detects traffic or activity related to http://documentvip.cybergeex.co.za/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://documentvip.cybergeex.co.za/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.sh4 id: auto-1615b90aa2035067acebf9b6dce82de5b80f5c800270146f9e2139f4bb23b4f7 status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.23.248.252/fw.exe id: auto-8e274abc7c163a4ac8c9362160c59361cbf547eaa11d1506563f24e641f279cc status: experimental description: Detects traffic or activity related to http://64.23.248.252/fw.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.23.248.252/fw.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.x86 id: auto-61c0c7f8f8a81a3b61ed61d7fe80e76f13a9c21eaf94273d144b0c991e8f2258 status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.arm id: auto-016ccbccf09dede2813323de7dfb9e3ff6885518d77395fc4ea45b7dbafd6d6a status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.ppc id: auto-d1fa66b93cabcdd9c51e299e9a6fc20dc31077a9eb9488dbae8e7c68d84d0199 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.arm6 id: auto-1ae395a1f2a5f7b0fbd2b505a8bb2880c4808662510d2155a4e6c2bc2cdb9b29 status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.arm7 id: auto-5a93e4edd48210f1670b42f245d5d583260f9c6a81db855d3dd29475dad76b17 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://designdynamix.co.za/bins/vcimanagement.x86 id: auto-a62d1852855251affa2c2a863861f27c26a8554f36423e9722c995ac59939cd7 status: experimental description: Detects traffic or activity related to http://designdynamix.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://designdynamix.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://erassociates.co.za/bins/vcimanagement.arm5 id: auto-87a94ef1d2d2a15477046da31bf64a09a547ae3546b6e635b634aa9e22167510 status: experimental description: Detects traffic or activity related to http://erassociates.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://erassociates.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/m68k id: auto-31fc250ef9cc70011c12164d3b75a8bdb1622e8219183bbd579730cf3b8ab4b7 status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.73.139.50/bins/vcimanagement.sh4 id: auto-703d1bce4ebb41b9b13ad64b05f144ab1fbf1ce8f5277287ada13c99e2e50e6c status: experimental description: Detects traffic or activity related to http://154.73.139.50/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.73.139.50/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.mpsl id: auto-3060334dd5ab697689ba4a862be43ac83418675cc6aa36b87c7baaa88a1fc9f7 status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.spc id: auto-771c3d81970b8217f89d264e3b181ffe8eb6c5876498b537325ab111c45be807 status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.sh4 id: auto-93807a71cc60c751e3f61c1bfa98899219573f180e3c2759d562def7f4de185c status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.mips id: auto-d6ffe49f8c217e1c22df868fc07b90d3e14349805510f6a058d3597c98e9c8f0 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.mpsl id: auto-1d5fd9a4e841ee3dc7161f751f26cfce532f2e32e7950e60b93140ca58368f04 status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.arm6 id: auto-59338718bd443f1e3f10914cc618d1124f91d0b7e915dd6cb7fe4339add5065b status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.x86 id: auto-046c09501dcd3acd4dd18bef546e22632c90d851f09daa8fdac9552071275767 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2fourty4.co.za/bins/vcimanagement.m68k id: auto-135cd394e8e79980ac89dfbe5b01f3c88a294a1762ead6f2cbadab537bc71905 status: experimental description: Detects traffic or activity related to http://2fourty4.co.za/bins/vcimanagement.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2fourty4.co.za/bins/vcimanagement.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://couchtalk.co.za/bins/vcimanagement.sh4 id: auto-af626060c1973c87c04c924307cf3a477b84566b2332ec45e1553a2c6b846037 status: experimental description: Detects traffic or activity related to http://couchtalk.co.za/bins/vcimanagement.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://couchtalk.co.za/bins/vcimanagement.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.arm6 id: auto-bb9d0a1768b6fc55c84505b36176d6c78efa092a15b0e30508524ef364378148 status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/tuxbot.sh id: auto-eefeddf899a8a9f5fd0480c0b8065ee78c13d4a3fe2e02c60e115e25e00e386a status: experimental description: Detects traffic or activity related to http://217.60.199.86/tuxbot.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/tuxbot.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/ppc id: auto-fda6afe8f92c6438a36b8ebaae3ba1a891f8bc13eb85ff666d677ac08755b629 status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cybergeex.co.za/bins/vcimanagement.arm5 id: auto-e19ce968529135cddf76f04dd27939d7b6e18846a318aed27915f8958021bc9f status: experimental description: Detects traffic or activity related to http://cybergeex.co.za/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cybergeex.co.za/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/mips id: auto-62ed7bb54440585e4af06a9a57dc6eb4060ca11a7683ccc3a47f34f7efb5ac19 status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/m68k id: auto-3a44d14ff4f06276a02272b9af03af54f6e8af882b0390f0a8edd43b4cb5dd9d status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.199.86/bins/sh4 id: auto-364efebbcafe9f619c65d49abf98d98075687b8feefec5e9a49e54efd52d95bc status: experimental description: Detects traffic or activity related to http://217.60.199.86/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.199.86/bins/sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/arm5 id: auto-2d8d78d347759d9b7c6a2bdaf9e002673adfd3b29c02d16abf075d82dd26a365 status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/spc id: auto-ee2419179e5410ce4a96eefaa5b0c4038a1eb8a302ce1e35db98d3070c93fd48 status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.6.197.41/bins/arm id: auto-f30c9f3d8b72713831efd6a11beabeb3049103a0fb0503c9da66c9f87a21defa status: experimental description: Detects traffic or activity related to http://154.6.197.41/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.6.197.41/bins/arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.190.4.241:8080/shell.ps1 id: auto-b74ea21a55a7cab22004b9ae194fb101f9b1b46ebbc025d94b4c52b802ca2298 status: experimental description: Detects traffic or activity related to http://146.190.4.241:8080/shell.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.190.4.241:8080/shell.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.x86 id: auto-0a95ef18913639ee2353c3005df3755779894e1d2e3147fd75d6ef3788d277ac status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.ppc id: auto-911ec8cec5028be3c2df71e5fd9e7f47ec66cda126794ad3ce30602d0fd45616 status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.arm5 id: auto-72ef8cb44da677b85b336584036788f3fae4c60e40281ec977f666c89018e3d3 status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.x86 id: auto-9cfde3de6aaf2ae1b4ab71f14d2b8cc79ca25155bca97f7ae01a3eb992869d3c status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.ppc id: auto-ab497ac67f93c482e1a9fd2796fee48a2ea8e128308af66e56f1da8f8763e154 status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.mpsl id: auto-bc15f70f088f2d93a878918c3fea5f8c9bd111854e7acf140f5eb4dc307ddbca status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.m68k id: auto-7393131dbbf4ce00e418a8a94035aa823005a3ef7ade2c00f2247cbed8b2f165 status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.arm id: auto-150137b43dbd60f17b45ea10a11c65f9d6455ddc2525c8ba0699dc2f37948f5f status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.spc id: auto-25d65379533b2e3668ec9f6782bbdfdf480a96dddc98e460df902ed9445f9b6c status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.sh4 id: auto-52cd948d331fb6a15862338f34eebc871f84e9d34bb7dfa3939f70968dca3c78 status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.m68k id: auto-a8a648ba7effe4974f28625cb035a9105f5bb88f078914d3fd33e493b900b39b status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.arm id: auto-aa8ff8f9e1470b870904e14fe064dae3ae1380816277d60c0db9d16c3065bba6 status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.arm7 id: auto-978a6aa01c42b2e4b2d7d704465286467d51908da4f7f4b6e2926f7cc1a4639f status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.arm6 id: auto-378544874c4bda66f07aedadc04da0b1c0ccea7b7c5d7e0ebead3e938f25827e status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.arm7 id: auto-5fcb0693f0ff6580912e64fd33665f8dafa1fa5d2e8c1b6c1a9b4c601d1b2761 status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.arm5 id: auto-38a731616f8b67db9f7e6e60343b591d68d05bd903ca0149b0703ed80dd5b26c status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/fentbins.sh id: auto-78b2e4097f16505c88f6c978595eb2888bc406b86400baaf2444358e56363ee5 status: experimental description: Detects traffic or activity related to http://dicapolyp.com/fentbins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/fentbins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/fentbins.sh id: auto-8a227f0eaab62e77b99a0dc11dfe4b244df6d1ab03d0108709ae5b0bb3e019f2 status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/fentbins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/fentbins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dicapolyp.com/bins/fent.mips id: auto-5d5219214ecbb46479e2e2fdbad32fdfd8b59771d314e1bdb4cef75954bfbfaa status: experimental description: Detects traffic or activity related to http://dicapolyp.com/bins/fent.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dicapolyp.com/bins/fent.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://adhp.neterra.net/bins/fent.mpsl id: auto-efb3f6393ef8b1b6fba0f537d95fb6aebedad3382465761baac50dde670989ef status: experimental description: Detects traffic or activity related to http://adhp.neterra.net/bins/fent.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://adhp.neterra.net/bins/fent.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.62.179:8443/sda1/Video.scr id: auto-6dc5ee6e69fa42d7839daa4fae2475e273d9fdfe3262565f57f0a423ed03e126 status: experimental description: Detects traffic or activity related to https://151.16.62.179:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.62.179:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.62.179:8443/sda1/AV.scr id: auto-6092140214308b77033bbbf1c54b231e09dc5bca5039608efb3c7e4bc051d285 status: experimental description: Detects traffic or activity related to https://151.16.62.179:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.62.179:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.62.179:8443/sda1/Photo.scr id: auto-fd4a72dc1bbed5032ba3922d9abe9b9ab4af5adea3d991624b6915ba4bd5a5aa status: experimental description: Detects traffic or activity related to https://151.16.62.179:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.62.179:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.62.179:8443/sda1/Photo.lnk id: auto-edc06ea1b4568bb47ad6897ffb75b7aba858a1ebf274dd61ae70f5c5b30fd80e status: experimental description: Detects traffic or activity related to https://151.16.62.179:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.62.179:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.62.179:8443/sda1/AV.lnk id: auto-bfa902b35c8d31087c181045828d5813a2e46343f8ea4c7fa8daae76693ab3fd status: experimental description: Detects traffic or activity related to https://151.16.62.179:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.62.179:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.62.179:8443/sda1/Video.lnk id: auto-b872b75c0eedaf61a74e3b32473a44bdabb497156b67bbdfe684a8f540485611 status: experimental description: Detects traffic or activity related to https://151.16.62.179:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.62.179:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.215.172:42107/bin.sh id: auto-19695851b7156f3861fbdaf4c06d5d7e91e22e5cf21453a45fd5d22abba00ab8 status: experimental description: Detects traffic or activity related to http://221.202.215.172:42107/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.215.172:42107/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.224.16.185:1234/02.08.2022.exe id: auto-c3c68605f1c41ce9c54db4643fe9490d29452b5e013d3b834c13bb263737bbec status: experimental description: Detects traffic or activity related to http://139.224.16.185:1234/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.224.16.185:1234/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.12.33.230:8083/02.08.2022.exe id: auto-d0f4425b06741189e93c56262748f7314b38491321bfb061655f35e3d2a52e99 status: experimental description: Detects traffic or activity related to http://106.12.33.230:8083/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.12.33.230:8083/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.60.209.146/02.08.2022.exe id: auto-f7553dd757a9174556179e51832be654b36cf0c5796bdd61ab5d3c5c157c4692 status: experimental description: Detects traffic or activity related to http://38.60.209.146/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.60.209.146/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.229.123.61:7777/02.08.2022.exe id: auto-acac3bc53445c1f2a09529b1c0d01e3627614392289f6ff464111627df590cf7 status: experimental description: Detects traffic or activity related to http://83.229.123.61:7777/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.229.123.61:7777/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.145.168:2000/sshd id: auto-949ba30807155ce167da84000df852bb46ba85ed34477b62fc66b66a0aa8162e status: experimental description: Detects traffic or activity related to http://59.182.145.168:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.145.168:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.195.14.161:17904/i id: auto-3999bd5c707272e71017b2e21754245539fa571a3efd25e4ed6750eef6283cfe status: experimental description: Detects traffic or activity related to http://109.195.14.161:17904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.195.14.161:17904/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.243.184.12/sshd id: auto-05425137d404d85deb97f6be63a66bbfd6a3b59bb761317da0f2e3da1072624d status: experimental description: Detects traffic or activity related to http://14.243.184.12/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.243.184.12/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.116.36.29/sshd id: auto-b7da7abe7a6613f2843db7f8554b4cbf68f900ada4e26d45c50044c97a4fac89 status: experimental description: Detects traffic or activity related to http://42.116.36.29/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.116.36.29/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.174.218.60/sshd id: auto-0426d7248baff456fdd54fbdadac46ec16266a26e556f0fc7e65a8fc7a294c2b status: experimental description: Detects traffic or activity related to http://14.174.218.60/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.174.218.60/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.220.162:3220/sshd id: auto-d089741ed0a0e81be01d3c97406a0c21bed9cd9e009cacd21aa517cd0da2f7d8 status: experimental description: Detects traffic or activity related to http://120.157.220.162:3220/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.220.162:3220/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.250.102:85/sshd id: auto-ce792cbb8f79208fd23575a85ed6e138d36f487b8152afb8c984bb9734ab2765 status: experimental description: Detects traffic or activity related to http://120.157.250.102:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.250.102:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.93.88.82:47841/i id: auto-33ae05fb0e75a26750ff331b9bf17ffc8ff3f814e8770c548e41f44758dd4df0 status: experimental description: Detects traffic or activity related to http://36.93.88.82:47841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.93.88.82:47841/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.4.154:85/sshd id: auto-2c8b4225dcf32b690ba41f887bf69a5640962a00c6df5920120a19a7cf1235d2 status: experimental description: Detects traffic or activity related to http://120.157.4.154:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.4.154:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.186.30:9301/sshd id: auto-1255b245315b4327ad249aa47cdd632e8f9ee72d1fc0a3a6beb4c6c80bdaddb9 status: experimental description: Detects traffic or activity related to http://178.50.186.30:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.186.30:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.73.152.142:63801/i id: auto-bace9f1577ecd4f531a39f40d8a73c13a1a86abc92234acff91b0bd599eceb0d status: experimental description: Detects traffic or activity related to http://186.73.152.142:63801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.73.152.142:63801/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.158.100.140:56904/i id: auto-72cef997e1b6de36e43c1857e8ee51f597e0711982b58f7633f3c8c4cbab8415 status: experimental description: Detects traffic or activity related to http://195.158.100.140:56904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.158.100.140:56904/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.142.120:59950/i id: auto-ec55adcd7a25f396f6e83b22164d331bcc5f3ab8a54f9e51aed14be5ed21fb58 status: experimental description: Detects traffic or activity related to http://116.140.142.120:59950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.142.120:59950/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.120.6.53:8000/sshd id: auto-8411d7a143d83415d1f3ff49764b216621d0400da4b1c676696433d09b3bee4f status: experimental description: Detects traffic or activity related to http://171.120.6.53:8000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.120.6.53:8000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.246.224.21:63830/i id: auto-de78394dfa3d1f3b0cb30e78d5823a0d6c577a9f35da532a9a9b60454f49090f status: experimental description: Detects traffic or activity related to http://195.246.224.21:63830/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.246.224.21:63830/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.21.243.193:11103/i id: auto-e7937e7dc8af28a8840aa535688b2897e6d5787e1a51ffb5f3d092524cd741b7 status: experimental description: Detects traffic or activity related to http://92.21.243.193:11103/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.21.243.193:11103/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.192.25.33:42888/i id: auto-641e2eaf1cc15d0105228ee31e6aadeaa7cda65d1fc738a4803c59feaac65ce3 status: experimental description: Detects traffic or activity related to http://181.192.25.33:42888/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.192.25.33:42888/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.180.188.90:8082/sshd id: auto-13fb3c7a2c5b54e9433a25821b1514a2944ec124096bf14f55e1906f4e8ead30 status: experimental description: Detects traffic or activity related to http://113.180.188.90:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.180.188.90:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.186.201.37:62179/i id: auto-e66af7ba166801a5921f1bfc6a60d78c8f12997d33da029b02b89a804ec48d0e status: experimental description: Detects traffic or activity related to http://45.186.201.37:62179/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.186.201.37:62179/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.189.142.149:48021/i id: auto-bc401a6b985bb8f62bc65e1f50742aca1def1297230242d36c3f6371ca64e703 status: experimental description: Detects traffic or activity related to http://222.189.142.149:48021/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.189.142.149:48021/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.0.5.138:42273/i id: auto-1805d58e73562b3b86355e1434c4b07d1a668808cf22bb7f08c303b0e8aac793 status: experimental description: Detects traffic or activity related to http://79.0.5.138:42273/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.0.5.138:42273/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.12.246.128:8080/sshd id: auto-06bf41ceb8af7aaab0b5f47c4ce0a09f658bbf078e11efe547cc6fe282a66cf3 status: experimental description: Detects traffic or activity related to http://77.12.246.128:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.12.246.128:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.206.159.249:32192/i id: auto-b36292df130e26881a37418f9aa247e1c032e5eeb3d5aaf9ec1769d1242b9323 status: experimental description: Detects traffic or activity related to http://176.206.159.249:32192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.206.159.249:32192/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.164.41/sshd id: auto-38431814b3dbf9f29cef9a6121aad09a629cbdefb2a6d466ca57fd453c2f452a status: experimental description: Detects traffic or activity related to http://83.224.164.41/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.164.41/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.197.62.195:60001/sshd id: auto-097bd1c4a493726ce56f267f02899286df3f0596e51516d7e91e6209e02bb6a4 status: experimental description: Detects traffic or activity related to http://62.197.62.195:60001/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.197.62.195:60001/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/dc1.ps1 id: auto-0abf7cd8e17776744ef29b7a0989f319b437b0c537ec026c849a6c6506644154 status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/dc1.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/dc1.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/encoded_shellcode.txt id: auto-e73407bc43343702e17a93bff5ccdb37f6441e4763be01fc012107a58330344f status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/encoded_shellcode.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/encoded_shellcode.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/loader.ps1 id: auto-a50ff771419cdf0c2668e79a36c13705a3910d14cd855a6830bbc0c1821cf8d6 status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/loader.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/loader.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/test.ps1 id: auto-8fa08a3febb761badb6795e64bb3ebdc192916edfb8189441eca147c2d882c40 status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/test.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/test.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/source4.ps1 id: auto-8011c6876cff3a74e3440be4121e43e4253e138cfc39d0e8cd900783d1abe191 status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/source4.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/source4.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.214.103:54763/i id: auto-e953fcbcd28fb5b3b0ec9052266550c4d2bdbc9563eadce568b9235fd3c6feaf status: experimental description: Detects traffic or activity related to http://60.18.214.103:54763/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.214.103:54763/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.1.99:41497/bin.sh id: auto-5d21f62c2985ddf9c0f299a116273a37bf1f0c79d5fdb04ad8b0428c8273b130 status: experimental description: Detects traffic or activity related to http://42.56.1.99:41497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.1.99:41497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.202.149:55053/bin.sh id: auto-2e3a19244c93cfafd0e5313417eb17596350f4833a605e6f57c0520b097516ff status: experimental description: Detects traffic or activity related to http://42.230.202.149:55053/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.202.149:55053/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/Google_Chatgpt.exe id: auto-9b40a0def1128fa18d0fdc7a772a87359ac8b8f6b5917b94e68014c5fff9ece3 status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/Google_Chatgpt.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/Google_Chatgpt.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/Dism_boxed2.exe id: auto-b6693db3dcdf08cda6640faf4c69c91c8d9e14d0e9887028741f3b5242640f08 status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/Dism_boxed2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/Dism_boxed2.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.189.141:34680/i id: auto-6aba69cb3f7e2cb8b99a8115705f4dce1b57be379c2d70beb05587409fbb1d72 status: experimental description: Detects traffic or activity related to http://42.235.189.141:34680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.189.141:34680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/donut.exe id: auto-4287c25074d5007ca2e25ad8c8027f36fea168ea2039acd12a05e94917365e1e status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/donut.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/donut.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/DismCore.dll id: auto-fe07c55ddc6a094fa291ae40c08619fdc3232958a9e69821f06974b47044e02e status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/DismCore.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/DismCore.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.197.187:9999/Hangnong.exe id: auto-de86bba64400368fca631af80593956e4efa87cb604fee377ed3d08a412ebcec status: experimental description: Detects traffic or activity related to http://103.67.197.187:9999/Hangnong.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.197.187:9999/Hangnong.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:49999/i id: auto-c253a29ec560964e0d4ad8d33885420ce8a5830f6a669e36b3efc16ca95fe142 status: experimental description: Detects traffic or activity related to http://188.38.158.163:49999/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:49999/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.4.219:33822/i id: auto-627e2ba6a5534501c2040bb1064f14b768e757940de148a8a698147e23786e51 status: experimental description: Detects traffic or activity related to http://125.41.4.219:33822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.4.219:33822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.229.214:38294/i id: auto-8b4fb3a9a1805098cb485cdb72ca155a80566d0ecac83d835993c9e7fce66039 status: experimental description: Detects traffic or activity related to http://125.43.229.214:38294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.229.214:38294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/mips id: auto-b85118ca2bd1cf1cce766c3ac6f93256a0a4d3c405639065980e77afb5548a51 status: experimental description: Detects traffic or activity related to http://64.227.48.87/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/mipsel id: auto-29c62fab78abd3ee4dcc5ffa4b3455b41fbddcae65326910c3497f42220d6db1 status: experimental description: Detects traffic or activity related to http://64.227.48.87/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/i686 id: auto-6c0924179c1077474edf914d4a9214d122ece2cc42ba930b51d3900f3577b201 status: experimental description: Detects traffic or activity related to http://64.227.48.87/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/dc id: auto-03c05cd354de7e28da679d8b95a271f3c8eb48a9f57dd919db9388cbdb4f4c4b status: experimental description: Detects traffic or activity related to http://64.227.48.87/dc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/dc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/co id: auto-1b4197032829a8262b26af018b970ef3a2f973c0c456b79615e8fac1be3f0cef status: experimental description: Detects traffic or activity related to http://64.227.48.87/co which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/co*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/sh4 id: auto-91ddfcc3dc98143a87689353bd67e7fb11d85d1eeab1192eef3e7baf3e2ee27b status: experimental description: Detects traffic or activity related to http://64.227.48.87/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/x86 id: auto-b401fde61834e678849871f12ff14d92563d66e19f3677c697ed33c14bf919ae status: experimental description: Detects traffic or activity related to http://64.227.48.87/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/dss id: auto-d9caeede7b783995adbeba9b3467ad11e3ecfc8d99eebf07feeaccbb3f4c549c status: experimental description: Detects traffic or activity related to http://64.227.48.87/dss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/dss*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/ppc id: auto-22a017583231764537743229593c40c3c1c6734b1e87f57c7008874e056b3f43 status: experimental description: Detects traffic or activity related to http://64.227.48.87/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/arm61 id: auto-30d23a763022228fbbe46b55eb1bddf9425fdc91b1d17aee55a30e68b540aaf1 status: experimental description: Detects traffic or activity related to http://64.227.48.87/arm61 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/arm61*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/586 id: auto-9ee9fd4f3e24356796b3ab4dc2b4722e12030ced1bce676ca016bc4c74b9da4e status: experimental description: Detects traffic or activity related to http://64.227.48.87/586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/sex.sh id: auto-195e5183f8467010f05e376c23538ea9c87c3bd102c747fa764375678a7c63b3 status: experimental description: Detects traffic or activity related to http://64.227.48.87/sex.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/sex.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.48.87/m68k id: auto-c0f10c6e299e5c4639937d7519885aaaf4b3bbd694f7b1270fecf46264dc9aa8 status: experimental description: Detects traffic or activity related to http://64.227.48.87/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.48.87/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.6/h8jfdmdWS/Plugins/cred64.dll id: auto-a251c3bcefb354024a3737ffc00a1cf15daae9c470ba55768a64ba838f2cbe97 status: experimental description: Detects traffic or activity related to http://158.94.208.6/h8jfdmdWS/Plugins/cred64.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.6/h8jfdmdWS/Plugins/cred64.dll*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.6/h8jfdmdWS/Plugins/cred.dll id: auto-e49bdb361a6423dab7e3ff788cfe4d814d91f32d71b4df9908ae21b24ee51f88 status: experimental description: Detects traffic or activity related to http://158.94.208.6/h8jfdmdWS/Plugins/cred.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.6/h8jfdmdWS/Plugins/cred.dll*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.6/h8jfdmdWS/Plugins/vnc.exe id: auto-ec43a6a627b0de15f5a4fda85f2671d2e767c1e666200079b3893e9e995ab013 status: experimental description: Detects traffic or activity related to http://158.94.208.6/h8jfdmdWS/Plugins/vnc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.6/h8jfdmdWS/Plugins/vnc.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.237.138:57800/bin.sh id: auto-760a37d56c76511fb2e860f4daa7fed44a5b5200947a67e661b9af0f13268ea2 status: experimental description: Detects traffic or activity related to http://60.23.237.138:57800/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.237.138:57800/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.189.141:34680/bin.sh id: auto-94ecc68a381a6191d4184752471bfdba59c84cc7d959f54395596735da21c53c status: experimental description: Detects traffic or activity related to http://42.235.189.141:34680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.189.141:34680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/checkmacos.sh id: auto-78c88a7acb2fa8cb0755670764e929557b071e5f6d0abfe721c5617d7f0a9295 status: experimental description: Detects traffic or activity related to http://77.221.152.211/checkmacos.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/checkmacos.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/auto id: auto-91bc948c70f55baaf8605f46799faa68fa3c26057a4ae409c6c551a84c436c7f status: experimental description: Detects traffic or activity related to http://77.221.152.211/auto which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/auto*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/check1.sh id: auto-f9a315693519a0750f2306b2e553c0023cfaff9d2387fbee917ee2136a54648b status: experimental description: Detects traffic or activity related to http://77.221.152.211/check1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/check1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/Error84 id: auto-32851da9374346bc213d74555b93dd192bbbe052257d0c9af55a170685162e1b status: experimental description: Detects traffic or activity related to http://77.221.152.211/Error84 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/Error84*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/log id: auto-b097696d2be1f35b5f149d33a035e51af9364612d02be52945a4cdc1eaeb55c7 status: experimental description: Detects traffic or activity related to http://77.221.152.211/log which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/log*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/syst3md id: auto-04f94d91675e112c61c3a7deb89a127383455d1ee5647b6724e124ad4fd98b17 status: experimental description: Detects traffic or activity related to http://77.221.152.211/syst3md which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/syst3md*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.221.152.211/check.sh id: auto-60d23563517fa8c1c99044d6ec0a14ff48d46d5a16ba65ffbe25cbbafdbab911 status: experimental description: Detects traffic or activity related to http://77.221.152.211/check.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.221.152.211/check.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.229.214:38294/bin.sh id: auto-61c30107d3506452cb7dc3532e5b782e6f564fee0fa14dfffdd9c14d5b0e4e1c status: experimental description: Detects traffic or activity related to http://125.43.229.214:38294/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.229.214:38294/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:49999/bin.sh id: auto-dad15155ef951fd729510812f9d9bbcfb278f1a70f7e480630da1bc355d122d2 status: experimental description: Detects traffic or activity related to http://188.38.158.163:49999/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:49999/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.sh4 id: auto-b9c88d44dfd392d12260390e5dc82db0b8b0ce1186029c30f49212bbf12bbed2 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.mpsl id: auto-1ece9d981bdf59c5eb39450394736be714a76a3c37dbeb5b1017c738c9e24ef5 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.spc id: auto-3e6edcb490fd6fc7b417cbf56a7dcaa8934ea7ea092df22f4183f24ea405150c status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.m68k id: auto-55f32cfeaa45f4a0bed194afe9ce67576bb382c283ded6d532ace48423f41c05 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.arm5 id: auto-5f24b3d6f929ab3733d828555034a233ae61a838b38999bce7d8ac8876670146 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.ppc id: auto-9ecd55f4d407e9847fe42ec6c45284edf48512140ace27aeabd51d133489e883 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.mips id: auto-6e3bc13a389376c867ba668040e810e8199d792c41ed218fd65f6b265ed86989 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.arm6 id: auto-724c0cf27ccbeb6c6ec4fb743084da235d06b08fbbc3434ad7d3fa862c60398d status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.x86 id: auto-627bdb3e5003ed243103ab8af75c13390b5dfbfd2987e397351111ade6957f39 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/bins/sora.arm id: auto-779ba25da4589d489fb371aaa7f17dc5161d181dddb3e8779dd5ad5387fc2fe2 status: experimental description: Detects traffic or activity related to http://41.216.188.162/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.188.162/sora.sh id: auto-51bc46a1568daf874c80f25815399919a5e5f4fe163c8890a63b0e54345f1b30 status: experimental description: Detects traffic or activity related to http://41.216.188.162/sora.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.188.162/sora.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/mips.kok id: auto-46778d7d7fa9e29142a35d9e3d95181e669607ccc99cee089eee36e7007d183a status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/mips.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/mips.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.244.25:40819/bin.sh id: auto-217c9e9b9c933f5429283cb0faa105039788ad9f989ecb8c6e2bcd2beff8a8c8 status: experimental description: Detects traffic or activity related to http://42.228.244.25:40819/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.244.25:40819/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/ovh id: auto-df6e3f5e79febe39f2ce73d6087449cb50c9fe8e5d9a9321d44a4fa49ad437f0 status: experimental description: Detects traffic or activity related to http://145.223.69.190/ovh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/ovh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.sh4 id: auto-3affb051fcdde8c43b3db4e79ce1b7311b4bc884202489674c790a90c36e3da2 status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/payload.sh id: auto-38c74b243f14039256811aa893216278f79e404314ad0762649d700fdcb54697 status: experimental description: Detects traffic or activity related to http://145.223.69.190/payload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/payload.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.arm id: auto-8dd4212c80924059eadafd04a4c4cda3e2ec0d307694dbc309561a6a665e5df9 status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.x86 id: auto-e8d69d359eaf5c283cbe0b576419f68ebdc1c7081f973c1062a0edaab9cda44a status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.arm7 id: auto-bdac2759cae53d3856836094fd15ece6ceaf50a80518a062e76113b5045b41f2 status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.arm64 id: auto-43013e36c21bf116da111c7868688c74211589593612884a48db4ae8837d6dae status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.arm64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.x86_64 id: auto-f851903394b0a76e7b71c2de1fb9d1594a903ef2d38e40da187885d930cd16e7 status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins/plasma.mpsl id: auto-7c1850713eceb974e56a8e98efba3687c1951c243ed10faabbd176e090fbad4f status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins/plasma.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins/plasma.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://145.223.69.190/bins.sh id: auto-234aa6523de0244f381b7f2a5caaed5d44ba439c8d13c8a8132df74ef89ede89 status: experimental description: Detects traffic or activity related to http://145.223.69.190/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://145.223.69.190/bins.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/arm7.kok id: auto-57814917ae9521ac82227d3966e852a7df4c1d0169173af0f3e90520309e69ba status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/arm7.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/arm7.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.dropbox.com/scl/fi/g7u92l2sexw3tmzzesn8f/test.mp4?rlkey=xn19a3ukswnwuqc9g5p1t9vdv&st=9quaxxz0&dl=1 id: auto-68f7a3a27213b3963eb4a4deca7246ea02e545b8b8358311b80f503afa506341 status: experimental description: Detects traffic or activity related to https://www.dropbox.com/scl/fi/g7u92l2sexw3tmzzesn8f/test.mp4?rlkey=xn19a3ukswnwuqc9g5p1t9vdv&st=9quaxxz0&dl=1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.dropbox.com/scl/fi/g7u92l2sexw3tmzzesn8f/test.mp4?rlkey=xn19a3ukswnwuqc9g5p1t9vdv&st=9quaxxz0&dl=1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/arm5.kok id: auto-2e56eba7d7cf7fabf797e513f9968870cd8f5a72a460d44e554217bad6dfceb1 status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/arm5.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/arm5.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/arm.kok id: auto-9e12e5db4b7957f294c1ad633f2bbf94bfa785722b50dc78d4906ac587028a43 status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/arm.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/arm.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/x86_64.kok id: auto-4453d2b9297a9fd26ce7ab371f735ad17fbea474d2df7164816aab50f4b3bc6b status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/x86_64.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/x86_64.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/mipsel.kok id: auto-6c81630a825bbc115ec337a9d090eec9d9ff210d75e9270f1e263324361ff3bf status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/mipsel.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/mipsel.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/powerpc.kok id: auto-3e072f6fdbb249fb5ff784d827dffc3c89e14e943823d257aa372ae6bbc427ed status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/powerpc.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/powerpc.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/nigger.sh id: auto-e5cc5d746805b982e7c9bc44c27f849dbdc2eb1baedd69de0fae39a6d6da34c0 status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/nigger.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/nigger.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/arm6.kok id: auto-3caf5489d62bb5f984ef001b00ddf187acdc9aece2a311cec7538955f124278e status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/arm6.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/arm6.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://binannce-uberprufung.com/x86_32.kokz id: auto-8c58356365f096a987b9f34b71932b33300ec5fbdd895a5a2ac0f6fe1edfcd39 status: experimental description: Detects traffic or activity related to http://binannce-uberprufung.com/x86_32.kokz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://binannce-uberprufung.com/x86_32.kokz*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.45.111:52718/i id: auto-45860e39d2f2e18b7e9deb2594a4af53c4e016763d7a6c1141056b10b1da6c11 status: experimental description: Detects traffic or activity related to http://182.127.45.111:52718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.45.111:52718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.85.36:52399/i id: auto-579c8d70f34b3a145e932890d962b1978fcac60cbb54bd956f106aeac1fe3c1d status: experimental description: Detects traffic or activity related to http://42.228.85.36:52399/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.85.36:52399/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_ppc id: auto-f5b80bb11ce1e66b3bd05c04505a86f424cd3ee81fbceca7badd0e6c711f4bd5 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://turn-players-para-movement.trycloudflare.com/lod/QB_UPDATE.wsh id: auto-d07912e1d1aa450ef695b54c1fd99dacf90cef572a244a7a41963cb3fcbce6b9 status: experimental description: Detects traffic or activity related to https://turn-players-para-movement.trycloudflare.com/lod/QB_UPDATE.wsh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://turn-players-para-movement.trycloudflare.com/lod/QB_UPDATE.wsh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://b8217fef.thisisnotyourland.pages.dev/wix2.ps1 id: auto-dbc385905b531e1251d58183db99eb66af1c38ec2a89b662cc0fb150af489767 status: experimental description: Detects traffic or activity related to https://b8217fef.thisisnotyourland.pages.dev/wix2.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://b8217fef.thisisnotyourland.pages.dev/wix2.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_m68k id: auto-6a1cf6f52cb12298126657fef84f91e304e06f848a6e60150f61482ed4a3e0f1 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_arm5 id: auto-8da7eed403dc63ef9f8a934890dbf5ce465672f63b42867a4a3ebb00986cd693 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_x86 id: auto-45c7365f03c60c4ecdbd69d0b28c4a4d769de781798f6fad10077905d62effa3 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_arm7 id: auto-6b2c0fda64620faad12ddb3cd46a5247c59507739f3e250da299db40148abbdc status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_sh4 id: auto-2970da820b0f3dd59b6027b0230c19d7ca1247e5b9952fa00235ef47416b25ea status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_x86_64 id: auto-8ec80b76ba1738a72b5a0024a4f5c48793cbfd13fc84b8f5cb3bd71a824c36d5 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_mips id: auto-2b584e59a6743e27ab39ec3e49501b2b276c15f906d80bce88782deb63706f1e status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_arm id: auto-3913a5423a79b3adf71bba46308a2583bd541b101a31ee4e573443f43898bc56 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_arm6 id: auto-0c0fca9360762c3eb542356c5c9e51988eb16affe044858656d08ec3b1e4abd4 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mrsus.ddns.net/main_mpsl id: auto-42ee349445eac7ad75da307d2f3e85673997b0824659d552259e2c7636f2d002 status: experimental description: Detects traffic or activity related to http://mrsus.ddns.net/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mrsus.ddns.net/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_mips id: auto-8920e25dbf2fdb3a08c19516b2a811f50a297dd3a24ed9349ef8e8136c1ddab2 status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_arm7 id: auto-a1900099279dc62ff01bce4e476656fb44198892c471b15d34e8b4a4ec1d3d1b status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_mpsl id: auto-a1de31ce05f98fad8d7fc95452ad923c781eeb41bea20fbe326cfbc71f9f09e9 status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/789.zip id: auto-9b10672885cc4c8c1c191ce0898bdf971c4dce891f53b36d2fb3bad5e5300477 status: experimental description: Detects traffic or activity related to http://45.92.29.74/789.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/789.zip*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/123.zip id: auto-ac7c874fbb5e37b23d88e49d4de7553b49e0551099e552d16dd98e446041d488 status: experimental description: Detects traffic or activity related to http://45.92.29.74/123.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/123.zip*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/11.apk id: auto-357d02ad4faa799f5035c2329ca3e480a6bf1ef9390d23a3a2a4752ef8a225af status: experimental description: Detects traffic or activity related to http://45.92.29.74/11.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/11.apk*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/456.zip id: auto-f1a6c603dac125c602bd9172a9ff1ad1b71dd054652b11b9660b86cf70b75fdc status: experimental description: Detects traffic or activity related to http://45.92.29.74/456.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/456.zip*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/TE.exe id: auto-f7b4fe66e9400ca32f952c6226fa1e417686037a6e072906791756e174772d38 status: experimental description: Detects traffic or activity related to http://45.92.29.74/TE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/TE.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/server.rar id: auto-b27e2833a2a0fb19f133d0e07d06ff185a7ffed33a11f79d8874d16aa00f517f status: experimental description: Detects traffic or activity related to http://45.92.29.74/server.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/server.rar*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.88.235:34466/bin.sh id: auto-6b645db2709cdcca043a9221b12092e35e9d8060be4cea74c17e0ef16a8ea2b2 status: experimental description: Detects traffic or activity related to http://124.131.88.235:34466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.88.235:34466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.56.242:45731/i id: auto-0edebd1e08880cd56f872f098ef69c707827ae7476c6071d073d045d252575ee status: experimental description: Detects traffic or activity related to http://117.215.56.242:45731/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.56.242:45731/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.100.45:45259/i id: auto-6e837c920e8f457996a53aef517e63cebbc0bcf80ffe4d0ab2e0cf95e6435f10 status: experimental description: Detects traffic or activity related to http://115.49.100.45:45259/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.100.45:45259/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.42.218:50576/i id: auto-c1ed0147eaddaa6fa04d448b6a63f3ace0f3baff7e70f7a1237823cf223f22e0 status: experimental description: Detects traffic or activity related to http://58.255.42.218:50576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.42.218:50576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.173.83:53045/i id: auto-d31783d269e449eb6ef764f937157082ef661c209fbc0b3bcc141625c095c148 status: experimental description: Detects traffic or activity related to http://222.137.173.83:53045/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.173.83:53045/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.202.51:34757/i id: auto-94f81200f54cbf3c13388d4720e6c99fc429e5c0f92a3410479dedf136894073 status: experimental description: Detects traffic or activity related to http://182.113.202.51:34757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.202.51:34757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.202.51:34757/bin.sh id: auto-896e919fff126cb333013925607e9fbe7c7629dcdadab38603aa8469321d4582 status: experimental description: Detects traffic or activity related to http://182.113.202.51:34757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.202.51:34757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:40447/i id: auto-7caa4ded63d7df89b904e213f11f01d5dd8cff2c4b1405c39fd6f3573006de3a status: experimental description: Detects traffic or activity related to http://118.232.137.101:40447/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:40447/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.245.54:37057/i id: auto-e9187cbb5c1bc7524c97aaafc1d996d3c4eb3214832dd462c0f6043a6e5115a6 status: experimental description: Detects traffic or activity related to http://115.63.245.54:37057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.245.54:37057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.158.221:34646/i id: auto-ee2a3b7402d0a6b893d35e09a17716580c0eed00200f075dbdf653aff4d34d9b status: experimental description: Detects traffic or activity related to http://61.52.158.221:34646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.158.221:34646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.97.231:53717/i id: auto-3056edc49e222317f62147d5c63f7334d1cd85d36c7e980855fd2bf472be3386 status: experimental description: Detects traffic or activity related to http://115.58.97.231:53717/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.97.231:53717/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.129.49:41832/i id: auto-5b5bfc533aa26c242eba07edc81e2d3511c3bbbcea5dc56f6c0de921bce428b4 status: experimental description: Detects traffic or activity related to http://182.117.129.49:41832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.129.49:41832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.187.17.22:51139/i id: auto-3b1cb5debddd8bfc67e57f6f5baa149226c0a7f91480ed59e9a428a46a1deac3 status: experimental description: Detects traffic or activity related to http://78.187.17.22:51139/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.187.17.22:51139/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.127.205:58644/bin.sh id: auto-ee4b3002efe0563863b58e93092d12b84d42e3d587af05d064f7bc1d43007b2b status: experimental description: Detects traffic or activity related to http://220.201.127.205:58644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.127.205:58644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.234.156:43616/i id: auto-745c9df757eedbe4f895eaa761ac93eba2c5775e0645ee9c347340befc56d2c9 status: experimental description: Detects traffic or activity related to http://123.11.234.156:43616/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.234.156:43616/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.132.60:46867/i id: auto-2e176acacf6c3bb57a10539f8d672b84e6e069e4291bf12348cda6c9d6a502e7 status: experimental description: Detects traffic or activity related to http://61.3.132.60:46867/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.132.60:46867/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.79.141.90/bot.mips id: auto-b324c050c37602884fb0e1fb7a362c15047547d13ee5eaad19e94b1b9bd2e3d9 status: experimental description: Detects traffic or activity related to http://51.79.141.90/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.79.141.90/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.79.141.90/bot.x86 id: auto-2c645f66202ae23f10b559359b4a96523fbd0d403627441f6b492a61296fa7bd status: experimental description: Detects traffic or activity related to http://51.79.141.90/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.79.141.90/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.76.39:38771/i id: auto-bb3a40de3937d04d69546b7069fce9bb04b27ac420439cadd56bdb721f557849 status: experimental description: Detects traffic or activity related to http://222.141.76.39:38771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.76.39:38771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.222.40:45249/i id: auto-954c6c1ecca9b5bfef9a14697944aea474ae3963d4f1b39da61dfabbe8632693 status: experimental description: Detects traffic or activity related to http://123.12.222.40:45249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.222.40:45249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.205.66:50669/i id: auto-223505ff396e7395cd36799efe7194ee5cb70df4b82b3a04c574ade1ed4fea35 status: experimental description: Detects traffic or activity related to http://119.189.205.66:50669/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.205.66:50669/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.86.112:40072/i id: auto-55d66da173e3bd624d6e2fe6f500794108580ac95b9c0f340f487c2e4fea8548 status: experimental description: Detects traffic or activity related to http://123.188.86.112:40072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.86.112:40072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.190:58110/i id: auto-1dcb4cab0974506a6a9022f8fb8acf31c814707782ae01f91bd7e952cbd1d852 status: experimental description: Detects traffic or activity related to http://117.209.82.190:58110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.190:58110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.82.216:52132/i id: auto-6e153ff22b71c1d8de727ddc45fb7c366b1b8933446f116e37d57cfc5e94458b status: experimental description: Detects traffic or activity related to http://175.165.82.216:52132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.82.216:52132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.200.60.108:49805/i id: auto-f0b76d010078a9f034cb55585b45a014d232c49be45335c6f956d0ab9a643ec3 status: experimental description: Detects traffic or activity related to http://46.200.60.108:49805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.200.60.108:49805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.56.242:45731/bin.sh id: auto-43ba39c731172bd8e017d58ca88e3326342f571e5583a3b5e6b099e9a1d85131 status: experimental description: Detects traffic or activity related to http://117.215.56.242:45731/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.56.242:45731/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.87.11:36283/i id: auto-e6619e2a26e6427c24a71283fc2920822dfc4412821594a436e30c16856a5129 status: experimental description: Detects traffic or activity related to http://222.139.87.11:36283/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.87.11:36283/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.85.36:52399/bin.sh id: auto-8f8ef7eace99eb351d48f7f48bb3a51d15ec056754f958e22163d3d263aba6aa status: experimental description: Detects traffic or activity related to http://42.228.85.36:52399/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.85.36:52399/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.1.169:46670/i id: auto-cc86a6835a66c2415e563cdab8ca5cd119165cb063a73fa56df6de34153a78d5 status: experimental description: Detects traffic or activity related to http://42.55.1.169:46670/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.1.169:46670/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.55.114:57207/i id: auto-0f63db3ba20a66327eaa6b6284bbbab833687f2e2c21fc948b12a7d31b04efed status: experimental description: Detects traffic or activity related to http://182.117.55.114:57207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.55.114:57207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.i468 id: auto-b7cb268c422da713f734f0253a643391e34aa2da9b22bdb7c8973b25b542bf57 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.247.241:39041/bin.sh id: auto-67b27019d4231cdbfb3dabab0fc1200120a70d8860ea67d9baa53a658bd15854 status: experimental description: Detects traffic or activity related to http://112.248.247.241:39041/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.247.241:39041/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/1.sh id: auto-79bbe327237860c49ef1c6147438195165eca1fd06fc5be36505f4961c0e1f1e status: experimental description: Detects traffic or activity related to http://202.1.31.174/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.83.57:46524/bin.sh id: auto-853da539cbcbff9ed6d20832de2369d29ffc3ecf2da247889205af03155f15a8 status: experimental description: Detects traffic or activity related to http://175.165.83.57:46524/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.83.57:46524/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.83.57:46524/i id: auto-d703c360c0bc3f45fdf27e0ec52e16b8aa4d11e6e6ddc529cf65f30deaaf3375 status: experimental description: Detects traffic or activity related to http://175.165.83.57:46524/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.83.57:46524/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.87.11:36283/bin.sh id: auto-0e0fd3c8900dcf372d034abd5d2272c89e78c8d8a63e9170b2549894b19203e7 status: experimental description: Detects traffic or activity related to http://222.139.87.11:36283/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.87.11:36283/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.252.134:49437/i id: auto-32219e73aaf29c91b7a2281a8642bc52143dca8821c9e6767d796cfd79f3a39e status: experimental description: Detects traffic or activity related to http://175.175.252.134:49437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.252.134:49437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.74:48530/bin.sh id: auto-a07f2e647c38a2a61d1a9dcb8185b6236d954a73d952db1d4e1421474993fa5d status: experimental description: Detects traffic or activity related to http://42.7.202.74:48530/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.74:48530/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm7 id: auto-ef3aadd3c8625b95aa75b9afa8456ba48e9cca937850d921795ce07f28142e41 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.spc id: auto-65013ba621ed4f83496fd5c275c9a1bae78b79e86a42bca440de731555553de8 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.m68k id: auto-bf7a4388222f20a741a9598107ab8f0ab63ac98e7c2d0ff77f5bc577c2bfde42 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.mpsl id: auto-95cf10b56fc1e2e345fe329065ef1c3d9808a0322a685e91356d45d00e5335d4 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.55.114:57207/bin.sh id: auto-89b2d3dd93a87550a3875585084ea28b03817cd00e4da7aaf931f82a13c5455a status: experimental description: Detects traffic or activity related to http://182.117.55.114:57207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.55.114:57207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.x86_64 id: auto-33e6637c52ac66f94f9cf1b9bd41b97684a82261f753da34c8fd7b6f2ae36aba status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.x86 id: auto-c7f92800c11fe6ee719d3cb5080c4ee085adc96deb24a67a12c5832a0eed3eb8 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm id: auto-83f9bc7191356d1d4bb4bf643e5f929c3a64edae9e4d4a173fe4cace43b4cb17 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.i686 id: auto-ea1e0a8c6a5ae80dba8d5350577d1e5221fea8eaba630215aac56be671b518c0 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm5 id: auto-65f16f11af9132ba009f62b1c308db78c7300fc37daf70ee162c5d1ba2c307c5 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arc id: auto-af5e3d3b47d1a523ea404920f6fa5f38d607ec502672b3b64942bab7f498e098 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.ppc id: auto-b619f4eb84994a42c7ad0057ad8a2e092789718cbef18018763fd833e1ca3610 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.mips id: auto-6bee7789b79843d4f0b6e9cd84d6b030d0dcd6da14cde1dca969d4a53850e035 status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm6 id: auto-525ccac8303314ed92ecb516271ae3167074f95a75fb500b01ab754defdf1cad status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://oracle.cloudkanahost.biz.id/johenlastgen/johen.sh4 id: auto-89ec3a5812f9e11ec5bea3e873c3e4290ce075da65dfe2a3b2834a4625fa2a3f status: experimental description: Detects traffic or activity related to http://oracle.cloudkanahost.biz.id/johenlastgen/johen.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://oracle.cloudkanahost.biz.id/johenlastgen/johen.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.1.169:46670/bin.sh id: auto-fdb6c8efa7d7c6ef7ee868af871ab0d4f7716aadd7261639502d1874a9a7fdaf status: experimental description: Detects traffic or activity related to http://42.55.1.169:46670/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.1.169:46670/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/p-p.c-.ISIS id: auto-1484c3e979c3c360442d74dc7118874cb4c7bb2f478c158663c31ef90d0a4195 status: experimental description: Detects traffic or activity related to http://cfeca.win/p-p.c-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/p-p.c-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/a-r.m-7.ISIS id: auto-a0c965b0eab28e42e6ea01715af4c363ae6ca15755cdca9ae4f001b7e9982d4a status: experimental description: Detects traffic or activity related to http://cfeca.win/a-r.m-7.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/a-r.m-7.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/a-r.m-6.ISIS id: auto-079c10fc61fe53cb242cd4d154541ad80c75f36d8962e86020578191f0c68a8a status: experimental description: Detects traffic or activity related to http://cfeca.win/a-r.m-6.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/a-r.m-6.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/a-r.m-5.ISIS id: auto-74c94a8a8baf078be8bcd4da464b52ed93127a0f3cb7c42c54474a94d2144c58 status: experimental description: Detects traffic or activity related to http://cfeca.win/a-r.m-5.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/a-r.m-5.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/m-p.s-l.ISIS id: auto-d62b727262ca32078a6578020a7e98b331f191420205ea9702562ccf88a413c3 status: experimental description: Detects traffic or activity related to http://cfeca.win/m-p.s-l.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/m-p.s-l.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/s-h.4-.ISIS id: auto-1b553806cbbc17b173ec8511995371c9af31edc9274bae317e1d3ce1a95535ba status: experimental description: Detects traffic or activity related to http://cfeca.win/s-h.4-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/s-h.4-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/ISIS.sh id: auto-10d447af506369229765a474898254a56f2a0bc1eac6f1be5662e7ca03c2dced status: experimental description: Detects traffic or activity related to http://cfeca.win/ISIS.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/ISIS.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/x-8.6-.ISIS id: auto-2e6e7a5bfacef2969c735392f7677dcdeb1f241fc74b0997c96edc59d1063f22 status: experimental description: Detects traffic or activity related to http://cfeca.win/x-8.6-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/x-8.6-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/m-i.p-s.ISIS id: auto-ad959c4afdb56d1d324ef9b83b5447da1733c81c2bd61c328414adb5e60ea198 status: experimental description: Detects traffic or activity related to http://cfeca.win/m-i.p-s.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/m-i.p-s.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cfeca.win/a-r.m-4.ISIS id: auto-789e888b492a8268a40fe2a35cc204f74264fe3ab0de45446ef8a4124de61ddd status: experimental description: Detects traffic or activity related to http://cfeca.win/a-r.m-4.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cfeca.win/a-r.m-4.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/milan.sh id: auto-afa75b33efbcfb5e79ba5c7daf48bf1fa26a68d35151c871489d48671598cc90 status: experimental description: Detects traffic or activity related to http://143.20.185.78/milan.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/milan.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/x32 id: auto-d21e108e757483f142ab15d36418671cf591af614f2d5e8b51b830723e7b758e status: experimental description: Detects traffic or activity related to http://143.20.185.78/x32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/x32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.155.154:45112/bin.sh id: auto-eeda05bef23564c9560f6b0ecc08bd06b63da85829a0f47e442c0809011c750b status: experimental description: Detects traffic or activity related to http://42.4.155.154:45112/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.155.154:45112/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.49.129:42762/i id: auto-a2e1648f5989e7a62bab6ca91248d17c38f86e39d06f16ecd18bd6b9134d6f73 status: experimental description: Detects traffic or activity related to http://115.55.49.129:42762/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.49.129:42762/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.252.134:49437/bin.sh id: auto-167dbbbe2acc4b89d331cb13e437800b1d2a5c2566c6e5f535cd9728eff8758d status: experimental description: Detects traffic or activity related to http://175.175.252.134:49437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.252.134:49437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inatboxtr/mahkeme/raw/refs/heads/main/%C4%B0nat%20Box.apk id: auto-32863fbded0b6dbb1b21e17dfe64095670293e6a2c64c14bba6bcb3b31591401 status: experimental description: Detects traffic or activity related to https://github.com/inatboxtr/mahkeme/raw/refs/heads/main/%C4%B0nat%20Box.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inatboxtr/mahkeme/raw/refs/heads/main/%C4%B0nat%20Box.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/appplaystory/starlink/raw/refs/heads/main/Discover%20Security.apk id: auto-b03ef18c68de81d50913e9d4b4902e2893cc8bf26773cdee97545d498745c048 status: experimental description: Detects traffic or activity related to https://github.com/appplaystory/starlink/raw/refs/heads/main/Discover%20Security.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/appplaystory/starlink/raw/refs/heads/main/Discover%20Security.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.74.250:46385/i id: auto-fe0d0456c14e768bffae2aee25e965e02264399fa3177011cb5afeda18ca9daa status: experimental description: Detects traffic or activity related to http://175.151.74.250:46385/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.74.250:46385/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/mipsel id: auto-b0d2b108d367f969bc5d7695a86a32cbab2faa4b622147eb8ab8be86c5b47d67 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.104.188:45841/i id: auto-3becbc1325b7544b7d7626a735abc086c9921f3e5c060f8203e757d9e5b21e1c status: experimental description: Detects traffic or activity related to http://27.37.104.188:45841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.104.188:45841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://163.142.78.243:53783/i id: auto-e07a82d068d0c565e10c79e55fceb445bff6f12e5206fcd3cdc715cde19592e7 status: experimental description: Detects traffic or activity related to http://163.142.78.243:53783/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://163.142.78.243:53783/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/bins/z id: auto-937a51b86e7dc79e04933e1b035c06c805227b86105a0603a50833370aed8dc4 status: experimental description: Detects traffic or activity related to http://130.12.180.64/bins/z which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/bins/z*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/arm6 id: auto-ca583eebfbc42c03919c7efe6eab7400b1c5ccf688a13273107aa5b9eec15060 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/arm5 id: auto-a16a36b6193c7c275ad036815d166a7cf650339c1dd7d3cb8dd9d1c8ce6be3e3 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/mpsl id: auto-bb609be107b0d44cee622af23a19851fc1cadbeee4e4fc57127bcea73e36e3d8 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/run.sh id: auto-1a132074b45bc692c3a3683bf8a7fb8974058ef2f37067c0214abd636eec7a7d status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/run.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/run.sh id: auto-747bc97a07095b24694b41e326696604237ef2a2449a4b2b52dcb9a6df9c1306 status: experimental description: Detects traffic or activity related to http://61.7.209.88/run.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/run.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/uvardur/yvindir/raw/refs/heads/main/inattv13.apk id: auto-a9902d6c20f100502a10036cac9caab0350abb78558f8db52096ff8069f5d0d2 status: experimental description: Detects traffic or activity related to https://github.com/uvardur/yvindir/raw/refs/heads/main/inattv13.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/uvardur/yvindir/raw/refs/heads/main/inattv13.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/oduncumesut84-jpg/bakhele/raw/refs/heads/main/%C4%B0nat%20BOX.apk id: auto-57806fb8fd43a09ebadb2dfdf4d30533c306e97f11c16efc33c73e1729f3bc68 status: experimental description: Detects traffic or activity related to https://github.com/oduncumesut84-jpg/bakhele/raw/refs/heads/main/%C4%B0nat%20BOX.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/oduncumesut84-jpg/bakhele/raw/refs/heads/main/%C4%B0nat%20BOX.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/uvardur/yvindir/raw/refs/heads/main/inattv10.apk id: auto-08b092a02f8830ced8a79af6567ed9cd5c3d3f42f104b7b0151126482e140119 status: experimental description: Detects traffic or activity related to https://github.com/uvardur/yvindir/raw/refs/heads/main/inattv10.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/uvardur/yvindir/raw/refs/heads/main/inattv10.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.73.49:35353/i id: auto-ec17dc6bb19c51c24b142de6ebac9d2d8a132948fe4346ad02c4a266e3eb118c status: experimental description: Detects traffic or activity related to http://123.11.73.49:35353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.73.49:35353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.32.240:40209/i id: auto-3c4d7dd1ebbdb65fcc1bc26488768b737fcb6e474456bef6c1412c9dbe86334c status: experimental description: Detects traffic or activity related to http://42.228.32.240:40209/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.32.240:40209/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.38.213:50429/i id: auto-a8d75733a21794eea164f1ac275c5a94108c596bb4b7ebb7d8b4c7db521f9409 status: experimental description: Detects traffic or activity related to http://182.127.38.213:50429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.38.213:50429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://163.142.78.243:53783/bin.sh id: auto-df35a60b9f0e4132530f26cbeb9e281ea893d2188877b40b1f8b249e4ec149de status: experimental description: Detects traffic or activity related to http://163.142.78.243:53783/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://163.142.78.243:53783/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.219/ id: auto-17cae224077c0a8607c8bfb8c5b6e9ba5c3567eab49e4f029d7e7644271838d2 status: experimental description: Detects traffic or activity related to http://91.92.240.219/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.219/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.164.229.226:58818/i id: auto-62078911290328dc14e1a26e88aad4ece1c29c16db827c7e31b247175ad06564 status: experimental description: Detects traffic or activity related to http://220.164.229.226:58818/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.164.229.226:58818/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.74.250:46385/bin.sh id: auto-7feffe5286acc5816544c6c85a4610f0f0aa82c8a591a2fe6c234845420df372 status: experimental description: Detects traffic or activity related to http://175.151.74.250:46385/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.74.250:46385/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.177.77.204/d/xmrig_g id: auto-ce5db604746ae19ea08cdd3b869c2db614eb826fdc4e39045099c3d485f0267f status: experimental description: Detects traffic or activity related to http://93.177.77.204/d/xmrig_g which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.177.77.204/d/xmrig_g*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/appplaystory/starlink/raw/refs/heads/main/Discover%20Security%20++.apk id: auto-532bd7da278e2d19225000c57b2bfd2e8225ffe978ac42644a95361eb8ac6502 status: experimental description: Detects traffic or activity related to https://github.com/appplaystory/starlink/raw/refs/heads/main/Discover%20Security%20++.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/appplaystory/starlink/raw/refs/heads/main/Discover%20Security%20++.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/kuranhak3-spec/ft/raw/refs/heads/main/foto.apk id: auto-b9a30e62d60c8016ca45293f6edc650b630b7636b60fea22f305ddef822410e4 status: experimental description: Detects traffic or activity related to https://github.com/kuranhak3-spec/ft/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/kuranhak3-spec/ft/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/selimkurt5544/as/raw/refs/heads/main/foto.apk id: auto-fd1d4f3f7020ac2a4fc5c6f86ef86fb32d02726b935315cced53157f03577a9f status: experimental description: Detects traffic or activity related to https://github.com/selimkurt5544/as/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/selimkurt5544/as/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://potential-memory.cc/ id: auto-f2f41429351b51505537df400ce920cec69677c580ae3053ebc11683580017a5 status: experimental description: Detects traffic or activity related to https://potential-memory.cc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://potential-memory.cc/*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/abasc824/kemalabi/raw/refs/heads/main/Chrome.apk id: auto-9cda9dde8b542c21fe3ecb03a26008f4b8f03cc117fe74b73b60c1a195ba4104 status: experimental description: Detects traffic or activity related to https://github.com/abasc824/kemalabi/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/abasc824/kemalabi/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/hamitkoca3619-jpg/sourcechromeee/raw/refs/heads/main/1755720910_ChromeGuncelleme.apk id: auto-63d25f3166e31104d037a1f581759399636152cc7cef44cb58b99f7dd8108f78 status: experimental description: Detects traffic or activity related to https://github.com/hamitkoca3619-jpg/sourcechromeee/raw/refs/heads/main/1755720910_ChromeGuncelleme.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/hamitkoca3619-jpg/sourcechromeee/raw/refs/heads/main/1755720910_ChromeGuncelleme.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromeapk/chromex/raw/refs/heads/main/Chrome.apk id: auto-ddc01f81c86bdbb5d5ad9548628c98f54a2d66ae406346b1fe39fe2dfe5ca5de status: experimental description: Detects traffic or activity related to https://github.com/Chromeapk/chromex/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromeapk/chromex/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromeupdatax/Chrome/raw/a37b49d188c17b91cce35259c9b0c10c25fc491a/Chrome.apk id: auto-e560dbc9d10f400c61fd9c6da94589f0009132ba407d69606dbdd2496b30b3a8 status: experimental description: Detects traffic or activity related to https://github.com/Chromeupdatax/Chrome/raw/a37b49d188c17b91cce35259c9b0c10c25fc491a/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromeupdatax/Chrome/raw/a37b49d188c17b91cce35259c9b0c10c25fc491a/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tasking240/reklam32/raw/0df54f5358e0da37341d69459e6cb868f9779d64/Chrome.apk id: auto-94bf84fd09a3715ea07c669813c21b66456abce88e432cc42b45d44b1d8f5911 status: experimental description: Detects traffic or activity related to https://github.com/tasking240/reklam32/raw/0df54f5358e0da37341d69459e6cb868f9779d64/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tasking240/reklam32/raw/0df54f5358e0da37341d69459e6cb868f9779d64/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/babax90/Chrome/raw/refs/heads/main/Chrome.apk id: auto-b5edddb6f186fc84bb30425faed7fdb5da02bf02dddf39930377553e61bae975 status: experimental description: Detects traffic or activity related to https://github.com/babax90/Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/babax90/Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/downloadby/download/raw/refs/heads/main/Update%20Play%20Store.apk id: auto-0d09f50ace121b70d200956319b8c172754ed13b5d0de51e17a080c6d605d87f status: experimental description: Detects traffic or activity related to https://github.com/downloadby/download/raw/refs/heads/main/Update%20Play%20Store.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/downloadby/download/raw/refs/heads/main/Update%20Play%20Store.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/nevream/asdasdasd/raw/refs/heads/main/Chrome.apk id: auto-4b49264ffa019da8cceec1cb0875f31a45e6e43e634cd242cc336c8d1d9e4c5e status: experimental description: Detects traffic or activity related to https://github.com/nevream/asdasdasd/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/nevream/asdasdasd/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Tuerbanxa/Actualizaciones-Importantes/raw/dcaa06344e968ec5335beebb423357eaf332e749/Chrome.apk id: auto-43bff001950c8a6a3cb45c8f15ecd711b2ce8d83b20ab0b4f9da0bfcd30c1273 status: experimental description: Detects traffic or activity related to https://github.com/Tuerbanxa/Actualizaciones-Importantes/raw/dcaa06344e968ec5335beebb423357eaf332e749/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Tuerbanxa/Actualizaciones-Importantes/raw/dcaa06344e968ec5335beebb423357eaf332e749/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/nevzat558/ChromeG/raw/refs/heads/main/Chrome.apk id: auto-52eae654f3c4c114f195588cb4d111ed76fe36d1a66b9334877fcd24d0ce158b status: experimental description: Detects traffic or activity related to https://github.com/nevzat558/ChromeG/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/nevzat558/ChromeG/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/canerea/yeni/raw/refs/heads/main/Chrome.apk id: auto-788ac7f6f6dd77ce4d433eee9e61d8b77feef207a13484a987350bb71d74065b status: experimental description: Detects traffic or activity related to https://github.com/canerea/yeni/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/canerea/yeni/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/nesexx96/tosuncuk/raw/refs/heads/main/Chrome.apk id: auto-4f8e52846040ff82f6ec790f5a16df9cd92627f7753063d521aaf4b0f95ae232 status: experimental description: Detects traffic or activity related to https://github.com/nesexx96/tosuncuk/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/nesexx96/tosuncuk/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/davidblaine1/chrom/raw/143a18cdb9a295ced2ee99d0d4724713cacecaf2/Chrome_signed.apk id: auto-7e559d06bfac92b812bc279a941dd7ab4c348a67bada680cd9f328d1a5d06109 status: experimental description: Detects traffic or activity related to https://github.com/davidblaine1/chrom/raw/143a18cdb9a295ced2ee99d0d4724713cacecaf2/Chrome_signed.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/davidblaine1/chrom/raw/143a18cdb9a295ced2ee99d0d4724713cacecaf2/Chrome_signed.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/yusufkorkmaz1453/yobro/raw/refs/heads/main/chrome.apk id: auto-a3eabe024e66ca5cf5ef33bc0b7693c254a6d76c7f793dd6f8603f1a01c666f1 status: experimental description: Detects traffic or activity related to https://github.com/yusufkorkmaz1453/yobro/raw/refs/heads/main/chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/yusufkorkmaz1453/yobro/raw/refs/heads/main/chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.209.45:6996/pikujyhtcxz/bot_mips id: auto-0478c90fa1acc61225710c5e29d729e8174d81832a22964183b55c34a7d6b3e3 status: experimental description: Detects traffic or activity related to http://158.94.209.45:6996/pikujyhtcxz/bot_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.209.45:6996/pikujyhtcxz/bot_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.73.49:35353/bin.sh id: auto-05b90bb278fea2853034a9cda9778f81ba80a073c68c0fc2996794dd1a73096a status: experimental description: Detects traffic or activity related to http://123.11.73.49:35353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.73.49:35353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.247.48:43271/i id: auto-6e9a1bd12de437307a9658d358473358aeb15ac80642d9c5a9cd6fe751e1f677 status: experimental description: Detects traffic or activity related to http://27.220.247.48:43271/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.247.48:43271/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.38.213:50429/bin.sh id: auto-757382c83ac0a69ff67343ab5940158ba91abbe3d324f8bf6150cd8dffff2e90 status: experimental description: Detects traffic or activity related to http://182.127.38.213:50429/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.38.213:50429/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.32.240:40209/bin.sh id: auto-ea70113def43c3489f9ea9079e151dd122fc9a8849ba6b2d755b1086d3d5636c status: experimental description: Detects traffic or activity related to http://42.228.32.240:40209/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.32.240:40209/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.164.229.226:58818/bin.sh id: auto-193eda347b44e9c6d27bed5a13762653e2e42467f8dd83d09c3b8b53019c3080 status: experimental description: Detects traffic or activity related to http://220.164.229.226:58818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.164.229.226:58818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.219.11:33510/i id: auto-58c0b2df4fbee5587c2ba2835223056072418cbee3c5a9956079ae93bdaa72f2 status: experimental description: Detects traffic or activity related to http://120.28.219.11:33510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.219.11:33510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:50369/i id: auto-f19b2f79a6045238e90a45bb4630238de5edfdffb1a91a37e993aacb366edaa9 status: experimental description: Detects traffic or activity related to http://74.214.56.173:50369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:50369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.94.220.166:39285/i id: auto-1d743fa437441a91db9e84051d2d806e0274da7db740bd6e3d16cf81648bd46a status: experimental description: Detects traffic or activity related to http://181.94.220.166:39285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.94.220.166:39285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.219.11:33510/bin.sh id: auto-8b05f6ae7493f53aea0836f4ba6032315d719e87c6217afa0d0d66612482be93 status: experimental description: Detects traffic or activity related to http://120.28.219.11:33510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.219.11:33510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.122.240:38495/i id: auto-3aacf06491cf9440ee4a10f9274e9ba6045514e39964c57dc5bfe0f6ef5766ea status: experimental description: Detects traffic or activity related to http://27.37.122.240:38495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.122.240:38495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:50369/bin.sh id: auto-9fb2e0911d7c09c18c5eef22027650b944554f3379ae8e08265bcee856db75d5 status: experimental description: Detects traffic or activity related to http://74.214.56.173:50369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:50369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.127.205:58644/i id: auto-ed86c9ebe1120798f43a259867d54fa748f8059d5466c21d366782c66d54cf42 status: experimental description: Detects traffic or activity related to http://220.201.127.205:58644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.127.205:58644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.94.220.166:39285/bin.sh id: auto-eeafe77653aadd157fe1aa971e9bc19289e66060a6966de8258bb9add69c925b status: experimental description: Detects traffic or activity related to http://181.94.220.166:39285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.94.220.166:39285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/joss id: auto-c3c73beb910b653780ed1b0c79cf91657d2645fe40b735ac2ad73c99773cdccf status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/joss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/joss*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.242.168.108:59498/bin.sh id: auto-2c2e148397958d7cf136e2bbb97ab16d63c79be5706b6fa72e0a7cd5ca6452ed status: experimental description: Detects traffic or activity related to http://42.242.168.108:59498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.242.168.108:59498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.96:35643/bin.sh id: auto-e34b20df63bad0fe66b751019494c087289ebc5bebd6dd0cd7b02acff43999cd status: experimental description: Detects traffic or activity related to http://110.37.104.96:35643/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.96:35643/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.172.158:49765/i id: auto-d17a28bb2272e3c6718b91a0d3660097f3c6d7ea26398f76a60d271f3899bd03 status: experimental description: Detects traffic or activity related to http://219.154.172.158:49765/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.172.158:49765/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.56.75.239:59945/.i id: auto-58d885f425be4e1398763c1012a850f00a0fa00f370a160fed934429d167d12f status: experimental description: Detects traffic or activity related to http://14.56.75.239:59945/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.56.75.239:59945/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/serv id: auto-4a8b1ade296cd582a1c50e67647d1e5f5d6570b7e84614b7c6750ca5d788e1f2 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/serv which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/serv*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.208.233:34623/i id: auto-e6dd94e57aebcba05c4a7668171598291527e159aeb1a7103bef341b4badd9ae status: experimental description: Detects traffic or activity related to http://27.215.208.233:34623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.208.233:34623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.206.149:36899/i id: auto-974390d16eb98204abe30fa06a6fa5840c0507096d85395200ab34304659f02f status: experimental description: Detects traffic or activity related to http://60.22.206.149:36899/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.206.149:36899/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.82.141:37025/i id: auto-65dd64e90af2f6b6018bb792963ad540bd0e26c1320a0190e7950f7c230b8680 status: experimental description: Detects traffic or activity related to http://175.173.82.141:37025/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.82.141:37025/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.172.158:49765/bin.sh id: auto-e636711d96b3983e52200842cde91cee5ef09d0664f6a6126dcd711f7ec5c4f0 status: experimental description: Detects traffic or activity related to http://219.154.172.158:49765/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.172.158:49765/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.123.10:56070/i id: auto-f08b4be118a72ab7342e37c738ac5fcbc7f791bd8b4af91ab9ad2a4842fdf0a4 status: experimental description: Detects traffic or activity related to http://27.215.123.10:56070/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.123.10:56070/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.133.155:36982/i id: auto-7fadf5d1b93d000ecac336c6b62ec2d785601c3fc7bc1bf643dc2f73ef7cde5e status: experimental description: Detects traffic or activity related to http://115.48.133.155:36982/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.133.155:36982/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.27.199.101:36667/i id: auto-0e44b873a8f743de59f0ed612d93c07c0bc512cf2b624ed46505aa1947c3b208 status: experimental description: Detects traffic or activity related to http://112.27.199.101:36667/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.27.199.101:36667/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.208.233:34623/bin.sh id: auto-44b82770374095dc2b27467d16820103fb105d732e7cf719c26ac3e64a8ca5ef status: experimental description: Detects traffic or activity related to http://27.215.208.233:34623/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.208.233:34623/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.81.219:43168/i id: auto-95f295d8a7799a48e9047b696f86288fed88ceec95c3ef10a938f94a3ef5bde1 status: experimental description: Detects traffic or activity related to http://123.172.81.219:43168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.81.219:43168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.206.149:36899/bin.sh id: auto-9f4130f5e64a980ebde6cc3bf7ca83e5e5726ee739fa5b87f595404c4fe362c6 status: experimental description: Detects traffic or activity related to http://60.22.206.149:36899/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.206.149:36899/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.34.80:40845/i id: auto-ff426625f35345d7779e19f4d9a5b1ae7d387b03b880491cf1eb797bbea8819a status: experimental description: Detects traffic or activity related to http://123.10.34.80:40845/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.34.80:40845/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.123.10:56070/bin.sh id: auto-12d9d4243618fda8602a297466d502333d7170b6d572a1753c7c41c143297715 status: experimental description: Detects traffic or activity related to http://27.215.123.10:56070/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.123.10:56070/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.34.80:40845/bin.sh id: auto-315f6d2fa65f2fde26ca9b250d5d59c29c124b12cc480bce9dfb4202fe052667 status: experimental description: Detects traffic or activity related to http://123.10.34.80:40845/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.34.80:40845/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.27.199.101:36667/bin.sh id: auto-9fb8e5cc7508b1c92fdae6b037b69cdf3a9084135da786fd21d79c387911019f status: experimental description: Detects traffic or activity related to http://112.27.199.101:36667/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.27.199.101:36667/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.118.223:60730/i id: auto-a08aec27f1422b30ec5b6360edfe63398091b6a5bc05ca7d61e30cddb853228b status: experimental description: Detects traffic or activity related to http://59.94.118.223:60730/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.118.223:60730/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://invoice-simplee.com/DH9338297YV389821.msi id: auto-4b3a5f0f2cecaeb734ba4b6e78571e1b182895775458458003bfa13fadee0892 status: experimental description: Detects traffic or activity related to https://invoice-simplee.com/DH9338297YV389821.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://invoice-simplee.com/DH9338297YV389821.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.212.113:34390/i id: auto-f781d901923ada566cb752579a82529f794c83e816bd6ca822ff18f4e9330cbb status: experimental description: Detects traffic or activity related to http://120.84.212.113:34390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.212.113:34390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.139.229:43569/i id: auto-abf839b9dfe0dfbfb7369f08451d934225fdb4a75336440569389243ab8733f9 status: experimental description: Detects traffic or activity related to http://113.236.139.229:43569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.139.229:43569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.5.20:58446/i id: auto-8869eb65d229aeea7a0b65335384178c46ad45551b8cf8474215ddd852511ac5 status: experimental description: Detects traffic or activity related to http://42.224.5.20:58446/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.5.20:58446/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.0.129.114:10702/02.08.2022.exe id: auto-684a3f5eda417bfabb74c21e28982a7fd0482c18b82a9945c627c86cfbff1c3f status: experimental description: Detects traffic or activity related to http://154.0.129.114:10702/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.0.129.114:10702/02.08.2022.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.212.138:40666/i id: auto-a1bdc13ceeeef5af5af74211af196778e2121ea3652095b4f3e76ca74c933ae1 status: experimental description: Detects traffic or activity related to http://42.226.212.138:40666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.212.138:40666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.223.105:38872/i id: auto-b36dbd2227a251df00d449aba4efbe85d969847ff3edc752cddda02ad1068f81 status: experimental description: Detects traffic or activity related to http://123.7.223.105:38872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.223.105:38872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.52.112:34851/i id: auto-b8100b4aac6c6bd62e9582aa8bb338511e54c782f9ed72a4e476dda7fcdcafba status: experimental description: Detects traffic or activity related to http://182.121.52.112:34851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.52.112:34851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.32.25:39372/i id: auto-f1065a6befa71be7c03c4a39e8b4771bdf45fcde9ebdb8d124af5c2e605d6eef status: experimental description: Detects traffic or activity related to http://42.228.32.25:39372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.32.25:39372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.91.233:54855/i id: auto-18f7d3c15dcda67fb45c1501198474a7d62c6a8f1a5e7e29c346698cf223ff8a status: experimental description: Detects traffic or activity related to http://221.15.91.233:54855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.91.233:54855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.17.91:38144/i id: auto-d30f78611ed6aa15e653861c7b94bf40984316663caad1166b7a87afe2f754c2 status: experimental description: Detects traffic or activity related to http://221.202.17.91:38144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.17.91:38144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.123.112:34496/i id: auto-0927e16e9ed66066558ba451613a1a7fcff03f4e1949e9168f49d7989b85f178 status: experimental description: Detects traffic or activity related to http://58.47.123.112:34496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.123.112:34496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.22.255.233/bot.i686 id: auto-640a02bb11c5d39aa7d28570fb3748f7410c5e503ecf15a0a2e76fe274e6fed8 status: experimental description: Detects traffic or activity related to http://165.22.255.233/bot.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.22.255.233/bot.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.22.255.233/bot.mips id: auto-ab622500ca68d7864b7a3cb6b52de7f5c52b12998019895e14d3afbfc9f54b01 status: experimental description: Detects traffic or activity related to http://165.22.255.233/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.22.255.233/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.22.255.233/bot.x86 id: auto-ed5996b7dd6d374fd47cecfa8c4c3263fb8dd341acd18480242ec37cceb04915 status: experimental description: Detects traffic or activity related to http://165.22.255.233/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.22.255.233/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.48.124:55148/i id: auto-0a7ef867fbb3c32c4297403e3fc771582694d811a95926bd15ad910614eb06de status: experimental description: Detects traffic or activity related to http://42.231.48.124:55148/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.48.124:55148/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.193.144.157:55835/bin.sh id: auto-f2cfaeea01de6644dbc6debbaecf9f4bfae0194acf527525da16aa360a7128ec status: experimental description: Detects traffic or activity related to http://122.193.144.157:55835/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.193.144.157:55835/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.203.182:54372/i id: auto-70725a4bb44e2eab3e6f9cd30fd115b4a0bd234c7b9ce742f9d601c4a3fd607e status: experimental description: Detects traffic or activity related to http://175.150.203.182:54372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.203.182:54372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.115.124:39375/bin.sh id: auto-f0201c0b9cd8cb5bea1fdbf2dd0b26d4854abccb3fadfe8b5547ecefec9a4a36 status: experimental description: Detects traffic or activity related to http://59.94.115.124:39375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.115.124:39375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:35725/i id: auto-86607a2733fb5d29e29a0318103a94c0541b78eaa88b01f73fd55f93d624cd04 status: experimental description: Detects traffic or activity related to http://168.195.7.78:35725/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:35725/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://axe34-altern-canterl-4er.blockchain-api-cloud-hub.in.net/repack-terr id: auto-e041fc4dc52acd7c0694e857af0f91e553ebbc609a8ff6694296a6d1ba6091d7 status: experimental description: Detects traffic or activity related to https://axe34-altern-canterl-4er.blockchain-api-cloud-hub.in.net/repack-terr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://axe34-altern-canterl-4er.blockchain-api-cloud-hub.in.net/repack-terr*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/folders-tree/dash id: auto-04c1c9a41362b7d3a82adf6476495849733b3144312619e99325329285035ded status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/folders-tree/dash which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/folders-tree/dash*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/cayse3206-art/katara/raw/refs/heads/main/Chrome.apk id: auto-c6afaf23bf18cf39f42d80395b2a5cb1c0f98d1f9b2d140f039cf267d276ee65 status: experimental description: Detects traffic or activity related to https://github.com/cayse3206-art/katara/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/cayse3206-art/katara/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromup/Chrome/raw/refs/heads/main/Chrome.apk id: auto-db3aeade0e317660e1ec0ed446eecc7eb390171c11a3e008948f4aa12b893b60 status: experimental description: Detects traffic or activity related to https://github.com/Chromup/Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromup/Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/baynazcemset-wq/uuyyy/raw/refs/heads/main/Chrome.apk id: auto-7fe4a5f897553a6a105b09bd876bb992d2e12c28bd99f63a94f02440a52ac095 status: experimental description: Detects traffic or activity related to https://github.com/baynazcemset-wq/uuyyy/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/baynazcemset-wq/uuyyy/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/kamilkockka-commitsa/newwd/raw/refs/heads/main/Chrome.apk id: auto-b1d0bc45fee38680f764200fa172136a37a6ad802d033b770998f0b09870b573 status: experimental description: Detects traffic or activity related to https://github.com/kamilkockka-commitsa/newwd/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/kamilkockka-commitsa/newwd/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/dixonscot6-creator/saaa/raw/refs/heads/main/Chrome.apk id: auto-a5d93d9e527cff8fefc891e1fe761182d165672665661096f70d60364c47d812 status: experimental description: Detects traffic or activity related to https://github.com/dixonscot6-creator/saaa/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/dixonscot6-creator/saaa/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tatliezgi660-prog/sonpropbkc/raw/refs/heads/main/Chrome.apk id: auto-923dc196c37513741273d1894a4283571efaefa8fae644574892056b2632666b status: experimental description: Detects traffic or activity related to https://github.com/tatliezgi660-prog/sonpropbkc/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tatliezgi660-prog/sonpropbkc/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/eraykarakaya0020/e-ifade-vercel/raw/refs/heads/devin/1756441962-update-apk-deploy/Chrome.apk id: auto-db8893190584c428f156e30ab398fba097d583446d614b6c4b5b10899fc3522c status: experimental description: Detects traffic or activity related to https://github.com/eraykarakaya0020/e-ifade-vercel/raw/refs/heads/devin/1756441962-update-apk-deploy/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/eraykarakaya0020/e-ifade-vercel/raw/refs/heads/devin/1756441962-update-apk-deploy/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/aalslan388-collab/png/raw/refs/heads/main/foto.apk id: auto-79fa1064b39990e99c3a4ae5182202c07481f839525754e5fe38ebc9e9f4ce6e status: experimental description: Detects traffic or activity related to https://github.com/aalslan388-collab/png/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/aalslan388-collab/png/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.23.109:36361/i id: auto-36e84c4fad59cf2afe86df0a5306b209c019df800ef5b88a21722ed60228c3f3 status: experimental description: Detects traffic or activity related to http://180.191.23.109:36361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.23.109:36361/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.81.38.191:48769/i id: auto-1938a6a962635421598026523c135a9ea166589004f43c783469fa5ff05b41c4 status: experimental description: Detects traffic or activity related to http://117.81.38.191:48769/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.81.38.191:48769/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.10.67:58286/bin.sh id: auto-0c2413b0bca619bf1cde32640ff6d739641d0ff3d264bffcc0a8e16bceed98b5 status: experimental description: Detects traffic or activity related to http://42.224.10.67:58286/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.10.67:58286/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.235:37966/bin.sh id: auto-d3dbc61b323e283f160a16c7f6c5a84f174188fdcc7269267f47b5924fdb52b9 status: experimental description: Detects traffic or activity related to http://117.209.82.235:37966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.235:37966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.240.79:51876/bin.sh id: auto-1d8286b7ee3335896c7c190ad52a5322f2e3e5b92782cf99ee12eea6dc05d8e8 status: experimental description: Detects traffic or activity related to http://117.209.240.79:51876/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.240.79:51876/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:35725/bin.sh id: auto-61255e334fba0e8d16a5d7789e3decc93cf94cf9ed1251ac79a6e263140c2e2c status: experimental description: Detects traffic or activity related to http://168.195.7.78:35725/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:35725/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.117.109:53083/i id: auto-4883a1cecfb494cda80995617137aa51c75606679580d7376804d871d1624777 status: experimental description: Detects traffic or activity related to http://113.229.117.109:53083/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.117.109:53083/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.43.170:45017/i id: auto-f446ae2643e74dee2570be77ae943536d17013fe166743a73a5b37d0bc884106 status: experimental description: Detects traffic or activity related to http://115.50.43.170:45017/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.43.170:45017/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.81.38.191:48769/bin.sh id: auto-35dfebd807142f94a9dcbc97d7a68e38971400c0d7d167550bf81ab45a7a683e status: experimental description: Detects traffic or activity related to http://117.81.38.191:48769/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.81.38.191:48769/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.8.235:56280/i id: auto-3d6ec6bf78811985cc12291650847c4ad9a1c232eba6bba8a0a53ab3b68e9e55 status: experimental description: Detects traffic or activity related to http://115.55.8.235:56280/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.8.235:56280/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.117.109:53083/bin.sh id: auto-24a8877eac5156d69cc9f4d10385554612201bda83c86eaa669e3d4b0e7c2916 status: experimental description: Detects traffic or activity related to http://113.229.117.109:53083/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.117.109:53083/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.82.155:56085/i id: auto-706fc3913c535fca47d4a8a88bc661cc79c0a73a7b2e8694970a242bad038225 status: experimental description: Detects traffic or activity related to http://113.237.82.155:56085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.82.155:56085/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.45.111:52718/bin.sh id: auto-65e40dddf623629ea98f2b649c2ffd06fc829c82d0d1b536f85a7b12952185f0 status: experimental description: Detects traffic or activity related to http://182.127.45.111:52718/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.45.111:52718/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.43.170:45017/bin.sh id: auto-ea667af726b20bda6320a2de153e6381c175c7ec6ca5e31526f2a94678a9debf status: experimental description: Detects traffic or activity related to http://115.50.43.170:45017/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.43.170:45017/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.23.109:36361/bin.sh id: auto-9d661383eca7be6c016aa728eff4346271cacc966a72fc30473733a8adce3bf2 status: experimental description: Detects traffic or activity related to http://180.191.23.109:36361/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.23.109:36361/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.175.115:45571/i id: auto-9df4f8c3e116448b1631b94138560443aa696fa6d4751db938512b2937699e70 status: experimental description: Detects traffic or activity related to http://222.134.175.115:45571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.175.115:45571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/eyll9604-cmd/Chrome1/raw/55f6249d2807a0ddd19f66450faa7388fd7715cf/Chrome.apk id: auto-bdfc7853cd67e05d8bb842ea44f5f0d553e804fe2ed968002ab78698be311b33 status: experimental description: Detects traffic or activity related to https://github.com/eyll9604-cmd/Chrome1/raw/55f6249d2807a0ddd19f66450faa7388fd7715cf/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/eyll9604-cmd/Chrome1/raw/55f6249d2807a0ddd19f66450faa7388fd7715cf/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/chrmmm/new/raw/refs/heads/main/Chrome.apk id: auto-dd1843d10e515569a706de0cf1b20ea0ca4225f9d8753ce22bcbaa5a4a328093 status: experimental description: Detects traffic or activity related to https://github.com/chrmmm/new/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/chrmmm/new/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.199.127:42984/bin.sh id: auto-a5912a128995cd2b48577ab2411555ab489ddb12f9e6e4c7cfa732a17a89fed1 status: experimental description: Detects traffic or activity related to http://42.59.199.127:42984/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.199.127:42984/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.23.163:40729/i id: auto-da1161dacc43e910ece70fb69c61ae3b02640caabdbca26955de577b9024cd56 status: experimental description: Detects traffic or activity related to http://117.223.23.163:40729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.23.163:40729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.123.40:54223/i id: auto-c036db4a4bdab7c1acf212bdb7f78550bd4ece61a2a0e7f30e1230b759fb91ec status: experimental description: Detects traffic or activity related to http://182.121.123.40:54223/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.123.40:54223/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.113.32:59939/i id: auto-75aaff2b0c59015043decb0f13f318f5610ba357f9a5d04cb84495665d2f7117 status: experimental description: Detects traffic or activity related to http://115.61.113.32:59939/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.113.32:59939/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.161.25:53938/bin.sh id: auto-d6d0283206022799bcb794d6b0cbc71c8487b573a0bb16d0c876d70e49c0c209 status: experimental description: Detects traffic or activity related to http://123.5.161.25:53938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.161.25:53938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.175.115:45571/bin.sh id: auto-3a1c43bd3e7877f10459ce1f6ce1c139757f9d82da9cd0f568020065b9ef9a13 status: experimental description: Detects traffic or activity related to http://222.134.175.115:45571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.175.115:45571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.236.69:5000/api/download/anubis_16d850695bde07a2_1768159929145.exe id: auto-e4c07ff0f1759c96af2b4d7a68cf5a7675ffc6ddce2e78a7081f1569e0b1f88b status: experimental description: Detects traffic or activity related to http://195.24.236.69:5000/api/download/anubis_16d850695bde07a2_1768159929145.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.236.69:5000/api/download/anubis_16d850695bde07a2_1768159929145.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.182.91:33068/bin.sh id: auto-62caf80325227ff866663c094f9f200133fb10fa1e6c578eaafb8a6e0c699373 status: experimental description: Detects traffic or activity related to http://182.119.182.91:33068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.182.91:33068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://steam66.cn:65535/NetSyst81.dll id: auto-5852e7b6bb19fa72e43995b30b82eed3d3481e502358f2c7371944add63ed90d status: experimental description: Detects traffic or activity related to http://steam66.cn:65535/NetSyst81.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://steam66.cn:65535/NetSyst81.dll*' condition: selection level: high tags: - attack.t1218.011 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.71.232.126:8080/xwps.exe id: auto-e03861d0dda8cea8a43a6f23990fccd6fb344284d2f8d16e379a72d3b36690bc status: experimental description: Detects traffic or activity related to http://124.71.232.126:8080/xwps.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.71.232.126:8080/xwps.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.89.77:59134/i id: auto-8584d6a89592226e2f1d065ba166c834ec8a1b715000c4527441efe135e75fa0 status: experimental description: Detects traffic or activity related to http://59.93.89.77:59134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.89.77:59134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.123.40:54223/bin.sh id: auto-3359b8f5f6972d3b302af674f1cd45e017db714bc787586267912d747391a06b status: experimental description: Detects traffic or activity related to http://182.121.123.40:54223/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.123.40:54223/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.89.145.113:43698/i id: auto-58c0df16e1fe72fbfa4b1d2e432612aa496a34016ca5e5964478030331ba0182 status: experimental description: Detects traffic or activity related to http://39.89.145.113:43698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.89.145.113:43698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/eyll9604-cmd/Chrome2/raw/refs/heads/main/Chrome.apk id: auto-a0b6b5c61036fbfb8446e7f5c51de643a43c987eaf6ca0dd67e3fe95d60203d1 status: experimental description: Detects traffic or activity related to https://github.com/eyll9604-cmd/Chrome2/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/eyll9604-cmd/Chrome2/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inateylul/inat/raw/refs/heads/main/inate.apk id: auto-b2042476759ba99b3307c56537815e97fb11d321a19bca1ab0ab3511a8af48df status: experimental description: Detects traffic or activity related to https://github.com/inateylul/inat/raw/refs/heads/main/inate.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inateylul/inat/raw/refs/heads/main/inate.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chramee/new/raw/refs/heads/main/Chrome.apk id: auto-ec0034ee9736fd44869a5befff773d08fbee7cc654acc319b4565786a9003e69 status: experimental description: Detects traffic or activity related to https://github.com/Chramee/new/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chramee/new/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/chrmmm/1/raw/refs/heads/main/Chrome.apk id: auto-c0f90b686493ea2b4c932dd3028b75e40653c501ed69167f981d0132bc2e68ba status: experimental description: Detects traffic or activity related to https://github.com/chrmmm/1/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/chrmmm/1/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.23.163:40729/bin.sh id: auto-b5044592eca69fa429370977aae7ba4952744971702d572f859b5bfb5fc31ad9 status: experimental description: Detects traffic or activity related to http://117.223.23.163:40729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.23.163:40729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.88.235:34466/i id: auto-f7de8dc796591892748855b7c8880ee107fab409bbc40143c17b6459f3e02f73 status: experimental description: Detects traffic or activity related to http://124.131.88.235:34466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.88.235:34466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://optrn.com/CPP.exe id: auto-06496f9d79aa46cd1d12f841ab9456f4fe1c7e5825a57702a4141b5534b3b302 status: experimental description: Detects traffic or activity related to https://optrn.com/CPP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://optrn.com/CPP.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/techychrome/Chrome/raw/refs/heads/main/Chrome.apk id: auto-0b796eed70a497c2dc6937d87957b0f0c8a76a5cdff512fd40499d4cea572440 status: experimental description: Detects traffic or activity related to https://github.com/techychrome/Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/techychrome/Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/fermankirac4/Chrome/raw/4de7b5122aad5c9ddd1703dc20f711b9e72c9e77/Chrome.apk id: auto-0fd680f2221e762899a721eda6fbb0441ae60322b4b3cccc3bb98f11fa5eff17 status: experimental description: Detects traffic or activity related to https://github.com/fermankirac4/Chrome/raw/4de7b5122aad5c9ddd1703dc20f711b9e72c9e77/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/fermankirac4/Chrome/raw/4de7b5122aad5c9ddd1703dc20f711b9e72c9e77/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/mayciarra267-lang/sakksa/raw/refs/heads/main/Chrome.apk id: auto-bfb0284b6af97e300fb77ab7030f4131f2d35c7a44cebe8880a46de91024eab3 status: experimental description: Detects traffic or activity related to https://github.com/mayciarra267-lang/sakksa/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/mayciarra267-lang/sakksa/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.224:58074/i id: auto-a59b7cdfa36c557173850e0fd39713ca5f560eeafc362a12606163959b181a50 status: experimental description: Detects traffic or activity related to http://27.204.192.224:58074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.224:58074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.89.77:59134/bin.sh id: auto-4a35b097b0c7ae2fcd7f0791b892cb801c542185f267f1fd9a975e9ffcf4f897 status: experimental description: Detects traffic or activity related to http://59.93.89.77:59134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.89.77:59134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.212.144:57812/bin.sh id: auto-26fe6cb9ad24b1a3078797a9c93f7f0c9a06b99069c6c84a7138d969346cb2d1 status: experimental description: Detects traffic or activity related to http://222.137.212.144:57812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.212.144:57812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.195.9:33352/i id: auto-8cf57da178061bdee47d20b6ad4ab74b527335185922fb65c50c58da5a472bbd status: experimental description: Detects traffic or activity related to http://123.12.195.9:33352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.195.9:33352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://receiver.cy/files/jar/module id: auto-7cd930145e5d7183ed3928af3a728360e6a710ab50c9ec345743333ce4d81536 status: experimental description: Detects traffic or activity related to https://receiver.cy/files/jar/module which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://receiver.cy/files/jar/module*' condition: selection level: high tags: - attack.t1587.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://camcorde-rpupil.note-api-cloud-install.in.net/parkingshelf id: auto-24dd248428b3f484503dbef7ce34c8e7bea2073f2927e9194ebb213756c1549a status: experimental description: Detects traffic or activity related to https://camcorde-rpupil.note-api-cloud-install.in.net/parkingshelf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://camcorde-rpupil.note-api-cloud-install.in.net/parkingshelf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.224:58074/bin.sh id: auto-bcdfc3b8162c44ffc70add6ce3fadbd4c161d81681d954bb274b580c0b168ab8 status: experimental description: Detects traffic or activity related to http://27.204.192.224:58074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.224:58074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.195.9:33352/bin.sh id: auto-0852c08caf5629a2530c5bc765ac49de208e58920003d0a8e1cd912ad4a99181 status: experimental description: Detects traffic or activity related to http://123.12.195.9:33352/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.195.9:33352/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.204.206:57121/bin.sh id: auto-c4c046e3e6d9595615f13c822b16451c5f22d030c42bccb4af0dd9e56c691116 status: experimental description: Detects traffic or activity related to http://85.12.204.206:57121/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.204.206:57121/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.206.84.66:47421/i id: auto-f9fe2710650f5153ef931cce9319aa553505ad3874580895145293b31e22b5d4 status: experimental description: Detects traffic or activity related to http://27.206.84.66:47421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.206.84.66:47421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.87.85:41232/i id: auto-3c78e3b86db3c747a6d9e9e288a36c777849c18844f9af334f35a9ed88e7596b status: experimental description: Detects traffic or activity related to http://39.74.87.85:41232/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.87.85:41232/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.53.235:54679/i id: auto-3810b0d083f4d57ba2f739c4749f8e8352d0453ca8a7fa571c8b995eb9433aa7 status: experimental description: Detects traffic or activity related to http://42.235.53.235:54679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.53.235:54679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.163.201:49040/i id: auto-2bec7a4d702dcc06338160dccc9f9b27ae079c4a80077cb3726143e810d6a3c9 status: experimental description: Detects traffic or activity related to http://27.207.163.201:49040/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.163.201:49040/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.251.62:36190/bin.sh id: auto-2763a611b896e466ea46f3b43bdbce45a33c795b6dc9f63ece9d3a499d9528aa status: experimental description: Detects traffic or activity related to http://113.231.251.62:36190/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.251.62:36190/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.136.174:53183/Mozi.a id: auto-69c1bec0d9ecb6cc06131956677cf9beca4f259cca61b53fd9434ceae9f88fe8 status: experimental description: Detects traffic or activity related to http://59.88.136.174:53183/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.136.174:53183/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.53.235:54679/bin.sh id: auto-72eecdd7fca7b8121785701ed88317f57cf24951e55b2850762bccbad1c2881a status: experimental description: Detects traffic or activity related to http://42.235.53.235:54679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.53.235:54679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.37.45:36181/bin.sh id: auto-6808da46e338a8da16628374d96ae727534e8b36d1e8d02e4e213d205bb45868 status: experimental description: Detects traffic or activity related to http://61.52.37.45:36181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.37.45:36181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.212.144:57812/i id: auto-87229e36e74ffead92c38a798faa7857ea0e62d88ba09fa9593845d95832a974 status: experimental description: Detects traffic or activity related to http://222.137.212.144:57812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.212.144:57812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.156.34:34931/i id: auto-662e4c68705f6e5e7cca44482eaa5dbc36bfa3e357356b95d4887b351e9419f1 status: experimental description: Detects traffic or activity related to http://175.148.156.34:34931/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.156.34:34931/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.93.90:38504/bin.sh id: auto-8bc5e4344b2c3f330325ed8a031ec32d980e80e20857f3fc6c8f7c30946dd4e7 status: experimental description: Detects traffic or activity related to http://117.241.93.90:38504/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.93.90:38504/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.242.67:59642/bin.sh id: auto-01a33d9c572d70376b1f1a343caaedfedbd9e5ce1c768c9f403818872f62ec4f status: experimental description: Detects traffic or activity related to http://106.40.242.67:59642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.242.67:59642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.74.10:52199/bin.sh id: auto-4ef9043b8832c63ede59c4df99aa0348e786b98b33c0b2a7fcd032eb8fb2e369 status: experimental description: Detects traffic or activity related to http://61.53.74.10:52199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.74.10:52199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.74.10:52199/i id: auto-6c603d3026af9874f7cedc71e843f1733da4b90440abd26a6208fcdd1a621f29 status: experimental description: Detects traffic or activity related to http://61.53.74.10:52199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.74.10:52199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.112.134:47181/i id: auto-a2316fb37f000a98fbc8f60d0ef7a4b292137d7bbf136f0326ab2ce43d0fcddb status: experimental description: Detects traffic or activity related to http://182.127.112.134:47181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.112.134:47181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.15.240:34641/bin.sh id: auto-adf8de5a8b0cde876cfc960c4084be2d0b1ae046f33099ac92ddaf3e7ec0d7e2 status: experimental description: Detects traffic or activity related to http://117.198.15.240:34641/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.15.240:34641/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.129.200:50217/i id: auto-8a595733bfa94d8ec948092af7363ff034b460db06044d850634b24bf8875f22 status: experimental description: Detects traffic or activity related to http://123.190.129.200:50217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.129.200:50217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.245.206:55373/i id: auto-8f344337ef5b27ebd7043afa114d7271db1fc0e1df5a4c82241edc27c7d64e0b status: experimental description: Detects traffic or activity related to http://125.41.245.206:55373/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.245.206:55373/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://105.97.65.69:33572/i id: auto-0b5b33fd7ab2af29d3ede3d43b1d98d923e8cc18a16461b3b2c4d69c896a1e0f status: experimental description: Detects traffic or activity related to http://105.97.65.69:33572/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://105.97.65.69:33572/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.156.34:34931/bin.sh id: auto-c23cb7f1382c16bd38648dfe13ab1b47c448d863db000d397a21c59968e1cc0f status: experimental description: Detects traffic or activity related to http://175.148.156.34:34931/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.156.34:34931/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.129.200:50217/bin.sh id: auto-8cc291bd637a2bce41d668528655410db57f94a1c3d8e074eac040c4cd9813bc status: experimental description: Detects traffic or activity related to http://123.190.129.200:50217/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.129.200:50217/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.68.0:60591/i id: auto-c10763bade9b086c6af4c41bdb21e2a7a66d96e65dcaf003d6e08c95c7266876 status: experimental description: Detects traffic or activity related to http://42.231.68.0:60591/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.68.0:60591/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.245.206:55373/bin.sh id: auto-491cac1b604cdb3dae9787af1f8eb61fd104a4058ea5c1026adea0cecb1cd941 status: experimental description: Detects traffic or activity related to http://125.41.245.206:55373/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.245.206:55373/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.161.25:53938/i id: auto-b8db114813b0274b230481702e539fc2da40557853d9d439d9747be43592ac70 status: experimental description: Detects traffic or activity related to http://123.5.161.25:53938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.161.25:53938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.209.45:6996/pikujyhtcxz/bot_armv7l id: auto-88e59c9dfed5de4c52ef2fa24fea45daa0de04ca36a766a8b9d019a3f132f3cd status: experimental description: Detects traffic or activity related to http://158.94.209.45:6996/pikujyhtcxz/bot_armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.209.45:6996/pikujyhtcxz/bot_armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.10.67:58286/i id: auto-86a00afab5fb57842cc2209d0fe68d89f1e76c74049c6a7afb2161505249f6bc status: experimental description: Detects traffic or activity related to http://42.224.10.67:58286/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.10.67:58286/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.161:50644/i id: auto-28ae95b49fec3d13a895c7a9e24333f517594133221e43c27a5d225549445659 status: experimental description: Detects traffic or activity related to http://42.227.238.161:50644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.161:50644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.82.177:51086/i id: auto-3e25dfd58e0be4d203dac1fa7850283dae3018fa0686c3a0cbe6f876803788c1 status: experimental description: Detects traffic or activity related to http://42.178.82.177:51086/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.82.177:51086/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.66:41805/i id: auto-11445abd4ac532aa7db787db249d743636fe9259748403ac02568260b52e194e status: experimental description: Detects traffic or activity related to http://110.37.11.66:41805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.66:41805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.14.92.186/hiddenbin/boatnet.sh4 id: auto-00ef47f3b7849a9143b88e088ba07e9c676e8afd35acea501030d6c69ad5b1b1 status: experimental description: Detects traffic or activity related to http://185.14.92.186/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.14.92.186/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.5.191:46172/Mozi.m id: auto-9da0d8a2c176e149cd6109bcdd604516e3f61d21b3ed4d655d1b1ebab8919e0c status: experimental description: Detects traffic or activity related to http://213.43.5.191:46172/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.5.191:46172/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.112.134:47181/bin.sh id: auto-a17a963ae6cfcd3de4f4a11dc6fed8da7c200aaf0efa015825fe68b0950df8ea status: experimental description: Detects traffic or activity related to http://182.127.112.134:47181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.112.134:47181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.238.197:56579/bin.sh id: auto-cbb51807e4276b65ca84db3c555c593f5e692fb57b2d5246546a18bdb5347603 status: experimental description: Detects traffic or activity related to http://119.179.238.197:56579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.238.197:56579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.110.171:45481/bin.sh id: auto-7a2acaaa2fec53289c4cd00680b771a82b0571317eb7b1d1bc0c7586e1984b21 status: experimental description: Detects traffic or activity related to http://112.237.110.171:45481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.110.171:45481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.251.50:44823/i id: auto-b8d9a0b4b6d672d1faff8b52365c537aa1369f74b57074eeb357caf2e469d38f status: experimental description: Detects traffic or activity related to http://85.12.251.50:44823/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.251.50:44823/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.184.58:58971/bin.sh id: auto-2fcc44e02916fff5a55220551b67494b08b70b16e8b6d63c27c157b773483510 status: experimental description: Detects traffic or activity related to http://42.6.184.58:58971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.184.58:58971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.192:53010/bin.sh id: auto-611b20698f49fbe6b85c79c07a2733ba9ba4ad0e5dcd8c48af06f10bdd38ce75 status: experimental description: Detects traffic or activity related to http://110.39.237.192:53010/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.192:53010/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.131.168:57861/i id: auto-39f1191d0b7b9688ff1b6a844cc78454c9fde5564ff3a06860ba144b6f771f23 status: experimental description: Detects traffic or activity related to http://42.53.131.168:57861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.131.168:57861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.251.50:44823/bin.sh id: auto-f4d236563322c9320f9c91a0c696c17374e9468d3a3e1d4b14f5a01259b98ae3 status: experimental description: Detects traffic or activity related to http://85.12.251.50:44823/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.251.50:44823/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.60.119:60301/i id: auto-f1643682ddbc6e9c7f6e2ccf973792e8784d47f112f9ba37a97c95b627fe36b2 status: experimental description: Detects traffic or activity related to http://42.53.60.119:60301/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.60.119:60301/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.172.27:50370/bin.sh id: auto-226a916df603015ad492ce684e7c8b4b5516ec56c8ec9416f4ae0c6154b2e93c status: experimental description: Detects traffic or activity related to http://117.212.172.27:50370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.172.27:50370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.131.168:57861/bin.sh id: auto-276fee58c6a4168f9d72ced6c603b7b3c5fad2ad4b70905f0e19918fc642f0e9 status: experimental description: Detects traffic or activity related to http://42.53.131.168:57861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.131.168:57861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.2.154:51614/i id: auto-4ccad06c0877202291266c1134c5aa28446e219848731947d9f997e98dd92a1d status: experimental description: Detects traffic or activity related to http://125.40.2.154:51614/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.2.154:51614/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.242.61:55590/i id: auto-a008f7d280687fccaeee47a62a5ce0eed6031a0a25f4e6a4926e9228c9fa540b status: experimental description: Detects traffic or activity related to http://116.138.242.61:55590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.242.61:55590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.11.244:43405/i id: auto-0776a724bce8d1aaef057b2773298cffd85805145d6048bd4d62edd257afdb15 status: experimental description: Detects traffic or activity related to http://61.53.11.244:43405/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.11.244:43405/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.198.74:34539/i id: auto-69c72ab783bd323cb35ffea4d637641d44d4774c19f8547d2f55c5d0fcaaeda2 status: experimental description: Detects traffic or activity related to http://42.230.198.74:34539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.198.74:34539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.25.11:43443/i id: auto-263a0d994f5222298d6c4374f09c694b99763a507cd532016fea50f1d9666feb status: experimental description: Detects traffic or activity related to http://222.137.25.11:43443/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.25.11:43443/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.60.119:60301/bin.sh id: auto-469621f5307957cccd2b1c4f2ff6552f069364f4450e0c4dfc5bde3efcc9bfd2 status: experimental description: Detects traffic or activity related to http://42.53.60.119:60301/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.60.119:60301/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.11.244:43405/bin.sh id: auto-ab299dd01ba6eea704d6262b5da3b2d37248195c64c1bc88cb95a2ab6cf9c206 status: experimental description: Detects traffic or activity related to http://61.53.11.244:43405/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.11.244:43405/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.143:55189/i id: auto-da20b0e6a697a392c8b7c8b23110ef67eff0b49997486d7a6ca45c45800b9cef status: experimental description: Detects traffic or activity related to http://219.155.210.143:55189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.143:55189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/docker id: auto-06e7e4eb0dc72c963fe0cf8c1ef5ba66240603b38679a2773cd60980177f72aa status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/docker which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/docker*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-cd7656b27800014bfc2f1c2b3e923aa5809cd217614daafcba88e63c87bec9c9 status: experimental description: Detects traffic or activity related to http://61.7.209.88/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-7cc345f6e5c5bcf63ac619a20d9d7079eab01805d8a9178d18d03849d8c83513 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.25.11:43443/bin.sh id: auto-8d3e6435f2f324a223511b624e2183373a5f8ee1e097cb5d4d928c153689e66f status: experimental description: Detects traffic or activity related to http://222.137.25.11:43443/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.25.11:43443/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud///arm5 id: auto-d1f7fdc75a1ba1253f654facc4dbecfcc8bea1000e0879fd8040258d772572f6 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud///arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud///arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88///arm5 id: auto-5020a9807ed80bf08c8362f03fcc3a806967908d18adca30dd44105923d44bfc status: experimental description: Detects traffic or activity related to http://61.7.209.88///arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88///arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.143:55189/bin.sh id: auto-f19b498c5c16b05d661f2b34627c0f6ab411853ec66535f09ef285d8d50dbb03 status: experimental description: Detects traffic or activity related to http://219.155.210.143:55189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.143:55189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.60.224.145:36598/i id: auto-4be22afab67b949c3ed54a17a19222da619e328b713dc82e4ec46d31c3e7c5c7 status: experimental description: Detects traffic or activity related to http://120.60.224.145:36598/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.60.224.145:36598/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.245.74:53900/i id: auto-1c798275e8d7e89da4ebc2a0450a180fb60b15b43cc3774dd2167980c63556c4 status: experimental description: Detects traffic or activity related to http://123.9.245.74:53900/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.245.74:53900/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.139.118:39480/bin.sh id: auto-aba4815cf6e2bf1b3834eff7edde750ff6905b04057839c0c8c3e2df852d5458 status: experimental description: Detects traffic or activity related to http://124.92.139.118:39480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.139.118:39480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.198.74:34539/bin.sh id: auto-8b9f10cb80496b308f9a790135eff62e727c1a24793d540e7a4f4592cc10d12b status: experimental description: Detects traffic or activity related to http://42.230.198.74:34539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.198.74:34539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.127.73:53403/bin.sh id: auto-056d8a73845be596442978fc829be4742c63db3a6e22f77dc9f321aaa8a767ce status: experimental description: Detects traffic or activity related to http://27.215.127.73:53403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.127.73:53403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.157.86:38680/i id: auto-ff46bec3847971ca09a34f2f0109067ced9f95c9c9b98229d57e370c02a08e7c status: experimental description: Detects traffic or activity related to http://123.5.157.86:38680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.157.86:38680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/xmrig_config.json id: auto-44a3950a9e99331736a683321c8bb15da129cdef45ac0099ec0d18e88f4393ab status: experimental description: Detects traffic or activity related to http://91.92.241.10/xmrig_config.json which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/xmrig_config.json*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.14.248:36544/i id: auto-90dafd5730acab050d99ec10cf118d325889d0f81fafcb039d3c4f6a97621387 status: experimental description: Detects traffic or activity related to http://182.120.14.248:36544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.14.248:36544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.175.119:41574/bin.sh id: auto-c9350eacb71b31a6418c6bc627cdee20767cb1992ef758144421453e477f4831 status: experimental description: Detects traffic or activity related to http://117.205.175.119:41574/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.175.119:41574/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.228.97:60133/i id: auto-c212a57d110a54d52cc8fa5e248edaba427c4c6eedaaffc9fc780c3f2370dcac status: experimental description: Detects traffic or activity related to http://115.50.228.97:60133/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.228.97:60133/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/xc312-ahkj481-faj712-hsd52-hoo8/casd79 id: auto-4fe2868bfb0c2dd343445160ec4a5797d9bbc8f4d10d908fb18c7b6976e14a9f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/xc312-ahkj481-faj712-hsd52-hoo8/casd79 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/xc312-ahkj481-faj712-hsd52-hoo8/casd79*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.88.213:49702/i id: auto-61f268bf4be3c3459aa3e1dadec7afa5692865e8eaf372853c90839a95971278 status: experimental description: Detects traffic or activity related to http://61.53.88.213:49702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.88.213:49702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.141.141:54448/i id: auto-c01b6cee9799edf2ccc84d2506f987be9d7608026247aa7dd293b25be03a9422 status: experimental description: Detects traffic or activity related to http://61.53.141.141:54448/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.141.141:54448/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/xc312-ahkj481-faj712-hsd52-hoo8/qgd759 id: auto-342c2444d65cee16584348c7750579ca89dcc63c8a3a8db6cda3b529215a6951 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/xc312-ahkj481-faj712-hsd52-hoo8/qgd759 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/xc312-ahkj481-faj712-hsd52-hoo8/qgd759*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.14.248:36544/bin.sh id: auto-0384dd3717c38c6c161d76fa7bc4c99c3b1ac8abf8434731b098b790d0332d85 status: experimental description: Detects traffic or activity related to http://182.120.14.248:36544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.14.248:36544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.141.141:54448/bin.sh id: auto-e7c59b6000d69140daa2a26f46354f643c00cbf12a9cc5d0c2f5231ad2bb0928 status: experimental description: Detects traffic or activity related to http://61.53.141.141:54448/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.141.141:54448/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.2:34474/i id: auto-8f1ce79bf070e61031d9d8ca80a7ab89968b77167c7b528396df0d2cd9c3cf34 status: experimental description: Detects traffic or activity related to http://219.155.210.2:34474/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.2:34474/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.116.161:47166/i id: auto-ce17a8d422b677efebbeb7dc4a0a3c60c588acd13e46021086eaee83af48aec2 status: experimental description: Detects traffic or activity related to http://112.248.116.161:47166/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.116.161:47166/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.139.118:39480/i id: auto-bb496f2cf740be570bb95f6250df4890558669b30d2cb805dba8cdda015598b4 status: experimental description: Detects traffic or activity related to http://124.92.139.118:39480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.139.118:39480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.40.214:38151/i id: auto-6481150ff849aabd670b363c088b8131d72f6bc25511b264c4087c5a84c9fe00 status: experimental description: Detects traffic or activity related to http://222.141.40.214:38151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.40.214:38151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.162.203.52:53006/i id: auto-73143b5b6f0bc9894e61f100733ca5d69c1e0ad23586654dceb350e90c9b6a27 status: experimental description: Detects traffic or activity related to http://61.162.203.52:53006/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.162.203.52:53006/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.116.161:47166/bin.sh id: auto-8ea469640e3827cd2a244c71d356924bf518510cf3f67e9d3c484a903f743373 status: experimental description: Detects traffic or activity related to http://112.248.116.161:47166/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.116.161:47166/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.131:43583/bin.sh id: auto-fdc857221bd5817477eee8310f95a802d8c5052553e1d770b22d059d1d07ad77 status: experimental description: Detects traffic or activity related to http://117.209.94.131:43583/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.131:43583/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.82.104:55599/i id: auto-9e1ee105f910344f9c9eff37f5d5deec622dcc4aae47f0a6f83a481f5e44d345 status: experimental description: Detects traffic or activity related to http://125.43.82.104:55599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.82.104:55599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.182.127:34458/i id: auto-2dfbf8cb3f154f47ba15a0a90cc1971134fa063e36f72cc6ce6cd3b610dd7cd9 status: experimental description: Detects traffic or activity related to http://222.140.182.127:34458/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.182.127:34458/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.40.214:38151/bin.sh id: auto-3f71600882ab34b21a23b1e1669d740a7dc42ba3df58a196d6b4929fb3fe5e2b status: experimental description: Detects traffic or activity related to http://222.141.40.214:38151/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.40.214:38151/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.162.203.52:53006/bin.sh id: auto-66d954302e0a1c5fb3c634b937954db8c8c676b162c1bf8db66abb8ffcfc318f status: experimental description: Detects traffic or activity related to http://61.162.203.52:53006/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.162.203.52:53006/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.220.69.49:44828/i id: auto-1b274fef8f2fe7db36d5f990f588e49840135c8967106fad00197e71ef3f6e42 status: experimental description: Detects traffic or activity related to http://91.220.69.49:44828/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.220.69.49:44828/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.218.187:35370/i id: auto-f6f5e83af70a1399dca93bb467b7be28dc52507ad81990d6ee04ca43f9c0ba88 status: experimental description: Detects traffic or activity related to http://221.13.218.187:35370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.218.187:35370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.82.104:55599/bin.sh id: auto-54b9d4f10eb51f4747fb8c5bdc6cc2a7cb186363e101c262d353b06573c49609 status: experimental description: Detects traffic or activity related to http://125.43.82.104:55599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.82.104:55599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.182.127:34458/bin.sh id: auto-d48eb04e5a4b078cf8cfc4d284a21eda10311c106926d0c08b904d49ced8ee0c status: experimental description: Detects traffic or activity related to http://222.140.182.127:34458/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.182.127:34458/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.229.54:58816/i id: auto-4bc6467f78b4b1ebdf140fef8e72da2b338b5797c8ca10e379a443a3c29a91ad status: experimental description: Detects traffic or activity related to http://85.12.229.54:58816/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.229.54:58816/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:47963/i id: auto-b1edf2303257b8f87ecad4935db116b04cc3f613a810efaf4738cf91f9696455 status: experimental description: Detects traffic or activity related to http://110.36.29.208:47963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:47963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/arm4 id: auto-f8ef256cb9de1d125049d4fe3d7b19dec2e625835e5de38776e655a2ce74388b status: experimental description: Detects traffic or activity related to http://158.94.208.27/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.71.79:36275/i id: auto-b52705f36b903ecfa22d3b311af7a655bd444c7321a0ad3e5921e26562b548fa status: experimental description: Detects traffic or activity related to http://42.5.71.79:36275/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.71.79:36275/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/x86 id: auto-6e1fc92ffad1eac4fdeaec6cc7c9be880f0b89e9cac95b47249922fbbed5ecac status: experimental description: Detects traffic or activity related to http://158.94.208.27/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/arm7 id: auto-fefa6bbece420993877eefc92c318cc88a13b1d4c47414c8ac041cd7ac9375b3 status: experimental description: Detects traffic or activity related to http://158.94.208.27/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/ppc id: auto-81ad3fe52146b3d03aa9c6c317826afd044db0b84aa1877216c60373c150a2d4 status: experimental description: Detects traffic or activity related to http://158.94.208.27/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/pewpew.sh id: auto-a300f6216acac4cf4f8f2aaace7889ccfcb44ceec9d2b0daaa3eacb8da2936c4 status: experimental description: Detects traffic or activity related to http://158.94.208.27/pewpew.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/pewpew.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/mpsl id: auto-1efca000bb6cf786bb9617f96088be0ba0ce036294e426b27fd820f26af88808 status: experimental description: Detects traffic or activity related to http://158.94.208.27/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/arm5 id: auto-30cc083129eb44217f1341668dcc101f444e387a125189dc0c3f6281facb0bf5 status: experimental description: Detects traffic or activity related to http://158.94.208.27/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/arm6 id: auto-13989fbbb2905c1b3c831eccd822407f394eb2913d8f321caeb95cec9d1de33a status: experimental description: Detects traffic or activity related to http://158.94.208.27/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.248.178:49105/i id: auto-cd7fca50335243625f8344ad174df839fa0ec366a18409c78515338688b4e74b status: experimental description: Detects traffic or activity related to http://42.231.248.178:49105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.248.178:49105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.13.15:40423/i id: auto-adb18168f94e5296597463af5a61f7fdd9bdbb5c9d6a6d56e98b2a4a0abf45b8 status: experimental description: Detects traffic or activity related to http://123.129.13.15:40423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.13.15:40423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.72.94:41478/i id: auto-9f3a3edb487afc97a9a76daf5e3678b02ac88265d3d8fdf424d1b234a84060eb status: experimental description: Detects traffic or activity related to http://42.234.72.94:41478/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.72.94:41478/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.145.4:47713/i id: auto-1bb6b72c341d5a000c6d9737f536cdd5463fbf809a0e44d8eda28685e37e4249 status: experimental description: Detects traffic or activity related to http://42.54.145.4:47713/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.145.4:47713/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.148.165:53663/i id: auto-1d1e30244f8ac31cffb1e860e42f7c848e0b54d1c8a16991ea0759eee374e402 status: experimental description: Detects traffic or activity related to http://182.121.148.165:53663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.148.165:53663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.42:53580/i id: auto-23d34ca4b3a765313b433b9af5778893f888cfb66e2bfb5a478535f647ed8219 status: experimental description: Detects traffic or activity related to http://42.235.91.42:53580/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.42:53580/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.229.54:58816/bin.sh id: auto-9d605bb4a8a9e48ebab202dcecfcb622a82c3aba633ea634822341d7ad4019c1 status: experimental description: Detects traffic or activity related to http://85.12.229.54:58816/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.229.54:58816/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.71.79:36275/bin.sh id: auto-461f1b751302c40a14148d755aa1da45bd778eb54bcf30856d80798db2e887b1 status: experimental description: Detects traffic or activity related to http://42.5.71.79:36275/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.71.79:36275/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:52882/bin.sh id: auto-319525217548ff81c151156c853cab2a7f3039cc37f9bce7d6a6fde347e241ba status: experimental description: Detects traffic or activity related to http://110.37.110.217:52882/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:52882/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.144.192:54100/i id: auto-05565303f3186bcfb73978efb22c7f95494fe1ac28a852daf1513925a9ff3a81 status: experimental description: Detects traffic or activity related to http://42.235.144.192:54100/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.144.192:54100/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:47963/bin.sh id: auto-df7b70ab8fd36c46200d4fa6e35b83cbf0b9e8eca520b324dea8fed9f9c932eb status: experimental description: Detects traffic or activity related to http://110.36.29.208:47963/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:47963/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.248.178:49105/bin.sh id: auto-72a59f3b10984ca7a8ecaf8dc2a90f4caf21bd19a3188c2ab75392436a14ea15 status: experimental description: Detects traffic or activity related to http://42.231.248.178:49105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.248.178:49105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.13.15:40423/bin.sh id: auto-c61897f308f2a47bf7cd46bd06ea9e43ccf37fe13f1ec10fb39ef4e0a916dcf6 status: experimental description: Detects traffic or activity related to http://123.129.13.15:40423/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.13.15:40423/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/xmrig id: auto-565db46d5c3c0a941c03ac10468f096b1ed8aed1eca780f363508b9eda4ecaba status: experimental description: Detects traffic or activity related to http://91.92.241.10/xmrig which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/xmrig*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.72.94:41478/bin.sh id: auto-c9290624bd99851e77d23885487bca95b1ff73e6a214dd20dc36639e2f7480f8 status: experimental description: Detects traffic or activity related to http://42.234.72.94:41478/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.72.94:41478/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.145.4:47713/bin.sh id: auto-cfb888f327a796142ef03c41078932df0c5c0fba081dd088d0331b438ee83aea status: experimental description: Detects traffic or activity related to http://42.54.145.4:47713/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.145.4:47713/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.35.22:33370/i id: auto-63ccbebf9cb4ae4f0d6ff7087542672d664b58bfc3f98462d753d0c5d59a8171 status: experimental description: Detects traffic or activity related to http://222.139.35.22:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.35.22:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.95:46073/bin.sh id: auto-60832194735d0f567b1d9254f35a92c3e4518bd7c9a7635006420c5ee21e6568 status: experimental description: Detects traffic or activity related to http://58.255.46.95:46073/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.95:46073/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.156.183.72:50338/i id: auto-0acaa73f4037e19a3444e621e2a9a4ab8149e43a5a704b6e851044d05d071791 status: experimental description: Detects traffic or activity related to http://24.156.183.72:50338/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.156.183.72:50338/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.37.45:36181/i id: auto-4b7b86939414094ef9b5c6add28c77ed012d1067b67ded15931f581a08868c34 status: experimental description: Detects traffic or activity related to http://61.52.37.45:36181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.37.45:36181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.110.171:45481/i id: auto-d280ae5685cf0ed3ea5dd9c2caf11adec0a04b3b04f401b41f8c9f935e60d8fa status: experimental description: Detects traffic or activity related to http://112.237.110.171:45481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.110.171:45481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.19.69:47441/i id: auto-b6f1304000c934a4cde4a577542868d6a9b27e1d833129e731ed8dc45da6d608 status: experimental description: Detects traffic or activity related to http://182.124.19.69:47441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.19.69:47441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://inforash.com/auth/logout-controller.js id: auto-6ce9adc3c81788da599ccf1a9b683fa235b9ec6a9c4338e309e24a592b4a7a74 status: experimental description: Detects traffic or activity related to https://inforash.com/auth/logout-controller.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://inforash.com/auth/logout-controller.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://inforash.com/auth/logout-service.js id: auto-cd83d990192161d154b99bf79b25cd4222b8611dd41ce48793987b9b374301d5 status: experimental description: Detects traffic or activity related to https://inforash.com/auth/logout-service.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://inforash.com/auth/logout-service.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://yepork.com/auth/logout-controller.js id: auto-23f5cfd34b0ad034ac98353397bdd2cff38b1dbd6b3e48488a55fb2aeaa9da21 status: experimental description: Detects traffic or activity related to https://yepork.com/auth/logout-controller.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://yepork.com/auth/logout-controller.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://portwinejoke.icu/menu.js id: auto-ed35d62e50203f8e16a1950ab1adbb263f5ee5e1f21e2387969ff9e199eeb360 status: experimental description: Detects traffic or activity related to https://portwinejoke.icu/menu.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://portwinejoke.icu/menu.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://98.142.251.115/cache id: auto-9430e165c03a7a123df062c500452dd7b7863a7f54360c6c83bc0c10be31f243 status: experimental description: Detects traffic or activity related to http://98.142.251.115/cache which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://98.142.251.115/cache*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/wf45-s5g42-sv78-tyj95/da73 id: auto-d465c9e18e81a2d99a3a70dd76ba286a9cc2e818f998bd4db825fa6d2960cb87 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/wf45-s5g42-sv78-tyj95/da73 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/wf45-s5g42-sv78-tyj95/da73*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.148.165:53663/bin.sh id: auto-46f9bbbfe66e18dc6b1b9a16367aefdb2dd8f077a2414a04f96fdd5a36a9622c status: experimental description: Detects traffic or activity related to http://182.121.148.165:53663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.148.165:53663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:60642/i id: auto-fefbc25b2f07f8651871cb27bb59297123b661fcf0064e18bfe4558212191a13 status: experimental description: Detects traffic or activity related to http://110.37.78.200:60642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:60642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.141.215:60134/i id: auto-b1c0302bc798bec311a27c982ffb3a5934d2fc61d6ab926e9f4ee77e5c1119ab status: experimental description: Detects traffic or activity related to http://125.41.141.215:60134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.141.215:60134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.144.192:54100/bin.sh id: auto-ca2005634fc0a8db8cdc5425ee31c61c5d6d3ea1e0823298c8aee48413cf2604 status: experimental description: Detects traffic or activity related to http://42.235.144.192:54100/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.144.192:54100/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.96.227:37472/i id: auto-6ec071dd90af4fb153b8ff543921448165da4838b090cc3979e72c9768f85c79 status: experimental description: Detects traffic or activity related to http://123.14.96.227:37472/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.96.227:37472/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.70.48:59972/i id: auto-ee74e31d1cf4381f8588d54ab16383263acd8ed55d8731f7cffa38ca6b3b0d8b status: experimental description: Detects traffic or activity related to http://115.50.70.48:59972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.70.48:59972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/mothballgravity id: auto-36ba8845c1a115ad87796922ea36290db1da8008e7c7e6a5ce834ac0e945f1be status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/mothballgravity which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/mothballgravity*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.230.124:57084/i id: auto-cc3327473e0a37f12cfb5be5246592716a569fd845ede6e4159d40b0355f8c27 status: experimental description: Detects traffic or activity related to http://175.146.230.124:57084/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.230.124:57084/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/arguablybagged id: auto-a026bd0a0c3df3d40d2d0a970c36f638ddf8fe5fcecc334e863187df90f54cb3 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/arguablybagged which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/arguablybagged*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.35.22:33370/bin.sh id: auto-a5765314bf8e21669d5609791c169cf6622bb60fd7cfb78d88136a6e32062644 status: experimental description: Detects traffic or activity related to http://222.139.35.22:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.35.22:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.25.225:37809/bin.sh id: auto-5dbdc646b296fe050575c38ab848b970cd16f761607cd615d0a391a0535c96f7 status: experimental description: Detects traffic or activity related to http://222.137.25.225:37809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.25.225:37809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.230.124:57084/bin.sh id: auto-22b26ce2ca2360be2e1eeb4d7e9a16d139dedab5d6bb5748125db25a064ef61e status: experimental description: Detects traffic or activity related to http://175.146.230.124:57084/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.230.124:57084/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.156.143.62:53440/i id: auto-b02343e98573c7cf68fb523095ed7efb559b8656c30276bd36bec27e31f78985 status: experimental description: Detects traffic or activity related to http://122.156.143.62:53440/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.156.143.62:53440/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/mpsl id: auto-5d1369e4e23f7b6352de28af57a92831d16cbde98d12b0a3b375c4cdf3ad2a92 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/arm5 id: auto-8c02f39033da594100966c29db80e6083a566d187e43f483891d3e317bb4acae status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/arm6 id: auto-882f14266106a07eb79f90fe9e4e85e1b79f6890a3019f98ead3f92b430e5893 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.193.214:42663/bin.sh id: auto-74e53f8c57bdd3be986ffcdb41fd5ae94f578176a57d9a5d173f7019f50f444f status: experimental description: Detects traffic or activity related to http://115.55.193.214:42663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.193.214:42663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.42:53580/bin.sh id: auto-6fc32469a8adfd1b635fa9c5c12d7a211033f001e55dabb655c33a98983b8ef1 status: experimental description: Detects traffic or activity related to http://42.235.91.42:53580/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.42:53580/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.170.244:43782/i id: auto-2e08bd34cf02d28506f4cdca1178788ff74a944f81d670793018ceb1cb9c1e5a status: experimental description: Detects traffic or activity related to http://123.5.170.244:43782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.170.244:43782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/80disperser id: auto-038d8c2bf113e9516173149baecd323676ad2f5c671767adc5faa617f6385553 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/80disperser which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/steadying-gas-existing-seltzer/80disperser*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/fragment123 id: auto-1338cd8b342951e1ac8107ad12b8134f9e999b96ce9704667434baac56020440 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/fragment123 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/fragment123*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.170.244:43782/bin.sh id: auto-ad251c5e2f37cd51575ea8ff2ded0fbd5379aa16428203b92849989c9b013e4c status: experimental description: Detects traffic or activity related to http://123.5.170.244:43782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.170.244:43782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.57.20:43011/i id: auto-acd7b7f187688824ae884b770133c4c53733fe29ef28a21b6ed2e6d0d09f5f9b status: experimental description: Detects traffic or activity related to http://182.119.57.20:43011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.57.20:43011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.173.130:33626/bin.sh id: auto-1ad95123d0701e0bc86676763dc5428f88079c75e9cb25291880eb2f3d02eb6e status: experimental description: Detects traffic or activity related to http://119.117.173.130:33626/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.173.130:33626/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.41.197:51094/bin.sh id: auto-48b9c9777340cc032bb04dd73231c671f9c698ff41e65c27e046dfa908388aa1 status: experimental description: Detects traffic or activity related to http://182.113.41.197:51094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.41.197:51094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.185.111:49835/i id: auto-aa89f1ddb33ae6dea6a045786cf58a4832f0f738b231c1b6214f6217b43174bb status: experimental description: Detects traffic or activity related to http://27.207.185.111:49835/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.185.111:49835/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.109.164:56967/bin.sh id: auto-abb1e4b65b23d62089f96e9423d9636079b13322c8fdccf9357495af8de483d5 status: experimental description: Detects traffic or activity related to http://116.138.109.164:56967/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.109.164:56967/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.91.224:49481/i id: auto-783577353d9a1c27dfc02e68a813761b30159f5f38c931de2a23c19928e040ca status: experimental description: Detects traffic or activity related to http://61.53.91.224:49481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.91.224:49481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc id: auto-d1608d8b19b2d0b0ef98cab811b6c0b790e3e07c710957e08c736c591b4bd3bf status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5 id: auto-a99172f193bdcc13cf472bc5c7ec0c255bd2e1783abb21d1c6f8334fc19795c1 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc id: auto-eee0c6c39e088f2dd3c23cbab2d1d44b869a55f1dc3abd912f415b9cb9143676 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686 id: auto-e1eb48ea27e43aabe40c04875302cb0cd31951e538fb71582eb66865680f79ea status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k id: auto-a34b8cc2d94949a6b7fd3f87501c2be11715cbbecc668cf368ff5078d040eaf0 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/arm id: auto-4afe60723b40bb024110b3cd863d0fb6b8cc477a5678012f8b5384382791d561 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/x86_64 id: auto-d1013b419c3ed9d6718983f8d7ceeb441f3d2a39b3aabb191a08276818de64be status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/spc id: auto-79043767034f3c636a39756bca274a8d1b0bffd2bda916b0c826926aa44d4dfb status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.185.111:49835/bin.sh id: auto-1cedfd94c802ec641baea01815911d9b0dce62d848d7a6119c9f4600940ffabf status: experimental description: Detects traffic or activity related to http://27.207.185.111:49835/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.185.111:49835/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.105.0.49:33321/i id: auto-d3e463cda42642f7fc03c2013234215a765d647c49770b2d5b5517a99aeec4b8 status: experimental description: Detects traffic or activity related to http://95.105.0.49:33321/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.105.0.49:33321/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.42.161:59872/i id: auto-e51f2ff88ffae705f24ae254d406ca6ba57b7d07efcf6eb2a1f408a68309cb42 status: experimental description: Detects traffic or activity related to http://42.231.42.161:59872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.42.161:59872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/wow.sh id: auto-2d41d8448380a9b1d35be7c4278d214042eaee4706ad9325193291207b65d574 status: experimental description: Detects traffic or activity related to http://91.92.241.10/wow.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/wow.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.105.0.49:33321/bin.sh id: auto-ec0654ede7599d8677cf16a3250b130b6af110465d190d0ccad8a6bc367cd4fa status: experimental description: Detects traffic or activity related to http://95.105.0.49:33321/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.105.0.49:33321/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/dreamt-undrafted id: auto-9d356a950a35ffe235dab436e103685e54123af5fcbc133c24fe1c0187acb40b status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/dreamt-undrafted which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/dreamt-undrafted*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/dork-pension id: auto-0c8a5701fb2fe5cff6b0d8cb39ece18b2255e97f0ffba427438e291987ba4934 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/dork-pension which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/2b-rvy-6o-fv-ho/dork-pension*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.218.187:35370/bin.sh id: auto-92dd105461a471017a4374a79b058fee236d4fb29749f649c4e26fb0eabaccf7 status: experimental description: Detects traffic or activity related to http://221.13.218.187:35370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.218.187:35370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.106.114:60110/bin.sh id: auto-879e3cfb49ab966e3854d151a0ea133d53c0b2a48f59362d7327dc60c85433a4 status: experimental description: Detects traffic or activity related to http://60.18.106.114:60110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.106.114:60110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.42.161:59872/bin.sh id: auto-0b50589eb67cb030ef840640404557033259ef82a89a99458ab7a74b423e8ec9 status: experimental description: Detects traffic or activity related to http://42.231.42.161:59872/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.42.161:59872/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.173.130:33626/i id: auto-b653c0e9d15ef61513e525e443e4c61c9dc08f9ad6cdfb1b5b1e528ba95a4dba status: experimental description: Detects traffic or activity related to http://119.117.173.130:33626/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.173.130:33626/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.118.187:39679/i id: auto-699c77ebeba7ea0fa907572ba560583cde51a1adf9f16e4c438230bccc18e2e9 status: experimental description: Detects traffic or activity related to http://42.86.118.187:39679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.118.187:39679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/identity-broker454-cloud6546/dexvphujrsh id: auto-a656ab9334f330ac97e4f5ae05531df651ea773323bb2f4c864cdf9df8bcd5de status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/identity-broker454-cloud6546/dexvphujrsh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/identity-broker454-cloud6546/dexvphujrsh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.206.49:39997/bin.sh id: auto-152909ebbf57ab2658ae21ab516519a8976cd33cf2fd512b8ac3463040b0c2d3 status: experimental description: Detects traffic or activity related to http://42.56.206.49:39997/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.206.49:39997/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.87.67:59667/bin.sh id: auto-205b7dc1df6d7d3ec75b3813d02299bb2f15f2b8ba1cec5ceb93c6bd171d92c3 status: experimental description: Detects traffic or activity related to http://27.215.87.67:59667/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.87.67:59667/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.206.207:55553/i id: auto-761f1bea5de256c0be6a1924431f1d3ff702fae56fd064536f679d0699747044 status: experimental description: Detects traffic or activity related to http://123.4.206.207:55553/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.206.207:55553/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.246.119:40819/i id: auto-ec92dad90a44ac11afc7da82afbff808f225a508b0a5f19c6e39c2488cda73d7 status: experimental description: Detects traffic or activity related to http://42.228.246.119:40819/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.246.119:40819/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/identity-broker454-cloud6546/graftingawkward id: auto-ade21d032f8792cedb794c78e861b095b2110ac2fdccd88d89570b1a4d5637b2 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/identity-broker454-cloud6546/graftingawkward which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/identity-broker454-cloud6546/graftingawkward*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.154.252:39895/i id: auto-b1627e9e2fabf16299390c317d6c8db8f79c1a457a0ffe707d1ddba341b8ee6d status: experimental description: Detects traffic or activity related to http://115.48.154.252:39895/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.154.252:39895/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.249.180:45034/i id: auto-19d45893241f76d07bce99b8bbab8739336d0e585788360d1bd077e0abf05a8b status: experimental description: Detects traffic or activity related to http://115.55.249.180:45034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.249.180:45034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.91.227:57359/i id: auto-ee882d3a2fbfba4986be39d3f19df75ea4281e48dd9278a8ab4149a7e42cd53e status: experimental description: Detects traffic or activity related to http://42.59.91.227:57359/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.91.227:57359/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.193.63.208:43389/i id: auto-5d88b477404d9a4fe545d64eec225bb52bb7388a56dc0364ac0f91895a355ead status: experimental description: Detects traffic or activity related to http://104.193.63.208:43389/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.193.63.208:43389/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.25:40746/bin.sh id: auto-aee025bfadc69c7900d22b2782f63216368d10dce72bc64e52f4655d6ac2600d status: experimental description: Detects traffic or activity related to http://125.41.6.25:40746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.25:40746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.93.141.98:9999/02.08.2022.exe id: auto-36168a006e3638a89a40c044ebdf9239fd14d3dd1a57e436ecb5eb1cb3946455 status: experimental description: Detects traffic or activity related to http://47.93.141.98:9999/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.93.141.98:9999/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://48.209.24.173:443/02.08.2022.exe id: auto-744dde5b203f1ced2c4444168cea55bb0c3b2b5ba21bf5665f337d1f5fed3e96 status: experimental description: Detects traffic or activity related to http://48.209.24.173:443/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://48.209.24.173:443/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.148.203.82:20000/02.08.2022.exe id: auto-b03ba7abe4b8c0a917c7b6b86672bb0063ebd7327cafc736359fedebabe0b2f6 status: experimental description: Detects traffic or activity related to http://38.148.203.82:20000/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.148.203.82:20000/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.93.141.98:8888/02.08.2022.exe id: auto-82287e592204c64fb6f9350659df4028d32e6b550fce32145ce9ce923087af61 status: experimental description: Detects traffic or activity related to http://47.93.141.98:8888/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.93.141.98:8888/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.92.243.40/02.08.2022.exe id: auto-f94a08ac0c09d7d73f9191eb8d832a5ef8dfd84ba6283829d88d78dfb75cc4de status: experimental description: Detects traffic or activity related to http://111.92.243.40/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.92.243.40/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.129.17.69:17427/i id: auto-5a7a2c37117fd779072dc87fee37717460a832be60be901ccbc9b14525f23ccb status: experimental description: Detects traffic or activity related to http://177.129.17.69:17427/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.129.17.69:17427/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.46.17.62:54035/i id: auto-cd1276cc17ddf805629acfde35a22029c4f138bb71495c477526783f62517187 status: experimental description: Detects traffic or activity related to http://185.46.17.62:54035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.46.17.62:54035/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.200.12.173:8080/sshd id: auto-00db5851b4e7ef94fa9a5e68850e8af978f72ed5ee02e0b836d333f5d4df3676 status: experimental description: Detects traffic or activity related to http://181.200.12.173:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.200.12.173:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.185.212.67/sshd id: auto-ad997aa46f81bbcaac2248544cf17af02c53a723c62bff715aeb4e35134fface status: experimental description: Detects traffic or activity related to http://14.185.212.67/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.185.212.67/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.137.98/sshd id: auto-4aa37b8a1cd3ad721aff668f809208ef6ede99321b9b61f25df6a9755ab7ac01 status: experimental description: Detects traffic or activity related to http://91.80.137.98/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.137.98/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.249.180:45034/bin.sh id: auto-9b09f8fd80e91c8ffb81098824ffff0430fe0c1b22843bfde43723f840471977 status: experimental description: Detects traffic or activity related to http://115.55.249.180:45034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.249.180:45034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.154.252:39895/bin.sh id: auto-05c009d3fe50768c78d0b1737e1c3793b64a028ef84b5955afbc58a7ff344a06 status: experimental description: Detects traffic or activity related to http://115.48.154.252:39895/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.154.252:39895/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.193.63.208:43389/bin.sh id: auto-1572bc6247758311b63f6b863a219e25367092efe2ffed3e3e416cba3b771e40 status: experimental description: Detects traffic or activity related to http://104.193.63.208:43389/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.193.63.208:43389/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.163.184.136:60314/i id: auto-738b6aecfa98c9cf641d875c7fe20ee14ea728f6dee3d833785d655bc176b8e7 status: experimental description: Detects traffic or activity related to http://46.163.184.136:60314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.163.184.136:60314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.91.227:57359/bin.sh id: auto-e9a80ae39e2627e391d755d930cb9d768ace7d2dede4612f463ee1411572f477 status: experimental description: Detects traffic or activity related to http://42.59.91.227:57359/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.91.227:57359/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.193.214:42663/i id: auto-c416b1cee31623b2a0fc668ce43918f3806b99bc7ccb5d279f7e87e4639f7793 status: experimental description: Detects traffic or activity related to http://115.55.193.214:42663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.193.214:42663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.163.184.136:60314/bin.sh id: auto-c2f4422a251ca7ea01f1aec50874893d372c8603079635786297c6a520b35e26 status: experimental description: Detects traffic or activity related to http://46.163.184.136:60314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.163.184.136:60314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/6u3h4d.ps1 id: auto-751721517664d2c2e443c4273a5c96c19e1f3a7508dc9599a9f5a0160fa87e82 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/6u3h4d.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/6u3h4d.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/unoaku.txt id: auto-ea27dfe16fb0a16e351779554eba7ba77df5a143d2df97bbc8791cc5d414e019 status: experimental description: Detects traffic or activity related to https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/unoaku.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/unoaku.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.83.147:46171/i id: auto-416e6fe6c964b1172dfce0f3410e2093d126711d7cc56680fd04c008e746f662 status: experimental description: Detects traffic or activity related to http://124.92.83.147:46171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.83.147:46171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.195.233:55377/i id: auto-3617dc781baa034ed22f585fc719b8fe9b16ecb0802221878f981123a5c2cadb status: experimental description: Detects traffic or activity related to http://42.56.195.233:55377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.195.233:55377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/475event-bu7s-sync74-prx5-eu2/splicing id: auto-e3a8290a645b8202670f77eb33a2dfa4f8bd443b7f787ddeedfe9561db725a61 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/475event-bu7s-sync74-prx5-eu2/splicing which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/475event-bu7s-sync74-prx5-eu2/splicing*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.195.233:55377/bin.sh id: auto-081ec68f90d0473569d163213e44ffa18640dcaf97ed4ac373df530ff7a16460 status: experimental description: Detects traffic or activity related to http://42.56.195.233:55377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.195.233:55377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/config.txt id: auto-8de7315d4bcdef29c00d93e197e919aa0c6a0b96451e81548ef1af2c84215759 status: experimental description: Detects traffic or activity related to http://193.24.123.232/config.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/config.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/win32_backup.vbs id: auto-03c5a1d9ba1064f7ff39176bdde90acfce3f981ce87826c0c52b2a48d55bf58d status: experimental description: Detects traffic or activity related to http://193.24.123.232/win32_backup.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/win32_backup.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.83.147:46171/bin.sh id: auto-544fe1732f8db629723f5ddb0426a3aaa62a9bc2caa727bdaecc95bcf1f44c3c status: experimental description: Detects traffic or activity related to http://124.92.83.147:46171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.83.147:46171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.104/Setup.exe id: auto-91e8d5893bdf29149e728ee62cf5399703c27eb0c09697cf03c77043ecbd7e0e status: experimental description: Detects traffic or activity related to http://196.251.107.104/Setup.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.104/Setup.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.156.143:51441/i id: auto-87881d70813056d7c5e41e876d9e282b4784896231fc771c7dac2e9909cef4c1 status: experimental description: Detects traffic or activity related to http://175.146.156.143:51441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.156.143:51441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.182.91:33068/i id: auto-6871dbfae6b66c7db5b670bf97c4fb847e9b6377fefab6b417fb95e4a286bfd0 status: experimental description: Detects traffic or activity related to http://182.119.182.91:33068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.182.91:33068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.185.200:49647/i id: auto-91bcb04328d8e1cda3f8f02de99e877139cabc78d6aadb28ba6effdd92fc2347 status: experimental description: Detects traffic or activity related to http://42.235.185.200:49647/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.185.200:49647/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.243.213:56366/i id: auto-357d08d8d76a50b0b2aebfb7fc2f90f2fe4d1ee2bd957826cb5d797d0734aa78 status: experimental description: Detects traffic or activity related to http://115.49.243.213:56366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.243.213:56366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.147.184:40827/i id: auto-db4ee5df9d02636a63d25c04ae9b8032ee6a16870c511eea228e5d969389e39d status: experimental description: Detects traffic or activity related to http://115.50.147.184:40827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.147.184:40827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.112.179:46698/i id: auto-32ea6a130dd2e55c50097717ebf6807dcfe1e954d035deb032a3df3f83f909e9 status: experimental description: Detects traffic or activity related to http://175.165.112.179:46698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.112.179:46698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.28.107:55413/i id: auto-3266521445dd788d9bb57d1fee746945e42a7fc7889245b8df75d3837c3ac405 status: experimental description: Detects traffic or activity related to http://115.52.28.107:55413/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.28.107:55413/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:52882/i id: auto-50cf12922e4cec35599883968285a50de351e7e4effcaf7052b9609c5cbfcec6 status: experimental description: Detects traffic or activity related to http://110.37.110.217:52882/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:52882/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.119.189.209:19708/bin.sh id: auto-99571d0be38bbfda28945807d80d672b003710513b216e142603271df9d79164 status: experimental description: Detects traffic or activity related to http://171.119.189.209:19708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.119.189.209:19708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.92.109:58096/i id: auto-8d91bdc60eee651a9fd0c69a2d1288602fa2a9bbe8153a0a78c332472951a7d0 status: experimental description: Detects traffic or activity related to http://115.50.92.109:58096/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.92.109:58096/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.250.17.119:50515/i id: auto-10df93999124e4aa82f312bb64c92847d7631e07f526507ea384f6f92a9f2b06 status: experimental description: Detects traffic or activity related to http://162.250.17.119:50515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.250.17.119:50515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.39.196:57701/i id: auto-e88cb9837b01c4d591eec34b29a636eb9777150f5d3f6f2b3f58e7b0f4739822 status: experimental description: Detects traffic or activity related to http://42.230.39.196:57701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.39.196:57701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.87.67:59667/i id: auto-44a8170731de88002ed81054d5f268c56358de62f41ed9d731ec4aedd2f71e55 status: experimental description: Detects traffic or activity related to http://27.215.87.67:59667/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.87.67:59667/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.3.136:50861/i id: auto-68876591e4226ed6193417f669a3d12433444e2d18bc28d0d6dd58a9677154d2 status: experimental description: Detects traffic or activity related to http://61.52.3.136:50861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.3.136:50861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/DOGGYBAGGY/31cisusko/raw/refs/heads/main/Chrome.apk id: auto-eb98d96588402bedfc6819400237696a868ab3997f75e2b9fd07f8d771a693ac status: experimental description: Detects traffic or activity related to https://github.com/DOGGYBAGGY/31cisusko/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/DOGGYBAGGY/31cisusko/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inattvturkiye/inatbox5/raw/refs/heads/main/inat%20box%20pro.apk id: auto-09e401a2ebf5d4d02757cd51315060eb2c562d2dac1973bcccb824a98a1f7492 status: experimental description: Detects traffic or activity related to https://github.com/inattvturkiye/inatbox5/raw/refs/heads/main/inat%20box%20pro.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inattvturkiye/inatbox5/raw/refs/heads/main/inat%20box%20pro.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inattvturkiye/inatbox/raw/refs/heads/main/%C4%B0nat%20Box%20TR.apk id: auto-957a622e7f73d2a68a5945594f8e314755790a429860018dc48464903b76a8cd status: experimental description: Detects traffic or activity related to https://github.com/inattvturkiye/inatbox/raw/refs/heads/main/%C4%B0nat%20Box%20TR.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inattvturkiye/inatbox/raw/refs/heads/main/%C4%B0nat%20Box%20TR.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inattvturkiye/inatbox2/raw/refs/heads/main/inat%20box.apk id: auto-f62e5c2d63f8fc63bcda1f5146e27a760e1678b9616a9fa689fcb19dbe2529ed status: experimental description: Detects traffic or activity related to https://github.com/inattvturkiye/inatbox2/raw/refs/heads/main/inat%20box.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inattvturkiye/inatbox2/raw/refs/heads/main/inat%20box.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fuzzy-pickle.cc/ id: auto-d04ef722bd72c3f502a6b73ae550f82907de352498ee1a811f92034d1f249fe6 status: experimental description: Detects traffic or activity related to https://fuzzy-pickle.cc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fuzzy-pickle.cc/*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/ahmetkaracan227362/GoogleChrome1 id: auto-1c3408316adff3000001fdb2c54cf01f526a298696b5c2a874473fe7084caf98 status: experimental description: Detects traffic or activity related to https://github.com/ahmetkaracan227362/GoogleChrome1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/ahmetkaracan227362/GoogleChrome1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inatbox-tr/inatboxtr/raw/refs/heads/main/%C4%B0nat%20BOX.apk id: auto-10446d9fce15265c1f39426441f908bc129797ac15ceceaca06b93b210b386e4 status: experimental description: Detects traffic or activity related to https://github.com/inatbox-tr/inatboxtr/raw/refs/heads/main/%C4%B0nat%20BOX.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inatbox-tr/inatboxtr/raw/refs/heads/main/%C4%B0nat%20BOX.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/misterchinkachuk/downloadsai/raw/refs/heads/main/Chrome.apk id: auto-2e34f4f9a397e098286238bc7a8b1ef2b209326dad67999c4c4a063c450748b1 status: experimental description: Detects traffic or activity related to https://github.com/misterchinkachuk/downloadsai/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/misterchinkachuk/downloadsai/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/misterchinkachuk/downloadsai/raw/refs/heads/main/Setup.exe id: auto-5d9d809ff5dc4f3e2ab2bfd7b4ba5551ae88559de0af91099b99857fa98e7d17 status: experimental description: Detects traffic or activity related to https://github.com/misterchinkachuk/downloadsai/raw/refs/heads/main/Setup.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/misterchinkachuk/downloadsai/raw/refs/heads/main/Setup.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/savucufurkan30-art/dsschroo/raw/refs/heads/main/Chrome.apk id: auto-8710d73a73776a62c86951d47800802c8fb7cd930f7e2abd8836a6c8150c0d97 status: experimental description: Detects traffic or activity related to https://github.com/savucufurkan30-art/dsschroo/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/savucufurkan30-art/dsschroo/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.46.95:46073/i id: auto-d160ca981b01466590c717d4882f994d84db35744466fc3148e298881c1fd32d status: experimental description: Detects traffic or activity related to http://58.255.46.95:46073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.46.95:46073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.92.154.210:31395/.i id: auto-0ba9d99bef3481e8bb100bbcb1ad619116fb65ae93624f9a69b70c3f7367263c status: experimental description: Detects traffic or activity related to http://36.92.154.210:31395/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.92.154.210:31395/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.246.107:36864/i id: auto-476d2b42b24b2f5607fb9783464b5f86b2836474b489b07caa95a63364aaea85 status: experimental description: Detects traffic or activity related to http://115.55.246.107:36864/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.246.107:36864/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/n71-stat46-mngr9871-cache0/disagree id: auto-1dd84759fdf98f7ebbd1de8bdb703ed353a62c2e396259022efa0bc153a2215d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/n71-stat46-mngr9871-cache0/disagree which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/n71-stat46-mngr9871-cache0/disagree*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.239:58094/i id: auto-0f81c04585620e665a786f4f70155834584a17daf3f1b32ccc863ce417d8e943 status: experimental description: Detects traffic or activity related to http://60.23.239.239:58094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.239:58094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.117.205:49445/i id: auto-321521a3767d15d26046f673ba272c3b8bd3446f338631ffa0142b04c89c483f status: experimental description: Detects traffic or activity related to http://115.52.117.205:49445/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.117.205:49445/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.108.57:34124/bin.sh id: auto-77dd69062f319c43a645ed8ec4feaca06be37352749d98b98063a61d22fa228c status: experimental description: Detects traffic or activity related to http://61.3.108.57:34124/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.108.57:34124/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/n4-g567-d8-af7/tootl id: auto-e694e9375d742b98de816428bbb770dc0f1ab195b1f3a41f476d624ba3f21efe status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/n4-g567-d8-af7/tootl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/n4-g567-d8-af7/tootl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.93.203.79:57609/bin.sh id: auto-4b2dcac8da820f5b8eac3af75918d911156b56c27fc701972bc0be84d8e8b266 status: experimental description: Detects traffic or activity related to http://112.93.203.79:57609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.93.203.79:57609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.168.117:40818/i id: auto-a54672ee9d532ef434abb9ce78c5f7c0a6befc6b6f4813257226e8fc0b5ba706 status: experimental description: Detects traffic or activity related to http://42.235.168.117:40818/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.168.117:40818/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.117.205:49445/bin.sh id: auto-659d0e2332d73f9a9ef88fc4e3cd7b1915f625f03b7466abeb644f1196db3f69 status: experimental description: Detects traffic or activity related to http://115.52.117.205:49445/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.117.205:49445/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.246.107:36864/bin.sh id: auto-cd9f545828c642c89e1a4a334a6f819d5b1189b61c75effca0a6649dd970b0f9 status: experimental description: Detects traffic or activity related to http://115.55.246.107:36864/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.246.107:36864/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.211.101:47567/i id: auto-f36a0e094e8fe25732ed8c9213de28fa8ec21f79806488214b5c3fcf2c1e2be2 status: experimental description: Detects traffic or activity related to http://59.184.211.101:47567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.211.101:47567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.158.19:44403/i id: auto-df3e837dfb2c94fdf90878063c223ccebcdca556eb858aba31c5653f1090e3b5 status: experimental description: Detects traffic or activity related to http://123.5.158.19:44403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.158.19:44403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.8.18:35305/i id: auto-f6585ec36a3b5c76d403f431bed0bca2fc60749ad633a3300a00687cc0c96a3e status: experimental description: Detects traffic or activity related to http://221.15.8.18:35305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.8.18:35305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.168.117:40818/bin.sh id: auto-ca3e5ab550ef1802990c76b8c5b945909be152b99338637d9395c78c85c019ba status: experimental description: Detects traffic or activity related to http://42.235.168.117:40818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.168.117:40818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/folders-tree/copy id: auto-83d175c5e5948c8a7f9efe869813f959c20d62dbb8d5ca361d52eb34bbc39062 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/folders-tree/copy which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/folders-tree/copy*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.8.18:35305/bin.sh id: auto-d4e7288229ece2fd429d4643fb08491a15e6b378863edc8c4ee2eda431ebdb0a status: experimental description: Detects traffic or activity related to http://221.15.8.18:35305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.8.18:35305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.56.193:53156/i id: auto-4cc86be9a065ab60fe5d356b78b0dd3457a763b7393abb3068729d91de4193f4 status: experimental description: Detects traffic or activity related to http://219.157.56.193:53156/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.56.193:53156/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.104/Polarised_97.74.8_INSTALL.exe id: auto-11af63a716a4b9b1746669eea6cfd366c574c0e4839cf3cac4139aaba2ed84e9 status: experimental description: Detects traffic or activity related to http://196.251.107.104/Polarised_97.74.8_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.104/Polarised_97.74.8_INSTALL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.97.113.40:53687/i id: auto-8ac08ffcca4c2447db545fe8e1b11c6a5628fcaebe582bd13960d7dcd8ac1a03 status: experimental description: Detects traffic or activity related to http://185.97.113.40:53687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.97.113.40:53687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.187.165:43536/bin.sh id: auto-087eae7141e3ed0c61f01e7ee297058402bab064648ab46891fbb9a8ae1b290d status: experimental description: Detects traffic or activity related to http://42.227.187.165:43536/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.187.165:43536/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.139.145:57678/i id: auto-f850dee815794c9e7e3a2859d5b679e452d403100878944426d118eca1fcaa03 status: experimental description: Detects traffic or activity related to http://37.52.139.145:57678/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.139.145:57678/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromew/Chrome/raw/refs/heads/main/thezonestream.apk id: auto-ed3b2e1b213448f08fbcbe9e46c10ad9f9a8ea7d3153727c6253f4c75691e296 status: experimental description: Detects traffic or activity related to https://github.com/Chromew/Chrome/raw/refs/heads/main/thezonestream.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromew/Chrome/raw/refs/heads/main/thezonestream.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://indian-lotus.cc/ id: auto-7842a16fb52385b98ec5498a099f29298d87e6a3a3dc93e89e0fafb4bd5a3884 status: experimental description: Detects traffic or activity related to https://indian-lotus.cc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://indian-lotus.cc/*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.97.113.40:53687/bin.sh id: auto-c3d3bec3248f3452c12099b4f3b3f4da59c64ebd0b4ac1283545f9b043f84917 status: experimental description: Detects traffic or activity related to http://185.97.113.40:53687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.97.113.40:53687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/maykomayk2554-gif/mayko/blob/main/Foto.apk id: auto-a248c2c047d772f0146e6a6992155ca9daf8ba820d300984903ab86cfc2a0025 status: experimental description: Detects traffic or activity related to https://github.com/maykomayk2554-gif/mayko/blob/main/Foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/maykomayk2554-gif/mayko/blob/main/Foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromew/Chromeupdate/commit/0f3dde62579dda4df8f41b93cf42a6c3101289aa#diff-8cfcde8a9c2333c68af5ef4336696e546b2c1e2126c3e72fe6de27b83b0fc2e3 id: auto-bad1fae1914920ac9df907beec54d93a51d7ee1d399250283b1f4c01ccd1ec24 status: experimental description: Detects traffic or activity related to https://github.com/Chromew/Chromeupdate/commit/0f3dde62579dda4df8f41b93cf42a6c3101289aa#diff-8cfcde8a9c2333c68af5ef4336696e546b2c1e2126c3e72fe6de27b83b0fc2e3 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromew/Chromeupdate/commit/0f3dde62579dda4df8f41b93cf42a6c3101289aa#diff-8cfcde8a9c2333c68af5ef4336696e546b2c1e2126c3e72fe6de27b83b0fc2e3*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/a-r.m-4.SNOOPY id: auto-de20c94c1c9ed0bca9a18b20b9c5df172332dabbd7885715fbe1ecca168f091d status: experimental description: Detects traffic or activity related to http://50.21.181.195/a-r.m-4.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/a-r.m-4.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/m-6.8-k.SNOOPY id: auto-017e10dd24cdc330bf44bc6fa9ce140ad53313df9bbe9efd6407cbd37ab42568 status: experimental description: Detects traffic or activity related to http://50.21.181.195/m-6.8-k.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/m-6.8-k.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/p-p.c-.SNOOPY id: auto-2460df663da2190bbdf74a94d2d1bac27519c561cf569579750b935ff74e40d0 status: experimental description: Detects traffic or activity related to http://50.21.181.195/p-p.c-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/p-p.c-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/i-5.8-6.SNOOPY id: auto-1974ce9394d7fe4d785d202dd8cf003e6a4a9d560bd900dad8ea8358794c769b status: experimental description: Detects traffic or activity related to http://50.21.181.195/i-5.8-6.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/i-5.8-6.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/s-h.4-.SNOOPY id: auto-44cc779ed650a0963bad8d9b265e2f81a8c30c36cc92cb4301d42cf0ddec5998 status: experimental description: Detects traffic or activity related to http://50.21.181.195/s-h.4-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/s-h.4-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/x-3.2-.SNOOPY id: auto-e6d0464edcf484a35d9126ce3a35520e523f98988887c7a7b3bdc26541d6c0c1 status: experimental description: Detects traffic or activity related to http://50.21.181.195/x-3.2-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/x-3.2-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/a-r.m-7.SNOOPY id: auto-3705c4ce0ffdd76f358f1196b0faf2e5afc9e9fe0eecdb72318992951cdc1345 status: experimental description: Detects traffic or activity related to http://50.21.181.195/a-r.m-7.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/a-r.m-7.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/m-i.p-s.SNOOPY id: auto-81c7316c9601c773baeb6e8a03df03855dbbf8c65a3e82c1ef5f18583bce46d3 status: experimental description: Detects traffic or activity related to http://50.21.181.195/m-i.p-s.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/m-i.p-s.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/a-r.m-5.SNOOPY id: auto-b6e89cacbceffc5da95b589b2388359bb05c26022c69a7080c9584c81e9851dc status: experimental description: Detects traffic or activity related to http://50.21.181.195/a-r.m-5.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/a-r.m-5.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/m-p.s-l.SNOOPY id: auto-0c1b934029d68d7e11c7e148e75ba1e4481aeb7b7040253dafc6f7d809cc017e status: experimental description: Detects traffic or activity related to http://50.21.181.195/m-p.s-l.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/m-p.s-l.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/x-8.6-.SNOOPY id: auto-bb4b1fb8bec9da339478c07f3ab9374f74a84b40f75543695547208fe2b76689 status: experimental description: Detects traffic or activity related to http://50.21.181.195/x-8.6-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/x-8.6-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/i-5.8-6.ISIS id: auto-2c361dda3177056e8f0f4d0544c78fa5b3025d9fb3ce750e3102e8adbc13d441 status: experimental description: Detects traffic or activity related to http://192.210.214.149/i-5.8-6.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/i-5.8-6.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/m-6.8-k.ISIS id: auto-d2861527dac944c8774693ebd68f02f625e007d766600168001d4ecd17bf0363 status: experimental description: Detects traffic or activity related to http://192.210.214.149/m-6.8-k.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/m-6.8-k.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/x-3.2-.ISIS id: auto-34d0fc9d812d9518f4d743055b0cca688643fde6cdf7ec5ca91d043cd00bbc0f status: experimental description: Detects traffic or activity related to http://192.210.214.149/x-3.2-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/x-3.2-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.i468 id: auto-bcf0d1bb34d7b921e701d653d296646734c7dd2dec355918ac1f4ce756498f04 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.242.41:50950/bin.sh id: auto-28c06a1e8f609155bd3b6242b1f02b31391498fca4b7f9d0a30e2499708d1bf1 status: experimental description: Detects traffic or activity related to http://119.185.242.41:50950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.242.41:50950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.139.145:57678/bin.sh id: auto-d6651a2b82d20377afa6e80b0d6c0d3c6593f7501d5d183fc9aa6356b3648862 status: experimental description: Detects traffic or activity related to http://37.52.139.145:57678/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.139.145:57678/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.170.69:58576/i id: auto-955943741056e000c193255a6a241a672cba74e9f4b8c81c6694d704e6989201 status: experimental description: Detects traffic or activity related to http://61.52.170.69:58576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.170.69:58576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.52.47:47145/bin.sh id: auto-5ba0930d2fd6d5e10fd4cb4f4d5d23b5c151840041cd94743129122cf84e039b status: experimental description: Detects traffic or activity related to http://115.50.52.47:47145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.52.47:47145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.95/bash id: auto-38ff5226d859f93a2fb04fe053098c75d1db9919a5a81c7c650256a5ed1f6530 status: experimental description: Detects traffic or activity related to http://185.196.41.95/bash which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.95/bash*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.95/bins.sh id: auto-ec15ddcc920842ce8a714c839ac372c4a1d9de90f6475dd62890f43a16d42a05 status: experimental description: Detects traffic or activity related to http://185.196.41.95/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.95/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.223.231.2:34864/i id: auto-b881b8a4170ad20772a4d4bf0cdaedc7cba7bb4437a19dbcde53e7cc854f8905 status: experimental description: Detects traffic or activity related to http://27.223.231.2:34864/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.223.231.2:34864/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.213.101:41157/i id: auto-c8ce1d3e6eca003c8cf3023fac7d51b36a6415b8e2e2929b4740b6566cb94cec status: experimental description: Detects traffic or activity related to http://42.230.213.101:41157/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.213.101:41157/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.170.69:58576/bin.sh id: auto-2a476dc5d7cbc50180f3424fecf44b67f2d55d215f5f78bbb4e0bbfb5e0fb54b status: experimental description: Detects traffic or activity related to http://61.52.170.69:58576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.170.69:58576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.223.231.2:34864/bin.sh id: auto-0f5f66db572e6f9fa52ae8bd2001c3021411148322d7e799fa23e30b0726a9b0 status: experimental description: Detects traffic or activity related to http://27.223.231.2:34864/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.223.231.2:34864/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.ppc id: auto-39cfee230a2602c49806c5b1b4134ae6aa993276fcc96ec2270e1381c6416c3b status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.arm5 id: auto-ee50fc53944945073c752df7d480d6fe44053fa1067315df9c663c89cb1b2cea status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/debug id: auto-a5ca05aab641a7ddcbfff3183a4f5b1ce5e1e9c5afcf89372eb92f6f59898c75 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/debug*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.arm id: auto-084c3846448e2f3ce69d74845559090015a302dfceb7d9254a632d266bf5008c status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.arm6 id: auto-a97c656fd542ad9843cec4c562e7293438e41c9ef0da278edd33d38dc78f0629 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.arc id: auto-e4de30d853ed3a4e3888d67d76a71c9f931322faa10a214a24d09f1f69775026 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.sh4 id: auto-3f040fc8228b35a09c8adf4614973aa3706d8014014beeff2698a20d04566e1a status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.spc id: auto-1c01942348ef4c441ec0b48c007090f7d296533e41b47afde73c8fe2c2f07a48 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.mpsl id: auto-53871a57dfafa490c5c98bd6dea5c39cd2cad616c376556194c5aba8dfaff03a status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.x86_64 id: auto-2386d4b3ad29fc76af465b8b8958aadc180811d8e7051d0a83291ff0807e7e04 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.x86 id: auto-4a79f8b7479dc49877db7fb5d2b7ab53dc39561b7608f94fcc1a1f499d3e580c status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.mips id: auto-fb65d8287e38f052425b4aa97bbe6db51fd42311206a1087041acf73df78825e status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.arm7 id: auto-6e08f77d430067811ec57e8498176bbc5c3c46ef5cc266e1cfa221cfaf38e58d status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.m68k id: auto-949f81ff858ed2bac5206cba8a665de80b8ce96ab4a33d829f3b034446e75aac status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://botnet.rehannnap.my.id/johenlastgen/johen.i686 id: auto-121d96cb2016be2fabd9652b4020afeae9f883328c6ea95d50917f1dd82230a3 status: experimental description: Detects traffic or activity related to http://botnet.rehannnap.my.id/johenlastgen/johen.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://botnet.rehannnap.my.id/johenlastgen/johen.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.spc id: auto-8d11603f04be7dd1858d63a4d1ffcb9158868ad9eb5c5c590c137bc6f489ba74 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.arm id: auto-efe510be66e055aeed9d02db235630d507c54c6ecb6de723c6cf254286f4db3d status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.arm6 id: auto-af62e816d00644377f4a960f97cbf0b4834e74cf82417cacf72222f3a67ec296 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.mpsl id: auto-87c92044372ff1c6d34706fa3aacfec79f9b87bfef9496d712986fe4383aac34 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.sh4 id: auto-220fa2458d2940c20aa530d69bb38050f54cc8110d6a7997d416fa78d401b2d9 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.arc id: auto-f0fc37ef74cc8e7abf70b3e6297cb9edef39294f70112ed4524b8d1d94b4407e status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.m68k id: auto-9df05531a281a6bc2263a56709f4b7c2efdcf4f87422190fd20d9be80743be9c status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.ppc id: auto-1b645232dec97f135c6919e89658b446c570f3783c8331f300c4fcee1ce724fb status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.arm7 id: auto-bf84c5b1bad2546222b3a2e0a6d9db38d744a35f88a8821c4e96c3ad74822d4f status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.x86_64 id: auto-6a0a15a262bf8699ba65a9853fb83427292672acbe5885ae0d59c3bec0cad0f0 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.i686 id: auto-a1e141e41aa053f4575f89909ef40b10ebafafd4e2ea54d3784dcc1668082656 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/debug id: auto-f4a07bd034474afb4dcc0e2958ae18ed74e449bebc7f8fe5481d18275ef172cd status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/debug which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/debug*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.arm5 id: auto-3dea61b2c617369e780dc37faf9371b35a10e7d250cae306e0e3257045b7caae status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.mips id: auto-30d854cb108066fa2152d786fc958b221e5fb9f37bc0a92487bfc25475e4450f status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.174/johenlastgen/johen.x86 id: auto-55f18d2355d4184b1129339f2b182c718e96f6693530bc3a49c9d2998773e9d0 status: experimental description: Detects traffic or activity related to http://202.1.31.174/johenlastgen/johen.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.174/johenlastgen/johen.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.22.23:53906/bin.sh id: auto-5429f86093e2727745f6254f861e4175c4e6b502a5c5359a9a567bf8bf1d7ed1 status: experimental description: Detects traffic or activity related to http://115.55.22.23:53906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.22.23:53906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://official-jaxxwallet.com/host.exe id: auto-4efb7e377067d0fe7da7490fed91ea6037bd677fd24d62f2fd161cf48eea1de2 status: experimental description: Detects traffic or activity related to https://official-jaxxwallet.com/host.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://official-jaxxwallet.com/host.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/SnOoPy.sh id: auto-ddf758101ba9566eed25c25238586df8f8e51bf0be43059eb6df4c2f61d588ab status: experimental description: Detects traffic or activity related to http://50.21.181.195/SnOoPy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/SnOoPy.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.21.181.195/a-r.m-6.SNOOPY id: auto-64bf68b5d68f6a04a355b7109a52631aef379c14eb2659c02d03fea780732304 status: experimental description: Detects traffic or activity related to http://50.21.181.195/a-r.m-6.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.21.181.195/a-r.m-6.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6 id: auto-471c4645052d1e6cc248c87fe458d215d59bf61c6b5c31a7c0385635c4a66a74 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/arm7 id: auto-2e8590cea06a0351966844907f95924d093f2e6ae165208113428cdc55d39927 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.110.154:41207/i id: auto-e8d8b40b3d6e372cd601537db72dad3f6c90e3a41d94e1a90f86e6ba3f0b6e92 status: experimental description: Detects traffic or activity related to http://123.9.110.154:41207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.110.154:41207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4 id: auto-1724bb062bd75536741d08e310457219e0a1bae02ad0f3217e7c0fb7823d12db status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_ppc id: auto-ca817fba4049c155ca85fc1f33677b7fa22816b758748d68182e126bcf56837e status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_sh4 id: auto-aa9c06b9b0cd60adad57285698a13c4fbf3e701e27b33f41ef19b6afb1da12bf status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86 id: auto-45f42ea505096337d9b1f69a64b59b33f62a9c29def2bbe4d954e48f269a2db2 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7 id: auto-c520cc19dd6b04a979cd491421314938f6bb1fdbfd918e296c442c20a14f10ac status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc id: auto-9c7b08103a828971acb7ca327acbdcc64fa1907c1b9a0fb9af3072c282ac9d07 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/mips id: auto-8a4a2979dfd61846b7f72b338efee8628c6cf72fcdec4aee60a352f844ff57b0 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl id: auto-8fbdeab14f91718e5c2a9ea7baad0414d263287a8eecbcdc8d76f9eed6f057d2 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/ppc id: auto-78e4bd554bbb0bdab48e2eb19f29c9a92d7e3ebac480602dbae5b5f835c86802 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm id: auto-66ab050f8d50876387c9ab889ccf34e3543fe32cf4af111b86c0996bf8e8b039 status: experimental description: Detects traffic or activity related to http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/596a96cc7bf9108cd896f33c44aedc8a/db0fa4b8db0333367e9bda3ab68b8042.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/x86 id: auto-481af3793a558d7a701a88ff59d8beccf78aa45015873c2c5b5c5b1b4f07231a status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/arm6 id: auto-37203d0361e49a2ca2513837c754c29472363b4cc48c1256370de2bbe2bbd106 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/arm5 id: auto-017291f057a5dcb168df9a7b4ef14c65d32ccedc936b7acce8e0a6c42384667a status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/sh4 id: auto-6f33c01e10f239f851672e98edd77527cef8a78aa9eb271464ec04c44821f3d2 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.74/bins/m68k id: auto-919ebcef7dd928bca7777f751111b101e3dcccfc66a1270f8014b3a5b2b7abe9 status: experimental description: Detects traffic or activity related to http://130.12.180.74/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.74/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.213.101:41157/bin.sh id: auto-196aab6a33cc725788998704ae8628e1c48eae129a5ba879feff14bc2201bdc4 status: experimental description: Detects traffic or activity related to http://42.230.213.101:41157/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.213.101:41157/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.110.154:41207/bin.sh id: auto-9064d3ba725e96c48b4badbc4bc822fc7fa41725fa73353240ac7c249d5ccd1c status: experimental description: Detects traffic or activity related to http://123.9.110.154:41207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.110.154:41207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/1.sh id: auto-fd77f87dbf7fc6bc0232b20ecf6dc17df07ff62dc7e1cc8a147bbfce43ffc021 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.x86_64 id: auto-b79000f5d60441532b1b504847d12222e937568fee2bb3ca3a8378978fe90c66 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.ppc id: auto-ee616f80409e9f066008a824f735389d4c3835b879f7c0babdcd333b52f83966 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arc id: auto-831ed74e8faab4f173eaa255ad0134ce5691b919d4237c7dc476ad00c982f18a status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.mips id: auto-2a876399d06602b9c8b52812ab3a6ba8b55e620e5a0bf13447d264b72b2c5905 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.i686 id: auto-30b7cba3871b0ed92810332be5fc7fc2ffd3aef8af742adb188e80842777ae1b status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm6 id: auto-d53e990b5cff1ab78ab543403fbbe185cf6cbd4fafac7535c3d28f8702d6542b status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.mpsl id: auto-28fc99a90b5e76e23647deff6b1268d0e7f1dafd2ede9bf8b6429c49c62bea64 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm7 id: auto-79f8574f0770d7d96b6ddd2522883a9eca0d870dc48834b44c572da5aa7780f5 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.sh4 id: auto-ef0daf8ec3c275e9fa40afc3b81828231f6957b6fdf7ceca801bae179043cb0e status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.m68k id: auto-95e74003bc95b00a5fc7d0507f5c7fcb378e6f6f07bdd85f18b8b2e32e6c9ffc status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.spc id: auto-b0123309988e5dd642418b90477ad4f7205c123b1e13e8ffd3600cf9ea8358bf status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.x86 id: auto-2091ec9a1852680a9d4520ebbde6ed1d7c1d9173bf5f23aca35b925538c1b6af status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm5 id: auto-25eff5e4c62e40578b5c4de1cf68798a42893f7829a1177c572b8f0f533309e4 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm id: auto-eec748ca2af37c96e37c1e4c100007702b2a2f8aa43a5981d5ef6a3dc03985f7 status: experimental description: Detects traffic or activity related to http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://shadowbat8s88sww.qzz.io/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.arm5 id: auto-787314086cfad6127c3b53349beaa06f9ac0b34ee6136c1ed75cbea3dd0010e3 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.m68k id: auto-375e5f5537e26cf9c6d7a68f599e7ccc4e25441bbdd3bfbc5c0d10ff39f1a883 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.arm6 id: auto-599844d9a7303ad8522ecd31430d2eae9a238ee575669055a24aac7550cae365 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.x86_64 id: auto-c7765f889e45c04dbd652325004a1df0b3f5fd8bf5374510896edf859d3e7239 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.i686 id: auto-9d8ca4a87b25e1989ecfe7c0f332d38c83afd926975c87a849f7e1bb5fbd806c status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.arm id: auto-7a06377d0ed4efb44eef3adbd5b470f6651d40ad82b20a335a916e4884a5594a status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.sh4 id: auto-3ccfbc83ac8289d7208f45bb4b36a4db0ddd9a363288551b9542405e97e97f86 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.mpsl id: auto-63438884e5d949cdbb901af54b4568ec7d4a9b711cbc7aa5b5ead7aa1cb5f375 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/1.sh id: auto-b2fdad931aa0f83ff1bff5f370ff9b383379e2308c0a908e36a0a78d377012d0 status: experimental description: Detects traffic or activity related to http://202.1.31.175/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.ppc id: auto-037910ceb00335f4457df5a12595f4233ad0201f193f500187c4f38bd3a6da58 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.mips id: auto-248dd3445df0eb2e0c498456bb619f9e41f07ed7ba03d8cda32d17302239a680 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.arc id: auto-f103292de91947cb17207b748164e2b4de635c904b403ac83c23b096b9be4ab2 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.spc id: auto-3e63ae80a068ccd058d4e05b1785a8a88a27c2d5294aa884458bb3db77c107df status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.x86 id: auto-0e485a91136cb63bfc019aad27494e1571c4f19cae128d7a57a917fad73b38fd status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.31.175/windyloveyou/windy.arm7 id: auto-4884c3cf05178aaff8f9f50f51a5e6c277ce3c84b03408444c9810788a84b637 status: experimental description: Detects traffic or activity related to http://202.1.31.175/windyloveyou/windy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.31.175/windyloveyou/windy.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.249.228:52514/i id: auto-2b5aed664222574ae48e0d897176773dbe61b710be7c0e55b450d689c35c041a status: experimental description: Detects traffic or activity related to http://115.50.249.228:52514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.249.228:52514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/m-p.s-l.ISIS id: auto-8412c58dca772e45a32678976539e1b162d3f0cd0bf2af44c2a02b8668dabfe4 status: experimental description: Detects traffic or activity related to http://192.210.214.149/m-p.s-l.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/m-p.s-l.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/a-r.m-6.ISIS id: auto-758841d8fbfac31924932841d15609fdfbee06f83496130861336081f154660e status: experimental description: Detects traffic or activity related to http://192.210.214.149/a-r.m-6.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/a-r.m-6.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/a-r.m-7.ISIS id: auto-2b99daf550b148110ba3684c89fb70bbc312ae7eda92ed77fc1f8ad20d2b4e90 status: experimental description: Detects traffic or activity related to http://192.210.214.149/a-r.m-7.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/a-r.m-7.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.96.180:35210/i id: auto-0a41d2b743583e5400ca805b895e88149c0da7a163ec0ebd4ca2816cc514b024 status: experimental description: Detects traffic or activity related to http://42.178.96.180:35210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.96.180:35210/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/ISIS.sh id: auto-3c1e211042371fa5d13d0a3ed63bb67a6ee2de32d3aa647ec2b4ae8967ee61c0 status: experimental description: Detects traffic or activity related to http://192.210.214.149/ISIS.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/ISIS.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/a-r.m-5.ISIS id: auto-a1da1dcb44f6d957713668322f963fb55adca4c62e9fe75604f7af276728e214 status: experimental description: Detects traffic or activity related to http://192.210.214.149/a-r.m-5.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/a-r.m-5.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/m-i.p-s.ISIS id: auto-32f8b0ccd95c0dff9101d5b52abfbabee9bc4bfc5abb998eeebb5c30916ce1f3 status: experimental description: Detects traffic or activity related to http://192.210.214.149/m-i.p-s.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/m-i.p-s.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/x-8.6-.ISIS id: auto-bb3b16ac5fd158783cdd645e90d25582f7dcd2e75c317939bd9d67e0b8426794 status: experimental description: Detects traffic or activity related to http://192.210.214.149/x-8.6-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/x-8.6-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/s-h.4-.ISIS id: auto-255749b7ffa2347787ca116e0f0b3e101a229827bc105b5b067018791175a07d status: experimental description: Detects traffic or activity related to http://192.210.214.149/s-h.4-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/s-h.4-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/a-r.m-4.ISIS id: auto-d8d479e2b61683cee4a404fe2f3300d8d330b8d5106a1cfa1ba77d8ce479fcc8 status: experimental description: Detects traffic or activity related to http://192.210.214.149/a-r.m-4.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/a-r.m-4.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.210.214.149/p-p.c-.ISIS id: auto-e70fbb2a3a81a17c108689d10aafee399d352fdae57eb7d6dc32300f57219868 status: experimental description: Detects traffic or activity related to http://192.210.214.149/p-p.c-.ISIS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.210.214.149/p-p.c-.ISIS*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.9.169:46324/bin.sh id: auto-62ad0893498bbc8a12da5613f47d236c39bad5ac0987f767eb5263d966a70695 status: experimental description: Detects traffic or activity related to http://115.55.9.169:46324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.9.169:46324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.m68k id: auto-f72f38326348913911342ecfef2050314bea076c7d4c1768448e112f67fdfbfd status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.mpsl id: auto-973b95d9d073cafc140b91017b9f3cd0c166b7b3e6029708307936bbbf69089d status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.arm6 id: auto-93ee3d92f1a510e8d52ec65276dce2ef706a85fa0ca6a92ca779712e6c2b19bb status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.i586 id: auto-9ad02ad105abea6148f2915625a05a5ebd666f61a148b54eab002aa197f1ead0 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.i486 id: auto-22f99e135030ac9784e2acaa73cac790dc4c0f38a8872075195d1cdc68a78f86 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.x86 id: auto-26ff7de60ea609bf8fc28812a31a9f57a9633f7caf1a34102eb3b4f947f6eca8 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.ppc id: auto-17e66d1274bba662de3615329cde3634e8ec2db5ae54b50de6198d8548d1d32c status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.spc id: auto-1e167dcc663f7fbfddfc973d50c4958b7db8176d6863fd2d8ce633bdb8b969f6 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.mips id: auto-77d2606584b86d0c9866cdcb32fb9049f5c6b403b32488f95f86f50800a4519b status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.sh4 id: auto-8bea63928c7bc28bbc58b0d4ea472318fdb2e4a6df0890c61ea440b583fef1ec status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.arm id: auto-99d832bab7ab79ec02be1fe18a1a9d8fec96f330d2514824bf07f322f46d6648 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins.sh id: auto-c75d2d818c4add11c44890d2cffea67d14212f00621df3ecaa45338295778828 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.arm5 id: auto-0f90b2db0eadb231e2cf61f32fb720ac59ac71b8245516461aeb6cc003b07c9f status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.mipsel id: auto-87a2640261cd441209085a4fac019e1ec4d7dacd437f34f83920133eb7416e15 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.x86_64 id: auto-9f90f943eceed3aa934062ae0d8038d9eca429f03e93f49edee041d64fdf1ce2 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.sh4 id: auto-0b68252f80c45008254f128e951df8a916d98471432271af7b2559bd2576a2bb status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.mips id: auto-fbdbad06678b32814aa2a7b606502c0b39134379d07a144c8cc7ff6981f7921a status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.powerpc id: auto-c659c04e861b0e4d68f4f4f54b7fa0e0cdc24299a9ed51b4bb41b14b302cf8be status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.arm id: auto-11ad88374cab07de5d3c7d26b8f9e0c1198ebfd0282235bd8cc767112219de37 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.x86_64 id: auto-73061f38de17e268a1d8af1f8a32fb537538dfcf18fff98fee556d06e3ddfac6 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.mips id: auto-93ab93caf2f748215abe2cef6aca970d4cac2cc1da363e8caaa0919a7b9100f8 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.powerpc id: auto-93fe236acd597f5d5cf107e01be2bacb28b95bdfcd8f5f8d9db5a1b3c1cdac56 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.arm id: auto-eba6df97ff3a725b72726de82a218faf3ef8eb21e7971a540297a91e5ccf2765 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.m68k id: auto-b0ec45ee5b47fb9854a047adc73e78f8979c27071a38c2ab8fbf25caf10b1e3e status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.mipsel id: auto-65a7ed23e4c6dd59c443b080347582ab84e68281657ea387421b73f85603cf27 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.i686 id: auto-e36854ee297c4a435e29d7aff7e33c34937b98cba7087a125667d9ac173a15d2 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.m68k id: auto-1bd11b331ba6f9690cd8417604b3b9777ac3bb6ccc354f4843870dcd052d36d6 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bins/bot.i686 id: auto-0267ac547372cd5bd979def0d178031aca21a905fa351a4061e8f507c0b9e105 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bins/bot.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bins/bot.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.0.118.54/bot.sh4 id: auto-90ec074b50ad7d18c0e4332bdead9079ee7ecfe4e692d263bc39bd79092aa277 status: experimental description: Detects traffic or activity related to http://128.0.118.54/bot.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.0.118.54/bot.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.arm5n id: auto-a593ccfb2f58d99ae35a4b47bcb42dad4d97de7213bb19bec639fcd4595e799d status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.arm5n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.x86_64 id: auto-dba61c2f5342126a5f9966e30b3fc5720ea26f715c1dab615d001c8c1597a840 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.190.96.149/bins/shadow.arm64 id: auto-82568306a8d1fe117dac66c43efcbde86f32363d32bc7d20a3c12fa8ab5ad885 status: experimental description: Detects traffic or activity related to http://85.190.96.149/bins/shadow.arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.190.96.149/bins/shadow.arm64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.132.97:37783/i id: auto-44beea4adcc4537a8061a5213aeb47d4fad4d79791352e80c150f89f50539fde status: experimental description: Detects traffic or activity related to http://115.58.132.97:37783/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.132.97:37783/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.125.206:42095/bin.sh id: auto-2f5be837cb9e3c5304ccbff2b27afa0a82500f12fa3faaacbe8901c7c82abf56 status: experimental description: Detects traffic or activity related to http://182.126.125.206:42095/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.125.206:42095/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.187.165:43536/i id: auto-1ccbabba445334f2069d810739c6d132ba845be66d143e25c78a6eafdd9a6ab4 status: experimental description: Detects traffic or activity related to http://42.227.187.165:43536/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.187.165:43536/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.132.97:37783/bin.sh id: auto-d6287864a17d33fa65f9b2b9c4b050403effda978e0fd9a7a98a221afd395084 status: experimental description: Detects traffic or activity related to http://115.58.132.97:37783/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.132.97:37783/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.249.228:52514/bin.sh id: auto-7b74c203f52ab33dceb376af1dc73d8e2327cb37570416e4b5e40891b9c255eb status: experimental description: Detects traffic or activity related to http://115.50.249.228:52514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.249.228:52514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/infect.sh id: auto-2d210d2560232e868ed6910a19b80e66f664d91b7a63cf8098f02b5d90dd1d97 status: experimental description: Detects traffic or activity related to http://87.121.84.45/infect.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/infect.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.arm id: auto-f72351ed2613e2c492d816aa71a8fd3393cb194af9c4ee08989aa929008caf05 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.mips64el id: auto-126e12078533609453d4c6d831ad52b5748656bb6840caae1e2241c7cd53b322 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.mips64el which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.mips64el*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.mips64 id: auto-25cbf591d126917c3be6d91566f3f5f43055a1358b3ea981f01419b1e95f0f0f status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.mips id: auto-565ed31b31245beb252c8e802b39a0345fa4a6b053c867ac748517a95e8c848c status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.riscv64 id: auto-44a383e1561597847c1f1cebd75a6f67d31d9a019d330cac64b56d144a490564 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.riscv64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.riscv64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.x86_64 id: auto-5820220ac013a62b07e332e1ca1a8fe910c4b8667dee494fd0abe5e8f7850683 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.powerpc id: auto-7cddf9c86e675949f1ab5350431ca79fe1d1dd0fc9db609e9b7c01529c64f83e status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.powerpc64 id: auto-baec9d54b0b65648795273f8955205fb49b6124fa3fd81277f94d4778bb0d8e6 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.powerpc64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.powerpc64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.ppc64le id: auto-d9e887e6aaa1a704c59c2f67fdb959b80f9ab8dbe3f297933e4837f082d47eea status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.ppc64le which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.ppc64le*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.arm5 id: auto-9e249c626de52163308bf7444902eb75fb9f87c00eaeda365e7d880877e113e3 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.s390x id: auto-99a988e71a6b04ce6b24e290c38c7fb867c4fae329ff8104ac95865c56f516e2 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.s390x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.s390x*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.mipsel id: auto-66c42af268e028965fbd8e82d19c5c299ffe2c9824f91961366e2906c8b1e14a status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.x86 id: auto-e75f3cdd0bfa7d4db4b872d1b0205ff72ad80004f8d1a15787763fe8a3f67252 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.arm7 id: auto-b10f7aa926678493dc2b22cd89534003438d242e823f654f3aab151db0f8b0e1 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.45/client.arm64 id: auto-763d994dec7d95887a7f5a4b55ea377d944d7f618c03a52dd7bcd872de1d8e68 status: experimental description: Detects traffic or activity related to http://87.121.84.45/client.arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.45/client.arm64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.27.240:39983/i id: auto-3e2573843fb77e9f2bdc4dfde1635c2e9600a539562c2b9b11fb781dbf76cacd status: experimental description: Detects traffic or activity related to http://219.157.27.240:39983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.27.240:39983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_arm6 id: auto-ada5112ee40dcb07fb071dcacc3897d5340e7e575580ef7ad0919bb0cae791ee status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_arm id: auto-271b67ea6f29fe5840bf0ff2d5254c8e3ea8156be0539e14ac6006e67d0be3ee status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_m68k id: auto-3b9330f787ae31becee79cbacd356788880ab0a3e8bde71cbc3a8a5d3540a6f8 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_ppc id: auto-30bc364add4109c5e4e5d2015e454666bf6b4384d13a742a59680d0d24e924cb status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_mipsel id: auto-37466fb432accfb094d259f75936606b7101cf2439021e06418703b70c64fa57 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_x86 id: auto-9e14588f11cafd0dd40c8f4ddf8c54f1838d32c585afb4e577af68eadc8ac9b8 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_mips id: auto-2852b90e8593293190448eea0fad3a889e2d4c71583894c2dba7efe58cc7e374 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_sh4 id: auto-cd8b1aa833c475871679466485a99ff2ccf5078003dc81863998681b99eb83b3 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_x86_64 id: auto-9e559b3d49844d3e4df953f3d268aa4100b6bc0bcfe71ae8d9f50788d7b114a4 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_arm5 id: auto-71219a04bca7cf1e95e0b59b0b857508a3b225fded02213dbf31eba96c998f35 status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.162.51:33518/i id: auto-c58679bc09c00087b896e9652a159e65efd4be3b9d0d3c1f4b4a06249dffcc58 status: experimental description: Detects traffic or activity related to http://182.117.162.51:33518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.162.51:33518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.250.238:60904/bin.sh id: auto-5acef9eb7c0e4403d5fc4b1864d2cc143a0a942b9ab0158b4467f0d2a7f7876b status: experimental description: Detects traffic or activity related to http://115.63.250.238:60904/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.250.238:60904/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.127.73:53403/i id: auto-31fc5329ab645afc2739fc263c4dc7c38518cfe5473fa850e58df0e9028f0bfb status: experimental description: Detects traffic or activity related to http://27.215.127.73:53403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.127.73:53403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/legendary-value/files id: auto-23cf3c2ef3740e4bf7ecdfef26832b43316cea5190ee7e2e2d9ace400782cbc8 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/legendary-value/files which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/legendary-value/files*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.184.222:54466/i id: auto-7397c580c77208f5000fb355c7a272da16d7f1a0fbdc4f833d6d024f39c288fd status: experimental description: Detects traffic or activity related to http://42.227.184.222:54466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.184.222:54466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.27.240:39983/bin.sh id: auto-b8d0e99a7bdb97ade9d989f523324b1d4bc7be2f2bd0a06d3ca861058ac48b99 status: experimental description: Detects traffic or activity related to http://219.157.27.240:39983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.27.240:39983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.182.5:44981/bin.sh id: auto-79663f8a54d4a94e05aa6daf539a49fd563b9383d7188fdc57c0182f32d36fd1 status: experimental description: Detects traffic or activity related to http://42.85.182.5:44981/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.182.5:44981/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.225.194:56987/i id: auto-62137ebd8251b85cfd0f470bdfb83a704c207822ac0b3773347b9ff87b2be448 status: experimental description: Detects traffic or activity related to http://42.232.225.194:56987/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.225.194:56987/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/hamitakar796-cloud/dwadadwaawda/raw/refs/heads/main/Chrome.apk id: auto-4086c1941e54d1ed71f3ded1574e9a1b5b5dd6105b8062e8a5dc5eb652165e3a status: experimental description: Detects traffic or activity related to https://github.com/hamitakar796-cloud/dwadadwaawda/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/hamitakar796-cloud/dwadadwaawda/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/inatimapk/inat/releases/download/v1/inat-tv-2025.apk id: auto-df3344e9deb044bd80d92f7d348a7eae8cfc93b76a7b22034e49a4ef1d730803 status: experimental description: Detects traffic or activity related to https://github.com/inatimapk/inat/releases/download/v1/inat-tv-2025.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/inatimapk/inat/releases/download/v1/inat-tv-2025.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/foto201577/photo/raw/refs/heads/main/foto.apk id: auto-611d88fa3744c3de901b8dd68c70f4a086c1e2d8d3f4e6dad4854aaf44084c36 status: experimental description: Detects traffic or activity related to https://github.com/foto201577/photo/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/foto201577/photo/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/selimkaya12324-collab/aaas/raw/refs/heads/main/foto.apk id: auto-4dcf0b41980492348f8c46c726a6f1ab9fba1fa8c1e925d3a7ac6da482d7039f status: experimental description: Detects traffic or activity related to https://github.com/selimkaya12324-collab/aaas/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/selimkaya12324-collab/aaas/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/dowlandchrome/reklam1 id: auto-95b8df3a7848a498ab099c90b848f4eb5dbfd33f6b29ac1c5f364920b961de89 status: experimental description: Detects traffic or activity related to https://github.com/dowlandchrome/reklam1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/dowlandchrome/reklam1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromessss/Chrome/commit/e9fc97ca50bbfa160587730b1dc32b8e418c889c id: auto-c9eb898177f828d51ddecced56b6ed0ecf4182d149b5af4197ef48e1cf99c199 status: experimental description: Detects traffic or activity related to https://github.com/Chromessss/Chrome/commit/e9fc97ca50bbfa160587730b1dc32b8e418c889c which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromessss/Chrome/commit/e9fc97ca50bbfa160587730b1dc32b8e418c889c*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/melanie321021/Google-Chrome id: auto-b7d85e5104b22bd880daf2de19c9d99365b00751b7e44b6dd44fb583b739d326 status: experimental description: Detects traffic or activity related to https://github.com/melanie321021/Google-Chrome which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/melanie321021/Google-Chrome*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.218.247:55380/i id: auto-aff9aa079a088235244b7eed8f182ec9ac1f62408ada0c2b2773b1ca8660d6b8 status: experimental description: Detects traffic or activity related to http://115.49.218.247:55380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.218.247:55380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.119.189.209:19708/i id: auto-4f7a0f136a66421b5143d684da33c2be9a1f14cfa2cd242f8e218dc3cee77753 status: experimental description: Detects traffic or activity related to http://171.119.189.209:19708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.119.189.209:19708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.162.51:33518/bin.sh id: auto-8d6f058f22e046d380810cc6497fb13389c4254e11f7618b080c7d97964cd827 status: experimental description: Detects traffic or activity related to http://182.117.162.51:33518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.162.51:33518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.132.53.37/tranny/bot_arm7 id: auto-5c4a5aea2eaf37bac825cc19c5369514260fd08d82e1e9fa9ba61112ed4c2d7e status: experimental description: Detects traffic or activity related to http://185.132.53.37/tranny/bot_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.132.53.37/tranny/bot_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:38336/bin.sh id: auto-241310a2940b753a0710d00ae1b620736af5997ead48e7f37eeba6a866eafefc status: experimental description: Detects traffic or activity related to http://110.36.0.104:38336/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:38336/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.96.255:54123/i id: auto-c9c8cf9b220c4df7ddc2462d36cd36de11342e68432dff4b0f62800de187fb11 status: experimental description: Detects traffic or activity related to http://117.206.96.255:54123/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.96.255:54123/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.243.213:56366/bin.sh id: auto-1dc3f47ae68313c3dcdb42081e4fbdd89a4d6dd99f7c4e64c47e78cddfd9065c status: experimental description: Detects traffic or activity related to http://115.49.243.213:56366/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.243.213:56366/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.49.65.2:52749/i id: auto-3407d9dd286787ee5e7d65b886234d60621cbdcfb5a78eef385024dfd6614c2e status: experimental description: Detects traffic or activity related to http://36.49.65.2:52749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.49.65.2:52749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:60642/bin.sh id: auto-88c0124aeb5076857f05c46663fdda26f9e1db677a40ce3e980c43d3ee86752a status: experimental description: Detects traffic or activity related to http://110.37.78.200:60642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:60642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.214.76:53766/bin.sh id: auto-ccf4aff6f5efcbe83a3209e9b657a424ddb15464dc0c721af7b49fb231ef9012 status: experimental description: Detects traffic or activity related to http://42.7.214.76:53766/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.214.76:53766/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.242.93:51511/i id: auto-f22a3341ccd02edf84943f371c35f4927e32effc3d6481c9396beca19a4466b2 status: experimental description: Detects traffic or activity related to http://115.52.242.93:51511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.242.93:51511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.225.194:56987/bin.sh id: auto-2cd75c89d164226f6188a4f97e21478064f81aae016b473d34db5bc05349b083 status: experimental description: Detects traffic or activity related to http://42.232.225.194:56987/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.225.194:56987/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.21.177:57058/bin.sh id: auto-8ce7ca5e9a18d46832b8c9eace2d882dd81ecd999112473303915a3bd1a30bb7 status: experimental description: Detects traffic or activity related to http://221.15.21.177:57058/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.21.177:57058/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.41.197:51094/i id: auto-70c86c4d59080c68d29e03afe90bfd7df96324fd50f0c05158227ccee3969e28 status: experimental description: Detects traffic or activity related to http://182.113.41.197:51094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.41.197:51094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.28.47:41491/bin.sh id: auto-18cc2eb4a1e4176f0642f5ad331d6e09f0c04a7edf69a9c1698c34098280061b status: experimental description: Detects traffic or activity related to http://115.59.28.47:41491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.28.47:41491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/arm6 id: auto-5ebf4b6ab0a0d97afcdf608812795a3052ee1b8b29f568c66802151aa66517f0 status: experimental description: Detects traffic or activity related to http://61.7.209.88/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/arm5 id: auto-5cfe90f8949042ddc16f398b0ca75256561e0da45ed9d1c4bd748bc3ad2dee88 status: experimental description: Detects traffic or activity related to http://61.7.209.88/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/mpsl id: auto-0328a1cffbb7d5ecca9f28a05e42cfbbc44d9d618b596e133cdaa5a76328dbe2 status: experimental description: Detects traffic or activity related to http://61.7.209.88/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.125.32:51714/bin.sh id: auto-e14c84a7b47ea94856b0e922c35c276f874751638efab80ffe2cf5c9f54ee309 status: experimental description: Detects traffic or activity related to http://42.178.125.32:51714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.125.32:51714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.62.16:46141/i id: auto-2388217d6fb310a3e544d11d9c714597e3cb141754d05697fbfe9240275fe187 status: experimental description: Detects traffic or activity related to http://59.184.62.16:46141/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.62.16:46141/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.242.93:51511/bin.sh id: auto-e5a38af2f79129c3bd62e33ad9435264209cfbec58827748c1c78dd84bb4e834 status: experimental description: Detects traffic or activity related to http://115.52.242.93:51511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.242.93:51511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.93.190:39637/i id: auto-d43af03caaae6e1f3c6c3c7873324c79f248457836325241e5077c6a338c59ea status: experimental description: Detects traffic or activity related to http://182.126.93.190:39637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.93.190:39637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/filen id: auto-cea29c7230eab6443984c6d3015c34697a39152c0896c46539c8e7b2fd066f33 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/filen which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/octo-carnival/filen*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.62.16:46141/bin.sh id: auto-005ae5ad46fa34dd5ab1a8c83f57609580b411123ee4d1fea3fa61e8dc82e80f status: experimental description: Detects traffic or activity related to http://59.184.62.16:46141/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.62.16:46141/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.191.243:34737/bin.sh id: auto-44340e507495b1a5e8190a18ba17763031e480b1ea41b263a89d4d4f0d6422a1 status: experimental description: Detects traffic or activity related to http://42.177.191.243:34737/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.191.243:34737/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.2:34474/bin.sh id: auto-c98c8d662ca35844ee2ec5f110501f439dc0a9fd2240adfa3ce39a919966d6b9 status: experimental description: Detects traffic or activity related to http://219.155.210.2:34474/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.2:34474/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://163.142.79.109:37596/i id: auto-ded4572ac8e6a409248bccade040a09267ff20edd7645df5707a274fba2d4a0b status: experimental description: Detects traffic or activity related to http://163.142.79.109:37596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://163.142.79.109:37596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.198.171:35229/bin.sh id: auto-c29177e5a0067345acedadbd087017a39d1439372e8efeebe6c7d88d05f8d743 status: experimental description: Detects traffic or activity related to http://61.176.198.171:35229/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.198.171:35229/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.7.149:37804/i id: auto-e1fb89255c0cabf7710fa9cdbb1b0510e2de020fe7baeaac4f8124aa2e445187 status: experimental description: Detects traffic or activity related to http://123.190.7.149:37804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.7.149:37804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.2.154:51614/bin.sh id: auto-c74dc754c6a44b6ba286bba8d453b99028004b2d543d07ce36d74ded1d186f42 status: experimental description: Detects traffic or activity related to http://125.40.2.154:51614/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.2.154:51614/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.93.190:39637/bin.sh id: auto-f00ed2b2cf9839050c81ff1ef614456abe8a0bc1551d40091b282c9a24de6993 status: experimental description: Detects traffic or activity related to http://182.126.93.190:39637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.93.190:39637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.137.214:57938/i id: auto-3091284d5ce9e180641c9b1226d73d7fa4e78dab2f53238e9148f411d1899cc6 status: experimental description: Detects traffic or activity related to http://178.141.137.214:57938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.137.214:57938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.21.177:57058/i id: auto-a3f6a652bbd627c04fa70fe289e59449fedddd5f5d4e788dedfc1b7d58659ed2 status: experimental description: Detects traffic or activity related to http://221.15.21.177:57058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.21.177:57058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/yeyrekfurkan57-dev/Google-Chrome/raw/refs/heads/main/Chrome.apk id: auto-f56c9165b2b14de761431289d53e3395d5fa1038a08eeb407ddc45edd03c9309 status: experimental description: Detects traffic or activity related to https://github.com/yeyrekfurkan57-dev/Google-Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/yeyrekfurkan57-dev/Google-Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.196.84:34015/i id: auto-94ecddce9bc0bb550e1a7d647ef5b34710ae4680787166d73a514718c7ebe240 status: experimental description: Detects traffic or activity related to http://120.28.196.84:34015/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.196.84:34015/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/dowlandchrome/6/raw/refs/heads/main/Fotograf.apk id: auto-938337f0ef9f268673a4e93b5a4226cceeee96740d94fbe1bd2a3b51264e3661 status: experimental description: Detects traffic or activity related to https://github.com/dowlandchrome/6/raw/refs/heads/main/Fotograf.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/dowlandchrome/6/raw/refs/heads/main/Fotograf.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/rukenellis1-commits/tvizler/raw/refs/heads/main/%C4%B0nat%20TV.apk id: auto-280a74a4698b27f906dacd3ffce31dc44ceafe515bbd5e377befaa7f65af67c7 status: experimental description: Detects traffic or activity related to https://github.com/rukenellis1-commits/tvizler/raw/refs/heads/main/%C4%B0nat%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/rukenellis1-commits/tvizler/raw/refs/heads/main/%C4%B0nat%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/erolsenova9-tech/agarafode/raw/refs/heads/main/foto.apk id: auto-118a9fbcfcbfbbb60b089e1e5eb33a55af00a226d7b7bb911fce79cd001d1184 status: experimental description: Detects traffic or activity related to https://github.com/erolsenova9-tech/agarafode/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/erolsenova9-tech/agarafode/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tham1pheac/my/raw/refs/heads/main/Chrome.apk id: auto-22c6c04d1e6bda4c4325bd7ad69ab3aa06e609d19a585db5b43af4e25a8b002d status: experimental description: Detects traffic or activity related to https://github.com/tham1pheac/my/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tham1pheac/my/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/kayca805-netizen/ayca/raw/refs/heads/main/foto.apk id: auto-61a15b3198aaf0d0b98ff8c8c2229a7c26b40f623334a8e2ec2e2eb9f0b4fc96 status: experimental description: Detects traffic or activity related to https://github.com/kayca805-netizen/ayca/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/kayca805-netizen/ayca/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/cansevenebru683-art/inatbox/raw/refs/heads/main/%C4%B0nat%20BOX.apk id: auto-caa41984951b6bb50c0bfa0ea3b96256063dd11718c48b5a42531429078b519e status: experimental description: Detects traffic or activity related to https://github.com/cansevenebru683-art/inatbox/raw/refs/heads/main/%C4%B0nat%20BOX.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/cansevenebru683-art/inatbox/raw/refs/heads/main/%C4%B0nat%20BOX.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.25.225:37809/i id: auto-d0883d2334e7db0d0d59ad6104d208f78782e43bb2ee6a460860df584d1b2ae7 status: experimental description: Detects traffic or activity related to http://222.137.25.225:37809/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.25.225:37809/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.183.164:49801/i id: auto-fb26064b1f36d351f582a485a84bc441f32ff21d12a17711cefb78f3a7b2f8b8 status: experimental description: Detects traffic or activity related to http://123.14.183.164:49801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.183.164:49801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.30.205:43962/i id: auto-d45a6993e30b3d54cba9b471047d05317fef3a3be8c4bc1fa120d4787d5697d9 status: experimental description: Detects traffic or activity related to http://182.112.30.205:43962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.30.205:43962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.137.214:57938/bin.sh id: auto-cdc5aaeb174f7d3213767737c1ff6a3b2f17873092f724cabe6aed8879524dfe status: experimental description: Detects traffic or activity related to http://178.141.137.214:57938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.137.214:57938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.245.132.222/blsq.odd id: auto-81c7d042c34ee45ef9c45379c636cace2ecf7086211963c6088494b9ae1e3a7f status: experimental description: Detects traffic or activity related to http://206.245.132.222/blsq.odd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.245.132.222/blsq.odd*' condition: selection level: high tags: - attack.t1218.005 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.220.14:55216/i id: auto-e21586fabd31e19899400e5bdbbbcece650ce883fdc82fa4b1d731db2e984779 status: experimental description: Detects traffic or activity related to http://42.57.220.14:55216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.220.14:55216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.107.59:59266/i id: auto-625987a711fd44d3ab4599bdfc0c223d67182d430dbfa55aa7028c43a655d4d2 status: experimental description: Detects traffic or activity related to http://5.59.107.59:59266/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.107.59:59266/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.183.164:49801/bin.sh id: auto-cea7a110723fbb12425e01ce18e56d5308226aac6298d3c7a29b01ff10bb11b2 status: experimental description: Detects traffic or activity related to http://123.14.183.164:49801/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.183.164:49801/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.22.23:53906/i id: auto-b7cbe9f89070fc1fee84cc6d67d3cd351deea9206288532d7f29d6848afb4c72 status: experimental description: Detects traffic or activity related to http://115.55.22.23:53906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.22.23:53906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.35.61:56801/i id: auto-605880814fae12273e2ccca968aa655e4f0d2ddbe494b6ba968fde8954c4bae5 status: experimental description: Detects traffic or activity related to http://119.116.35.61:56801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.35.61:56801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.30.205:43962/bin.sh id: auto-f065b09f9fc59dfdaab02d4da31fa99377f3d0d6b6cde613eefd0808840dd129 status: experimental description: Detects traffic or activity related to http://182.112.30.205:43962/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.30.205:43962/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.204.172:40289/bin.sh id: auto-c63338476f07c846773f17ad07132bb98b222ba3f30b3aa8de093940d42bd0d8 status: experimental description: Detects traffic or activity related to http://42.52.204.172:40289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.204.172:40289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:56017/i id: auto-258211cd82903aa331b8a146c0a517f1cddaa6abda1fdbbf6e85fcab09aa3b5e status: experimental description: Detects traffic or activity related to http://110.37.42.225:56017/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:56017/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.107.59:59266/bin.sh id: auto-25fd90c3ff59dea77d22c2693a58bae496ef1b86d5cfe564db31915286732c6b status: experimental description: Detects traffic or activity related to http://5.59.107.59:59266/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.107.59:59266/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.52.228:51705/i id: auto-299a5f86ba83c0199befa29bf2802d239091bc2764f32a6401e039ecda5fef2f status: experimental description: Detects traffic or activity related to http://125.44.52.228:51705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.52.228:51705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.220.14:55216/bin.sh id: auto-c2cb3bfba6640a592acf1f3c38dc68feeff5ae3f7a1af8235e435574530f093b status: experimental description: Detects traffic or activity related to http://42.57.220.14:55216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.220.14:55216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.196.84:34015/bin.sh id: auto-69110e3cff323855e85af7c730920822dc3ae2f4b85834a423a35c4060e5f981 status: experimental description: Detects traffic or activity related to http://120.28.196.84:34015/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.196.84:34015/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-fb-clock/urban-lamp-class/pull id: auto-034c4896a59d50cd878e6804c50192a61f4c4b4970557c35d5f1c66670570b96 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-fb-clock/urban-lamp-class/pull which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-fb-clock/urban-lamp-class/pull*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.35.61:56801/bin.sh id: auto-914b4c6a3081f6a6d36911763c884448827645e0aa26855d5de56fc7aadc9238 status: experimental description: Detects traffic or activity related to http://119.116.35.61:56801/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.35.61:56801/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.142.67:43596/i id: auto-eea591b6738a60fe12e9da523c1a19a39d218615d70488ebabd4c937c9a5b5ca status: experimental description: Detects traffic or activity related to http://59.96.142.67:43596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.142.67:43596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.103.80:46163/i id: auto-160da5ff5898a7dc9a027198b053a4c9525dd344ae745d24866d0888c37a6f56 status: experimental description: Detects traffic or activity related to http://42.228.103.80:46163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.103.80:46163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:56017/bin.sh id: auto-ff7821d05a288aa65c56559cc83967f7e4a5582f23b61cb7b62fd3eb0ce311d5 status: experimental description: Detects traffic or activity related to http://110.37.42.225:56017/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:56017/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.24:54160/i id: auto-844d63a3d04e9942d91e1fe4fd908a339920ee1ac1c1f981d2d5239913f15198 status: experimental description: Detects traffic or activity related to http://59.97.250.24:54160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.24:54160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.180.55:55334/i id: auto-f68a2b5bea86c362efa49c6f56910af1e33873ba02cb905c6aa06e4cf8b8ec88 status: experimental description: Detects traffic or activity related to http://117.215.180.55:55334/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.180.55:55334/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.linksys.sh id: auto-63fd14c5abaf3944c0028f2d7c161a911eda3ce4fe5b09f3c21f447e7643ae0e status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.linksys.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.linksys.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.netgear2.sh id: auto-7f3e8988d3801befbc97d67c2fe292a951595fd7eee8c1b1a24e056fe1efd750 status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.netgear2.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.netgear2.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.150.210:40567/bin.sh id: auto-7b11877f542122b6b56a9e3d707da7027de016c433fc201f9bccee68d12a3c07 status: experimental description: Detects traffic or activity related to http://120.61.150.210:40567/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.150.210:40567/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.49.166:48905/bin.sh id: auto-4274ca95f76a9aabf0bfbe3ea69d26d44ea0cb5cf3017268c82763da413060c2 status: experimental description: Detects traffic or activity related to http://27.215.49.166:48905/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.49.166:48905/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.tenda.sh id: auto-dcfca3f5c944c24950ec7406f54739b30c38d51c00c292252c6bc9b745d1a30e status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.tenda.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.tenda.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.nexxt.sh id: auto-3d04a7e6c5070306ed24efa5d58b4814b5af484f5d79b7ce339988e57e6f17eb status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.nexxt.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.nexxt.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.24:54160/bin.sh id: auto-f9a79e75f970947d6834bd6e6f6b1bb2d7d558615a9a40f1eee6e8466f5bbfe8 status: experimental description: Detects traffic or activity related to http://59.97.250.24:54160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.24:54160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.142.67:43596/bin.sh id: auto-f3432ce7af7540577092397ef351ec7f28eca2d493195c607ea1bde984099672 status: experimental description: Detects traffic or activity related to http://59.96.142.67:43596/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.142.67:43596/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/dvr.digiever.sh id: auto-d7248337eec87c669c2844a40e7818d09c6ad96fa6a61b96b01bf50f471b4c37 status: experimental description: Detects traffic or activity related to http://87.121.84.49/dvr.digiever.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/dvr.digiever.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.aitemi.sh id: auto-07cca9e93fa8d6137d567e825fcc6f49f60db028295de1974777e49a49aaf750 status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.aitemi.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.aitemi.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.totolink3.sh id: auto-19ef14d4b8cbb088a99386f9aa19a119318e5f99feb76617805a86323c64e666 status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.totolink3.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.totolink3.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.totolink2.sh id: auto-bb722ec9717557146334c2df9d31ca567d4e75f31c883388aafc264e02cdc75b status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.totolink2.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.totolink2.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.totolink.sh id: auto-b474e6dc6ec5f83ed79bb899177fe4a068e705b83ecf8c8de85c062b790f6010 status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.totolink.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.totolink.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/ipcam.vivotek.sh id: auto-5d26352f9915e70cba3fb7e408c81dcd9aa14a70cb2ff9226e347537d44df840 status: experimental description: Detects traffic or activity related to http://87.121.84.49/ipcam.vivotek.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/ipcam.vivotek.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.52.228:51705/bin.sh id: auto-9d7862ba4bc955e4d9ecb4346873d227b1f13bde2eb67d6447768a36ed31ace7 status: experimental description: Detects traffic or activity related to http://125.44.52.228:51705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.52.228:51705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.251.62:36190/i id: auto-b83f5644b2ee5f342fdda63a4d169fcc34c702bc445d45ce8a22f49b142a37b3 status: experimental description: Detects traffic or activity related to http://113.231.251.62:36190/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.251.62:36190/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.180.238:39539/i id: auto-fcc86078bee25903068e3504d449dc3d63c42d35f86243ae6a566ced9b41898a status: experimental description: Detects traffic or activity related to http://37.52.180.238:39539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.180.238:39539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.160.6:53983/i id: auto-eed813e4bcb666878f4f560241fcd435cbbfbfd582eca78cc1ac18a84e941de7 status: experimental description: Detects traffic or activity related to http://113.229.160.6:53983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.160.6:53983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.armv6 id: auto-61915b1a6e5aa314edac1d7a92ec84809a4cf2bc825da789813c7ad73342d5d0 status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.armv6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.armv6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.aarch64 id: auto-3a0b0d968a115e24227ff62706b9c7606d60201c566799e5db28972414fc7a7f status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.armv7b id: auto-e7e31aeed55a224e5751a520ecfce7a484d6feff9f091a2d397787802369f2de status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.armv7b which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.armv7b*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.mipsel id: auto-53244e99536a2e478ea30b7b6ea9c549eac4980c95025fc63c99304b592c5433 status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.armv5 id: auto-ec4ed8961be40bbcf23dad04dfe5aa67a2cd3efdc8421b92c69b85e33ebfb17b status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.armv5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.armv5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.x86 id: auto-145552f8b245c1c4d1387ea5a5cb9d7b86505f7e28a180ad1b53dd6931332948 status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.mips id: auto-c5421bb41e4e1b4fc3e68a796a9d84446889a6b63ab39801e28ae5104a916498 status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.x86_64 id: auto-0cfaaae0779ae25d77243514e097b36d1beda31c9f20e1e13127a879f53a1778 status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.mipsrl id: auto-dba9c1a76efcbf11d01515b9abb876a202febd1c78f7f7117d3261ef8e9f54ce status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.mipsrl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.mipsrl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/catgirl.armv7 id: auto-eef829e64e89e8a1ba1d417bd2ef80dd29042dfa32614b7683f1abe0724a6d4d status: experimental description: Detects traffic or activity related to http://87.121.84.49/catgirl.armv7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/catgirl.armv7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/dvr.jaws.sh id: auto-1c2846a8278e18b9b86675954ee37817c4e72c7cb771e1d00216c7d8056be956 status: experimental description: Detects traffic or activity related to http://87.121.84.49/dvr.jaws.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/dvr.jaws.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/router.faith.sh id: auto-f3d82d87bf0d88121705574d91ae173261c3e5778882b908596327ad1e6caa26 status: experimental description: Detects traffic or activity related to http://87.121.84.49/router.faith.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/router.faith.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.141.100:36426/i id: auto-50ad88dcecb21e187018c5b80b940088f9b235dc8cced44887e8d71e135f98d5 status: experimental description: Detects traffic or activity related to http://117.223.141.100:36426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.141.100:36426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.49/x id: auto-02cf14e1b774db4ca01bcd120262f43cfb2b97df4ff63ccc2b590a25b6b88e5a status: experimental description: Detects traffic or activity related to http://87.121.84.49/x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.49/x*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.232.52:51838/i id: auto-4c7d51a37e4e082c6207b1a379ce499c9850f9f5e1c057e606c56e0a2c5ccf2f status: experimental description: Detects traffic or activity related to http://42.234.232.52:51838/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.232.52:51838/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.160.6:53983/bin.sh id: auto-01896987fa385fd2934a2166610356fd12f9b663248859e2f1ec1d1b1b353347 status: experimental description: Detects traffic or activity related to http://113.229.160.6:53983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.160.6:53983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.250.238:60904/i id: auto-050175326c19ea021c9c6cbe36dc88d5ba402f6f3953f1a35f1cc6c3c2eaf2e4 status: experimental description: Detects traffic or activity related to http://115.63.250.238:60904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.250.238:60904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.61.41.77:54737/i id: auto-c871e138948ed4baa6c5326e25b86194e11657d82cc7e6b167185072067e866e status: experimental description: Detects traffic or activity related to http://39.61.41.77:54737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.61.41.77:54737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.141.100:36426/bin.sh id: auto-19ba42b4a43fe95b41e04a4dcf5d01074ce097ee448362bb733dffa07b6b3ad4 status: experimental description: Detects traffic or activity related to http://117.223.141.100:36426/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.141.100:36426/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.177.227:41498/i id: auto-501a17b4354d633abccea7e202ba226f3bb39684a434ec43c98de9b414a0b654 status: experimental description: Detects traffic or activity related to http://182.124.177.227:41498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.177.227:41498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.177.227:41498/bin.sh id: auto-aa529dc48f9af883d61af0d906edd949c20c2a94ebe7b115268570190fcdf5ca status: experimental description: Detects traffic or activity related to http://182.124.177.227:41498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.177.227:41498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.90.39:57935/i id: auto-f362a5edcad44fa883214a7e3d0d1bf1a5ff07fcfbd369154cdd8dcfa63ff70a status: experimental description: Detects traffic or activity related to http://182.126.90.39:57935/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.90.39:57935/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.72.53:48718/i id: auto-cdd4f5e87d3f9facc82302a93e6c53c6dbc447cec3d1487d8240a51a2b5098d4 status: experimental description: Detects traffic or activity related to http://110.37.72.53:48718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.72.53:48718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.239.213:59303/i id: auto-aa136c87be35381ae17a1f086623e067b6c508a3952ae9c006f5b3a14ed51ccf status: experimental description: Detects traffic or activity related to http://42.227.239.213:59303/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.239.213:59303/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.90.208:53994/i id: auto-4e63deb93bee99cd191cda29918f62634291babb7e21f1de7b07942d895c0548 status: experimental description: Detects traffic or activity related to http://219.155.90.208:53994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.90.208:53994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.217.84:56516/i id: auto-a97e99dabe81677829b7a9322c713a413dc5d847e2739dd0003336c5469202cb status: experimental description: Detects traffic or activity related to http://120.28.217.84:56516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.217.84:56516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.158.179:41618/i id: auto-bf4165633c42ae89c8b43bbeebfadd7f054fc1692e5b0a03e45dd0f6a3299da0 status: experimental description: Detects traffic or activity related to http://182.121.158.179:41618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.158.179:41618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.250.17.119:50515/bin.sh id: auto-083666438f928198dda42e1352e171938f1079f7f8256939756360ca6864566e status: experimental description: Detects traffic or activity related to http://162.250.17.119:50515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.250.17.119:50515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_m68k id: auto-74fc56168d0f023720eec8d87c626a77ba9f257ced81b304be5ee0e469fb735d status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_x86 id: auto-b41f05d2dc6e0037d0bce71ad624146eede08fd5c33a2791c4a91a306ddca9a5 status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_arm id: auto-d6a691e2938c465675c0ee60f115d8571b3b745fb9510457b26706adfb727534 status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_arm6 id: auto-590bbf475a475f16ec47b7f459eefd639ddb427b97510297cddf2d3f5561f33c status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_arm5 id: auto-18be4949fdfc9093a2051a488719877ef5ae5b3a0e6e1cc99ef1dad9ab22cf04 status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.4/main_x86_64 id: auto-bb7572d29fc91980b4bb849b2ed6cb800e697ee353a5781e6a6d0470cf0ea113 status: experimental description: Detects traffic or activity related to http://46.151.182.4/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.4/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.89.209:34851/bin.sh id: auto-22df6dfb0e9fcde06af9a1506b8e98a45e0e43bffe4873226f7b718a0e8807bb status: experimental description: Detects traffic or activity related to http://125.43.89.209:34851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.89.209:34851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.222.18:37688/i id: auto-600f6267bd4d548bf890c8fe4a207be242fce703b9cd6cdc5037ae5b9946aa91 status: experimental description: Detects traffic or activity related to http://42.7.222.18:37688/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.222.18:37688/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.72.53:48718/bin.sh id: auto-87dfa2b2823943b856a2afaf58b66b09a7e3884cb2c264e7eb895e0480a6e0e3 status: experimental description: Detects traffic or activity related to http://110.37.72.53:48718/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.72.53:48718/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.90.39:57935/bin.sh id: auto-1ff7d5b23e54ebcb217a1789ef71965ad550c97b2bcdc6396d4010cfcab2a703 status: experimental description: Detects traffic or activity related to http://182.126.90.39:57935/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.90.39:57935/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.217.84:56516/bin.sh id: auto-466fd03ee70521cadcf3ffb941de2b7a74e323838a9b7584c69a190641d2f170 status: experimental description: Detects traffic or activity related to http://120.28.217.84:56516/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.217.84:56516/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.90.208:53994/bin.sh id: auto-c936c7e225e303cc69995c0201b4d04594ed39d0fd8372f5da384ed7866a073d status: experimental description: Detects traffic or activity related to http://219.155.90.208:53994/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.90.208:53994/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.111.89:48097/i id: auto-105923b6fe39c68bc33c3f02fe93080c6c7432bce1de9ee0eea406e4b3e4c75d status: experimental description: Detects traffic or activity related to http://42.87.111.89:48097/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.111.89:48097/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.158.179:41618/bin.sh id: auto-c2e446383650f34329dcb3603df749884fe26abb879f7cecb6e9f47e8a387131 status: experimental description: Detects traffic or activity related to http://182.121.158.179:41618/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.158.179:41618/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/mips id: auto-786e56961257c553bb17ece6f9be90dab8c14058cfaf71e1502fb44360a7cba5 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.127.202:56623/i id: auto-0a6269486ea6bccd93237144332a8be9979db36b09a4f8d0a5079d12f8920c14 status: experimental description: Detects traffic or activity related to http://222.141.127.202:56623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.127.202:56623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/arm7 id: auto-6d0fed09d1c84dea0254bbb04b4a16c733b14400c68564e174e81d16c384bb3c status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.seaserver.net/arm id: auto-0bfa9c4bb8b1451594a08eba10e07999e7807fecd660ce3bc4341c53b3e9438c status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.seaserver.net/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.seaserver.net/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.92.242:58113/i id: auto-9302930ca7e45946b3d8eeee6c58e49d6aabc701355980aad6336f2752aec111 status: experimental description: Detects traffic or activity related to http://117.205.92.242:58113/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.92.242:58113/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.111.89:48097/bin.sh id: auto-0f380fa6ced02d3b7037378087ddd62f340ef9bf4bc73e7d66c2e8de655e30cf status: experimental description: Detects traffic or activity related to http://42.87.111.89:48097/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.111.89:48097/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.3.69:56454/i id: auto-5205fe71100ac4208b92dd39ed867707c242b9dcf7d64929c7e4d96a5e40143e status: experimental description: Detects traffic or activity related to http://39.79.3.69:56454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.3.69:56454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.92.242:58113/bin.sh id: auto-0f2d0ee6e1bf8946c4fd97b15f2d37a34c2ef3151ae6542740b0259328b451a6 status: experimental description: Detects traffic or activity related to http://117.205.92.242:58113/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.92.242:58113/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:45326/i id: auto-fcd9e98c3a9cdaf568bff9173c4c76039980b0ab1b41f7bbbcdbae37a9f1284d status: experimental description: Detects traffic or activity related to http://110.36.16.78:45326/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:45326/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.159.146:51447/i id: auto-c484fdc5c758067022156a585444c8f173281bc330008866f22b81c53bc9ae23 status: experimental description: Detects traffic or activity related to http://175.148.159.146:51447/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.159.146:51447/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.3.69:56454/bin.sh id: auto-b35894a9be7624e4390898b6fe9e7b9fb4d5465b8d9ac0fb8ece49eec0decf16 status: experimental description: Detects traffic or activity related to http://39.79.3.69:56454/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.3.69:56454/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.109.139:58467/i id: auto-593cd9a04de05f82eed32daaf018552a3719fb6c0fd8daf0833a9fe64d5e3cf0 status: experimental description: Detects traffic or activity related to http://61.53.109.139:58467/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.109.139:58467/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.63.37:59369/i id: auto-6cb0435428260fa4109e5aa82a849c9779214a3f77c53ca87d4c66a3c8901b36 status: experimental description: Detects traffic or activity related to http://115.51.63.37:59369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.63.37:59369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:45326/bin.sh id: auto-f29ba7dff5d53bc82b2f1da2cd2903fbabded12fe158861301700c27c54411ec status: experimental description: Detects traffic or activity related to http://110.36.16.78:45326/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:45326/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.63.37:59369/bin.sh id: auto-001fd6d5b10dff0a166550b66da7705a8e0b4fd714fc17f9ebc38276c5bc0b08 status: experimental description: Detects traffic or activity related to http://115.51.63.37:59369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.63.37:59369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.242.41:50950/i id: auto-2d51720d85fc241d3d15a6623d905376e566d9329f5b1c8e806a94aeaca617d7 status: experimental description: Detects traffic or activity related to http://119.185.242.41:50950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.242.41:50950/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.225.103:43810/i id: auto-58136315f428a530089834ee97b77c8f9070302713130edadfcd30395b0d985b status: experimental description: Detects traffic or activity related to http://27.37.225.103:43810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.225.103:43810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.109.139:58467/bin.sh id: auto-4bc26a012bf1ea1e8b37a57be35f9c21c57b16d114d712a4ad980e1128ed7a6f status: experimental description: Detects traffic or activity related to http://61.53.109.139:58467/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.109.139:58467/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.35.136:42842/i id: auto-c1aeb44a59e318be92eeaddaaedc9f0171ba36daf1b279e32b6df16f46c6a3fe status: experimental description: Detects traffic or activity related to http://42.228.35.136:42842/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.35.136:42842/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/n4-g567-d8-af7/csvc id: auto-f49b05214b887705da48f886fb5e7c42cf34444ec9976f0eb4937f873bcc13e8 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/n4-g567-d8-af7/csvc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/n4-g567-d8-af7/csvc*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.149.195:54429/i id: auto-6af0318b03ed1c450246e91ee86ff7467dcd473a5173e81cc2df1702b86c94f4 status: experimental description: Detects traffic or activity related to http://115.48.149.195:54429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.149.195:54429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.168.184:53634/i id: auto-3137e7803abdb8997f6065619af03f661bb943b51fa24c1212ec497daa906c98 status: experimental description: Detects traffic or activity related to http://221.14.168.184:53634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.168.184:53634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.225.103:43810/bin.sh id: auto-2437fc9f45d7052c35d653923f10940abc9334ccc816388a3743dffd90b7ddfe status: experimental description: Detects traffic or activity related to http://27.37.225.103:43810/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.225.103:43810/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.152.93:38680/bin.sh id: auto-d6240a110a98fc270709fbe15f35d13c5950e09f0d54accd1dac6b874ac36193 status: experimental description: Detects traffic or activity related to http://123.5.152.93:38680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.152.93:38680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.206.49:39997/i id: auto-c100f33988cb488e3ab3023567ae2c2062b4f25d68ae018ec7bd96baf5097e13 status: experimental description: Detects traffic or activity related to http://42.56.206.49:39997/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.206.49:39997/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.182.5:44981/i id: auto-cfc982b3dd78ea73db7ca90891ea3ff802460495e356451da5a5e8532a44bcf8 status: experimental description: Detects traffic or activity related to http://42.85.182.5:44981/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.182.5:44981/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.168.184:53634/bin.sh id: auto-f93a0a12885869de72fe20630509ef501dff88b2ca949c1f1dd6c2a7c5700cb4 status: experimental description: Detects traffic or activity related to http://221.14.168.184:53634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.168.184:53634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.241.19:42278/i id: auto-dcc1ad54944ce6e4007d1abe1ff876730729ab7bf6864cd7efb8089934cda5e8 status: experimental description: Detects traffic or activity related to http://42.85.241.19:42278/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.241.19:42278/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.145.14:56462/bin.sh id: auto-0cbaac825a2d2172e8070f847d24a2d24fb11f2b5b34e8e3f687a267d39bc8ce status: experimental description: Detects traffic or activity related to http://221.214.145.14:56462/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.145.14:56462/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.156.50:33559/i id: auto-706c67de1c419f773a37735abf96e7cdf96aa13f9a0efb1e97c7d19d9c2a4030 status: experimental description: Detects traffic or activity related to http://117.211.156.50:33559/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.156.50:33559/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.132.210:37887/i id: auto-a56856a5a4a30e49a84b799b022d7fe972f2803438cf2065bd78529218e13705 status: experimental description: Detects traffic or activity related to http://182.127.132.210:37887/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.132.210:37887/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.99.97:50695/i id: auto-d6bea559a74635b4e1d2379874ac2736188fbbf238fde9b8210ca1b1859f07f7 status: experimental description: Detects traffic or activity related to http://42.178.99.97:50695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.99.97:50695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.132.210:37887/bin.sh id: auto-7ec6b8d17b9f09d09926fc14cf6f0275a99596adf9fc0bff190670f20cf4e314 status: experimental description: Detects traffic or activity related to http://182.127.132.210:37887/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.132.210:37887/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.93.35:37424/i id: auto-7a7d737ff4b08b0891313628f7a8704f6152a26fd8e769fcb5d6c1e0f22b0cd8 status: experimental description: Detects traffic or activity related to http://27.220.93.35:37424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.93.35:37424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.184.58:58971/i id: auto-8af0b44c000bad88e2d2ec286e22e39de0c0d4e8f966ce763d8bdbc82d2bdfa5 status: experimental description: Detects traffic or activity related to http://42.6.184.58:58971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.184.58:58971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.93.35:37424/bin.sh id: auto-9ff18356771fa794b45d329efec84a4dc91aef592388572b7ad22c61eac234c0 status: experimental description: Detects traffic or activity related to http://27.220.93.35:37424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.93.35:37424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.156.50:33559/bin.sh id: auto-f75f3308e5f5e2973123241c2d1436164487ad28579d916d3b48f88de2f5bb3c status: experimental description: Detects traffic or activity related to http://117.211.156.50:33559/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.156.50:33559/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.227.138.44:2713/i id: auto-26aa7d31f5f015d2301f80e7140c7e539029330778aabe26c01bee0d490a65a7 status: experimental description: Detects traffic or activity related to http://114.227.138.44:2713/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.227.138.44:2713/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.169.107:47840/bin.sh id: auto-1084ff01046dad0e15d942b1faed275fa70ae1607edaa1091c01e35597a2932c status: experimental description: Detects traffic or activity related to http://42.87.169.107:47840/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.169.107:47840/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.52.47:47145/i id: auto-a52fecb7ee68842b3af454b8bcda463de9af33a67021a911b6f9b2f578d4f170 status: experimental description: Detects traffic or activity related to http://115.50.52.47:47145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.52.47:47145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.242.168.108:59498/i id: auto-d0fb5b857f8294bb328b9e7c2c222a59a2cc4a705b8e672ca0effb1584d51a0e status: experimental description: Detects traffic or activity related to http://42.242.168.108:59498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.242.168.108:59498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.176.11:38035/i id: auto-c2e7c4ff9e17cf22a4e9b647648f8ad3504a45c849cdb3a05a13a56a67ac79ba status: experimental description: Detects traffic or activity related to http://118.81.176.11:38035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.176.11:38035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.3.112:38457/i id: auto-16289dc4f04cf537c8030170bda20f11674f14f269a0c52502fb8fa1ef768e38 status: experimental description: Detects traffic or activity related to http://117.223.3.112:38457/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.3.112:38457/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.227.138.44:2713/bin.sh id: auto-eb1714d1bbf28024ffdcd6d72a98d945ab8f8cbabfb6b3c5f5a6ba4f75b73cb7 status: experimental description: Detects traffic or activity related to http://114.227.138.44:2713/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.227.138.44:2713/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.68.106:33578/i id: auto-54c70aeb06171054c60f032eb04cbfc16b6c12f203eae05baf0b8709f7df7537 status: experimental description: Detects traffic or activity related to http://115.52.68.106:33578/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.68.106:33578/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.204.204:35384/i id: auto-84c4fc93ffb3262e3e68f2948d72fa1ed24471da11d16ff91dee329f4a16a34c status: experimental description: Detects traffic or activity related to http://222.138.204.204:35384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.204.204:35384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.176.11:38035/bin.sh id: auto-06f4221e1c66f8058916438bef2a5145a2c27cb359917e04e0c1104d16c1504d status: experimental description: Detects traffic or activity related to http://118.81.176.11:38035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.176.11:38035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.182.34:37765/i id: auto-f0765fdf9bfceeba74b44837440e8a8a50fcbc43d69ce91c5850e5ffc397000a status: experimental description: Detects traffic or activity related to http://117.216.182.34:37765/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.182.34:37765/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.3.112:38457/bin.sh id: auto-a51498f8e40f48dfb2f555524deb665c81420ba53488c7bb27f57d6aad6617b4 status: experimental description: Detects traffic or activity related to http://117.223.3.112:38457/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.3.112:38457/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.129.218:59789/i id: auto-36785d648e5ee1df5727d35dffca62b38c2bd251147f9bf319bb7d3084733d75 status: experimental description: Detects traffic or activity related to http://123.8.129.218:59789/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.129.218:59789/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.35.149:41294/i id: auto-94d7029bc4fdeaff608e651d91a33d4302f2d601721474e6bf4f9abdf58f823f status: experimental description: Detects traffic or activity related to http://182.114.35.149:41294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.35.149:41294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.30.69:40158/i id: auto-14ee2e5d7bd10c96cd83030146721e990f3e57901270fe0e4c2e22678ac8b78c status: experimental description: Detects traffic or activity related to http://115.50.30.69:40158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.30.69:40158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.0.219:54373/i id: auto-cc2f2cd627e3842a6f50ee2ba2bfa25bda19413c4ad8c598b5bdfacab15a5a90 status: experimental description: Detects traffic or activity related to http://42.224.0.219:54373/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.0.219:54373/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/maybe.sh id: auto-85ae7e3ce8524f4457573027f27df1fbe54aa6270b311411a63e749a73928acc status: experimental description: Detects traffic or activity related to http://91.92.241.10/maybe.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/maybe.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.74.120:55410/i id: auto-88c8eae6d15c9602471917c6c5b137593283a52f076b39a0daa980cdac5d8919 status: experimental description: Detects traffic or activity related to http://125.40.74.120:55410/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.74.120:55410/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.145.14:56462/i id: auto-a08a635148b2223f8a77a1a7697f477429c3ae8e0b13fd91bb5c77182100444c status: experimental description: Detects traffic or activity related to http://221.214.145.14:56462/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.145.14:56462/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.182.34:37765/bin.sh id: auto-7c5dd562d0e7a6ffaa5ced73d87c3b2567484e347a98321d3ab04b181f358fd2 status: experimental description: Detects traffic or activity related to http://117.216.182.34:37765/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.182.34:37765/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.129.218:59789/bin.sh id: auto-d672b6440b956136333d94671924d195b5a12b0bae40291861d19487bb0a9836 status: experimental description: Detects traffic or activity related to http://123.8.129.218:59789/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.129.218:59789/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.0.219:54373/bin.sh id: auto-f37f98cce1b2f45727c6915caa1a7cc4717ddb08febaf6312f340e798eaefbc8 status: experimental description: Detects traffic or activity related to http://42.224.0.219:54373/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.0.219:54373/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.35.149:41294/bin.sh id: auto-5c813b361ddbb0bb0728d73601b75120299d51fa83cfe805cb4d411a99020f65 status: experimental description: Detects traffic or activity related to http://182.114.35.149:41294/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.35.149:41294/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.2.75.100:37509/bin.sh id: auto-d3969238a8b4fc0b4f5736188efeaaee29fa35ac7f12a66475123d05a567b829 status: experimental description: Detects traffic or activity related to http://198.2.75.100:37509/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.2.75.100:37509/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.74.120:55410/bin.sh id: auto-dcd8a6a3b4da8b0b5cefe94c52d1cbfafb30bf19040c8a7d462fe0c2e7ae75e6 status: experimental description: Detects traffic or activity related to http://125.40.74.120:55410/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.74.120:55410/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.83.136:42008/i id: auto-22bcd4b47b81a38d7202ca1895a2d3752d3b134c46070c7653988eb69910fecc status: experimental description: Detects traffic or activity related to http://112.248.83.136:42008/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.83.136:42008/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.184.222:54466/bin.sh id: auto-aff2ea4abb7615b55b76a838ddd6b497fb7e32343fb0d590cc6d22e7b293d6de status: experimental description: Detects traffic or activity related to http://42.227.184.222:54466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.184.222:54466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/lnksys id: auto-182db06eaa573493aa0097d0c304f579eec5a406507e406a6449f045d83a06b9 status: experimental description: Detects traffic or activity related to http://195.177.94.105/lnksys which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/lnksys*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/load id: auto-ce81ff6dd8d41dbee872a21c05e5b8b87927a3e1d2f4cce68f572dbaf09a3bbd status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/load which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/load*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/jpg id: auto-5067e7a24af0b643bf913c3e23f4714ed490f27d4fb9c66196c07c4eb8d625c0 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/jpg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/jpg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.83.136:42008/bin.sh id: auto-930c66476fa73bff7ed06525198190b69eb4f264a9958c34646d8a2f915f77e7 status: experimental description: Detects traffic or activity related to http://112.248.83.136:42008/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.83.136:42008/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.32.25:39372/bin.sh id: auto-71f0141b39458362efdf0b6c4ac90ee037145cf75c9e21971ae80d2c9f90fbdf status: experimental description: Detects traffic or activity related to http://42.228.32.25:39372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.32.25:39372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.1.150:34465/i id: auto-4adaad09085de5f796fcbcca2b5e56a4e40945e9adc6f83e16a862c1865f8962 status: experimental description: Detects traffic or activity related to http://125.43.1.150:34465/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.1.150:34465/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.1.150:34465/bin.sh id: auto-762c009b3e439250aa84f47f8ddebdfad784c743819732054910e57d4c5480ba status: experimental description: Detects traffic or activity related to http://125.43.1.150:34465/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.1.150:34465/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/sdvvv12 id: auto-cbd7e1af287aa5fc00267bed72c90e66b6e373aab3f79406e71223a804a0df5f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/sdvvv12 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/n-state-manager-cache128/sdvvv12*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/lil id: auto-b7c029e5cb948a8c084782031d5d916944d653f1174f6c133dce602865e5b5a0 status: experimental description: Detects traffic or activity related to http://195.177.94.105/lil which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/lil*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/n2 id: auto-62156d5a55d573b7bf9c5e03e65bd8cfe32871659e5ef791609af9c3d82ec87d status: experimental description: Detects traffic or activity related to http://195.177.94.105/n2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/n2*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/n7 id: auto-9fdbc6686b565a64bcda0019e3b587c743f1002ad6d1004a310f5ea108649b99 status: experimental description: Detects traffic or activity related to http://195.177.94.105/n7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/n7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/n8 id: auto-4ba161023785771e94c83ab943eecad4757286afc02297a716fd795607d74f34 status: experimental description: Detects traffic or activity related to http://195.177.94.105/n8 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/n8*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/n3 id: auto-2bee14c017202d48cf35b7ed0c14bd5f1072ff2d727852454f2103823d778b5c status: experimental description: Detects traffic or activity related to http://195.177.94.105/n3 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/n3*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/n4t id: auto-35d9a2a15b49d4a19f4286ce2ddd309a8749c991b09b2fb89ae8858a9dce1a1f status: experimental description: Detects traffic or activity related to http://195.177.94.105/n4t which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/n4t*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/p id: auto-9121ae4388126f96b30529a0ca55fa9356943b44740f655d3ab8b85eb8276dc6 status: experimental description: Detects traffic or activity related to http://195.177.94.105/p which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/p*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/1080 id: auto-bb654c9d6db6f9db250c9e7ba839e808e8ce2aced5e1f0788e539cab0b5d9ee8 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/1080 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/1080*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/%20 id: auto-126ccc86892166aeab67dcff4d316251eecd8237d2dbbd6ca684efb881e3967f status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/%20 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/%20*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvsh4 id: auto-4715b85187387cd1a602a731cd70d6b4afbd55b09011b9ac5d4fecea7266fcca status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/oiaaai id: auto-abf1384af14cf35edbc9f8f609cd109b5faf30b377f2aea0131eb5b159c1badb status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/oiaaai which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/oiaaai*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvmpsl id: auto-d5bc897bad97018fe2453c2dbf331548ad5efae21a85ecd3cf0d88a16f53ca8c status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvx86 id: auto-b413978d95d7fee670f511e9a4e466f4e426cdb7aa2683ee3beb000db1a4a6eb status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvx86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvx86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvarm id: auto-acad2cd33f0f4e62ea02cd86f401a1475b0d7999350d0886c23811d30ea7b623 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvarm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/apache2 id: auto-7b0023c63b267df11938e656e30273bcebe4395416adedde690727745dddd031 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/apache2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/apache2*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/pftp id: auto-a1cafbff25fabdbde5185d932207d9ef760817051d5360f13b460db2b83bf8a0 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/pftp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/pftp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/sshd id: auto-650d1f3fd2bcb23d39aa408f3170e8e84d0653ae628cfc837c7ecb97d787db7c status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/sshd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvarm6 id: auto-0924e44d6860a2cb323f70dc47d00989186c7edc6f2242129efaeb74fe2856be status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvarm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/openssh id: auto-78ebc562481b228e0924d04c5f71ff8f49b73b8e1153deef6b18ebdc9c844a9f status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/openssh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/openssh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvmips id: auto-01eb89271bc44027e283b7ad80f4734d6126b8b1d6f1bb97766e2dcbcbe4a4f5 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/ntpd id: auto-045c9b66737664266e8341657e7c4209ff5b76206326f39b376e3ce1a1d9bc2a status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/ntpd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/ntpd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/tftp id: auto-1700b32c6e0f79a5df608db652a2675538c66176797d27c9e8895d4da3e13a1f status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/tftp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/tftp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/cron id: auto-766cf994707a62c7243b2ff05ad1c3d60e05ffd6bf6b502e3c541eb5f6d84755 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/cron which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/cron*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvx64 id: auto-15c427decabd585fbbad2fa177c0c61b3f294841c9c9bf2a6c481828799dff03 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvx64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvx64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/sh id: auto-c7f2b66704d23009103285cb32cd21fe8782e16a2f9575c1b16ef7cd501ceae6 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/wget id: auto-7d25cc739aa4ee407a94d2b7938a56df64c1ccb8cb5c86f6da4856f2b4c0c0ae status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/wget which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/wget*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/n id: auto-9605e3c79851884f21abcdcb97498e9afef219286478927290d6c5ac8500e80c status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvspc id: auto-f16b25d317301566ea38bcccbb654a4a19c2610aa19f61a5c0cc9b9db1853daf status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvm68k id: auto-c50847b04904228fc3810ae22dba82b1fbbcee363e2fda914efefaa82da1e349 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/ftp id: auto-e101ab25aff620e27bd30c0f1ef30671520fa9754dd5fe44a80f4e1a52478bf1 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/ftp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/ftp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvarm7 id: auto-d03824b089bd77eff48ed24a291ad51dca45a7193f35ed84f76d83f9c91d6e6f status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvarm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvppc id: auto-235cb6a7892be54118fe12891e9a8eb68867c1ba3570d654db73f19ce1fae632 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/SupplySrvarm5 id: auto-affb50f3e75e71186b977d03a4e145203cc2413e48358f4f9cb6c20623b3c23c status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/SupplySrvarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/SupplySrvarm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/outh id: auto-9f8b36e6d0124e302e7814ac5ceed7e237a844a1e6a98545b262ea9b4e7e3ab1 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/outh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/outh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.166.58:41327/bin.sh id: auto-7611b99d829546ad32e2d3b4321aa5b5a9bfb3d639f1d62fcb302b1126207ac1 status: experimental description: Detects traffic or activity related to http://124.94.166.58:41327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.166.58:41327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/set1 id: auto-15d1f06554fd34cf53e7f481cd7682d8ba675ece799b9c14fa1dba58577a19ca status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/set1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/set1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.30.211:55380/i id: auto-4ef69c382a22441c1909e92b8185fa0ab9ed6a3f16237e7e2170588acf19a023 status: experimental description: Detects traffic or activity related to http://182.127.30.211:55380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.30.211:55380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.171.205:34334/i id: auto-4dc8545117d3f638c64d85500fcf4cdc0a562b7ca678830e79bdcb460ff014a1 status: experimental description: Detects traffic or activity related to http://42.224.171.205:34334/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.171.205:34334/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.171.205:34334/bin.sh id: auto-8932e5d6217b5fac01a711bcf700eada123f65344016f3ca4f227e1636b08281 status: experimental description: Detects traffic or activity related to http://42.224.171.205:34334/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.171.205:34334/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.74:48530/i id: auto-b21621783993a8121f7093256c72c51e8e01ce00e9921c8aa5cc587eb79ab861 status: experimental description: Detects traffic or activity related to http://42.7.202.74:48530/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.74:48530/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.222.26:48052/i id: auto-c3b52d4a5f96ecea2013453a89d2292d6a272d14bca67027ca74a420a9b9c391 status: experimental description: Detects traffic or activity related to http://123.7.222.26:48052/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.222.26:48052/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://newbinhost.giize.com:8083/ok id: auto-85003092ff6c2a5baa635befdca4e32fe7ca290d429d27f58755b42c95071108 status: experimental description: Detects traffic or activity related to http://newbinhost.giize.com:8083/ok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://newbinhost.giize.com:8083/ok*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.205.56:34506/i id: auto-efafdb6325fefb8647551fece3c31956c773cd8c4f75bfb3dde99fb6f943edcb status: experimental description: Detects traffic or activity related to http://42.85.205.56:34506/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.205.56:34506/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/parm6 id: auto-09bf561f7e5a0f3341de4429b09858e8fc7043fc0084a78a04e36dadb5547f54 status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.121.18:48990/bin.sh id: auto-9288bde81225be2e8fe9abbad47be3dcf044650afd0cf30cfc9256620f3807c9 status: experimental description: Detects traffic or activity related to http://125.40.121.18:48990/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.121.18:48990/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/parm id: auto-d74d6dda1f719687808120c7ba54ea9097f8f458f1e8c0ac2a8179983368a7a7 status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/pm68k id: auto-0cc28e02db830b97c4beaee247ccfcfdeffe7e3491fd00d970a22c2875c8a621 status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/parm5 id: auto-0d6282c6705469ddc0802542a4699dbf2a52b8dc6d0e2150dcfd942191ffed78 status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/pmips id: auto-9a8d3c7563b2da50c2371f1d2c9c6da6b5c31d88fd33386d32ecaba13fc7b25b status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/pspc id: auto-3a626923ee006e0034220cdf23593667bf30f9b3204dfec0a583bea1a0910f77 status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/pspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/pspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/psh4 id: auto-0df4edeb788edfcebf2261e9799e6ef81a100265f8833c23ff398c764a400c3d status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/pmpsl id: auto-f54f523e513a2f3e9aa6e4f7c4d2cd62f28f4efb757bd252ccd4f5a30fc12701 status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/pmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/pmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.122.170/bins/px86 id: auto-c9e0ccc197bd18eb4d94bf73ecdf9f64cbef825d43f9a4fc18eb5ec3b7902d3a status: experimental description: Detects traffic or activity related to http://2.57.122.170/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.122.170/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.82.70.105:14082/.i id: auto-e28ab98696eea9f7a08911f029ae9e791fc8f9292a01ca891471496ce8ba7433 status: experimental description: Detects traffic or activity related to http://77.82.70.105:14082/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.82.70.105:14082/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.0.51.247:32150/.i id: auto-57bcbdb25b8b6cdd1cb4514da85dc5ddad7bd5080dfb990d7545a7838aeef571 status: experimental description: Detects traffic or activity related to http://46.0.51.247:32150/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.0.51.247:32150/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.214.60.95:18609/.i id: auto-c4c88e3de3045c0f6ba800e1380173e2f71aae610cabce48676d557e2bbbeebd status: experimental description: Detects traffic or activity related to http://41.214.60.95:18609/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.214.60.95:18609/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.29.197:44734/i id: auto-1820ea4e40a7f366b88cbb612441621699c5ea8b6174b3f4a80f79800618ebfa status: experimental description: Detects traffic or activity related to http://115.57.29.197:44734/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.29.197:44734/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.32.144:48141/i id: auto-21f4b4f127e275827f07214020b89836358309d40911b28fed00f7ae226a5c17 status: experimental description: Detects traffic or activity related to http://180.191.32.144:48141/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.32.144:48141/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.0.30:55681/i id: auto-ad735ac8aa9dfda1fc74b90cf89697676195e8494a9699fdaf33e67d6baf196d status: experimental description: Detects traffic or activity related to http://125.43.0.30:55681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.0.30:55681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.205.56:34506/bin.sh id: auto-e0d0fa413593d36948c76366bf7d53e0f47a915130305c7db34a35d7a2f81c1e status: experimental description: Detects traffic or activity related to http://42.85.205.56:34506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.205.56:34506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.187.109:46088/i id: auto-d749d22cdc6bb3aa29aba2bfcdb878720d01b4f28587733b3eae0ed5788f0b5e status: experimental description: Detects traffic or activity related to http://221.15.187.109:46088/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.187.109:46088/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/arm id: auto-7ca35357e035abe16d819cefb27a60d012e0b6505be478b60839828092759e4d status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/arm id: auto-1f7ed40179d1c91312b29c0ee338e73f9f189eebf143f34b03c5d1fabd715005 status: experimental description: Detects traffic or activity related to http://61.7.209.88/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/arm7 id: auto-0ca959e120788975157e9b43c9763c81396b3e93537ad059b938ff96042012d1 status: experimental description: Detects traffic or activity related to http://61.7.209.88/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/mips id: auto-cbd42c05202af3fb7d5bb81e1c4b9752fe3c0e529fcbdcb1c8e623244377851f status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://r61-7-209-88.static.phangnga.cloud/arm7 id: auto-b910f54afb422cc3f6bef83781a0276ec1f773faba8f5e7e4072c59f31051f99 status: experimental description: Detects traffic or activity related to http://r61-7-209-88.static.phangnga.cloud/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://r61-7-209-88.static.phangnga.cloud/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.7.209.88/mips id: auto-851aeb3aaa847f00a46fd3fafae964aca2602e2fffac7aecff73f01799ee1b5f status: experimental description: Detects traffic or activity related to http://61.7.209.88/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.7.209.88/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.29.197:44734/bin.sh id: auto-726455a0022e712ae16896412aea86e1696ceb4a559a14ad4b5a4f589ed8a8b5 status: experimental description: Detects traffic or activity related to http://115.57.29.197:44734/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.29.197:44734/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/trc20 id: auto-affcf3bf9f362fb63623ac277f1ad073cc4ad413d2a7e4a9b6077bab4629f50c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/trc20 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/service28-discovery-registr/fexw8qvyvqj8qe-identity-token-issuer/trc20*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.28.47:41491/i id: auto-638e44b6ffc3112725c7b5cdcca196947ef1e2181d98782a6a87b473fbe9559a status: experimental description: Detects traffic or activity related to http://115.59.28.47:41491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.28.47:41491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.32.144:48141/bin.sh id: auto-cb07242ba6006338bf630961ba4f3563bbc014f49040536f29229e515f9c00cc status: experimental description: Detects traffic or activity related to http://180.191.32.144:48141/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.32.144:48141/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.187.109:46088/bin.sh id: auto-04386441249215c3239c2be680dde82550be1a5099e4b6fb25c5c09074bd69a9 status: experimental description: Detects traffic or activity related to http://221.15.187.109:46088/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.187.109:46088/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.196.246:36092/bin.sh id: auto-46d23d8136aae1f799d309f4841b1493139e23f8fa0c1d6e3cfc83c33b475eab status: experimental description: Detects traffic or activity related to http://115.55.196.246:36092/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.196.246:36092/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.36.136:59119/i id: auto-86525da11e3fc5d698e5b185d94e87b2f05b8aca5c4104cf86dc9d0b75eebade status: experimental description: Detects traffic or activity related to http://117.206.36.136:59119/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.36.136:59119/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.96.25:33172/bin.sh id: auto-7ed5ccc14bc6dab96f50e81cd8bc00416eb577947218c46a9372f56e03f12ab1 status: experimental description: Detects traffic or activity related to http://116.138.96.25:33172/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.96.25:33172/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.92.201:58989/i id: auto-93e65131e5229b32053b3d6574927976035a45100bd029631e3de2a10e28a59c status: experimental description: Detects traffic or activity related to http://117.200.92.201:58989/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.92.201:58989/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.37.236:39953/bin.sh id: auto-796f4b5b91a3d9b715ff32e378d21ee561e432e346ca804358f4401a13829be1 status: experimental description: Detects traffic or activity related to http://42.176.37.236:39953/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.37.236:39953/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:58956/i id: auto-aa412d21aa82f561377876362ada7053c25fd586a8096f0ad6eb1d32491b57fb status: experimental description: Detects traffic or activity related to http://168.195.7.106:58956/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:58956/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:58956/bin.sh id: auto-9b1fe708fd0c5e8f03e0730bd338cf2830ecfa338f6a7bb87d004bb40ab292d6 status: experimental description: Detects traffic or activity related to http://168.195.7.106:58956/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:58956/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.38.60:57159/i id: auto-a956c1390772308134e5376950107525d0647490e6e09168363e0a40a9a86731 status: experimental description: Detects traffic or activity related to http://42.180.38.60:57159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.38.60:57159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.231.65:54330/i id: auto-d43c403732d46cb8f90fb37210822a9643e89139f918421b2c7747a2d720401e status: experimental description: Detects traffic or activity related to http://182.112.231.65:54330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.231.65:54330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.218.76:46729/i id: auto-3b340fa05ae5ed992bbe389639688ea203ef99be95b7f7fcfdc4f5cf8c693537 status: experimental description: Detects traffic or activity related to http://219.157.218.76:46729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.218.76:46729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.92.201:58989/bin.sh id: auto-5c8e82fc520bca08918e7e8038cf614449b1d571b928e0f63afa66e406bfebd9 status: experimental description: Detects traffic or activity related to http://117.200.92.201:58989/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.92.201:58989/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.204.204:35384/bin.sh id: auto-4b3d7bd78f221b5b1f083dd0c10be27e64de8031238793d334bcfc511fad7859 status: experimental description: Detects traffic or activity related to http://222.138.204.204:35384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.204.204:35384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/az2-prd-rs01/s3-backet-cloud73-s1/final id: auto-c9c286ba005cd1a93124424fbdc293b749c2d6f6c9111cc58d242ba21ea4a8c4 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/az2-prd-rs01/s3-backet-cloud73-s1/final which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/az2-prd-rs01/s3-backet-cloud73-s1/final*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.160:33251/i id: auto-35ad21ccf86655e40f9063177247c448b528dd0d060673b3ccd71320bb24eba6 status: experimental description: Detects traffic or activity related to http://117.209.17.160:33251/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.160:33251/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.64:34708/bin.sh id: auto-b2d6c0f09a68ba24104b8004fca9a8f97b7230b56ad42df3373bcd870b0e5eb5 status: experimental description: Detects traffic or activity related to http://200.59.83.64:34708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.64:34708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:60515/i id: auto-e89cd388e04f86fe686f5b2724994a82f4ab1997dfa78b9377a48715721be6d8 status: experimental description: Detects traffic or activity related to http://110.37.76.189:60515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:60515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.175.144:42516/i id: auto-e7f9d5069458b7c1c4a8e35251f4ed6485514dabd9ebb8133905848785d777ec status: experimental description: Detects traffic or activity related to http://115.55.175.144:42516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.175.144:42516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.160:33251/bin.sh id: auto-72da2e134d9c29b6b33959cfed208585d0789a9f40b21d323c9a6ada2d59d05a status: experimental description: Detects traffic or activity related to http://117.209.17.160:33251/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.160:33251/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.231.65:54330/bin.sh id: auto-c12fd7b15d351194cf606f938caaf35736002159a8e1f5fa1c0b54c5f6327172 status: experimental description: Detects traffic or activity related to http://182.112.231.65:54330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.231.65:54330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.arm id: auto-f8819a8cae6325b8405e3a0e6122fe0a274eb11dd8179322648ae64686d5f941 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.arm6 id: auto-052d7635c08dd49544d0fe8e89a5feae309840e72d6eaf166eefb4c00251a169 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.m68k id: auto-f8f09ae6fdd86e38ad578c8f4680a8175e205f7aa8ff3e50d468babaf334170b status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.x86_64 id: auto-6061d37e2c0a2fa4510dbd620120bd29603d4b86ac21741c1271e7c6860a64df status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.spc id: auto-92ad7f743fc55e357eeee40f282f0f63bb84ffbbc9f7b0318d54a34ab6a397b4 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.x86 id: auto-1624341807dbbbb23cd073f11f2b6bc4d41467f781dc35011d9ac87f9f1b13e2 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.arm5 id: auto-a91e6dfe0852ffb74051bd3717472db1e030f21244d14c7033b80e6e9d8ec5bb status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.sh4 id: auto-eeae2545cbf750ba8f13a305bb4e2f7c71e335ac0c06241b4fc0d8c367691691 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.ppc id: auto-bd6ef5cdd2d9c3c24d3e100b16b39761f150e621186e29835859c6ff7b930679 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.mpsl id: auto-8e234e05420d4a9baac93d7596839774597168e0de4985e11236c8170b391cf6 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.mips id: auto-e4413012f0863aac65ab49319b0dd28b8d624f14fcbe93d93761992f2cc98bb0 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/win.arm7 id: auto-a5c4bb1f987acaf1e535c24da4110a5560c33c38a2f13212f5a3ebaca95a7a9b status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/win.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/win.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.95.149/photo.scr id: auto-25a3464e121e74394b32a67ef8a0f85d4c5498f31998b6808fa83db7de47b030 status: experimental description: Detects traffic or activity related to http://37.81.95.149/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.95.149/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.95.149/info.zip id: auto-77116058ea36515cb51aaaa8c14a0710ce1c9d1e543d2eb115989f51ddbdf2f0 status: experimental description: Detects traffic or activity related to http://37.81.95.149/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.95.149/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.141.166.71:34663/i id: auto-6a4021990794f260c363a930a4f6706f26738dd729151c5f56be6f806a7c7847 status: experimental description: Detects traffic or activity related to http://202.141.166.71:34663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.141.166.71:34663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/video.lnk id: auto-82d92eaca2d4bdfc25cf0488da5b64f8280a7b90809b564ba587620058c06333 status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/photo.lnk id: auto-e8f89f4ef7b75988947d51bd75a5bdf7363170f05d5d37d0c83e3c45ed2c31d1 status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/photo.lnk id: auto-ab7d3e8dab289cd507fdd8c7eebc00282aa7c715148881d3c411abbd26be5e13 status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.19.101/info.zip id: auto-37f1757aa0a6cb72c99bd87ad3e65702c9f860a1a933590f0cef5c7328eafc2c status: experimental description: Detects traffic or activity related to http://37.84.19.101/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.19.101/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.163.89/info.zip id: auto-accdf8319d8ac9c1a75b1ac09ba429b8e603677080b9dbc96583211ee04e38c8 status: experimental description: Detects traffic or activity related to http://37.80.163.89/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.163.89/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.82.239/info.zip id: auto-5981b0194d759457e939969cd74ccdaafb6d977147c623b41037b1e1a22dca45 status: experimental description: Detects traffic or activity related to http://37.80.82.239/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.82.239/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.19.101/photo.scr id: auto-fcc747dc387f40dd8dbde76f669b093b9a9584b5da1150429f357f635f27e521 status: experimental description: Detects traffic or activity related to http://37.84.19.101/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.19.101/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.57.216/info.zip id: auto-b4c4b4be3a229f659e777a09407ee1ea08d1139f4b435f67ca56a296d9e0094c status: experimental description: Detects traffic or activity related to http://37.82.57.216/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.57.216/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.80.141:81/video.scr id: auto-13463d0c54b663f5880428803f2cc462106ff8fe7427ac2e8424f253378a9068 status: experimental description: Detects traffic or activity related to http://113.251.80.141:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.80.141:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/av.scr id: auto-d37510e8164a3c020e98698373d21433820d2ca5aadcc286f51c201b822b40de status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/video.scr id: auto-d83e05262fc3db29fc381881d5f4b0429a60192c6f685a035495afaea9c674ed status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/photo.scr id: auto-68bec2c476e3960bd18409dc20a320d317ef74646f51b4ab7551905fdf38b449 status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.80.141:81/av.scr id: auto-38d9f195ec982437d7d0e151ad47edd9592a6984a787d1d015e6eb3d75472a83 status: experimental description: Detects traffic or activity related to http://113.251.80.141:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.80.141:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/av.scr id: auto-8e6151b2acc6adc51d41476a01cc08453b5b8ca6eb651b9e241bba96b92001e3 status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.199.205/av.scr id: auto-a919dbd785a37c2453f4dea39cb9d94f50cdedcc1488f9c55023dc09a5b5d5d6 status: experimental description: Detects traffic or activity related to http://191.25.199.205/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.199.205/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.199.205/video.scr id: auto-a9eccbf697d1057805cbbccbf6dae46ee60f5b05d155717a4d1c5f933b3fe730 status: experimental description: Detects traffic or activity related to http://191.25.199.205/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.199.205/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/av.scr id: auto-bc483aad405ddc25661d0e041e3ffb0c578dcbde94dfbde02b064d486368ba1e status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/video.scr id: auto-0e25b37a3b345f7f1576ea3f54952ab3e3aba8b8ebceeec87e7a7df6e59c8331 status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/video.scr id: auto-ebdd75b05c31ee912eda7cf4e4ae0458415a42e6f429452bc95b46a946a78328 status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/photo.scr id: auto-32268cd005624d1791be7f97ca7b9a1bf8820cb88799553ac3388b0dcc482173 status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.80.141:81/photo.scr id: auto-373a6b7e0841602f8fcb0aee5c4324d194ae6963254737a17972ba20579348f7 status: experimental description: Detects traffic or activity related to http://113.251.80.141:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.80.141:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/photo.scr id: auto-33437331ac0f00b5006fabc755059e9f68d883358319294f78bbea2c18048851 status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.199.205/info.zip id: auto-50d13e327e586d8d43b989dce262e468bc727cc29b7b8e4e5152e12a33f4cb05 status: experimental description: Detects traffic or activity related to http://191.25.199.205/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.199.205/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.50.225/info.zip id: auto-09944c2230c34a9866635eefe535626bcadab46bed378758985868b5b69c574f status: experimental description: Detects traffic or activity related to http://37.85.50.225/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.50.225/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.45.151.28/photo.scr id: auto-96964eb7384b657420cf5afc0ab1fecd1ec9ec8ad8380c2e88ae3099f915ab62 status: experimental description: Detects traffic or activity related to http://70.45.151.28/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.45.151.28/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/info.zip id: auto-1f746ed72325084b4c16db06a080267023ed1d9df11e8dffb4da3886ba80632f status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.80.141:81/info.zip id: auto-4c8cabb22511ad3b8683b98dd25a7c614b8855de61e16b5ff922dfb15bf303db status: experimental description: Detects traffic or activity related to http://113.251.80.141:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.80.141:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/info.zip id: auto-7513eec3ada0b645b62e2790e5b11c289fb00e4cfcb9f3ff1311f7720537afc0 status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.221.201/photo.scr id: auto-cc4a1c1576d2c59e1b7e722516f755c2e4da094e3dc5e39392ce5fb16ddc0eab status: experimental description: Detects traffic or activity related to http://37.85.221.201/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.221.201/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.50.225/photo.scr id: auto-2769bb7cb6a3861027915a200553a563e9668f8d42c5a4eca467e3cac0c412e1 status: experimental description: Detects traffic or activity related to http://37.85.50.225/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.50.225/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.221.201/video.scr id: auto-ff9cff58f8e20befcc3e2153fd8ff49f7a450d39da00f74f4b67e2892dc55792 status: experimental description: Detects traffic or activity related to http://37.85.221.201/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.221.201/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.221.201/info.zip id: auto-8614bf095c256f8428156c65e9afade1d7ac27d30f718a6132daf4bcb31924bb status: experimental description: Detects traffic or activity related to http://37.85.221.201/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.221.201/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/info.zip id: auto-30a6d4ffc0efb5ddc4808343d2303200ba4f191fb4fb0e2ef1d66b622bb96d6f status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.199.205/video.lnk id: auto-6c70a911300e1d35a4481c8d80c4c11a3115f5caedea157f60d2056dec0b36c6 status: experimental description: Detects traffic or activity related to http://191.25.199.205/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.199.205/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/video.lnk id: auto-0be0e3912a5386b0a889b8aad6a8403acbbf11f418d8d223e897f6dc07181de2 status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.199.205/photo.lnk id: auto-f4fc2a8bb271d230d0dbf01939887f0b7aa79ad616c72b7d19942dfbbe9df62a status: experimental description: Detects traffic or activity related to http://191.25.199.205/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.199.205/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.249.12.115:81/av.lnk id: auto-d59fb459e042c2243ff57800ae37ee6d4d9f731ffcae1cf339e541cc5fc40e71 status: experimental description: Detects traffic or activity related to http://113.249.12.115:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.249.12.115:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.199.205/av.lnk id: auto-0977f5e4c93a1dec55df8c9f52b85dac706c017a8173d02d5bd581a8cd10a505 status: experimental description: Detects traffic or activity related to http://191.25.199.205/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.199.205/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/photo.lnk id: auto-0a7e1881926a4775479b54542515a0be9f05d7f69a0c01ec35be15eff30c2efe status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/av.lnk id: auto-167a1c7c4daec7fe806060ed478af046ca8ea253295ec841b7adef65cff19e42 status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.241.128:8081/video.lnk id: auto-40ddf939ac02893066f280de05d2f1476811b41263021c7bc089a55673ba67e9 status: experimental description: Detects traffic or activity related to http://115.215.241.128:8081/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.241.128:8081/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.89.199:3389/av.lnk id: auto-a23d61a128eac0b76bd38bf5358fc7b7277edf14926e155a65358ae364547472 status: experimental description: Detects traffic or activity related to http://124.72.89.199:3389/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.89.199:3389/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.80.141:81/av.lnk id: auto-ce0bbac171dd7078e2e5b00955a6f3a4f973b2aed550d08765b2d100b3b370b0 status: experimental description: Detects traffic or activity related to http://113.251.80.141:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.80.141:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.80.141:81/video.lnk id: auto-133fef9b4f5c16c9494277fef164c0a3b50291677d2d146fa70a1cff6b05838e status: experimental description: Detects traffic or activity related to http://113.251.80.141:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.80.141:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.231.41:59243/i id: auto-e28a13dc3f66da63e21fdde41bb6000d7d22f0e75da7872d3542ac2d0c7ff742 status: experimental description: Detects traffic or activity related to http://42.232.231.41:59243/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.231.41:59243/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.240.225:55714/i id: auto-265378ad430f8d008dba79173f8efa5042c51a1f12e8dc9c5f402b9c46eebe19 status: experimental description: Detects traffic or activity related to http://182.126.240.225:55714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.240.225:55714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.81.131:33807/i id: auto-0b42bb30ac42b211081b3e8ced276a3960d46f74235f479710d662e7627975ec status: experimental description: Detects traffic or activity related to http://123.12.81.131:33807/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.81.131:33807/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.235.183.69:51887/i id: auto-e06c5d823ba48ded1ba0e58defe8da20ad1885e34f2103dd7aa972745529532f status: experimental description: Detects traffic or activity related to http://123.235.183.69:51887/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.235.183.69:51887/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.82.218:39331/bin.sh id: auto-dcbe80e8bc417c8e3cc1117d73f42730de82e84d3bd17a8a93f0d4ce24b9f568 status: experimental description: Detects traffic or activity related to http://115.63.82.218:39331/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.82.218:39331/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.175.144:42516/bin.sh id: auto-6c8a8dea84337e28719be4d37b520d3a8a3a8f179a0ad569f9d9a7e0c291b544 status: experimental description: Detects traffic or activity related to http://115.55.175.144:42516/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.175.144:42516/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.141.166.71:34663/bin.sh id: auto-65def2b7fa75f0de678671ddb311e0533159dd00a24926b40df13a5875c01bd4 status: experimental description: Detects traffic or activity related to http://202.141.166.71:34663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.141.166.71:34663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.231.41:59243/bin.sh id: auto-19a5d91a572fbd1b691ebb7484aab96cd2ae4a9513e2aa3f1763997f45b3c15b status: experimental description: Detects traffic or activity related to http://42.232.231.41:59243/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.231.41:59243/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.121.18:48990/i id: auto-84ab65f880fbd519749a17ae54264f9ef9492f4e995c84b71e253e74580a11b8 status: experimental description: Detects traffic or activity related to http://125.40.121.18:48990/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.121.18:48990/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.24.110:60332/bin.sh id: auto-4c801a8cce47acb48734596919612d8a002f64a023979d37810dac71c8c755fb status: experimental description: Detects traffic or activity related to http://115.49.24.110:60332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.24.110:60332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.240.225:55714/bin.sh id: auto-521a34e4d1184d421a2cb105826ffeb14976be4fd021dce0b5df3efea9244e48 status: experimental description: Detects traffic or activity related to http://182.126.240.225:55714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.240.225:55714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.235.183.69:51887/bin.sh id: auto-660085f4b19c174d71972dba77638a1abf24634c8ed93f826ca4c19547d50cf9 status: experimental description: Detects traffic or activity related to http://123.235.183.69:51887/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.235.183.69:51887/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.199.74:45249/bin.sh id: auto-07b13a36d6c8b1ea4aeaacd9747d15c7e92a3d2bc13c6463ecd817f6f25d942a status: experimental description: Detects traffic or activity related to http://123.12.199.74:45249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.199.74:45249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.206.207:55553/bin.sh id: auto-ea8f096912b5cdadd681f4dba6de06641cb8985e4a5b566ad09b40483f8d3e75 status: experimental description: Detects traffic or activity related to http://123.4.206.207:55553/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.206.207:55553/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/tot id: auto-10891e5b046319438cf98762c9d4f6bc7a16f5e05d32474db7970a923a631b32 status: experimental description: Detects traffic or activity related to http://185.236.25.149/tot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/tot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.148.67:60337/i id: auto-d08f4ab1fedc0473a9acdb8f9c15adf464da8a3076f037cf1ef117d2e4a24bfd status: experimental description: Detects traffic or activity related to http://182.115.148.67:60337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.148.67:60337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.174.152:54742/i id: auto-b26bb7de141ff3970c674c60255f6609c929b905645f413b9ebc4d021e60c73e status: experimental description: Detects traffic or activity related to http://219.156.174.152:54742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.174.152:54742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.19.139:54633/bin.sh id: auto-434b2707c9c3b764c919fdbdc80db89dc195378f40975a458613a1fd946feb76 status: experimental description: Detects traffic or activity related to http://115.52.19.139:54633/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.19.139:54633/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/add-48 id: auto-b01a35d4334985bddec03a2c59430bae7c1043429945f97ac22f9f438a0c37dd status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/add-48 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/add-48*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.232.145:53717/i id: auto-d30d5897368741f74efd47ac43ba89211960a38e59296a863dfa2f308ecd6068 status: experimental description: Detects traffic or activity related to http://182.113.232.145:53717/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.232.145:53717/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/echo id: auto-0597cd1fcd74ed982443d51e9c97a0b550160c85450b5abe96d45f5269b7b900 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/echo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/echo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.232.145:53717/bin.sh id: auto-8444d8b64f5fe6e25757133a6e8713011627c67f57d5d9c30e45d8a77c4f354b status: experimental description: Detects traffic or activity related to http://182.113.232.145:53717/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.232.145:53717/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.144.156:46181/i id: auto-fd277a8100247bfa72eb0748fdcc36d4d2b903c68a932c25af4ef88753493552 status: experimental description: Detects traffic or activity related to http://123.14.144.156:46181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.144.156:46181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.54.3:36061/i id: auto-5511d8ffd88e1af4b3f306df9ea90d2f9c2470017080ff553efc8eaa5bbb98d4 status: experimental description: Detects traffic or activity related to http://115.55.54.3:36061/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.54.3:36061/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/ufo id: auto-200565a621d1ec15737cd2d78013fb8c58cb30fd5e3338c9f7f234eaebba2cb6 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/ufo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/az2-prd-rs01/canary-bg01/ufo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.13.91:53733/i id: auto-756616d6d152a4124fe9ce9a3e5923f2c917f55eb0ff033854737956473012ef status: experimental description: Detects traffic or activity related to http://123.8.13.91:53733/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.13.91:53733/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.229.218:59225/i id: auto-06148e8e0a81f1e6828df70f4293a19e0b68210817002daab456f61fba9e792a status: experimental description: Detects traffic or activity related to http://60.23.229.218:59225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.229.218:59225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.83.91:37940/i id: auto-f0533580b58090ddb88b0e13f514d33873625a6d985578df300067a931e58ab4 status: experimental description: Detects traffic or activity related to http://112.248.83.91:37940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.83.91:37940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.144.156:46181/bin.sh id: auto-1846f8bbb9821fe8ede26972f691db748fd1f29e2929cc43fb03a6538672eaf6 status: experimental description: Detects traffic or activity related to http://123.14.144.156:46181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.144.156:46181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.247.80:38821/i id: auto-ad2a6fd54800ce8a9d5bb89254cc477796aea668cf53b7b35f40847f27e18f7c status: experimental description: Detects traffic or activity related to http://123.9.247.80:38821/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.247.80:38821/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.135.18:52189/i id: auto-e4d9c8219db6f75b292c8e65036c29d6a934abbadc3befcbd5928dd9ea0b9368 status: experimental description: Detects traffic or activity related to http://115.62.135.18:52189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.135.18:52189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/karm6 id: auto-94bf1e01ef00f9ab870ee2a0b3c57efa2e6a36e25f56c0b02991ce3660da1bc9 status: experimental description: Detects traffic or activity related to http://185.236.25.149/karm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/karm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/karm5 id: auto-a81fe350751c7bbc662f68a2cdfccbf8a90ad48c399a9fb7ec15695969af69fb status: experimental description: Detects traffic or activity related to http://185.236.25.149/karm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/karm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/karm id: auto-cdef1d91aa5238977ec0c633703d5c7bdc81afcb61dd662d21a78a702a4997d5 status: experimental description: Detects traffic or activity related to http://185.236.25.149/karm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/karm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/karm7 id: auto-33f471799bff9c182a3cc197365b717547509db838f66301ff74144c5b977adc status: experimental description: Detects traffic or activity related to http://185.236.25.149/karm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/karm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/7CDtDBQ6UeWmq5/tem46 id: auto-9f0e9ff958a9661b4e15f951b0579181aa95bb738d75b1baa0c2c0f8dc1c7172 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/7CDtDBQ6UeWmq5/tem46 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/7CDtDBQ6UeWmq5/tem46*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.71.85:53384/i id: auto-631960518e57ff2f1643e5443ceba4e5e44fd1af91b494b20a3750346f0fc47e status: experimental description: Detects traffic or activity related to http://182.121.71.85:53384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.71.85:53384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/images/AV.scr id: auto-8166231f4f7e40da527e9a5b51c36c09f84e2988979f588684a7a6f89eae0ba2 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/images/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/images/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/Video.scr id: auto-33db60efbec9eb575ec80772481e6c344d7fe287173a58644b7529998689f6f9 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/tesseract/AV.scr id: auto-7af7f839972c4b36064b5dde9f47f6a37be8783c4a50abbc6b5999cc2a1c2fd5 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/tesseract/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/tesseract/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/fonts/AV.scr id: auto-faee215294083030a1dcd0fdb456b2fd14b9dad0c30ae3d8f2089cdd23ec80b9 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/fonts/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/fonts/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/forge/AV.scr id: auto-1c5c9e678c2afc284967fe7ecc7882db0219804a3f082a318fb323f676006abf status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/forge/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/forge/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/Photo.scr id: auto-799b09cba41e474eae5ab387801895bd29c59f3e5467315eb639244995f1b1ea status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/Video.lnk id: auto-52cd9224cd3bbdcabec411e7999b41f637f8e7589c5bbe6cd624ef855a41e1bc status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/Video.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/modules/AV.lnk id: auto-b8d6d3592b789229463cd4def4ebfd5aa90be738e4058b8f4b6e440e7de8125a status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/modules/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/modules/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/Video.lnk id: auto-31a18768294d27d3afb0b6bf7bc4c1c60bbc313129288a2d8307b29a6035fd7b status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/Video.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/images/AV.lnk id: auto-760bb8f66cfe88fa74c285bc792a6e77187644b2cfcaca9809778419eea38b14 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/images/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/images/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.83.91:37940/bin.sh id: auto-b204fab8ecc38a1e4f0b75cfb0f81417bfba74f5fb870b3795f34bcd23661a85 status: experimental description: Detects traffic or activity related to http://112.248.83.91:37940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.83.91:37940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.248.28:53302/i id: auto-cdb58fbc08af457dace8d5536f4212d3e32356c3155b6272fc621a95b9280e33 status: experimental description: Detects traffic or activity related to http://119.179.248.28:53302/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.248.28:53302/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.135.18:52189/bin.sh id: auto-5d74c51f684f83eb298554c305e336379c8b3941187923ca36fd141d683b633c status: experimental description: Detects traffic or activity related to http://115.62.135.18:52189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.135.18:52189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.65.67:37531/bin.sh id: auto-577f7e560ea647890209b9db298f57be336367516e59c7a25c4538be78f0a4db status: experimental description: Detects traffic or activity related to http://120.61.65.67:37531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.65.67:37531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.128.98:47002/i id: auto-8f545728fd5f966c0a345adcc3e56638e89166626eb9767a7fc561fc61e634ad status: experimental description: Detects traffic or activity related to http://115.54.128.98:47002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.128.98:47002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.247.80:38821/bin.sh id: auto-2ab23c91f786580ce32a8442cd78ae26c5f08f44addd2a2ee6ce7bdcc92975c5 status: experimental description: Detects traffic or activity related to http://123.9.247.80:38821/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.247.80:38821/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/d03a51b4/914be8cd-b516-478b-b1a4-5bf337f64733/735d83c6.css?key=fda89d6f-975f-496b-8f7d-0c3917e7a92a id: auto-521b9890d5259284ab2402aa3f3db993182c0a098b5b0c972ca609342283b4ea status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/d03a51b4/914be8cd-b516-478b-b1a4-5bf337f64733/735d83c6.css?key=fda89d6f-975f-496b-8f7d-0c3917e7a92a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/d03a51b4/914be8cd-b516-478b-b1a4-5bf337f64733/735d83c6.css?key=fda89d6f-975f-496b-8f7d-0c3917e7a92a*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/reobf/914be8cd-b516-478b-b1a4-5bf337f64733 id: auto-979d7751b5191ba0f6507165a65680598ea2e2a334274e44e82fda1edc80be22 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/reobf/914be8cd-b516-478b-b1a4-5bf337f64733 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/reobf/914be8cd-b516-478b-b1a4-5bf337f64733*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/914be8cd-b516-478b-b1a4-5bf337f64733 id: auto-f025aa60ed52fb77e60b1ce609356699e39fe9f4877a5662fee44c2374230981 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/914be8cd-b516-478b-b1a4-5bf337f64733 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/914be8cd-b516-478b-b1a4-5bf337f64733*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.229.218:59225/bin.sh id: auto-6b5d812274536b0dcbacb58508cd5b602b2149d6ab080f88709a393315f6cfe0 status: experimental description: Detects traffic or activity related to http://60.23.229.218:59225/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.229.218:59225/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.71.85:53384/bin.sh id: auto-0f983ba91648dd5c89f81cff453fed77da0e005b85c99054c0d4f02fc4c19b11 status: experimental description: Detects traffic or activity related to http://182.121.71.85:53384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.71.85:53384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.248.28:53302/bin.sh id: auto-338cb6514a971ca0967c9986c6c2ac7a0ef5f2d4be4f9a329413c1ff771e9c65 status: experimental description: Detects traffic or activity related to http://119.179.248.28:53302/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.248.28:53302/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.13.117:35840/i id: auto-32e700f9c652755d090c66f1d11d63bd8eeec00721b13983709b5780db583365 status: experimental description: Detects traffic or activity related to http://42.179.13.117:35840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.13.117:35840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/7CDtDBQ6UeWmq5/bn9 id: auto-eeca3c907ce66af8513f34ab7d972f85d654e82e883e58d0f7d7c4ac997fc227 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/7CDtDBQ6UeWmq5/bn9 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/7CDtDBQ6UeWmq5/bn9*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.20.228/Documents/staa.lnk id: auto-0b134fbc79eb1e6d3d238576322e9e876b507e264c30e7bc9bc5e2492bf02cbe status: experimental description: Detects traffic or activity related to http://185.236.20.228/Documents/staa.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.20.228/Documents/staa.lnk*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.20.228/Documents/ooktest.lnk id: auto-e2c77dffab3e19cbab6037ee4909307a17d1d40bdd0524296346be3b61938f54 status: experimental description: Detects traffic or activity related to http://185.236.20.228/Documents/ooktest.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.20.228/Documents/ooktest.lnk*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.196.82.90:2095/02.08.2022.exe id: auto-11a62c8b10a08466efdf79ad7ce4d831485144f6263ba1528afabbed9606a199 status: experimental description: Detects traffic or activity related to http://116.196.82.90:2095/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.196.82.90:2095/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://137.175.16.1:8896/02.08.2022.exe id: auto-17a7912300ad91c8c0892f6ea0e4ca4b84c4c8837bc2c6ecdbf7c0afa40bc9a6 status: experimental description: Detects traffic or activity related to http://137.175.16.1:8896/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://137.175.16.1:8896/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.243.184.80/sshd id: auto-593ce557999a3f4ae133ef43aa2130cb49919290b4745f834c0a82a9bed9a9fb status: experimental description: Detects traffic or activity related to http://14.243.184.80/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.243.184.80/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.89.199.157:8043/sshd id: auto-33cfd024fda1e33982194052435f62a90113530218534dfa93c0c611920f4f8c status: experimental description: Detects traffic or activity related to http://197.89.199.157:8043/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.89.199.157:8043/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.34.247.103:25487/i id: auto-a509af62cdea66e9ffc1a32563916da57a799116d2843897620f784a78ff6a2b status: experimental description: Detects traffic or activity related to http://14.34.247.103:25487/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.34.247.103:25487/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.27.167:14417/i id: auto-ceec858e8314359eac4e323e20497fe0d76d7f26f4781fc151223218fcbe74dc status: experimental description: Detects traffic or activity related to http://113.221.27.167:14417/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.27.167:14417/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.12.110.35:8080/sshd id: auto-9eb31bef206a2b4617cc3a81de789359cc101d998c14bfcbe0e6c17c108ba6d0 status: experimental description: Detects traffic or activity related to http://77.12.110.35:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.12.110.35:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.157.240/sshd id: auto-261ffb773fc5030391ef71f8dbc45b6116e5ebc27593963aead89f367eb7c367 status: experimental description: Detects traffic or activity related to http://91.80.157.240/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.157.240/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.98.144:34496/i id: auto-52d27c03de4c6941cefee8cd35f3ef63981e8b429de1f331be864dda7bfad45e status: experimental description: Detects traffic or activity related to http://113.221.98.144:34496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.98.144:34496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.88.41:49861/bin.sh id: auto-0007ad2d03d608d44dd94144bb11e6c96ff62f85762c41d751e0b4df217b3c94 status: experimental description: Detects traffic or activity related to http://175.165.88.41:49861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.88.41:49861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.83.26:46048/i id: auto-1d1276e22a9b0b80d6ca012f6e14f958d0f62fa9472f7f1278173e47486420f1 status: experimental description: Detects traffic or activity related to http://175.173.83.26:46048/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.83.26:46048/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:60330/i id: auto-f1d6a37ce35a3f1b7faea5001e5e1beb6b4f386d818410f86f6d79ffa845dbd3 status: experimental description: Detects traffic or activity related to http://110.37.74.239:60330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:60330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.98.144:34496/bin.sh id: auto-8e71ee1374547c6539c7f86627fd99a4ad79cc5963124cbb168b9a1ca0303f11 status: experimental description: Detects traffic or activity related to http://113.221.98.144:34496/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.98.144:34496/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_x86 id: auto-2df0936953c05c35eecad50d28f51cf20f2821faa6cfaf351fe75ec582f3c657 status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_x86_64 id: auto-1005b97ac7fa25f1c785eaa9773ea2dc887cd581044271099468c79d80ee9b9b status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_arm id: auto-82d06f0cdf88a7f6ae6b52af8a7a5f8f0aeeba27ec4a45791ffaf485603c5f79 status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_sh4 id: auto-f29fc6fd5d1d46a2d00fc716975eac619eb8a5f3ed4db2644fc7f67d3e70903b status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_m68k id: auto-6f1a9fee0001fd583a23a3323d4480b05c7293da7dca690f664503063866f8da status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_ppc id: auto-b38708b1e7c09b42f2fd91ae9e9b8ad36c20e1cfdbe78f2244eb99ebc7d3bdfc status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_arm6 id: auto-1d6af6b02983f98420e3b2b03ae6052c412442d74f158201303024eb9cec3792 status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.73/main_arm5 id: auto-9e34b415cdc9efae5dfef47929e4334833e29a37074d5c9213561fbd8d8081bd status: experimental description: Detects traffic or activity related to http://45.156.87.73/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.73/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.91.7:42680/i id: auto-e0bb2c6b7fc01bc89cc7ba4972b3baff97236643bbb0266aa722753e4ba84350 status: experimental description: Detects traffic or activity related to http://115.58.91.7:42680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.91.7:42680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:60330/bin.sh id: auto-90b9ff59fb331e36461a6949e617f7d83477ae62d47f7ca6c4e1428bf14e43c1 status: experimental description: Detects traffic or activity related to http://110.37.74.239:60330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:60330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.24.55:39732/i id: auto-8ab6093aa874f1f064068bb16e1e573cbce5f049f983c32ddb0028d1a63ee8a2 status: experimental description: Detects traffic or activity related to http://117.212.24.55:39732/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.24.55:39732/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.218.154.53:37660/i id: auto-a10408cc2314ee0dbf66b8425995e3b17edb602acaeb5db43e41400dad8d3a4b status: experimental description: Detects traffic or activity related to http://81.218.154.53:37660/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.218.154.53:37660/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.37.165:52151/i id: auto-967f07b8eb3ceba1ec0e6142d59c745fad3bd6ab35990f35a0405de8295afe13 status: experimental description: Detects traffic or activity related to http://219.157.37.165:52151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.37.165:52151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.174.152:54742/bin.sh id: auto-9002aade5260f0936f53c4e8f3f80ee1904488bb494d4817439d2255ac9a3563 status: experimental description: Detects traffic or activity related to http://219.156.174.152:54742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.174.152:54742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.24.55:39732/bin.sh id: auto-841ec7e8513a2926488478ef620b27f0d1d703c5efb72df4a107e27341cfc915 status: experimental description: Detects traffic or activity related to http://117.212.24.55:39732/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.24.55:39732/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.37.165:52151/bin.sh id: auto-37fb3d34dde865d1c478ade5e79926d6568c2fff6b8c486db77f58fd9e4e093e status: experimental description: Detects traffic or activity related to http://219.157.37.165:52151/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.37.165:52151/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.230.145:59808/i id: auto-4147153b9b25c4d6cc531fb8190cc1058d1c0e3de06ec31eb94c7fc4882a5be6 status: experimental description: Detects traffic or activity related to http://115.57.230.145:59808/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.230.145:59808/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.245.133:47776/i id: auto-4ff0f3cb0593861a3feff2a6b0b01d317100b88b0adc03fe24947712ba45fdc1 status: experimental description: Detects traffic or activity related to http://42.59.245.133:47776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.245.133:47776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.91.158:38444/i id: auto-a7ceee2c4458e6d2c16c26e4f05586b8b2381192dde5c8e07e68d4897d300af1 status: experimental description: Detects traffic or activity related to http://124.92.91.158:38444/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.91.158:38444/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.23.130.217:40361/i id: auto-1e635be44f6998d23b23cdf4820befbb2d3b0f09d0d540b62027901b1cf93a3f status: experimental description: Detects traffic or activity related to http://183.23.130.217:40361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.23.130.217:40361/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.229.122:34632/i id: auto-521fb2c0fb99900b6529d165179ff04ef3be6e588800ec002e72c747b222b640 status: experimental description: Detects traffic or activity related to http://42.232.229.122:34632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.229.122:34632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.246.182:52520/bin.sh id: auto-e1c197b0ef43058f1bea8a62b7381d1b0750340b93db5089c9762a507585aa73 status: experimental description: Detects traffic or activity related to http://42.5.246.182:52520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.246.182:52520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.245.133:47776/bin.sh id: auto-06cb7704a8c06d71d715783a830cfd24a7e2673df5c05f3f952befbf34673f6c status: experimental description: Detects traffic or activity related to http://42.59.245.133:47776/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.245.133:47776/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.91.158:38444/bin.sh id: auto-63eb6cba15f524133e0bef8decc0f7d4dffe49a8b513ed93b1800d426a72298c status: experimental description: Detects traffic or activity related to http://124.92.91.158:38444/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.91.158:38444/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.229.122:34632/bin.sh id: auto-52d469b681183682f27ba015442cf91c5e2e545edaca3f2c5e93662646a451ad status: experimental description: Detects traffic or activity related to http://42.232.229.122:34632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.229.122:34632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.3:35018/i id: auto-76520a10b9047c556dca5a06ed26e89eacb0b77590d78008fee74083e5d2bff3 status: experimental description: Detects traffic or activity related to http://117.209.16.3:35018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.3:35018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.230.145:59808/bin.sh id: auto-9112d29421123e55b9178c482f91b62dc05329f38ff92d1078b30363b6bcdd18 status: experimental description: Detects traffic or activity related to http://115.57.230.145:59808/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.230.145:59808/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/browse-via-api/fb-api-keys/keys id: auto-143fe48ea6482e36cc0654b139ccbc260a186a4a125701e942ee4e31f01d43b1 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/browse-via-api/fb-api-keys/keys which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/browse-via-api/fb-api-keys/keys*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.71.23.195:56696/bin.sh id: auto-f5d8bee34f5e519fb490df462b0ca5f5120fe2650d7f6c21d27c415d5fd885d1 status: experimental description: Detects traffic or activity related to http://36.71.23.195:56696/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.71.23.195:56696/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.185.221.169:46862/bin.sh id: auto-d01dccec33b3a685c3c8eef2f1f171610bba08b0af5f053adf24d344b288154f status: experimental description: Detects traffic or activity related to http://39.185.221.169:46862/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.185.221.169:46862/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.37.218:45685/.i id: auto-19f272d8a69ad3f2ddd94999fb33eb37fb3ace20f8155f7eb69f208e92d04301 status: experimental description: Detects traffic or activity related to http://113.221.37.218:45685/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.37.218:45685/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.49.36.51:40278/i id: auto-ff569406730911ed5c9f75c79ebaabf4d884886e33e37563ec7fa320c30d2a8f status: experimental description: Detects traffic or activity related to http://36.49.36.51:40278/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.49.36.51:40278/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.215.172:42107/i id: auto-160588cf0451dc932cd7cb2fb317d89b5816d39758d4ec36ab941d354908e8f4 status: experimental description: Detects traffic or activity related to http://221.202.215.172:42107/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.215.172:42107/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.241.69:34318/i id: auto-3cfcdf1b9c6e725bc3bbcee7f7e2a9e8cdef0258158961adb900821102bffd8d status: experimental description: Detects traffic or activity related to http://119.185.241.69:34318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.241.69:34318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.164.12.224:40346/i id: auto-d419175ee430bae0ae57aaec5721359577698836c3b71cff48c992281858c4d0 status: experimental description: Detects traffic or activity related to http://119.164.12.224:40346/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.164.12.224:40346/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.184.130:53544/i id: auto-3400706f25475e3fe7f7ef0619eb0bea8c346183120fbd07af1cb150ef69fe21 status: experimental description: Detects traffic or activity related to http://42.6.184.130:53544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.184.130:53544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.49.36.51:40278/bin.sh id: auto-870f0dfb948a340393caff50bf48faa505b4cb33ee85a83d8b746669311d2f47 status: experimental description: Detects traffic or activity related to http://36.49.36.51:40278/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.49.36.51:40278/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.241.69:34318/bin.sh id: auto-561107fcd31f432b342710d3180a414d2787b8dd07b19bdb32570bd01c308412 status: experimental description: Detects traffic or activity related to http://119.185.241.69:34318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.241.69:34318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.184.130:53544/bin.sh id: auto-9e8cc8489631228ec22006aa695c94bb215636269b319eb98531d3a4dce582d0 status: experimental description: Detects traffic or activity related to http://42.6.184.130:53544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.184.130:53544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.164.12.224:40346/bin.sh id: auto-c6a4e8f2fd6d571f223adb6d99fd0af6beaa5908efec3f4ffd641b7b312262d8 status: experimental description: Detects traffic or activity related to http://119.164.12.224:40346/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.164.12.224:40346/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.224.60:48413/i id: auto-a1cd69c2238cd6bc45cd6070c28ed42bf45210b0ed69606ff3b7727cfb236477 status: experimental description: Detects traffic or activity related to http://59.88.224.60:48413/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.224.60:48413/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.40.75:59972/i id: auto-cf524147ffccbd93eed830d3ce55d616710d93912cee8ff96d1af3d89d15c7fd status: experimental description: Detects traffic or activity related to http://182.121.40.75:59972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.40.75:59972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.146.143:38442/i id: auto-feb1296929dea23a56f94d0a0bf95cd8dd1cffd26c6a6b14e70634e24586f1ab status: experimental description: Detects traffic or activity related to http://39.90.146.143:38442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.146.143:38442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.83.229:46506/i id: auto-9b00077448c7d32deda1f81bbd29d42c5f7b75737d7a20a279627757c9847816 status: experimental description: Detects traffic or activity related to http://222.137.83.229:46506/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.83.229:46506/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.56.193:53156/bin.sh id: auto-cb975bf228f8b6823d48a7f1faa6aba02c81eea93a13aa8d49e1c69c5f96f760 status: experimental description: Detects traffic or activity related to http://219.157.56.193:53156/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.56.193:53156/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.222.167:46515/i id: auto-06d1ff62596336f318bff98923246180d8df6041c0596fb5ef28427a29b47e7b status: experimental description: Detects traffic or activity related to http://115.53.222.167:46515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.222.167:46515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.70.77:60813/bin.sh id: auto-84dcdcde6660ea85fc2560190c814d32cc19c97091bd30da83a6b6863a03d986 status: experimental description: Detects traffic or activity related to http://222.139.70.77:60813/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.70.77:60813/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://au72nuxzv2.ufs.sh/f/4LhV5B1sDCwIwQc9QpJpdZoFwcPXmM01bCGTIu5hz4n3kr6g id: auto-af25acdea99449dcdb634c37d4d6aff2fce6892ba6eb5bc518e6580698b36508 status: experimental description: Detects traffic or activity related to https://au72nuxzv2.ufs.sh/f/4LhV5B1sDCwIwQc9QpJpdZoFwcPXmM01bCGTIu5hz4n3kr6g which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://au72nuxzv2.ufs.sh/f/4LhV5B1sDCwIwQc9QpJpdZoFwcPXmM01bCGTIu5hz4n3kr6g*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://firebasestorage.googleapis.com/v0/b/remasd-6c702.firebasestorage.app/o/image.jpg?alt=media&token=20664d8b-9f51-4fc0-8439-3cca14ea7fc4 id: auto-a5153cf888863904e83d5cca77750259d046b203a5538f581e8aaaaf3c8a9629 status: experimental description: Detects traffic or activity related to https://firebasestorage.googleapis.com/v0/b/remasd-6c702.firebasestorage.app/o/image.jpg?alt=media&token=20664d8b-9f51-4fc0-8439-3cca14ea7fc4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://firebasestorage.googleapis.com/v0/b/remasd-6c702.firebasestorage.app/o/image.jpg?alt=media&token=20664d8b-9f51-4fc0-8439-3cca14ea7fc4*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://au72nuxzv2.ufs.sh/f/4LhV5B1sDCwIRk19j8GEwu0NJnxSMqWiCY2B5rOp7IogvHf4 id: auto-b327da245e84702f8aad74f6d97ef306e11c1d44358d95336d98d788aef72ffd status: experimental description: Detects traffic or activity related to https://au72nuxzv2.ufs.sh/f/4LhV5B1sDCwIRk19j8GEwu0NJnxSMqWiCY2B5rOp7IogvHf4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://au72nuxzv2.ufs.sh/f/4LhV5B1sDCwIRk19j8GEwu0NJnxSMqWiCY2B5rOp7IogvHf4*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.87.26:44974/i id: auto-a6f26aaa4edd86b80a32f622dadd817ea35dd5b9aa16523bfcd362360f528461 status: experimental description: Detects traffic or activity related to http://222.137.87.26:44974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.87.26:44974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.83.229:46506/bin.sh id: auto-518d4c4f9bb1c945afd5a7a9b7bccef3cb1cf5eeb2308b77a34babb8ceb145a6 status: experimental description: Detects traffic or activity related to http://222.137.83.229:46506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.83.229:46506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.172.250:59543/bin.sh id: auto-f0ad230f0748d29c6fad6fb181c547d21014113b4d933800c03688adf0a56100 status: experimental description: Detects traffic or activity related to http://222.134.172.250:59543/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.172.250:59543/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.40.75:59972/bin.sh id: auto-f50aedc6ab5cdada09e4459c0459d75f410b1db6e9aebad4cd637f4f7e41e747 status: experimental description: Detects traffic or activity related to http://182.121.40.75:59972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.40.75:59972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.146.143:38442/bin.sh id: auto-a3bb42001b04ff4eb606c0f49f62b20f05485b11fac1d8a07fed8be94a2e173c status: experimental description: Detects traffic or activity related to http://39.90.146.143:38442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.146.143:38442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.33.21:34324/bin.sh id: auto-1917a6965e2914dc24ca4064f98db7b41ab396d876a5a40d71b5bf69d4f4bae4 status: experimental description: Detects traffic or activity related to http://125.42.33.21:34324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.33.21:34324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/mips id: auto-ee4eb9720c21b73c622524c6828665ca2acc26260c8b845734e8757acbcd65c4 status: experimental description: Detects traffic or activity related to http://84.234.96.159/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/powerpc id: auto-903242170f9ef2251caea392f0cdd6fe9b50c5583f731e922548f3144e1fe853 status: experimental description: Detects traffic or activity related to http://84.234.96.159/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/x86_64 id: auto-c5b7bb6e0917e660a474ff70a1252afca7712d71d8ee93d190d56a64189397c0 status: experimental description: Detects traffic or activity related to http://84.234.96.159/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/i486 id: auto-8d703c2c3de2c8d8f50de996142fa2e8d1fa51171164198ea989ea761c5f6f2c status: experimental description: Detects traffic or activity related to http://84.234.96.159/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/sh4 id: auto-4cfb5aa72d0351dd2dc39f9f54170db8ee5faee837ad91067ca7bd6632e6cf1d status: experimental description: Detects traffic or activity related to http://84.234.96.159/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/sparc id: auto-dd60f66c66a28c49db204820f708f7e8548ef3669864cf487bf799361b03b26e status: experimental description: Detects traffic or activity related to http://84.234.96.159/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/powerpc-440fp id: auto-73b592bf3ff85cd10a6940fbc4f7d517472fb32454ad3c7ec41cf94149f5f1e3 status: experimental description: Detects traffic or activity related to http://84.234.96.159/powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/powerpc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/armv6l id: auto-e4287b7ef2730e03a20965ef31b8d8302fe3cf32dd1f17b1225b0b32d8e32187 status: experimental description: Detects traffic or activity related to http://84.234.96.159/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_spc id: auto-64cdd2cebdf32ae52dbb4f9b335dd4dd1f27971ea9e50c4948766ca85b2fccdd status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_x86_64 id: auto-f5765aadfa80d7182914e25d650cc0ce90c781c84dd1c37421f4be5d1b5d93db status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/armv4l id: auto-1534870514cfcecbc32b9faf8f5fc1aff1b55dae0a04be975a4903018d7efad2 status: experimental description: Detects traffic or activity related to http://84.234.96.159/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/armv5l id: auto-c179081f175bf17eff348fba4bb3a4d37d3246a76f3afe08203d8e52befc81d5 status: experimental description: Detects traffic or activity related to http://84.234.96.159/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/mipsel id: auto-4d66d955148b9d151e071f154921de61bc023571959c062e7e8e5c1319ae62fb status: experimental description: Detects traffic or activity related to http://84.234.96.159/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/i686 id: auto-03a966f9fb9e997b4f36ca4d74ba3eb32863ce3d6692d75cfc0d0990fa89ea3b status: experimental description: Detects traffic or activity related to http://84.234.96.159/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/m68k id: auto-858a1f7f1959f5780eaca63f2cc08b9a2cb8512a7be4ac890507d38c9e6b1dc9 status: experimental description: Detects traffic or activity related to http://84.234.96.159/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/armv7l id: auto-e8fa5be2f77b5e6d7a82f0e0e8884b8d061bf2e1dea3135f9b5e77180ce5f648 status: experimental description: Detects traffic or activity related to http://84.234.96.159/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.96.159/i586 id: auto-24e075189d03e804ff45f5bd5e666f9eb6a092a35b3528c469ae74f193513b59 status: experimental description: Detects traffic or activity related to http://84.234.96.159/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.96.159/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/bpexch_implant_linux id: auto-481b6e8b8ca70fd97e05e139c19c0a5128b8896ec17250260c488d05291392eb status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/bpexch_implant_linux which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/bpexch_implant_linux*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.80.129:36543/i id: auto-a6301589e48730948f750289907c5746b44770aa5b73c33d1cc692dc5c0cb7b0 status: experimental description: Detects traffic or activity related to http://61.53.80.129:36543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.80.129:36543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.243.132:40192/i id: auto-8f901d494eafbf597d2918c4fa84d0784d30e229883c24a829ac81087d5316df status: experimental description: Detects traffic or activity related to http://115.53.243.132:40192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.243.132:40192/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.149.128.10:8891/sideload/payload.dll id: auto-b40a831e1f5a5b27edc43a020081b0c12cfbfb99c578cab62226d5b5bba4e1c3 status: experimental description: Detects traffic or activity related to http://8.149.128.10:8891/sideload/payload.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.149.128.10:8891/sideload/payload.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.149.128.10:8891/loader_go_upx.exe id: auto-723267662157445bce05b88cb68b735eef1699832c58b2ff09569058390f90d4 status: experimental description: Detects traffic or activity related to http://8.149.128.10:8891/loader_go_upx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.149.128.10:8891/loader_go_upx.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.149.128.10:8891/loader_go.exe id: auto-754ea38f494190273cc75e858ca256195e0aa86e6141447ce0fde16f12e41d9d status: experimental description: Detects traffic or activity related to http://8.149.128.10:8891/loader_go.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.149.128.10:8891/loader_go.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.168.247:51733/i id: auto-e47afc566a257a7f15d25b168903f9004b2399a3ef1c165262675a88582433dd status: experimental description: Detects traffic or activity related to http://119.185.168.247:51733/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.168.247:51733/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.87.26:44974/bin.sh id: auto-3eb65e9fe19bb86d017ea86438e70b4b6ee7f728f3baab565fca5d1737d3c2f8 status: experimental description: Detects traffic or activity related to http://222.137.87.26:44974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.87.26:44974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.80.129:36543/bin.sh id: auto-f4da257f0e64d58059a20a9983214dab8fb73f70c1ffdc6acd121c5a2b207a53 status: experimental description: Detects traffic or activity related to http://61.53.80.129:36543/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.80.129:36543/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.248.86:50537/i id: auto-bfe0f3bb4c6361e0a96dcb79d4912d72c61989c80f71b9d42064cb65b6068c38 status: experimental description: Detects traffic or activity related to http://42.52.248.86:50537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.248.86:50537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.75.172.32/Server/third-party/winvnc.x86.dll id: auto-4ec52dae6dda2165795df80ddfc1065763414ba7f936e0a0e053f6af9810445e status: experimental description: Detects traffic or activity related to http://159.75.172.32/Server/third-party/winvnc.x86.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.75.172.32/Server/third-party/winvnc.x86.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.75.172.32/Server/third-party/winvnc.x64.dll id: auto-e4b5d1ecacdcb371278231b47959ced7c9653ae75471dd2f67946f120f5ccad1 status: experimental description: Detects traffic or activity related to http://159.75.172.32/Server/third-party/winvnc.x64.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.75.172.32/Server/third-party/winvnc.x64.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.75.172.32/cobaltstrike4.9.1_mod/payload_x64.bin id: auto-6afbab9b4c726b4d73deac4c74b47b27b1d39986ba7718604cb00f53649197b5 status: experimental description: Detects traffic or activity related to http://159.75.172.32/cobaltstrike4.9.1_mod/payload_x64.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.75.172.32/cobaltstrike4.9.1_mod/payload_x64.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.201.174:8787/system/ghost/usii.exe id: auto-c4e80a3bcbc76255ed67192c5b854182da0f3f5727fb6d35659182700c9a4add status: experimental description: Detects traffic or activity related to http://219.155.201.174:8787/system/ghost/usii.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.201.174:8787/system/ghost/usii.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.168.247:51733/bin.sh id: auto-d117bb46c80d89c3cffc9e23d189be20b214f3b4d28b3c98cc63ec216342e450 status: experimental description: Detects traffic or activity related to http://119.185.168.247:51733/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.168.247:51733/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.143.83:43198/i id: auto-1d68fffd1c0a3352faac64ee34ba2d58dd99a926cc50199112a32572b25c7a8c status: experimental description: Detects traffic or activity related to http://27.215.143.83:43198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.143.83:43198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.32:53549/i id: auto-632325bbb274b6db202856a04a8ab69a58f567f1fff74c6f6306619e96c501b5 status: experimental description: Detects traffic or activity related to http://200.59.83.32:53549/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.32:53549/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.98.51:40270/i id: auto-8b700dbbf86ed057284ee64fe3fd95044530f5925b006a85760218b27f1037fe status: experimental description: Detects traffic or activity related to http://113.238.98.51:40270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.98.51:40270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:38336/i id: auto-2d040ad8e6e01cb476b680c6856433f13c570e66056d9650507119b3239f268f status: experimental description: Detects traffic or activity related to http://110.36.0.104:38336/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:38336/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.204.68:33950/i id: auto-bb85f744f9944a435e9839a0906aef1532c7f97f3baea82384af3dfc52e82171 status: experimental description: Detects traffic or activity related to http://115.63.204.68:33950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.204.68:33950/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.248.86:50537/bin.sh id: auto-085ae574a30432b81925934b40fba2e3262c281907c09ae14171bbc4d63620fd status: experimental description: Detects traffic or activity related to http://42.52.248.86:50537/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.248.86:50537/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.143.83:43198/bin.sh id: auto-7dda3a49dded6492027efe2716da05aa081a0b501f88e81de3ab8a4be2bef585 status: experimental description: Detects traffic or activity related to http://27.215.143.83:43198/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.143.83:43198/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.27:53011/i id: auto-9acc57042c516e3bc0b27a945025edfa2b61f4f2a7bf66fe2f5af7381b1b1787 status: experimental description: Detects traffic or activity related to http://110.37.61.27:53011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.27:53011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.98.51:40270/bin.sh id: auto-38c768ed1d195e0ac9a8b7a5e7e4c06af32f6701d8a67c35e67cc553a788da45 status: experimental description: Detects traffic or activity related to http://113.238.98.51:40270/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.98.51:40270/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.32:53549/bin.sh id: auto-37539a6b650583c4dc16f8b1c56f7d689298c76535f348fdf9e41def5140822e status: experimental description: Detects traffic or activity related to http://200.59.83.32:53549/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.32:53549/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/payload.txt id: auto-38f35391173e205b9742b82a88a7370b44affa7b45b0b690cf21e6a6c30c95ff status: experimental description: Detects traffic or activity related to http://89.32.41.172/payload.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/payload.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.170.184:54862/i id: auto-20c89c4f5ea098ebd7567cf5577b79fcacb7598666e8f493f83f4ccd36ff77c0 status: experimental description: Detects traffic or activity related to http://120.61.170.184:54862/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.170.184:54862/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.151.184.17:8000/implant.exe id: auto-e3205605116ec2de97686c9cb0207c36c76401691999438a89bad45132a26677 status: experimental description: Detects traffic or activity related to http://129.151.184.17:8000/implant.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.151.184.17:8000/implant.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/crennyhep/FiveM-Spoofer-2026/raw/refs/heads/main/CFXBypass.exe id: auto-ead10a020e0316c7ca1b7bcd4516f64c44b382a66515169a18cbec86acd4c261 status: experimental description: Detects traffic or activity related to https://github.com/crennyhep/FiveM-Spoofer-2026/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/crennyhep/FiveM-Spoofer-2026/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.160.168.165:7998/hst/test.bat id: auto-de1c60b5709c77ac61f03976b6efc0a55bf16fb1da985a089bc86a5b21d1c8bc status: experimental description: Detects traffic or activity related to http://23.160.168.165:7998/hst/test.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.160.168.165:7998/hst/test.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/ee03d5e3/eb14bc64-074e-4260-b1da-86d44d26a589/07290cbd.jpg?s=fda89d6f-975f-496b-8f7d-0c3917e7a92a id: auto-672ac003e849e4ff772f45ec2246ce1031ba8b9b36412112ac3bc4015554498d status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/ee03d5e3/eb14bc64-074e-4260-b1da-86d44d26a589/07290cbd.jpg?s=fda89d6f-975f-496b-8f7d-0c3917e7a92a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/ee03d5e3/eb14bc64-074e-4260-b1da-86d44d26a589/07290cbd.jpg?s=fda89d6f-975f-496b-8f7d-0c3917e7a92a*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/reobf/eb14bc64-074e-4260-b1da-86d44d26a589 id: auto-0b2edfe9f28ce0d19cf80a9b5322fde0ad202bfa9a9cd2705a2e0c7b17e9e920 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/reobf/eb14bc64-074e-4260-b1da-86d44d26a589 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/reobf/eb14bc64-074e-4260-b1da-86d44d26a589*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:48128/bin.sh id: auto-9954dd3176e80fffd79a654a7095d89bb05f7aea1ffa35429cb78c15545c98af status: experimental description: Detects traffic or activity related to http://110.36.15.184:48128/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:48128/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.208.164:38155/i id: auto-714a407817198844d9f49e6d7cdd267d47a1f48abf9f5c11b0a8899e8a849db0 status: experimental description: Detects traffic or activity related to http://222.142.208.164:38155/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.208.164:38155/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.204.68:33950/bin.sh id: auto-602896a4b88154e68f1d75ecaaa300ad3384fc9cba4d48764e9aabd5498772ae status: experimental description: Detects traffic or activity related to http://115.63.204.68:33950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.204.68:33950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/mips id: auto-c60157fd03cb9883403d09309e7bdfbd24eea3721d3bd8de9cc4e5e460f71ddc status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.215.94:58695/i id: auto-208addb8a1a7f09a83ade175e360e242bc5cb9ace0a90ea8ed011e9f2734c68f status: experimental description: Detects traffic or activity related to http://117.247.215.94:58695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.215.94:58695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/yerrils9/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-f4cd55a0f2ab4a79c675f06009bb16b741b648fc1b05a44eda57749e99919a67 status: experimental description: Detects traffic or activity related to https://github.com/yerrils9/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/yerrils9/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/lauennyx/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-86d74fa9235f62c6592cbbed8d298caf83a6db21ece7cf475bddcced7978f40b status: experimental description: Detects traffic or activity related to https://github.com/lauennyx/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/lauennyx/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/deploy-proxyware.sh id: auto-a6751fc8b2dda5a109b2c42c1b347b3039c6084ebbf8eb7736c7104aa2a4c519 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/deploy-proxyware.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/deploy-proxyware.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/deploy-proxyware.sh id: auto-609a370c47bb5d6f3745bea64d229e1d73be6db69b588b5029f86c2271702c4d status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/deploy-proxyware.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/deploy-proxyware.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/penntar1/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-e9e1cc0332e172b970d3c75f4352782f4b92344d644332aece2645252877d99d status: experimental description: Detects traffic or activity related to https://github.com/penntar1/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/penntar1/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bopsbdb.sbs/TikTok18.apk id: auto-88fb3f44f51539a49aac450ac0d44a5ec0a27f63d6833a48096acb2e57349ee3 status: experimental description: Detects traffic or activity related to https://bopsbdb.sbs/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bopsbdb.sbs/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/deploy.sh id: auto-cb60b6743a86a93764f95dc6aa9642ead44599b31bc819576fad69aa2587da45 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/deploy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/deploy.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://commerce-ciao.info/ id: auto-3c0c7677d2c14ab88689d5038a63850ec45e93be5ce1dee9abd55cb5fafba3de status: experimental description: Detects traffic or activity related to https://commerce-ciao.info/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://commerce-ciao.info/*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/deploy.sh id: auto-885f9bfc16bbdfe19550db7cd6f11d291c7dd80b6bf77abe0755efc02a6cff1b status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/deploy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/deploy.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://helpdpsradar.tech/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-d2a42b80c900a19fff5daee829443960bb0c78bdb62c2b9d28b5e3bf63b106a5 status: experimental description: Detects traffic or activity related to https://helpdpsradar.tech/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://helpdpsradar.tech/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/lewtrugge/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe id: auto-fabf9baf5aaf19a4b990f951d322c52e61fd225a7b060f262d52cf27959ce147 status: experimental description: Detects traffic or activity related to https://github.com/lewtrugge/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/lewtrugge/FiveM-Spoofer/raw/refs/heads/main/CFXBypass.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ythvh.lol/YouTubeRU.apk id: auto-1483d4ad8e48c8c60fc8a15bd76101654f33e19b731fcfde7005796bfab30c81 status: experimental description: Detects traffic or activity related to https://ythvh.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ythvh.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.186.137.244/info.zip id: auto-32f0e6ac27882650920ed64a9c2ba9ee5b38ad2f1195f2480480d604c0b93f04 status: experimental description: Detects traffic or activity related to http://179.186.137.244/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.186.137.244/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/info.zip id: auto-b516d119a74d7cacaf3c217e5662441d60f15b0a4e980494e6d6447660cdfbaf status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/av.scr id: auto-9a6eacfffd755d7b7c2ffb78d5ec963b4cc811b283edc34e4a2f5ebedd465194 status: experimental description: Detects traffic or activity related to http://189.159.123.53/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:8001/info.zip id: auto-72d6c8f031a9c4d70fb828939b59b051e956ee1afb7a35d4875c67397bfa8442 status: experimental description: Detects traffic or activity related to http://124.72.91.32:8001/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:8001/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/video.scr id: auto-7e8fe6e7944961a869c5d0fdc11d1a0947e874a6f96f4d10484dd1585edca033 status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.130.250.181:8089/photo.scr id: auto-427a92eaa9b98c49e468be528a43a04e5398d0954499971b23eb8bdc9ca948ac status: experimental description: Detects traffic or activity related to http://183.130.250.181:8089/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.130.250.181:8089/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/AV.scr id: auto-210dc6ad576690d9cf1f31dd6227decb17b5fed3e19586794d064dde434529b8 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/sliver-client_linux-amd64 id: auto-59065086c1d3a5fefdeba99785e9fee5536fc07010ba64ceff0144f0b368bb6a status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/sliver-client_linux-amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/sliver-client_linux-amd64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/m68k id: auto-bc2621b32f1585bfcfe741fdfda0fac20bda733380659adce20e699af52fcc16 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/sliver_linux_9999.elf id: auto-73d58f7da8a74f2468bac46d58376a51688474a9bd7c4b9d32ec05503371485e status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/sliver_linux_9999.elf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/sliver_linux_9999.elf*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/av.scr id: auto-7b975165ddf601287e4edf608e1b420256245e0ddfda9e700591b525d6f294a3 status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/Photo.scr id: auto-65b08a83bb12ea5b6e63879cd898a605f0a32df366dfa8aac37299444ed9bb3c status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/AV.lnk id: auto-61b402c336e47a46a11c22c49121ba893634f794da33f4790688ccec85e410ec status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/bot id: auto-9ce776e1f0de478d349589625dbf15bc36567e85f0db406732e7915e7113cefc status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.151.184.17:8000/implant.dll id: auto-864d28b4dfe16d5def364b83f6fed8c23e74440784afefaaded8283de2fe88c4 status: experimental description: Detects traffic or activity related to http://129.151.184.17:8000/implant.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.151.184.17:8000/implant.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.45.151.28/av.scr id: auto-16622840f208884b04fa903cfa8ae6e2ac78f135ab57af72b5270052ae464c2a status: experimental description: Detects traffic or activity related to http://70.45.151.28/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.45.151.28/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.72.18/info.zip id: auto-834a7c4406cd7a05f13d17ab39294517e64c48033bc384ca279130be639a2984 status: experimental description: Detects traffic or activity related to http://37.85.72.18/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.72.18/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.130.250.181:8089/video.lnk id: auto-ea21b9f498fd1fc02cea6494b163569fe6a2d10562af49bf8e9077bbf398a13f status: experimental description: Detects traffic or activity related to http://183.130.250.181:8089/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.130.250.181:8089/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/video.scr id: auto-cc172170cef11a9b3538f194c5bdcc0ae137eef15745ed9fbac3117e8b3fb272 status: experimental description: Detects traffic or activity related to http://189.159.123.53/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.45.151.28/av.lnk id: auto-d156b43a29fdaa8cf8915f513c6bf3678af8d6c091972109fa67fb5680b2e416 status: experimental description: Detects traffic or activity related to http://70.45.151.28/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.45.151.28/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://181.235.3.218/HOLDASA.vbs id: auto-0aa27630de94b50d2cf8397b60cee4d916dd6f9c0c623ec1d0a21f97b18f4d8e status: experimental description: Detects traffic or activity related to https://181.235.3.218/HOLDASA.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://181.235.3.218/HOLDASA.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/video.lnk id: auto-df1adbf55221bc2254adfc3ee266b0edf9074c0877c1c58368038b2d782513b8 status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/info.zip id: auto-cfb9f4365a7539f91ebe6444c0566ff95c25efc50defd36128347c4d59af8791 status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/sliver_linux_implant.elf id: auto-a18b95ae6941cf1f6ed154acdde4e77dd9ff5177563b75ac748dbcca94adc128 status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/sliver_linux_implant.elf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/sliver_linux_implant.elf*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/m68k id: auto-a5347b30a4533d90aa189b25566207a45c2d494ff713d44841ab5c0e63e5a48f status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/mipsel id: auto-bae60231819dd51279e2cad2344693b307a992db59a467fe372c033594dbb679 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/powerpc id: auto-2f7338cc214dd1825e448a2d7032dbc78c0ccf873c7cc718e36aac56449fd67d status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/x86_64 id: auto-c38838ac61f52365b438f4703280ec8e56e1d64fad5b2bd4b96880cce1e2de28 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.63:41799/info.zip id: auto-ddf3342affdb637cd868d6ce48736bdd569cc33b94e3f8ed5a25b3babc749666 status: experimental description: Detects traffic or activity related to http://177.212.255.63:41799/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.63:41799/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.151.180/photo.scr id: auto-3336bccc99e63787ca7339bb202fe6aaf8c9f95b48e76f2536256f0fd9f34b29 status: experimental description: Detects traffic or activity related to http://37.81.151.180/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.151.180/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.151.184.17:8000/stremio_implant id: auto-31b84da0a72bd27b6e0d4c0b1df7760c4345750ff38b87d7f58c58cacd4f3375 status: experimental description: Detects traffic or activity related to http://129.151.184.17:8000/stremio_implant which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.151.184.17:8000/stremio_implant*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/mipsel id: auto-37ff042ad9f88fedfa3a472f3e2c6210ee8e8ea87d4981157949f4b66f7b72a9 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.177.122.26/info.zip id: auto-5d51781b65f7cb88581ea7c649feb6b30c6446cd883c4866e4418aa0166de768 status: experimental description: Detects traffic or activity related to http://151.177.122.26/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.177.122.26/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/photo.scr id: auto-04cfaab49b54dc6e25d3b5efe3ac4df87fdfc4cf39800060dc2a90b8982522ab status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/photo.lnk id: auto-c8e53870318e64f755f83f2fdc33ae742dfdda7cf7251fc68052ce9c95e23212 status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.83.92:81/av.lnk id: auto-24d9f8d9ab55fe9b71535accc09b215facb7b7d291ed7596101dbd96174fb383 status: experimental description: Detects traffic or activity related to http://113.251.83.92:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.83.92:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.98.206/info.zip id: auto-29903fe3ad8c3ed251cb20130bd2a413d6030825d595e153b882fdd4ed17de0f status: experimental description: Detects traffic or activity related to http://37.82.98.206/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.98.206/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.38.70.125/info.zip id: auto-7f12745d6f1ed51ce18db61dce05bfd1b4b3df31c267aad978cd5c0d1662c66d status: experimental description: Detects traffic or activity related to http://81.38.70.125/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.38.70.125/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.98.206/photo.scr id: auto-936f4af555d18d212f9ee71b58b978535a86e047506938a99b9d48d494ef1c4c status: experimental description: Detects traffic or activity related to http://37.82.98.206/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.98.206/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/payload_tftp.txt id: auto-a7f86b58317ddea66ad3e19245b520dcfb74a4247ea6280a694d81dc2cff9e36 status: experimental description: Detects traffic or activity related to http://89.32.41.172/payload_tftp.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/payload_tftp.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://181.235.3.218/AS.vbs id: auto-c8c6836c07c948fb25f1096bcb56b070f7ec5051ddaf83c8bb7cb686e9333838 status: experimental description: Detects traffic or activity related to https://181.235.3.218/AS.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://181.235.3.218/AS.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/fonts/AV.lnk id: auto-1f672500261e854852c6ca888880ad216815b794c2602590144dd8e5ed5fab8a status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/fonts/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/fonts/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/photo.lnk id: auto-b9ca6712deed8116849b657ee3e8ab5fcd7b951ee652dc556d978334afafaf5a status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.186.137.244/photo.lnk id: auto-35fa0cb32d52782ea001666b6fde3158a529e5f1a8f9fbd413091d26ae2d2eb0 status: experimental description: Detects traffic or activity related to http://179.186.137.244/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.186.137.244/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.192.39.152/t36 id: auto-be37750745616b32b5a6b427bb673827725ccba34dbfd410e1ee2d45d67569e3 status: experimental description: Detects traffic or activity related to http://42.192.39.152/t36 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.192.39.152/t36*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/ML id: auto-928512578d2fea157c4a2f2522514ba5df99390182120478157803e6b0f8f6d3 status: experimental description: Detects traffic or activity related to http://194.26.141.203/ML which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/ML*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:8001/av.lnk id: auto-5b4507fce6401ffefbb65657ea2c055e9941d93ef7b2d95649ebf1798b0cf951 status: experimental description: Detects traffic or activity related to http://124.72.91.32:8001/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:8001/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/av.lnk id: auto-d5351e872c00f6bf9c03eeaaf8bb7e24f93a0349b3399cfad543b51c0c6b5afd status: experimental description: Detects traffic or activity related to http://189.159.123.53/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.0.74.173:8081/video.scr id: auto-9e33ace6b106b80f0c74b38e37995ae1e39333b74181a037d31b5d028244bff7 status: experimental description: Detects traffic or activity related to http://175.0.74.173:8081/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.0.74.173:8081/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.186.137.244/av.lnk id: auto-6789225839bd225872d97e0c93b1738579638a635dd79f0a7cec301fb86eb9c9 status: experimental description: Detects traffic or activity related to http://179.186.137.244/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.186.137.244/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.151.184.17:8000/implant_arm64 id: auto-c3de9b7bbbc898690147da6a2301188261456a086d81617159560bf3541b1453 status: experimental description: Detects traffic or activity related to http://129.151.184.17:8000/implant_arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.151.184.17:8000/implant_arm64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.186.137.244/video.scr id: auto-92cca57c56c1e7857c3b76aa2e0c4de1939d5cfe38cd121c3c6b3ad58b85ff6e status: experimental description: Detects traffic or activity related to http://179.186.137.244/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.186.137.244/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/av.scr id: auto-a3ee4926d37a2da341b9269357c9273bb0eb1ed53272b860f895632c5076c53d status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/armv6 id: auto-f9e5c3ec69e7ccd295ca9781f84cd6fb8bc9d98e6451b8dfceee6534a3fc562a status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/armv6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/armv6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/x86_64 id: auto-b164ba7f0ea576212ded9530c9df736c53146f6d7264346c63792c2b45225a6f status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/bot id: auto-e5753557a3b70c846e8b27a7193aebaf9ef52f5e089a4e0798073be6fa99e849 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/ml_IS id: auto-98cfd632cba6fd67aedad6c993a34fc4f40bf88c03f0e4f3d997e4f24309fe3a status: experimental description: Detects traffic or activity related to http://194.26.141.203/ml_IS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/ml_IS*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/photo.lnk id: auto-534e986b5cec182c45887ef6344ed6dfabbb11a833bd7aeb614ed787f2dd955c status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/aarch64 id: auto-6b33e340f9b7aca3690267690dc50e95c5f90e0a2212b5bd3b88af243ef1a2a1 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.130.250.181:8089/av.scr id: auto-8840c3931ad990d9493f5bda74f712c7fa491c5daffaf3da14c6ed105ba9b814 status: experimental description: Detects traffic or activity related to http://183.130.250.181:8089/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.130.250.181:8089/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/info.zip id: auto-06d57572679f6ebabb00e86ba84700c7be2216c86561bf5d532009cbb0c39725 status: experimental description: Detects traffic or activity related to http://189.159.123.53/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.94.44/photo.scr id: auto-a6e91ab6260d70465a9d7cda5c88fdf4995cbd6882fcf5026214c6877d4a0dfb status: experimental description: Detects traffic or activity related to http://37.84.94.44/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.94.44/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.84.190/photo.scr id: auto-1091fdaa29a08ef2353c61476edc26a5316cde494afd0a2d04535beb4f19ec27 status: experimental description: Detects traffic or activity related to http://37.81.84.190/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.84.190/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/powerpc id: auto-a61adafe0faabb8f406cee7d5390e82ff37fae9d67e1c5f6a39b881711e033d8 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://129.151.184.17:8000/implant_amd64 id: auto-b0635f49313e7f75d09aa987a9ba98fb1d2508d37e2cf6dafd4c8e957778da18 status: experimental description: Detects traffic or activity related to http://129.151.184.17:8000/implant_amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://129.151.184.17:8000/implant_amd64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.63:41799/photo.lnk id: auto-49f2475710078b6a4f543c1e34dc02e1bf423f89c8a17b56711166b93eae8343 status: experimental description: Detects traffic or activity related to http://177.212.255.63:41799/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.63:41799/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/photo.scr id: auto-a30f04f32e10f7b5d6e74aac9ecd489a696893268d288572d064474141e745c5 status: experimental description: Detects traffic or activity related to http://189.159.123.53/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.239.184.31:81/info.zip id: auto-6cbfb078efc8310d20f2cd6aa2c879dbefe0690ff17ab6fe21785ac73018a2d3 status: experimental description: Detects traffic or activity related to http://93.239.184.31:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.239.184.31:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.194.8/video.lnk id: auto-d5524cedb07b6bea98bbfdd715041078819aab3d97bee3715ba9890a7612b072 status: experimental description: Detects traffic or activity related to http://37.85.194.8/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.194.8/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.83.92:81/photo.lnk id: auto-fbffbbf9a0d698cb067d7b7a9cd044fe54aaa3c91f717922ea2d6cae430b4218 status: experimental description: Detects traffic or activity related to http://113.251.83.92:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.83.92:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/one_liner.sh id: auto-ed5444c64f16f37c51a9fc7f45a45d4f7de9cd130dc795c02b90c515c02a936d status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/one_liner.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/one_liner.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.186.137.244/av.scr id: auto-63e9586dacd0d095813ebdce38e9eaa1f5f7263dabfa8ab2a302b3a79da51b59 status: experimental description: Detects traffic or activity related to http://179.186.137.244/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.186.137.244/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.38.70.125/photo.lnk id: auto-a40483bdeb07d3b61e730e577c177405822b60b1c2e45a30d03de5dedb5bc598 status: experimental description: Detects traffic or activity related to http://81.38.70.125/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.38.70.125/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/video.scr id: auto-0bb8d89290d572042fc6c5dc1cd005457e5a5481c97d2cb0f2f824b05fd3b218 status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/armv7l id: auto-edd91613527165362c3284ca40983fa9a0339b7529f3da86a1d100cc80e62285 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/aarch64 id: auto-f617244e842765129ed1041e64c578e6114b09188d91a95d9c2a0af2072e7344 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.235.3.218/AS.vbs id: auto-cfa6720f81da506c8a611fcf56c377fb4d37aac4f326ca743efcf47006e1787c status: experimental description: Detects traffic or activity related to http://181.235.3.218/AS.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.235.3.218/AS.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.194.8/photo.lnk id: auto-056ae5527fc17df45b5821ffb2d1f7d0f43d5010c1e26e183498c80c45de7297 status: experimental description: Detects traffic or activity related to http://37.85.194.8/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.194.8/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:8001/av.scr id: auto-8716ad20eccbaa8c6091ed58aa5cc0380c1b8a8898427801b916eb0fa277a9ed status: experimental description: Detects traffic or activity related to http://124.72.91.32:8001/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:8001/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/photo.scr id: auto-1dfd272991e80f95c6b3b9fb870f9469053ee7b5e4f7075042d14dccfbec9ec4 status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/armv6 id: auto-58479fa7cd2e50daee2f31008a7a52cef9b7b287e3c40ba0edaba1597480b404 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/armv6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/armv6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/sh4 id: auto-ede28fe416e54044a3c85b560f71dd8f70bd18afaf5f54ec98cef7e645168e4b status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.39.130/photo.lnk id: auto-256d948f42c5892e73bd13aa1d8a382638beefa176bc26702e946012f0c0210d status: experimental description: Detects traffic or activity related to http://138.188.39.130/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.39.130/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/photo.scr id: auto-f8bdfc8b68388bb7b9d77bf6140344c2a41c5317c17d999ae1a12276a1c56c41 status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.84.190/video.scr id: auto-8dc1f1376c2b126fc7482138dcabe010b5d2e7151b7984125e75a60218712da2 status: experimental description: Detects traffic or activity related to http://37.81.84.190/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.84.190/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/payload_universal.txt id: auto-62b644dd09585bec84dca85b717b819bca3dcd66fd046ae53cea2a1a8e52df35 status: experimental description: Detects traffic or activity related to http://89.32.41.172/payload_universal.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/payload_universal.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.186.137.244/video.lnk id: auto-76ac4e394054b403ab6f901d999b4e97b33b53ade31d564fee2e121ecd88b086 status: experimental description: Detects traffic or activity related to http://179.186.137.244/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.186.137.244/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.72.18/photo.scr id: auto-5d56fb9dd42638faafa39a0f21de9c23720aa286e6c44d71e72bf11685b3b490 status: experimental description: Detects traffic or activity related to http://37.85.72.18/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.72.18/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/sh4 id: auto-1dac1e4c03fa486ad78096a9e94a8f65d0d94301704d2c3dd513de7ce74f0a0f status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/mips id: auto-8cae6d509b9532512b0e72152d8eb8f6bc52068d4afe88fd448dcfac1a44152c status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.235.3.218/HOLDASA.vbs id: auto-81e6912eed2fef4c042be76329ef1da84d6d46b1ea1cb528c0210a636d490f81 status: experimental description: Detects traffic or activity related to http://181.235.3.218/HOLDASA.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.235.3.218/HOLDASA.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.130.250.181:8089/av.lnk id: auto-e692e745eb38c52d225df6b5271d882c668990158af0c9f83d6d52205da1f882 status: experimental description: Detects traffic or activity related to http://183.130.250.181:8089/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.130.250.181:8089/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.63:41799/av.scr id: auto-ab66af59481ae26cee3b7bf7dfafee981a74d813abbd990f867e8f9d65798031 status: experimental description: Detects traffic or activity related to http://177.212.255.63:41799/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.63:41799/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/AV.scr id: auto-f7a8ea0b9d865b9bd167a87950ce8d04531f74b7bd2a3223556b3e63fa24f767 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/video.lnk id: auto-e774256e8a2525ea03edde57c102cec04ca053e2023430f03e320dbbca96b305 status: experimental description: Detects traffic or activity related to http://189.159.123.53/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.218.212.151:81/av.lnk id: auto-a34a601ff4e895cb00e47a44b1f059b87da97776df35e0974de9e69f9f4c25f8 status: experimental description: Detects traffic or activity related to http://113.218.212.151:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.218.212.151:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.130.250.181:8089/video.scr id: auto-7ece8c768b5bc6e2eee75dab906d48f32068d8283804b00f9e90bef052a1f837 status: experimental description: Detects traffic or activity related to http://183.130.250.181:8089/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.130.250.181:8089/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.235.3.218/ASD.bat id: auto-36a9d95e550c317c92bbd0d8d49523926c07337fbb2464e15f7c886c383b7040 status: experimental description: Detects traffic or activity related to http://181.235.3.218/ASD.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.235.3.218/ASD.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/library_round.sh id: auto-66b4b28827bf3d5c683373093566d0bc3ee8c7ae41f7c57fbece17d59449458e status: experimental description: Detects traffic or activity related to http://194.26.141.203/library_round.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/library_round.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/timer.py id: auto-20728021fe670acf8befc6760289bb4b9e080db11a013d7debf5534f9c9a7450 status: experimental description: Detects traffic or activity related to http://194.26.141.203/timer.py which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/timer.py*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/sliver-client_linux-amd64.minisig id: auto-011c25850d9f7b8e457e96d35acab2672a029696b927ea940cd7466ec0d7c8c3 status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/sliver-client_linux-amd64.minisig which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/sliver-client_linux-amd64.minisig*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.38.70.125/video.scr id: auto-411a22047f4451b7b26e64e95e91894165a81cc450aa6b407440db281a67171c status: experimental description: Detects traffic or activity related to http://81.38.70.125/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.38.70.125/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.0.74.173:8081/photo.scr id: auto-d5d0b1df7ce0c3ca5ff339248af41ec070ebf3f7483601d65673da7a3fcb08b2 status: experimental description: Detects traffic or activity related to http://175.0.74.173:8081/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.0.74.173:8081/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.0.74.173:8081/av.lnk id: auto-eb5539e58c49404dcaf004d8cdf656a639e15cb10ac0cb41e72c257b8a9a8976 status: experimental description: Detects traffic or activity related to http://175.0.74.173:8081/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.0.74.173:8081/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/i686 id: auto-64f98dc873a44f239a5f267a232b0e99abfb86b1ff9a38f688b5426bf026335f status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/arm id: auto-fd4944667b2289ef75ba381076f69dff159ece824f26c992a5f13b227a157510 status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.21.19/photo.scr id: auto-da3f224c664b671168dc896252bd2e47a88bb53cf27aa09357e744270c1cf977 status: experimental description: Detects traffic or activity related to http://37.85.21.19/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.21.19/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.85.21.19/info.zip id: auto-38da9123267b66427e1b6535baba4d9a38a33177469d856c54aa1138d3f1b05d status: experimental description: Detects traffic or activity related to http://37.85.21.19/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.85.21.19/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.63:41799/video.scr id: auto-2e209ed428d3f75f21de17384b507e2116cab68a5371fab76dfec1c531d6acd9 status: experimental description: Detects traffic or activity related to http://177.212.255.63:41799/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.63:41799/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.130.250.181:8089/info.zip id: auto-0ebddbd2b2d5627e6acdd1c54f63ea9635c8ec6290d58508cb5d6cc9d4ab9111 status: experimental description: Detects traffic or activity related to http://183.130.250.181:8089/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.130.250.181:8089/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.63:41799/av.lnk id: auto-ddbebc1ce0389e7e406ba60ee3bdfc539aee84871f1bbacc78e22a8c3eedb395 status: experimental description: Detects traffic or activity related to http://177.212.255.63:41799/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.63:41799/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.63:41799/video.lnk id: auto-3457a1c121fa66f57bc787e9532a336eac39b5f02ec25315c7799656e0c59450 status: experimental description: Detects traffic or activity related to http://177.212.255.63:41799/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.63:41799/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.94.44/info.zip id: auto-e295db734af3443b4eb4a6b0ea87b260e8c2847de541cdf4995dc2a081a5f286 status: experimental description: Detects traffic or activity related to http://37.84.94.44/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.94.44/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.255.44/photo.scr id: auto-bad55b19dc4d8ba4942f85a20b315757538ebcd77fe21388d401de20d433ec9d status: experimental description: Detects traffic or activity related to http://37.80.255.44/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.255.44/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://181.235.3.218/ASD.bat id: auto-6dd9c0885ca235672bd86326ad1e36a87f1e362f5b0d87e1596fcb29a201275b status: experimental description: Detects traffic or activity related to https://181.235.3.218/ASD.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://181.235.3.218/ASD.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/forge/AV.lnk id: auto-dcf0adfbdba499cfbbd306b21a3d4a15e42022ed6cd81cf305d69f57c3b1caa8 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/forge/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/forge/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.universalgroup.com.vc/i686 id: auto-f8ce27b64e82ce1c04e829e651fac6d2392a530c29fc9512d0e7d0001a56124d status: experimental description: Detects traffic or activity related to http://www.universalgroup.com.vc/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.universalgroup.com.vc/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/arm id: auto-50ffed8e469f949454cd3553a15a3603ee36a978421d8ce37643561d69b47bf1 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/payload_direct.txt id: auto-894dc0df2ee0c498645d5f357df8cb068264bf28ff63c2cd64c355278efc714c status: experimental description: Detects traffic or activity related to http://89.32.41.172/payload_direct.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/payload_direct.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/update.xor id: auto-e63b3792508f901e198be7607b1f7b58a3569e7e2ab564b03890f62db64bddfd status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/update.xor which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/update.xor*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.0.74.173:8081/video.lnk id: auto-baf43feec6d99775fb729e8a5628f0b00752f752a86802ca27c6267ee4237c5d status: experimental description: Detects traffic or activity related to http://175.0.74.173:8081/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.0.74.173:8081/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/Photo.lnk id: auto-b5a0cd07e781273ea0f328ca9ac2ecbceec5c939d9abf3b232b8c927b74762ea status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.38.70.125/av.scr id: auto-f24c05385614b0f9c5a0d1164a174cc75911d1e33a97af48f1c677b65a44723d status: experimental description: Detects traffic or activity related to http://81.38.70.125/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.38.70.125/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://universalgroup.com.vc/armv7l id: auto-16f19003e30ea670fa7e3b01ea8f940abec12160525adb53706b4f193079ae13 status: experimental description: Detects traffic or activity related to http://universalgroup.com.vc/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://universalgroup.com.vc/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/update.bin id: auto-e795a36e0f369c7608624e86ea1defb470aa10ed5c837269735be6dfd10c3877 status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/update.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/update.bin*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/AV.lnk id: auto-a319f3cdf5c003d2fada8b4a7cbcc296957058f66834d755eb96d43854aaf2fc status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/tesseract/AV.lnk id: auto-6e0d57a8fc00e5db5ce2b2b85e3fc12fc9d35a960e049593a017ef4c8b6f8d68 status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/tesseract/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/tesseract/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.39.130/video.lnk id: auto-cd287968700ad2d3a5388019322c46f3ae2aa1fa52ef2f0e98fc039bc1413216 status: experimental description: Detects traffic or activity related to http://138.188.39.130/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.39.130/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/av.lnk id: auto-79b4708c4c98f3da247dd363dece40afaab49184686300a1070c3df2e5542471 status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.182:8080/video.lnk id: auto-3e4b6a65483330589a3680e9c745e9607d353dfb942f9f2c22421b3f26deca2f status: experimental description: Detects traffic or activity related to http://116.48.27.182:8080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.182:8080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.39.130/av.lnk id: auto-f6c15b0f22524843147c1b43a41b7d99dc462dfa805657cd8b488b5422d55e14 status: experimental description: Detects traffic or activity related to http://138.188.39.130/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.39.130/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.38.70.125/av.lnk id: auto-6f20db717de545435302eb7d5e9d3d178f4a82f10e5b4ab0096a7601d2270924 status: experimental description: Detects traffic or activity related to http://81.38.70.125/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.38.70.125/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.38.70.125/video.lnk id: auto-b4ab5075c4f3004ae795cccdc1f6108cb46340ecdaea21919ca6b00f3aa778a9 status: experimental description: Detects traffic or activity related to http://81.38.70.125/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.38.70.125/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/payload_wget.txt id: auto-46da25b0c770b6654f143b853b1d6cd47088d0bd5d22b6fced2d53977458b59d status: experimental description: Detects traffic or activity related to http://89.32.41.172/payload_wget.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/payload_wget.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.83.92:81/info.zip id: auto-9bcdfa159a0418b6b408b9129839a0f7671ef602a352955d4d105ba630ad92b6 status: experimental description: Detects traffic or activity related to http://113.251.83.92:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.83.92:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.123.53/photo.lnk id: auto-7e7374d9eff283f8b67d533e9aa357b5447a1095d1c7b686214b21c38f1782bd status: experimental description: Detects traffic or activity related to http://189.159.123.53/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.123.53/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.251.83.92:81/video.lnk id: auto-a89fceb5274a8135661ac89ea0a2ed0484f7a6fee548786e73f27410cbf540de status: experimental description: Detects traffic or activity related to http://113.251.83.92:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.251.83.92:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.0.74.173:8081/photo.lnk id: auto-21620c2f9400a5e20da77e3cd4cfade01a7a6c7bb4630344e15358a5c4832917 status: experimental description: Detects traffic or activity related to http://175.0.74.173:8081/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.0.74.173:8081/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.114.148:81/assets/Photo.lnk id: auto-11744ed7f6df825f07003649ea740672a6a96b92a88c43e2bc9229e43afc939d status: experimental description: Detects traffic or activity related to http://182.143.114.148:81/assets/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.114.148:81/assets/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.0.74.173:8081/av.scr id: auto-b17a3e487d088238420aab19e4b91bc2a05e65e270168d11b973211c3f93612f status: experimental description: Detects traffic or activity related to http://175.0.74.173:8081/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.0.74.173:8081/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.174.32.240:9000/stager.b64 id: auto-540b3706dc0fd6e3b9be596604b43aa8b56c854afece52ee77641c75fe3137ec status: experimental description: Detects traffic or activity related to http://184.174.32.240:9000/stager.b64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.174.32.240:9000/stager.b64*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.84.190/info.zip id: auto-de72744d0bd49b6de6d935e117b7107e551b8402e12f4db6527267910508de4d status: experimental description: Detects traffic or activity related to http://37.81.84.190/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.84.190/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/payload_curl.txt id: auto-5988aa3c6add1839d4de5fea5ca8fc59d41283a9b93d2d0311d70f78ed31e3b0 status: experimental description: Detects traffic or activity related to http://89.32.41.172/payload_curl.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/payload_curl.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_mips id: auto-ebb79806933893d6515ad9b3bb1bc8c520e968f6f17d0cff4bd5609183c91c3e status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.i686 id: auto-df683c6d2c6c136235b22a571c5a72d63ea8d67fd0e1e91fdab94b46e19392c1 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.ppc440fp id: auto-77a16bdbf43984e61bdcbcb88c75de215fa714cb28d9ddb936a68c5aca4e6187 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.ppc440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.m68k id: auto-ae0882e27d9edd51e3734f633bc200af145bcf869fc4f7ab4cc5d0098bf97505 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.sparc id: auto-ccaaf8317d8eeb459b61e915ce140be73d0cc8c550318daf6f16e1c6c87f6bb3 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.arm4 id: auto-1779005c25364b2da3441b036d7ffaaf93c058c9b4800a420d9fa99544deccbd status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.arm6 id: auto-98981a0c188071042f184d57498bcfc1e2bb66db83d7c3dc023d12453d4acc7b status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.arm4 id: auto-a05252ba7f4b8466868397bd5cfb793383fbdfb1922e4263fc6dc490634d5815 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.arm4 id: auto-1d7cbf1e6f8b86986fe94ef646122fe55415bf89ba0e2529a804d653cd6ecd2d status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.mips id: auto-255418bcc4038e20afee4c2c3153e356a069e85719c24ef9cb27904ad6d0f21d status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.x86 id: auto-fee043e8f312124300be85c56be87b29170f2c6194a2e0e3895d055bbc9a8ee8 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.mpsl id: auto-e462b5d0e4c5dcf564bc514e69e770af536c40c9c92ce371c9496797c14dd1cf status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.sh4 id: auto-f8482aa09253d75342ccd17e33048a2fb09b6643122cca12e0de7fd214ad2af2 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.i586 id: auto-7d829610df52dbd470850ceea662b22730d14866483412a266a3b0cc9a64cb2b status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/c.sh id: auto-35567731e207e9d1bce588a43e154000ef39e5160de023191764493b8303c154 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.208.164:38155/bin.sh id: auto-83ee3d06807f790d4fb3a0085de1d75ac6015a20bc94b82a85d5c125176142af status: experimental description: Detects traffic or activity related to http://222.142.208.164:38155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.208.164:38155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.arm7 id: auto-27ea93e1caec34b49d13c337d7bbe550e73666fcff3c8811ddd5de690546d465 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.215.94:58695/bin.sh id: auto-e5bd810a167d076ec22023cb177f320dd63557989393141964b38769012588c7 status: experimental description: Detects traffic or activity related to http://117.247.215.94:58695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.215.94:58695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:60515/bin.sh id: auto-326e151d1e44f90959f05e180768d3aa43fe38a714fb98b033090492110a8d68 status: experimental description: Detects traffic or activity related to http://110.37.76.189:60515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:60515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.arm5 id: auto-7ff986f70f1275327e823b079deac86d5a0a7c109c46b1033d584fa301b2115f status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/Demon.ppc id: auto-4e795c1a6f841f3ba700d385e953ce3481de0ef0287a0b0bd260dee38242c9f6 status: experimental description: Detects traffic or activity related to http://151.243.109.160/Demon.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/Demon.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.arm4 id: auto-a68be65080e19d5bdbb89ed8a42b2ac1532f8c8e7e16ae85ebf006b80e5615a7 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/w.sh id: auto-27112d01c066f7a8d22ec03b0cab3ae85f38fab5d7d800ea1fd6340e96d10899 status: experimental description: Detects traffic or activity related to http://31.59.58.26/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/wget.sh id: auto-ae80bbd2813f7c782f62b8a390e045a150c42ad010d04f3ebf7a73421d46ca83 status: experimental description: Detects traffic or activity related to http://31.59.58.26/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.x86_64 id: auto-b1fc9588d01eb7744e18d9371ac1dd069e50473a9e5d7255675c22250591fa04 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/w.sh id: auto-a107b89f2a84eff42dbb36b7cc2c6da56e503a6a3cf2576877ac591634ee327d status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.i586 id: auto-a7e20aa80130eccec3c23713b4caef4b21b879e20b89714bf31db5f8a96d1b09 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv6l id: auto-9f7164a801d999c5bf761084a7aa0ea64a4cfaa26bea935c3a75fe9cb043cf8a status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/wget.sh id: auto-4778816ebf180fe8c88fba982a0c1051a22e9d34f96d4355a6fc3483d699737d status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_mpsl id: auto-de18920cedaf0a421a4046c8f72084e5d4bf772e7963919d4caa2b40f603d6e2 status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_arm7 id: auto-7bafe759d8e1185e5fdd1ccec0691dad27877ffdc48dbf31bfa3b08d9358c0af status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/c.sh id: auto-9525d52a5376d3cd5f6be19e6b0d1e6f71989588b4b2c33673a05863152721df status: experimental description: Detects traffic or activity related to http://31.59.58.26/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/cat.sh id: auto-c17298bcb911c3c8f91dd789847e9b246b6a73348f04628ffa59935d7fb50943 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/cat.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.0.213:46869/bin.sh id: auto-90fc2cb806b4c2ac107d33cf9902c1b062fd9c2bd198a2472e5f53497c2afe7c status: experimental description: Detects traffic or activity related to http://220.201.0.213:46869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.0.213:46869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/i586 id: auto-c702511699376109130122bea186f84df79c886fe478bd5fd2ea7891b20a8e78 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/x86_64 id: auto-92988a2b95bed8a4288a068e3dd77c8bf6bed190b50604c93cc31e22f53ef699 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/mipsel id: auto-3db95b4a2b199f9d2b4fd3b1ec45855d62a3db773310522835cb5488bc10b8e1 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/sparc id: auto-f6cf15aff5d909d61e32b766e8629aa5ddb84b8de6206f267929b18f30044ee5 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv4l id: auto-441c0869bb478444834b08ad90cf80943dcfe9fdd7b8b7f3dffd0350d3dc02f0 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/i686 id: auto-f85e3524f4ea7b65cc55a0f31f3ed638d4bb2f92f6b1b70d1f0aa1a0f8367a7d status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/powerpc id: auto-26538ab3cbe6f531a673684d1a109743a9fc359ccd06c0584b084389680a51e6 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/powerpc-440fp id: auto-633c00efd1a103028cc0908ab50da55d566af0163f2bacea988adca0dc38df87 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/powerpc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/sh4 id: auto-26049cc5de4749b206868725bfb17202db45c94e6d35db5f6e1bd9ebe49449c6 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/m68k id: auto-47c2716c491ba42bb6bbaffde02c82ef47a31493dc9349790bc493f3762ea2b8 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/mips id: auto-3938c95bfda990bb374784e920db01312a661c56d828311053f75e1d1f103cf9 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv5l id: auto-25aaddd2a1ba7e883c295abd9aec5cd9eaee76e04c40d4a9922e865ffd62050c status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv7l id: auto-8acb85a6507c4c31ace61e9c3040ad4f9c390092e1b447ea7637491271ef67f9 status: experimental description: Detects traffic or activity related to http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://asd124asdasfasfasfa1231.zjzkzjzkz.xyz/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.27:53011/bin.sh id: auto-954e99ab09cb0da9535dfa93d5a71b3495ebb2597223a846c923e69f1798a9b0 status: experimental description: Detects traffic or activity related to http://110.37.61.27:53011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.27:53011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.111.122:47106/bin.sh id: auto-4da402eb455f8db3e63827c6b18c650e836205be6df7046a828422ab29678718 status: experimental description: Detects traffic or activity related to http://110.37.111.122:47106/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.111.122:47106/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.mips id: auto-0b6676d99d919d501ee44af02f18638c1c365ab12db7e1f8063ea6fa1187d0a5 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.x86 id: auto-b0d26afe7ffdb9562082eb95d225d350d8da5543fbbeadacc766d8705ae53d11 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.m68k id: auto-9cc78651728fcb090877973446bf5b9dc3eb98db88571e8f1814b111baac9228 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.mipsl id: auto-eb58635dd17bdd5a78b8855f7b1228c860a613f15c2cd8126fd56098a716f994 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.spc id: auto-0931473a6cb8c83999a2465592c178b5b65b9cee9313e4a3bbe2eea6082383be status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.mips id: auto-2099ef6b6689b283b3c151c67b3d6fe3d2b3e9ed01915bace2ca9f0e46231780 status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.arm5 id: auto-a9f5806fb9b92ad8e158d29044782a3a56dee2852c2bdacc6ff20a1b4bf2e75a status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.arm6 id: auto-4b06057cede88809ac2dd52f93b53ed78612b2eaae727fdfdc191f85f931ddfe status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.mpsl id: auto-01a36a2343e5ba31c67a3d668d5f63c1b65f6f8a819623cee5ed00836a501ec9 status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.48.255:60045/i id: auto-c5a1144788b8a46fbfb68663cad31c46622db2f1b1ee24c6aa7da226759c18be status: experimental description: Detects traffic or activity related to http://42.56.48.255:60045/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.48.255:60045/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.x86 id: auto-48fdf5804a54d261614199367af772d4e0344ee7352d8f241c00403b88f95a27 status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.ppc id: auto-206e6e29d71bd2a9291f2819fc55f15e5d49774f85333ee6f768b101b9ddb983 status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:46714/bin.sh id: auto-1949c1a0dbb61dcf4a2a82f5f56750bb3649613c3f1a4d0fb15bc6c8e4a6cbc7 status: experimental description: Detects traffic or activity related to http://110.37.73.233:46714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:46714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.arm id: auto-fc02b5adb1afb2d1c70d66f7cc2603cf17fc0af322a8d8f5698167ed07ea1ec0 status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/obs.sh id: auto-cf757b2fa966c5ab6ecd97bc7e3bccf84f1706461ca474521c2eee8277d0ad0b status: experimental description: Detects traffic or activity related to http://45.156.87.158/obs.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/obs.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.158/bins/vcimanagement.arm7 id: auto-d380629e50b905baa0ad39a03345add227d94b0d0e51429c6456ad90a27209d9 status: experimental description: Detects traffic or activity related to http://45.156.87.158/bins/vcimanagement.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.158/bins/vcimanagement.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.181.34:48772/i id: auto-5a48e9a69a7ba715c9c4fbc64407695ba17ac43105c3765f3db731356d8b30c9 status: experimental description: Detects traffic or activity related to http://123.12.181.34:48772/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.181.34:48772/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.arm6 id: auto-b46e39b15b2647027262ff8b84d18e6de8dc58075f05b1df94272747867acff7 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.arc id: auto-82b6d6830e77c4cd466a2208d567233426e1adcc405e15bf609ff0e4cde0391e status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.arc id: auto-757a5a81a1a6097675e2e967195bab95e177e439be8cdf85950a873d30920203 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.sh4 id: auto-2dc5aa7c0121dd1670b2ec42c949a9f13cc7e985071f34bda4bf5045f97da539 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.arm7 id: auto-a8f129c8772de9aa51ffb02e51515e30085c465df0046403507639075f0889ac status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.sh4 id: auto-841493eeb54a61401f7bc2ef82067be239e672e3d95d1f83c267427afec0758a status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.i486 id: auto-61f7bc051dc2d435bf1d2fa16508f64c85c1ec2b18670cfd94e7985e383545e7 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.x86_32 id: auto-a7306a75216a8853026af5213ac5b18dc1c196087f47213527a6d3935ada2acf status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.ppc440 id: auto-b5929e8ec80b23a3f5c77ad0f964e2cb6bd5377958d3aa048611d9a603f84e8e status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.x86_64 id: auto-c181f680dcf363b640449edba615bfecf6d5c6f09e40b31fd86f6ed8fdd055cd status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.13.91:53733/bin.sh id: auto-124534a23d3fbc118766f4ead0b788afd8cd1aab326cd152c67c1c6276dac6bb status: experimental description: Detects traffic or activity related to http://123.8.13.91:53733/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.13.91:53733/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/8UsA.sh id: auto-fecd9caed06675d03eb7e6be2f8a39f3ed3533c14da901abed8ea5f5211e15dc status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.i486 id: auto-31abc8cc92f151fb7a418fdf50655fc5be5bc67b23f136617c4962e3dc8816e5 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.m68k id: auto-f0e10bcbd11679138319f396f7a768b4d08f0dfaf0871dca084722909d25ed9f status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.arm id: auto-2aa01cc677a4f66e8756f9850fccbcf31f9c210525b2caa16707a2c50a5ccd12 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.ppc440 id: auto-02fdf698f3bad36146f5257abc38a55b1fae489824c8b14346b82e9d4decb41b status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.i686 id: auto-d5679538412e926cd350cc4d1cd46c3bf9586b10abd0c8f0b76b244866ae0a6d status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.ppc id: auto-b534671cf9d4bc04c205edf707173b458802fb6cbcf5db1e7d494e14c0ece7e9 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.x86_64 id: auto-d1b1e2dd8822e1d081f4986bc2c6da7ad6cbcf4f6472363529dabf75785a8992 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.arm5 id: auto-3bef92d1b46f81de54d05879d7275405ed0c8187cfe88a0a3725ae5b7320ad66 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.arm7 id: auto-d5b2613f4c29ff83126856ad3dca268aac23f911866d8711e885c6b8098c26ff status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.arm id: auto-44dbad16ba10e3eef3b03863a88c750d3c9a10eafbf55864707c55010a7f54b3 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.mips id: auto-41fc174e25bd3ed85234d6aae55c6592addf76b1a6615f08e8b211b53b21c892 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.arm5 id: auto-2c12a4d0f44cd8d708535e75a15350f0792677ad4394b7700fe4daec75b37394 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.ppc id: auto-1905ad49880a65c463c51e56c1e167d30eed63a5a49c4eb287decaaf14bdb668 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.spc id: auto-e77d49a048959fca9599d9ef26c8ee770aea785fa74d38e70e43d45be7338be2 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.mpsl id: auto-b11b5db181858ee8fe49b46f781384054ce76d1d37fde30921a250568119779a status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.arm6 id: auto-2542d3c5ab53d87b84f11532d0b6bddde1ee5482b982beb19468cd20fa9d1baa status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.mips id: auto-6e454c976f59ac56d52ad1dfcf73b8ca93ad95008f6a68882d162b8df51ada27 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.i686 id: auto-86b784f8ea863e98a544bf0d52f0af8d3583df9b36dca0541a013521fcac2c4e status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.ppc id: auto-ab135d3de5ccce699623b49e8482e2b6671bd7e5b6a2791c9a367eeaaac76f6c status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.arm6 id: auto-2557c8100a1b15988bfd1ae673fa4ad09debdc8c79923c81f4ac1c70994924ad status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/all.sh id: auto-4c9546b0069b1865c1f9d1e8374969442d66ed09e52631b7a73bb8dc424fdfa4 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/all.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.mipsl id: auto-2b6658bcf4ef9734e68be4db93ee1da9124ab38b2b7f0609bb7c438426101a27 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/huhu/titanjr.spc id: auto-e99e65729d7f68b78e976426aa5e848531d841f7a26f9d968fa98d0d143fd66c status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.x86_32 id: auto-7c01c235566ac1408d261798c19a648cd9b4f7238b9ebad336a80ef5762ae6f9 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.arm5 id: auto-b1e6e6f6d3adc8c0876f595ca269b56656cb86b1c40ea9133ca463bd45e4ccf7 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.arm id: auto-d610cdac66fa884abda6c59c089bf74c8dd06ee79181652298a817df170adc06 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.sh4 id: auto-9258e05697acdf2c9aa497e630887b3548ca8cff39fb1bbb1cf5318b331af778 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/titanjr.spc id: auto-67c70c3c6b04c5d600e1617bc0502b0b101b9082061c517b9ff7794cea5a682a status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.arm7 id: auto-e27d318e5b49c30ca007a9562a3d8a8777dd01fa108bc1863fcef5b385d0ec47 status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://crazyitaliano.com/bins/xova.m68k id: auto-2a2982dcac89cd2e32ba5bd7d592df2b62d49e98a27420744e28e6b19587b48d status: experimental description: Detects traffic or activity related to http://crazyitaliano.com/bins/xova.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://crazyitaliano.com/bins/xova.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/all.sh id: auto-c6880206a9de6b72535635dc886c691a31bb79d194bba526b971733c2ce2c80d status: experimental description: Detects traffic or activity related to http://64.226.91.31/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/all.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.m68k id: auto-eecc9124152628147763eae3f5bc16cf417e63f9d840bdbc880708649c86f30f status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/8UsA.sh id: auto-c28a5263cfe095eeb15e3fa18a5da547ff86d4b14543729127cf208ae218c11b status: experimental description: Detects traffic or activity related to http://64.226.91.31/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.ppc id: auto-6047bb84ad76d0d61971e3eccf048a05d6eb551e19a573da751dbc1aaf8e162d status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.sh4 id: auto-428a7a0fc05f5926149acd61bfd88228b62db5263de34f6553ea06a95ea07dcd status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.arm7 id: auto-eb38a8b36337514b7b6ce76f4c54fbf3d94a4bf0d71912e4c0e931413c5252cc status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.arm id: auto-8fc18b07df5ede87af85fffef2b9ca4f77a6e609982115e68c8ba3a06baef2ad status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.x86_64 id: auto-845c5892212ff23860cbe8960a631ee69f0c21552bbb956e5593d39ec725c902 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.arm7 id: auto-37ec8398669818a92bbfe8bfcef42eae037bb2c9efdfc8cb241db15c948712ec status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.x86_32 id: auto-a00783d91afff575238026bf6068963afa00938d48b93912b8cba3f2d3500c0f status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.arc id: auto-05afa57df7da862c16a1eeae36160989f7c995b11ccc5e1f5777266d8e1356bd status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.sh4 id: auto-1a8b9a2e136494bcfdd32325589cb3698b5dfb3af84dd06c0e7b28267f2e6730 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.sh4 id: auto-e8cfc0359a351bb9e84c5c1013140ac169a62a69fedc8e2f89d270d9564f04c0 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.arm5 id: auto-70cc75c9e99bad6503837b0bff912f293792594fdea5d8653f34f2d64b8f838b status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.mips id: auto-53d4d929c523e6d8f754c5ede34ba64d33a0fc7b639b31d14c9130c9a21b12f8 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.arm6 id: auto-408155f4ddbbfe1b36eb18eb7e76d711ff0cb568fba447eb3c938ac535d0b7bb status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.mpsl id: auto-f98113811f41a7f056b04b54ac4e1001919007ed47f89dfef8f7a6b253727e41 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.arc id: auto-59963ff84f8c5323841d8557e43878414bf7f35d061355b5fb98367c67ab562e status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.m68k id: auto-952c4393e7eece7b4cd6e516fdf5df0d743409c4cf09aa87ef04b92016317f56 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.arm5 id: auto-91c2b55addacd65996aa441035e344741d3677bcd15b391ae83816824b36fc53 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.arm id: auto-837c9ed0cdb31135f2915274fbe76939a9b877462897be11f19135c3dfe8a3a6 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.spc id: auto-58988422f0cd04faf8b7421485688578b2789b62afe61b3c5f299c1299430bf8 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.spc id: auto-32f7674417fc611d7d34a6ec91f0006ec4e3ff7c114b8e274fcd936c56c5a980 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.m68k id: auto-85ad8e7212f756499c180280b7c747f14e945a266b3ed0c9d3501cf295cd24d6 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.arm7 id: auto-820f0c3e77057f0284f1a9bb64c043533bf828bcc757013ace5f89d0fe7acd06 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.arm6 id: auto-7d98ad3f72e8727ac760ae1fb318350a56ae30dfc36c8dc29fcb3bd7fa3ffb8c status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.i486 id: auto-0bc334674b5499530c35eb776e2b1c03b791bda35640cf969d8e02a26487a414 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.mipsl id: auto-542563f6c1c2cbb4a3b23bcfa88bc6459039797f775d97361e40b596c1688ece status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.i686 id: auto-26b97cc5b545fa5c882f9e28a4ff595d989147a1204d6301589db1ce807a6a3c status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.mipsl id: auto-f8b1df3cfc69598c77c43bd6e6b24595b24335c41d2ae1fa2a78c20e51f6c231 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.ppc440 id: auto-c096752dc9dc6068fef6d62a2937ddbddce52439316ffe6d5a96c40068789204 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.arm5 id: auto-c36a8d210c78382c8cdb7592458e6a32071d6837043a3a720e5a85ce015ef762 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.ppc440 id: auto-4622a54c08570517a4aa3bbdf937b862cbf2743c33340f0a2dd34fd9934af5dd status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.i686 id: auto-5af0a366389d2b46abf07e7c13c0da4d335c4ae55a468347e9d9cee21d1ff733 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.x86_64 id: auto-7002a53d0eeb24f0c6f2b331fb379163a5623546b4fd2cb88577db07fac85504 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.i486 id: auto-8b457eb63df9a6f83f5cf6d937de894d84a3870f36a3ebdaa5898b1617a39651 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.arm id: auto-32199c6379782f164002eec1a3106893b84cf699f3b30fb571fb499b48f6020e status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.mips id: auto-3c333be7a06b58bc0c65b8aa666e3eb0a8a894525d3227cc7f7bef31a58a3aad status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.ppc id: auto-f1ce333287c23175ad1735b7edcdfd43cf9cfe17b7c8df1e4d2656d7b501c0dd status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.ppc id: auto-8f784cce48cb544e4b8618783b904f1348594790595256d52d00e9679790725a status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.arm6 id: auto-abe396c07478c398a89f60de6b1d018f7fac041c175cbd5cf8c8f8cf530de0e4 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/bins/xova.x86 id: auto-3e1e9b46339e46089d917b77edd8b16e055407676b6643629e782004a4efc1b7 status: experimental description: Detects traffic or activity related to http://64.226.91.31/bins/xova.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/bins/xova.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.spc id: auto-df547fdad7a1e5f4f5f205d8d16aac3a4c3f050c07b576d1c3de4a23cc807371 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/titanjr.x86_32 id: auto-9182ab0b2800280005521b8283fb8ede4e680ed32335070398cfcd4022214340 status: experimental description: Detects traffic or activity related to http://64.226.91.31/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.226.91.31/huhu/titanjr.mips id: auto-effb4befffb64b303af8e324761843a6e471651434790bb1beea16a28c4f1dd8 status: experimental description: Detects traffic or activity related to http://64.226.91.31/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.226.91.31/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.160.172:49039/i id: auto-9800b7d68dd32ce2b60521975078a4862c05cec8d0fcb35966c537cf4eae5cc1 status: experimental description: Detects traffic or activity related to http://115.48.160.172:49039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.160.172:49039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.162.183:33987/i id: auto-1ecb6daea03f9f5cc6087e374a9efc4f5e266dea055ff4196ac8856d7ea23d66 status: experimental description: Detects traffic or activity related to http://61.168.162.183:33987/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.162.183:33987/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.181.34:48772/bin.sh id: auto-4aea09a7ff63db0ff878d574e24b01921615aa553881632250816afa6d68434c status: experimental description: Detects traffic or activity related to http://123.12.181.34:48772/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.181.34:48772/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.156.99:53754/bin.sh id: auto-e1c57036bcd1eb7d2fc0f07a18d5a38c181b5ad068b8c7443385bfe799315e2d status: experimental description: Detects traffic or activity related to http://27.207.156.99:53754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.156.99:53754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.x86 id: auto-5a4437fb7b79e51ed8768000cb6d8b6b769058c52826205ab542bdda7b52905b status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.arm7 id: auto-507e6e8d91751164193985e4d832e0814b1bc11e704e58ff8f521cd670ede095 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.m68k id: auto-38971633911e3e9334d9ba01d3152b64aa765169daea705c7deff453ac2948f8 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.sh4 id: auto-c3598fbbb7e7af5f65d09fce8564a3751ab1b3809db58a1e5f213cb7811cc805 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.spc id: auto-6a82621975813b09b79c34bff288d76d6a9836f1570d5a77bf4b37f51b09b226 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.arm6 id: auto-a63786fea0ca718096aa7f54499d5ffcb9dce177180e5921dc26093369bd0008 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.arm5 id: auto-49e62a02a58806f42e232fb513f31db1b196d518a55be617d3e9fccdc8f84ed3 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.arm id: auto-d0e77a01ee1e113e81f6222cf600d9dc3330b41d5299309847b1d6409ab549ea status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/fentbins.sh id: auto-3ff46f2b98844f507b0eda2fe9407ba1dc53b33922c008c2dd568f564dfd73da status: experimental description: Detects traffic or activity related to http://87.121.112.124/fentbins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/fentbins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.ppc id: auto-a5c324d02236de59ef7aba3bb8c34e07417a86bd59feebab9a6a4c81e43f6fd2 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.mpsl id: auto-4bee874d33a9d89c3e526434ba6b972fa4d61035d5caf27f5e94940897e847e6 status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.124/bins/fent.mips id: auto-0f44b4c3c6509c2f1cf2b0b0370a29c2fdd5504d1cab6e8446775da9f15f05db status: experimental description: Detects traffic or activity related to http://87.121.112.124/bins/fent.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.124/bins/fent.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.146.148:58183/bin.sh id: auto-9299b49f2d71cd87b0b523b4b701465c247573e644a02aabf60d9c3d3261717e status: experimental description: Detects traffic or activity related to http://222.137.146.148:58183/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.146.148:58183/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.2.69.101:60624/i id: auto-8fea6a0657f2cce028944603cc14375822d2d340c68ebb8c910bd180caa451e8 status: experimental description: Detects traffic or activity related to http://61.2.69.101:60624/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.2.69.101:60624/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/8UsA.sh id: auto-b2c7eb6a4ef82bc64544de4c8ff76b14172f100331e99be5ff442764a78c9bad status: experimental description: Detects traffic or activity related to http://104.131.89.219/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.x86 id: auto-c74ccf3f72bb58006b75b00b03e07e6817711fa58d732638e69290b119971eb8 status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.mpsl id: auto-664e9c9ccda08751052caa6ae737616393b24c3c4c9dc083dfcf8f079f45423d status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.spc id: auto-70411ec87b0d5a87e4fc4e55f4c3c8c2ab99f30189422337b74d5a5bbeeda58e status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.mips id: auto-fa493946a67cfca11701e3ae5dd3a4e0b1ab55d915118b030a797284df1350ad status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.sh4 id: auto-0cf19da638234c8501a34abe81e56db82619e370355a027df4d350456f6f440c status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.ppc id: auto-2cf976874da9595e4cb7efad7ca1e12705e8d9eedfcbe5fa86e9a77345223dd3 status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.arm5 id: auto-4c165a1928031493f127bd9b8502369e5697388c0861b677f67bab195fd2660a status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.arm id: auto-ca72445f77f8114af135185817a9882e8d067842c2450f42a3ce1652797e6459 status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.m68k id: auto-c8f89de02dfd638dc33b5ce108d9c1c9e655879f3d33df65fa7a712c2d5e2a0c status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.arm7 id: auto-16a44c0752b4b14214f19f09dae1942fca51d35ece31e89d0932011ac86e97c1 status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.131.89.219/bins/sora.arm6 id: auto-7771d48615b26da07feee7504c8117711176177a53f34a3e793bab754911d5c9 status: experimental description: Detects traffic or activity related to http://104.131.89.219/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.131.89.219/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.191.85:49909/i id: auto-ce815034b611f3fb1765dd08b59fbc84e3a59a94bb546fed7b9ee7c782628845 status: experimental description: Detects traffic or activity related to http://59.98.191.85:49909/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.191.85:49909/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/skid.sh id: auto-d0eb105bafcb12df1c3949a4c354f95639be8874ba0642e43fda829ef3d83a62 status: experimental description: Detects traffic or activity related to http://195.24.237.39/skid.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/skid.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.arm7 id: auto-4f00ffa7f4e1d7243642ba5f5001d9515a3d6c2d56de03f3a1a92080d5e1821d status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.mpsl id: auto-c4d0ed78f7a8a77fef94b72e1041453ca98a397af3a91e7c02b3edbbd7490bab status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.mips id: auto-41e6f4c55b3c842637f30e94d097e75b95fbd9e1bed23ecdfd50d47e05e9ea21 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.spc id: auto-7c917007979d1de7ea6f801bcc2a37e85a698af0a9f5aae9a95f0d9a2d39eaf4 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.arm6 id: auto-07c9c7cc11004c0992145ac6c8833edf536582f068a028619cca98b32369964b status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.m68k id: auto-dbc86929ae5de7689acb630887e6de0838bd08a08c1ea37d7dafdc2b825e679a status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.x86 id: auto-2552e865edfb1988f85b7d13b3d64775764139f22f49d9105f4f6325aaedacba status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.arm5 id: auto-20995ebd5c9754e495613d44f3d4ebac038b2055bca26b41489aedd2c5465363 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.sh4 id: auto-b8b03955169c3e494fdd4a84a568ac8bc652b0420fb84e6c71e68c64ea187d2f status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.arc id: auto-3b33c3b6629eac03871e0cd990a930051b0b410f2b5a0b9b5c0962625de9d558 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.arm id: auto-6289bbeafbc35898fb611143fb2bb9f85ed1cfab533068e77ff95e05eb7de6e3 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.39/bin/skid.ppc id: auto-3cecb59b1d9c9755f1c823d818a4a2a04fc265cb39aeff215d0e1c8921a058a8 status: experimental description: Detects traffic or activity related to http://195.24.237.39/bin/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.39/bin/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.162.183:33987/bin.sh id: auto-aeeef9c89326478835318c770d12a6a3ce7ece8a95466e5623a255663561607b status: experimental description: Detects traffic or activity related to http://61.168.162.183:33987/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.162.183:33987/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.160.172:49039/bin.sh id: auto-c9597ea42f0463c75dfc1f7cbd886d1d58be06d9ee5998e2e48d1e45c764ab5c status: experimental description: Detects traffic or activity related to http://115.48.160.172:49039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.160.172:49039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.48.255:60045/bin.sh id: auto-04ede8570864a14db7d927b7db52472b9e9128d27243aa7831359a90af10552e status: experimental description: Detects traffic or activity related to http://42.56.48.255:60045/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.48.255:60045/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-id-4-api/api50-mint-ok/fl id: auto-cd2f433c692236218cc867359543dfc93dc7861349386f7e566e48420f83e194 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-id-4-api/api50-mint-ok/fl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-id-4-api/api50-mint-ok/fl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.191.85:49909/bin.sh id: auto-6145cbd72afc3139f2b8edbf24c962dd0ce5a30fc140efd0a66987ed8fcedc20 status: experimental description: Detects traffic or activity related to http://59.98.191.85:49909/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.191.85:49909/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.54.85.143:48436/i id: auto-3d761bcb9f436a543ee00e234fc91ec1c664990aa04abfda4b994d06808454e8 status: experimental description: Detects traffic or activity related to http://24.54.85.143:48436/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.54.85.143:48436/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.54.85.143:48436/bin.sh id: auto-c0fa631e4561da870e5cd0575b03371793920ae2c8be27ca78d9218f0911b9ba status: experimental description: Detects traffic or activity related to http://24.54.85.143:48436/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.54.85.143:48436/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7 id: auto-f0bba3ad3cdf740e07f17df7e57c8113989b6cac2ed22c04792c5380f3af936b status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6 id: auto-933a141651f6229a41cd51517fb1f1b76ea0da44818d5aa7b46673586e3849d8 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl id: auto-3ef920f4f972ba0ed295cdf80806804b84a4e2e0dc04d0092b9f897619c68f64 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips id: auto-39f3bd82617205aa506352d66b7ede8b62df02e1138df8e06db87ddd5d05f4ce status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc id: auto-55174a23cb9e44cef26e590a7b197d2dfb9166f8087f72f6e085bf9589368e58 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86 id: auto-b56724a0f2b09e27f6b2ec7f97b23bb58ddf4a2ccedff1be28477e4bf5c80092 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_arm5 id: auto-9cc106540f0df7c07c7decc9e34706e524a2b0ed413cd393c75f7da1bb04a834 status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4 id: auto-09fa608f918712a52067454e85f31b37ace0db9d397b2fe4ecd47a569c7f6b19 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5 id: auto-b00ee005f649c2e04e23f187dcb22940306422a4347e5cc945524f01762b13be status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686 id: auto-9f5804705ab1e1a052170dd116adb239830349c58f42f41c0bd7a0847d27ce5c status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/sparc id: auto-25790cb5c5caa5448b5f74301d8875ccb1250c287e8bed2e5edbaeee1859eec7 status: experimental description: Detects traffic or activity related to http://158.94.208.27/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k id: auto-abeba2fe59213f7f81a1a44deada1a11586d7af7b037e68e32f5d6fa382eac30 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64 id: auto-38167253d07048bfe67e01b14054c46b8116f485709546584370d93d058b0310 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/powerpc-440fp id: auto-b190760ee693d8abc49c19ee6f9aac1a7e36da12916d2906ac2e7dbc54375d9b status: experimental description: Detects traffic or activity related to http://158.94.208.27/powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/powerpc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm id: auto-ced87d3152aabf046516954372d3e196946576d7be30c80c84a6e409aad9ebfa status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc id: auto-02594fb59862948815c1e4c752b8b72914249f5692eec4fd8c386b49213450a6 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc id: auto-af2e3514dadf500e136e5968f11e2d45b09ea4de4c9530227c2444e9a845a2a9 status: experimental description: Detects traffic or activity related to http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.0.74.122/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.25.112:40120/i id: auto-0fb312ce0a7904db39acb7712ff262e222282ee136501e31fed2d56997ade893 status: experimental description: Detects traffic or activity related to http://42.4.25.112:40120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.25.112:40120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.25.112:40120/bin.sh id: auto-87cc38425fc9cc3868031c2f9abdfff48d32c69bd19b994ce1b71208459a4bc4 status: experimental description: Detects traffic or activity related to http://42.4.25.112:40120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.25.112:40120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.215.103:55368/i id: auto-1561b417882a925d6534268b832ba41c5598d8cfa5bfa9993e5e83b6d1e6a4e3 status: experimental description: Detects traffic or activity related to http://119.179.215.103:55368/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.215.103:55368/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.84.21:40066/i id: auto-daa177a42637be6f5c9c0058c26522d8aeedb25af58adedac81b88771756a44d status: experimental description: Detects traffic or activity related to http://27.215.84.21:40066/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.84.21:40066/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.8.13:56676/i id: auto-ef6299e924364e9c188296db22f438f1f6973d8d0d14c2354f3140522aa7bc9a status: experimental description: Detects traffic or activity related to http://222.141.8.13:56676/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.8.13:56676/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.200:40725/i id: auto-9650471954e478b162b710b6a8d5314283162724a9398532e3c831d508496821 status: experimental description: Detects traffic or activity related to http://110.37.97.200:40725/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.200:40725/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.159.160:50619/i id: auto-e6e707543a4d3ec6ac4433239cb0bf28827cee8e5ef2a667df6f756440ce0866 status: experimental description: Detects traffic or activity related to http://119.116.159.160:50619/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.159.160:50619/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.215.103:55368/bin.sh id: auto-e84602a377fe67e2118f279cc8a7b8bfdc9f533a8cb5174a8a5fba9f8c9bf6a6 status: experimental description: Detects traffic or activity related to http://119.179.215.103:55368/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.215.103:55368/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.232:46581/i id: auto-873eaaffc17fc5ffde9b8ea7c9389ac75f1d0ecdbe041887eac92c05a0fceaed status: experimental description: Detects traffic or activity related to http://110.37.87.232:46581/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.232:46581/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.6.235:45710/i id: auto-bd8ab01510e5bdd60c65692c7fc634e388cb94cc0c6972ef9dc75818535f896a status: experimental description: Detects traffic or activity related to http://115.49.6.235:45710/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.6.235:45710/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.226.229:58290/i id: auto-ad1a1fbd91e79b3dd85613e35cecddd3154a2561d19c274cd1376fe2c3c09e8d status: experimental description: Detects traffic or activity related to http://123.7.226.229:58290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.226.229:58290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.68.236:34537/i id: auto-904c7da8557464ea94373171786a8eadc8571824948b83fd25d377778148b622 status: experimental description: Detects traffic or activity related to http://110.37.68.236:34537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.68.236:34537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.86.21:38052/i id: auto-fc2eff8074c3b105f4738a8816326860a93e09c7ff522a050e03c65b09e02d80 status: experimental description: Detects traffic or activity related to http://125.47.86.21:38052/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.86.21:38052/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.90.100:48601/i id: auto-ab95d453d2c1bfdbd5d1667ff3bc610e8fc6f8f3f89d7482482bab91e4672909 status: experimental description: Detects traffic or activity related to http://42.53.90.100:48601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.90.100:48601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.84.21:40066/bin.sh id: auto-fab7267e3d578ea9dd4e755174d0245084fe3dbc9504a9a85529cdb8d74290e0 status: experimental description: Detects traffic or activity related to http://27.215.84.21:40066/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.84.21:40066/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.8.13:56676/bin.sh id: auto-175a9a4ba72988999cec6c7f20666eb0fc00926d4c8f2dfb067fdd545903a6da status: experimental description: Detects traffic or activity related to http://222.141.8.13:56676/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.8.13:56676/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.90.100:48601/bin.sh id: auto-7f9591408be46cecba5c6095be72a1d285ff171e99ec61db9121d6392b196159 status: experimental description: Detects traffic or activity related to http://42.53.90.100:48601/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.90.100:48601/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.200:40725/bin.sh id: auto-f45bb1ea4795cb55cb0886a3a74bd08d2271dac759200bb5488d0cb5f500059c status: experimental description: Detects traffic or activity related to http://110.37.97.200:40725/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.200:40725/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.6.235:45710/bin.sh id: auto-99cd88869432851cc3bb665b7197278b0a8a7abebbf28ec12f07ec347923ff60 status: experimental description: Detects traffic or activity related to http://115.49.6.235:45710/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.6.235:45710/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/dvr id: auto-fb2f7a8d11bf4f23db9ad1a719fce6f685721c5c70c4c4e1e1c79829b56defdd status: experimental description: Detects traffic or activity related to http://84.200.87.36/dvr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/dvr*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.86.21:38052/bin.sh id: auto-470c519dfdacda2d87c676bbfb9ea070e93efb4283fe33020e7755ad4cfb705a status: experimental description: Detects traffic or activity related to http://125.47.86.21:38052/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.86.21:38052/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.45.93:57454/i id: auto-a14dbbe516ca510c697ff5108e419f2df8a8fff9bf556afa5c12008862e31075 status: experimental description: Detects traffic or activity related to http://113.221.45.93:57454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.45.93:57454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.229.182:37755/i id: auto-511860344b6af84f37aae588076733a380a1ba1ada543323b6364b6043e6aa4d status: experimental description: Detects traffic or activity related to http://182.116.229.182:37755/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.229.182:37755/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.244.202:41084/i id: auto-10bd4deee059b9de7db5f31c5ab75fcc1253c695daa29e1d9238b1d85d11bf02 status: experimental description: Detects traffic or activity related to http://123.4.244.202:41084/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.244.202:41084/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.141.144:47869/i id: auto-3d0ad544954c06a00a579d168e62654ee9ab2a2564886820bef89103a6fc18fa status: experimental description: Detects traffic or activity related to http://42.86.141.144:47869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.141.144:47869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.229.182:37755/bin.sh id: auto-7b7518c3222fea1eddf465b30de8fa46a8509577fbc333ccb9eb9c4d75723ab1 status: experimental description: Detects traffic or activity related to http://182.116.229.182:37755/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.229.182:37755/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.105:49982/i id: auto-51c36ff67c4ca1fd60fe7c5effec11410ed416cfcc8d7219d9c5dec813398c02 status: experimental description: Detects traffic or activity related to http://110.37.37.105:49982/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.105:49982/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.48.186:53805/i id: auto-39544febdf50d4112a7a8d7d7a387113e916ca3026595bebb7181ff25ad69564 status: experimental description: Detects traffic or activity related to http://42.237.48.186:53805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.48.186:53805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.70.51:59298/i id: auto-e6474caec70c9937662dad67da228cfa2162b78aecce059caf5dfc420fbc5b94 status: experimental description: Detects traffic or activity related to http://61.52.70.51:59298/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.70.51:59298/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.21.193:41962/i id: auto-22dd98d63278bc95642103677c6c1613a09c3934b378b26e81d04590d049990e status: experimental description: Detects traffic or activity related to http://42.7.21.193:41962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.21.193:41962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.191.243:34737/i id: auto-88b73ec428856e2e156b32d99838c325c60a92a58c5eba1d6c58418cf4768ef0 status: experimental description: Detects traffic or activity related to http://42.177.191.243:34737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.191.243:34737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.244.202:41084/bin.sh id: auto-771ba1bfed63be428dd7930ca30ce9ec5c2bdb8fc71fe77943be59681c4e7684 status: experimental description: Detects traffic or activity related to http://123.4.244.202:41084/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.244.202:41084/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.105:49982/bin.sh id: auto-c8dfb6ba41547347a3d5a883cd371123272ebfc5beb3ba8fdea56da47867981a status: experimental description: Detects traffic or activity related to http://110.37.37.105:49982/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.105:49982/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.48.186:53805/bin.sh id: auto-a06ab2a2215717af2e86168722ddead9d70a733cf1b71b97ecfa3c3912e21b75 status: experimental description: Detects traffic or activity related to http://42.237.48.186:53805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.48.186:53805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.4.223:53632/i id: auto-5c464e2d44c6e8c17fa37105fcda2206369db83fb147b297de8e711a104c8cc9 status: experimental description: Detects traffic or activity related to http://222.137.4.223:53632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.4.223:53632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.141.144:47869/bin.sh id: auto-9ade463281f984a6e4961e8ba3e73e6d6a9f0764f1b742209021c293dc474aac status: experimental description: Detects traffic or activity related to http://42.86.141.144:47869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.141.144:47869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.70.51:59298/bin.sh id: auto-3ba3a97c1046acf7f8c2845bab20e2d9113250baf5be3a023e9222fa44ff0da9 status: experimental description: Detects traffic or activity related to http://61.52.70.51:59298/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.70.51:59298/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/boom id: auto-12d9f2b996c55081b31e7c86dc8f85c830c26a86b047f863bf2eedb8d8653480 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/boom which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/boom*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.210.211.194:52544/i id: auto-42fafa14afd29f4453cde2ef2ff573efaf02f2b7f81857a70c0c3ac35c4f6fe6 status: experimental description: Detects traffic or activity related to http://117.210.211.194:52544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.210.211.194:52544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.10.71.237:42971/i id: auto-bc64151239c35a55db7fbaa62a414d9ed12f6f282d949c18ae09f1c5243c5640 status: experimental description: Detects traffic or activity related to http://27.10.71.237:42971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.10.71.237:42971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.4.223:53632/bin.sh id: auto-ce5b6b99d4b15db7e921bf4dcea1f6eaddc888beaa91b6e1660b314e86517cfb status: experimental description: Detects traffic or activity related to http://222.137.4.223:53632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.4.223:53632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.109.164:56967/i id: auto-d355d2fe1a9635972e5abf26f142b5238ef5377a347afa2f954530d9e120f910 status: experimental description: Detects traffic or activity related to http://116.138.109.164:56967/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.109.164:56967/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.88.74:59121/i id: auto-57f677791bfd06d29f959393d78e5dfa6dcb6fa6d1cb2e29591f4c7125b0b535 status: experimental description: Detects traffic or activity related to http://221.15.88.74:59121/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.88.74:59121/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.143.178:60072/bin.sh id: auto-838bda64ac5cf67ed8588ebeac786f86f9cc4c5cef674854086b9db7bbe53c37 status: experimental description: Detects traffic or activity related to http://219.156.143.178:60072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.143.178:60072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.155.154:45112/i id: auto-ca086ce0d6b88942a148ba25a4cec04ce2edf93089ad6913163bf0d5f0aca929 status: experimental description: Detects traffic or activity related to http://42.4.155.154:45112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.155.154:45112/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.118.216:47332/i id: auto-a23a5e3a09a6d313d42cc6f0e2dd9a1aa696d5fd3f8454ad19f30e338fab6973 status: experimental description: Detects traffic or activity related to http://182.116.118.216:47332/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.118.216:47332/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.210.211.194:52544/bin.sh id: auto-859bc519882f53d538753e27ec15c3ab0bb9a8af93761dc01b2c6b0d3c1009fc status: experimental description: Detects traffic or activity related to http://117.210.211.194:52544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.210.211.194:52544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.10:37659/i id: auto-b9c8364cce87296ba37696ea1b991d96a33939c6dd893ac9b3bd064af497f35e status: experimental description: Detects traffic or activity related to http://60.23.235.10:37659/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.10:37659/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.250.237:52440/bin.sh id: auto-b030a81337380a98f0eae01efc4b6ebf47477ab1da336f4d86da42ce2afcdb4a status: experimental description: Detects traffic or activity related to http://39.74.250.237:52440/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.250.237:52440/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.82.196:57700/bin.sh id: auto-99083fbac58d66172c5619d90c19ade7aaf89a2a64e8f8325f18f18388a417ae status: experimental description: Detects traffic or activity related to http://219.155.82.196:57700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.82.196:57700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.88.74:59121/bin.sh id: auto-ea2ae3545d4f42ad1ab66a648ec0cfc24a598c61b655c40c5c25a01739db7fea status: experimental description: Detects traffic or activity related to http://221.15.88.74:59121/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.88.74:59121/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.118.216:47332/bin.sh id: auto-c17a2701f4864ce9771c875e709ba5eb412f22b7f33adb7e575ef05caec6e285 status: experimental description: Detects traffic or activity related to http://182.116.118.216:47332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.118.216:47332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.156.99:53754/i id: auto-35f12ed1987818bd39cb20c888560442cd46d4ce1649a86bdc107bdfe8dbc9a7 status: experimental description: Detects traffic or activity related to http://27.207.156.99:53754/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.156.99:53754/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/back id: auto-6da48c88507fddb76adca8b38216fc87d6d3a777bbae4f4ea8b2dce879600066 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/back which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/s3/back*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.103.114:48905/i id: auto-b80075568dc0a424a78da9637802a26d498f2beedaf65f6d423c4e87d86889f4 status: experimental description: Detects traffic or activity related to http://219.155.103.114:48905/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.103.114:48905/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.222.167:46515/bin.sh id: auto-415effcb06db7c755f65371674545668976305a295ddead621a14f14d62ae26b status: experimental description: Detects traffic or activity related to http://115.53.222.167:46515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.222.167:46515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.58.84:47166/i id: auto-4ae9a2d1d01534a6766e3fe27242e5f6472f95d235fd6f7799b80585ec8c9f15 status: experimental description: Detects traffic or activity related to http://115.55.58.84:47166/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.58.84:47166/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/b12 id: auto-4f51603445d0e2245892fe82db9fc554dca1159c00fbb9aa019a3101c592e118 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/b12 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/b12*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.10:37659/bin.sh id: auto-9c56a15b64c2bf99e1bc6742ee8bf35dbe166fe84cf2ca264a4a8eeaa8f2a0d8 status: experimental description: Detects traffic or activity related to http://60.23.235.10:37659/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.10:37659/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.207.17:49674/bin.sh id: auto-e48f60206b7b2df712c97789425be2840346f37a6ff7079504925181328e423c status: experimental description: Detects traffic or activity related to http://124.94.207.17:49674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.207.17:49674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.227.74:57546/i id: auto-a48ff8476401a2e3c204ae1ca1eabf105363df7b86fffae69f7e7e95997087d0 status: experimental description: Detects traffic or activity related to http://1.181.227.74:57546/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.227.74:57546/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.58.84:47166/bin.sh id: auto-27a3c9aa8d5824d7cfdc585e0e1984058e9f0c77f4e52b53d61759aec8cbc6a3 status: experimental description: Detects traffic or activity related to http://115.55.58.84:47166/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.58.84:47166/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.128.98:47002/bin.sh id: auto-0877d840d1551eb85cd6c55873600a4b47f6765750c5de2023cc1b153ef97d49 status: experimental description: Detects traffic or activity related to http://115.54.128.98:47002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.128.98:47002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/jhjfjj id: auto-dc01011ba5cd0b934adcaf2f9a9da730ebb61811449aa33f96dc8fa2b852833a status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/jhjfjj which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/jhjfjj*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.207:36055/i id: auto-f60385dd705c5adf40d0588f2381c13a16de08f6d3ebbf498a29ed3d3c2b7639 status: experimental description: Detects traffic or activity related to http://110.39.226.207:36055/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.207:36055/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.77.240:53565/i id: auto-ce0748c43526396fd6a7cf9f0ca419810e82cf2bc13e7f3fcd88ff2e59186511 status: experimental description: Detects traffic or activity related to http://117.199.77.240:53565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.77.240:53565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.227.74:57546/bin.sh id: auto-98727609c8c05b355a014393747cdd37a9ad78aae0ec761105a2680fb0d379cf status: experimental description: Detects traffic or activity related to http://1.181.227.74:57546/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.227.74:57546/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.99:58277/i id: auto-60e7c125e88b9d8b89927ff90accac7c94cd906de4ac6d9acde97e8d6ad19f93 status: experimental description: Detects traffic or activity related to http://110.36.16.99:58277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.99:58277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.24.82:34527/i id: auto-d9ac76bbd9916aeefc192e42e3338799aa09c76afaadbf115ef8f08179fa5e05 status: experimental description: Detects traffic or activity related to http://125.43.24.82:34527/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.24.82:34527/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.207:36055/bin.sh id: auto-d0ed0b536eafdfb4974c56c58eb3f30cd65d3101ee2516e29fdee0fcdce7878c status: experimental description: Detects traffic or activity related to http://110.39.226.207:36055/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.207:36055/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/bmmm id: auto-d094147901f67c2162cce0eb8c18a732b90bb4b32a4188c63c6144c4332ea8e7 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/bmmm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/api80-1int-m35461/bmmm*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.14.168:50650/i id: auto-0a9dc771685e53c4a858acd06e7f05342dc0a68f256006621fa735146813b36e status: experimental description: Detects traffic or activity related to http://27.215.14.168:50650/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.14.168:50650/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.182.160:33034/i id: auto-b87cbdfbfd409306c4b8a35f3153e9667824f1b3d02a17d47bbb7b2c07afc6db status: experimental description: Detects traffic or activity related to http://59.92.182.160:33034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.182.160:33034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.77.240:53565/bin.sh id: auto-2c8917ad729be66536249b0bbf288d5a04f0cd9f195b943be089758ce90d4bb4 status: experimental description: Detects traffic or activity related to http://117.199.77.240:53565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.77.240:53565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.99:58277/bin.sh id: auto-e798f4c5c84576db8f12a6d893c0538ed2c1df3d82801ac0920c11630e631411 status: experimental description: Detects traffic or activity related to http://110.36.16.99:58277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.99:58277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.24.82:34527/bin.sh id: auto-d90bbcd90bf60cf82e14f2b3fb3a2311d13ef939af54a984812c7c46c2500f32 status: experimental description: Detects traffic or activity related to http://125.43.24.82:34527/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.24.82:34527/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.196.246:36092/i id: auto-167d7b73ca8141c8015671faf6f6e798c9eabea94fc1e6b90d24f167bcc19761 status: experimental description: Detects traffic or activity related to http://115.55.196.246:36092/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.196.246:36092/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.14.168:50650/bin.sh id: auto-0b875d4fc9d8a50ea1c15af94f85c8f64f7dbb3ae917b676658233ad50bad715 status: experimental description: Detects traffic or activity related to http://27.215.14.168:50650/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.14.168:50650/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:36097/bin.sh id: auto-a4c92ebe94eb77b82dc873103c420edfa7c2c4cc39ff416a8393de6270ee55b1 status: experimental description: Detects traffic or activity related to http://110.37.52.120:36097/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:36097/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.105:53728/i id: auto-e490b573b7cd87b8f8a9234efdd96b01ab9b919dd51f9986c6570a0916e257c7 status: experimental description: Detects traffic or activity related to http://168.195.7.105:53728/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.105:53728/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.27.197:63685/.i id: auto-12dcbcaadac2a8db616924aa470df9aaea9be656c552f6bb76ecbe6b0ff65eee status: experimental description: Detects traffic or activity related to http://113.221.27.197:63685/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.27.197:63685/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.89.209:34851/i id: auto-4c8aec1ea7519ac91fb9d70bb0abd09dade999681a70b7e16c8e3d15508d4d4b status: experimental description: Detects traffic or activity related to http://125.43.89.209:34851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.89.209:34851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.182.160:33034/bin.sh id: auto-c3a71104b0dc1b4f373571b2ae673de14bc85e5121d1cdb40be7f9cc353cd405 status: experimental description: Detects traffic or activity related to http://59.92.182.160:33034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.182.160:33034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.135.245:57837/i id: auto-c30b03c0faf1f004181259d37eb261381af04c966fe68abc8c68c4bfbe75291b status: experimental description: Detects traffic or activity related to http://123.129.135.245:57837/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.135.245:57837/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.146.148:58183/i id: auto-c26ec92fbabc2ed70dc3d3de2b7e118fbb7e35ff5d197c64f1c16bf8d8de41f4 status: experimental description: Detects traffic or activity related to http://222.137.146.148:58183/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.146.148:58183/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.181:54938/i id: auto-92fc7866b228acb0a6f508cf677031fbf194b2edcb9b488b8e0e3eb18b341810 status: experimental description: Detects traffic or activity related to http://115.56.146.181:54938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.181:54938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.245.11.12/bins/pmips id: auto-57e4705c1cddbe70df70e217c523673d587f434ff2f7dee4a082ac124ece212c status: experimental description: Detects traffic or activity related to http://61.245.11.12/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.245.11.12/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.255.198:48829/bin.sh id: auto-3da6fe8b64ef50acffba40be9527fb9f41dba934324f0a668cd96cd6e243ad1c status: experimental description: Detects traffic or activity related to http://125.44.255.198:48829/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.255.198:48829/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.11.113:35305/bin.sh id: auto-2de1be166b592fb485c9f8b384e0065f7030ae8cb7d9534191960edf54766bf3 status: experimental description: Detects traffic or activity related to http://221.15.11.113:35305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.11.113:35305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.35.136:42842/bin.sh id: auto-2ca918107ae31944507068272cf14e4d173e841e9ddaa3df7ffa3c7ea857c967 status: experimental description: Detects traffic or activity related to http://42.228.35.136:42842/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.35.136:42842/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.90.198:52612/i id: auto-40bd62fad56de4d0ff64e07d655147eb129172a2de05dbe9503918464800db36 status: experimental description: Detects traffic or activity related to http://182.126.90.198:52612/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.90.198:52612/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.146.181:54938/bin.sh id: auto-0c07662e4881b0f3d82d163aa9f0c748d884fc2d7cc019d008c3c41882b0cfc1 status: experimental description: Detects traffic or activity related to http://115.56.146.181:54938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.146.181:54938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.213.255:53441/i id: auto-18bc53326bf0632848db8beefb5516d0b11a50722ae24eff4167e51fb871e2c0 status: experimental description: Detects traffic or activity related to http://175.168.213.255:53441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.213.255:53441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.95.142:55769/i id: auto-53ad5de9f3566877bf4f24928b2da7492e0bddbc271ae3ce75d9b77355556e3c status: experimental description: Detects traffic or activity related to http://125.43.95.142:55769/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.95.142:55769/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.161:44486/i id: auto-0d277f567e28c49ee4ad7bb022a6dfc92d4c21a2d12f3ededdd32c7d96ec26bb status: experimental description: Detects traffic or activity related to http://42.227.238.161:44486/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.161:44486/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/nim5 id: auto-1f9862751907b18a14eaa3991bc1b90a7513bc342bcafda60ed0b24030328c61 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/nim5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/nim5*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.167.69:54219/bin.sh id: auto-f935f535aabbe0a4744b6e01543b72715f904c46335b7c15bb620f3a77bfc045 status: experimental description: Detects traffic or activity related to http://123.132.167.69:54219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.167.69:54219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.90.198:52612/bin.sh id: auto-616af7d83b6f645d15e367d1f4b6da24c912f40c3f53d6bd76cfc19cfd47c469 status: experimental description: Detects traffic or activity related to http://182.126.90.198:52612/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.90.198:52612/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.95.142:55769/bin.sh id: auto-6ce6e4e361269ba8b4430671b4f64075199a88529f79bb20a00d901f01965906 status: experimental description: Detects traffic or activity related to http://125.43.95.142:55769/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.95.142:55769/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.90.57:42639/i id: auto-3146dc22573b94cb331ffd87a5122002b2704a642814e201bf79183372af56c2 status: experimental description: Detects traffic or activity related to http://123.9.90.57:42639/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.90.57:42639/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.161:44486/bin.sh id: auto-1e8530764d510ca5ad846eed8187e781b452c6af04b92ee4d2cc6991edf57d06 status: experimental description: Detects traffic or activity related to http://42.227.238.161:44486/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.161:44486/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.255.244:40763/i id: auto-cc9dc313f8491ed70fd9b7d2ad53d571ca5c7b5ef6678a8e26c79b4a00177d57 status: experimental description: Detects traffic or activity related to http://115.55.255.244:40763/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.255.244:40763/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.90.57:42639/bin.sh id: auto-03358423d0ead5c8cc206cd9158348896acb327302bdd4cace5ee59b63885005 status: experimental description: Detects traffic or activity related to http://123.9.90.57:42639/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.90.57:42639/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.166.58:41327/i id: auto-2a331b686e81e2ea73f22df023ba40c905d44f3110e675fa19c1f307827592a6 status: experimental description: Detects traffic or activity related to http://124.94.166.58:41327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.166.58:41327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.24.33:48449/i id: auto-868ab6d2fcf5450efc6601d5c7cf33d4e3b65ec5d81453df10622ae6fe47e8ef status: experimental description: Detects traffic or activity related to http://42.231.24.33:48449/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.24.33:48449/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.93.135:36757/i id: auto-f77025b56c951d9acdb1f5b479f4860298aaff5fdfcb97905791f6e4c4589ff6 status: experimental description: Detects traffic or activity related to http://125.43.93.135:36757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.93.135:36757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.255.244:40763/bin.sh id: auto-31b75ae88fa8684613dff4b0558e17d27d0fd882f5fc71acc7a3b835cfe45035 status: experimental description: Detects traffic or activity related to http://115.55.255.244:40763/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.255.244:40763/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.32.71:49393/i id: auto-6b9a772e046bae2346ee0b68b3bf01579d8befb1c2b92d17c471c6e156bc3732 status: experimental description: Detects traffic or activity related to http://182.116.32.71:49393/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.32.71:49393/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.50.75:54225/bin.sh id: auto-de8e916385db064bdcf2f33002d00a0ab0670a26d8e6da65531aab673957b4d3 status: experimental description: Detects traffic or activity related to http://182.114.50.75:54225/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.50.75:54225/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.50.75:54225/i id: auto-3e9e7917066a70e57fc99e7a0071a814f413282fdbf57665ee5c97fa5adcc88c status: experimental description: Detects traffic or activity related to http://182.114.50.75:54225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.50.75:54225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.94.239:42804/bin.sh id: auto-82ea03532fdda35cbf07a6dfdefa1f59111cbfa3555159b516d9b50c91e70da4 status: experimental description: Detects traffic or activity related to http://175.149.94.239:42804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.94.239:42804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.93.135:36757/bin.sh id: auto-cd3b5117a0dfe3408cf25b8c6c3f30781be1a376b02dfce630d2cf254a6bcdee status: experimental description: Detects traffic or activity related to http://125.43.93.135:36757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.93.135:36757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.92.236:41057/i id: auto-92d143e5ebad18846699f0259fb64ac476da646d11d50ea584f5bd0e2c60a4de status: experimental description: Detects traffic or activity related to http://42.180.92.236:41057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.92.236:41057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.26.158:50244/i id: auto-d6169e0aafc0e7b116aefc33d19434a1e3eaf2831b7e57bd96dddc2d581e397e status: experimental description: Detects traffic or activity related to http://110.36.26.158:50244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.26.158:50244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.8.201:41306/i id: auto-0e0d12c62d86fb46ebf74969ebc0391343c1c270aa08673bf88cb0f488f48f97 status: experimental description: Detects traffic or activity related to http://42.180.8.201:41306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.8.201:41306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.190.237.175:35555/02.08.2022.exe id: auto-7db996e966350959a8a7efb0591320c161961f6c3bd1ae7fc4dafa7c33ead2e8 status: experimental description: Detects traffic or activity related to http://115.190.237.175:35555/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.190.237.175:35555/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.174.65.53:4444/02.08.2022.exe id: auto-f1f64010951db7601107941394668673895842747639edcdceffcf64120dc8d4 status: experimental description: Detects traffic or activity related to http://107.174.65.53:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.174.65.53:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.148.203.82:8888/02.08.2022.exe id: auto-2f77e913d9c0ea021599790ad39a2636edffb782a1f7a110cbd485d7209d7367 status: experimental description: Detects traffic or activity related to http://38.148.203.82:8888/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.148.203.82:8888/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://207.56.138.126:65534/02.08.2022.exe id: auto-75bb2a4a7e506107db4dfc8674eff885a2048d48ec3e5bdd0fcf304a32656f7f status: experimental description: Detects traffic or activity related to http://207.56.138.126:65534/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://207.56.138.126:65534/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.22.183.40:8081/sshd id: auto-0c5d6b804fb4ff9373f875d47be129d3b2ed805766949a49e570a6701151e4da status: experimental description: Detects traffic or activity related to http://123.22.183.40:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.22.183.40:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.87.1.78:47497/i id: auto-a0d27d8b48098dc07f370c87a04098b2aa6f4bb152039e3535ecbb94b382c61f status: experimental description: Detects traffic or activity related to http://177.87.1.78:47497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.87.1.78:47497/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.132.233.44:31487/i id: auto-3076e4cb53987a4bd2f9092600c9ef9c3c7d39aafcdcf25c738a71741a057eb5 status: experimental description: Detects traffic or activity related to http://31.132.233.44:31487/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.132.233.44:31487/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.230.156.43:43703/i id: auto-280eb286e76c8147abad0bf90e63dcdcb154f85b50c44bf922b33b8db8ec2f27 status: experimental description: Detects traffic or activity related to http://43.230.156.43:43703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.230.156.43:43703/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.43.77.2:46863/i id: auto-d603992da8e67624123b0445a176155e1d01ef8be248492f7e3f0eb6f744e231 status: experimental description: Detects traffic or activity related to http://130.43.77.2:46863/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.43.77.2:46863/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.45.74.171:11855/i id: auto-35df5eed92dc2982a6f041670a0ccb628112c7f772398edb0fe1b6a567c16808 status: experimental description: Detects traffic or activity related to http://14.45.74.171:11855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.45.74.171:11855/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.27.155:9301/sshd id: auto-190c8df5d2a1334844670105cd9182a723e57af9685280bd9d770d09915790e9 status: experimental description: Detects traffic or activity related to http://178.50.27.155:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.27.155:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.89.199.157:8034/sshd id: auto-44f258973622cc0a7da29b31c4d8999441d45e3a5db3656c0c420e6506357201 status: experimental description: Detects traffic or activity related to http://197.89.199.157:8034/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.89.199.157:8034/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.84.91.221:25266/i id: auto-bab7dac73d0a15bea26c0ae017dab562e7562d47a873fae2a98dacb11317210a status: experimental description: Detects traffic or activity related to http://78.84.91.221:25266/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.84.91.221:25266/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.45.139:2441/i id: auto-b9a3eb870e6b5a93aee154a671902b4c471fc148b6b58e029965b9e19071a746 status: experimental description: Detects traffic or activity related to http://113.221.45.139:2441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.45.139:2441/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.236.194.22/sshd id: auto-b07e251ecebd18dffcdcf8dad93b6d5ac61592288f56b3d09a97d86654aacf3d status: experimental description: Detects traffic or activity related to http://14.236.194.22/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.236.194.22/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.106.168.181:11382/i id: auto-5daf6f03954ee5f74841bf455e7078eb151d77df96c91657e88f2172e6429296 status: experimental description: Detects traffic or activity related to http://61.106.168.181:11382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.106.168.181:11382/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.189.229.47:8080/sshd id: auto-cf9d8a586c59d11b1678fa693fb62ee8d3ae793b4d9c7b09fd164130da58f392 status: experimental description: Detects traffic or activity related to http://77.189.229.47:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.189.229.47:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.246.43.84:28042/i id: auto-f798199808535c293e115f844be84df25cd8dacb0f1e66bff2a64d23fae8aceb status: experimental description: Detects traffic or activity related to http://222.246.43.84:28042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.246.43.84:28042/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.26.158:50244/bin.sh id: auto-c02961b448382de494d79020a8251549fe972206e74f631b3816356eeaa3213b status: experimental description: Detects traffic or activity related to http://110.36.26.158:50244/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.26.158:50244/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.92.236:41057/bin.sh id: auto-d3026917fa247dbbc309f697a3131d8f628a252325e83dc5d6ce35f20ba4345a status: experimental description: Detects traffic or activity related to http://42.180.92.236:41057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.92.236:41057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.94.239:42804/i id: auto-a6c1610b18d4843dab726229a25e57c8a438cd06fd8f4061353a3fdeb08d0e5b status: experimental description: Detects traffic or activity related to http://175.149.94.239:42804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.94.239:42804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.8.201:41306/bin.sh id: auto-5d696cf8e4f0669a133352bcab33ee03e04feb053910b4b86bf300aba34a464e status: experimental description: Detects traffic or activity related to http://42.180.8.201:41306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.8.201:41306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.212.68:49824/i id: auto-9ea8ffe9e094de1ef2094cbb1a40ecf17cbe155ec7ea3aef97da6cb0e5589ca2 status: experimental description: Detects traffic or activity related to http://27.202.212.68:49824/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.212.68:49824/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.16.253:33352/bin.sh id: auto-e22e2a7cb57a9a6e779940d34ebb5b31ab9a1b1c68cef3374377ea907d307a89 status: experimental description: Detects traffic or activity related to http://115.61.16.253:33352/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.16.253:33352/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.32.71:49393/bin.sh id: auto-55245e5ba6209914179f71356c94ce5168b735eaa2c91f773e7460e0c96d5922 status: experimental description: Detects traffic or activity related to http://182.116.32.71:49393/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.32.71:49393/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.212.68:49824/bin.sh id: auto-b39342a5b55907bd750afbbc6850d1881a676c829dad63ea75616fe858df3187 status: experimental description: Detects traffic or activity related to http://27.202.212.68:49824/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.212.68:49824/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.245.7:34976/i id: auto-ddc5a491fd3c1a0b819e7c9e1b3a12b2063d6e1d138c24d6877f79e369c28bd9 status: experimental description: Detects traffic or activity related to http://39.74.245.7:34976/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.245.7:34976/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.113.42:53900/i id: auto-b74dee0757e8665d41db2bee5f39a4cb34285c5646872cf42fcd84708a93e747 status: experimental description: Detects traffic or activity related to http://182.121.113.42:53900/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.113.42:53900/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.226.203.73:41151/i id: auto-6875612c6cfd9649690fd18618ec11b4fe708fb55dbfbdd15efb1dad33d3ad1d status: experimental description: Detects traffic or activity related to http://114.226.203.73:41151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.226.203.73:41151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.245.7:34976/bin.sh id: auto-55fb37dcf7d9e25c9b7ddecc0e73051dee16641b448398485f71bdc734770c66 status: experimental description: Detects traffic or activity related to http://39.74.245.7:34976/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.245.7:34976/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/shared id: auto-0def9716a2ff4ad5760fa5bfb06c57e7ff3aee096603147011c448b88d5cf743 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/shared which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/88ss-12bnm-140-ok/shared*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.86.207:43498/i id: auto-bb1021f01eac28663aba855fdb7877d524d14c93ea1982d25706fa378e06971f status: experimental description: Detects traffic or activity related to http://115.58.86.207:43498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.86.207:43498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:36097/i id: auto-78cbbd168b8d8eef49303f102712c4aed4d0da0c93727a2383828d75c87dd3c7 status: experimental description: Detects traffic or activity related to http://110.37.52.120:36097/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:36097/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.113.42:53900/bin.sh id: auto-bb557f668406736f420f26f98762af3c4d9c4a06efbe3237e04eaf5343d2c421 status: experimental description: Detects traffic or activity related to http://182.121.113.42:53900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.113.42:53900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.149.204:55805/i id: auto-04671ce461d1405de7339dde353aa48216afcb4765302ee373ba7117088cab3f status: experimental description: Detects traffic or activity related to http://42.54.149.204:55805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.149.204:55805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.224.51:41616/bin.sh id: auto-f0c1d6f9491fbffa301f9b38de6f7dfdc51caa8a7bcc03168ed2069583093273 status: experimental description: Detects traffic or activity related to http://125.43.224.51:41616/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.224.51:41616/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.92.68:43725/i id: auto-19fd079907fea977888a57cd237fd65b4c0929ff29090a51fec392fcd274d915 status: experimental description: Detects traffic or activity related to http://182.121.92.68:43725/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.92.68:43725/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.124.238:55189/i id: auto-be97e80817a2926a70994d701462f84cfe2a29627e5eb6c52b744c4d69a6fc0e status: experimental description: Detects traffic or activity related to http://123.5.124.238:55189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.124.238:55189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.86.207:43498/bin.sh id: auto-00847091b5cfd73e4e4b460ead497786d322e49017a80161f109640bce87b1ee status: experimental description: Detects traffic or activity related to http://115.58.86.207:43498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.86.207:43498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/s4-p2-df6-s9/pet5 id: auto-ebf19fa93b625383294113179a67a281cb60e55b86373ae1f7213dea3899b2ff status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/s4-p2-df6-s9/pet5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/s4-p2-df6-s9/pet5*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.132.158:50093/i id: auto-9666f2f767ac11a8e233beeb08ae478ab22d1e56fc750c9efec44d5331871967 status: experimental description: Detects traffic or activity related to http://125.46.132.158:50093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.132.158:50093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.149.204:55805/bin.sh id: auto-2e21d9510a993eb9a7b51436816be8f5ad873ccffba692626324296da74734c5 status: experimental description: Detects traffic or activity related to http://42.54.149.204:55805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.149.204:55805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.13.25:46653/bin.sh id: auto-1608501ff710f47993c08c1617de996faabfc63eeb9bfe3e34d0dc9e2bb525a0 status: experimental description: Detects traffic or activity related to http://115.63.13.25:46653/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.13.25:46653/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.92.68:43725/bin.sh id: auto-792d057b928afb0bfcf738f7328438f90701a6759899b7d34c4ea2ef5c3210c0 status: experimental description: Detects traffic or activity related to http://182.121.92.68:43725/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.92.68:43725/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/token-issuer-svc/int-api50-config90/token id: auto-3698a9e56be2b17b824f13e6ae4b1a0192f5100edfcbe18073892b962f67e687 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/token-issuer-svc/int-api50-config90/token which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/token-issuer-svc/int-api50-config90/token*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.16:50092/i id: auto-e9c09d46990ba3ce9dd93f11a5f324a162b0c919d2bb41cae226d9db04017ccd status: experimental description: Detects traffic or activity related to http://110.39.237.16:50092/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.16:50092/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.132.158:50093/bin.sh id: auto-09a1e21b74956f112dcea5ed3b43e2dca348827bf2cc2b19d9bb80fa045bf80b status: experimental description: Detects traffic or activity related to http://125.46.132.158:50093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.132.158:50093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.41.83:56897/i id: auto-93b4e1cbb636a9469de1f1032c61791ccd9105c5e427e43d7bd7fe16f99f08f3 status: experimental description: Detects traffic or activity related to http://125.44.41.83:56897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.41.83:56897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.16:50092/bin.sh id: auto-e13a0f2564883e3f64cdb17b27327f81ceba5780f1663afa1ceaccbcc0f2139d status: experimental description: Detects traffic or activity related to http://110.39.237.16:50092/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.16:50092/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.121:50456/i id: auto-0a977a700f07b660223f0be7b9d16e0961c12d7678f8668b426b62280a3825c7 status: experimental description: Detects traffic or activity related to http://110.37.102.121:50456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.121:50456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.41.83:56897/bin.sh id: auto-de1e4d46794f6090c8fa418a8ed074f663e2965456949b2a889618ee9f78568a status: experimental description: Detects traffic or activity related to http://125.44.41.83:56897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.41.83:56897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.246.200:43259/i id: auto-b2be99198ab754fcfa8006d7b544651378975b3ad45d431bca4a81f515cd235b status: experimental description: Detects traffic or activity related to http://222.142.246.200:43259/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.246.200:43259/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.246.200:43259/bin.sh id: auto-a8012726ba7d6b05299194e51b37c8c9c2da333f5ec6ea7425f3ab1b58544819 status: experimental description: Detects traffic or activity related to http://222.142.246.200:43259/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.246.200:43259/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.84.219:37887/i id: auto-1931f2df759e87eb8e076a93dde94c4d9d0c79ea508901a48c569c5d5916b965 status: experimental description: Detects traffic or activity related to http://182.117.84.219:37887/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.84.219:37887/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.34.82.55:23637/bin.sh id: auto-0c5924ebaaad17173fd438c777bdbdfda020e18a2cb0168ca365975d74cd3875 status: experimental description: Detects traffic or activity related to http://36.34.82.55:23637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.34.82.55:23637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.146.167:51432/i id: auto-4e8fa306ac10a6f300f142f2199ab68f56af375fbd1a4b44038035ac760df9ff status: experimental description: Detects traffic or activity related to http://222.137.146.167:51432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.146.167:51432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.121:50456/bin.sh id: auto-82d07eaf5ecb338aadc234e5c9b8f4f4262e82846376ac13bf681e9e5c35bcd9 status: experimental description: Detects traffic or activity related to http://110.37.102.121:50456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.121:50456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.254.147:54350/i id: auto-beb0a620c0a5c7d646ce452b0f96edc718899ca8bd51ece2e1d762622f548997 status: experimental description: Detects traffic or activity related to http://218.60.254.147:54350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.254.147:54350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.97.165:60344/bin.sh id: auto-4192f70cad60f01200f7b1ffb4cc78871d002b83672c26d420a1e6a4780ff55e status: experimental description: Detects traffic or activity related to http://116.138.97.165:60344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.97.165:60344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/a8-core74/dot40 id: auto-a16d4838fd2df20d6013984141433fae580bb8282bd81746f8daa003bb89d12e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/a8-core74/dot40 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/a8-core74/dot40*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.14.96:49179/i id: auto-59dc57147b1bb5f300e98b1280914a87ec59921b8d719a5da27372ba7eb3a125 status: experimental description: Detects traffic or activity related to http://221.15.14.96:49179/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.14.96:49179/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.29.50.238:36497/i id: auto-16aef6b8564646e49d8a84b6a8783ce7e48c4aeb3067e44329fef4f7e340e1db status: experimental description: Detects traffic or activity related to http://78.29.50.238:36497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.29.50.238:36497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.85.237:34167/bin.sh id: auto-2f21ec4448c58c74a214cd42fbd2ef43f2ce3c289a8a7f51ef3503263bb1ae75 status: experimental description: Detects traffic or activity related to http://182.121.85.237:34167/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.85.237:34167/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.33.191:58355/i id: auto-dc7a40475f9e6e214a7c0c66bbe06914e9287c32612b26b559894761032be8d9 status: experimental description: Detects traffic or activity related to http://110.37.33.191:58355/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.33.191:58355/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.199.74:45249/i id: auto-0ace0a893b55e9cce659d834d0e5ceb51cf78d8311acd3e5054da8349d5cf533 status: experimental description: Detects traffic or activity related to http://123.12.199.74:45249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.199.74:45249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.254.147:54350/bin.sh id: auto-95c9b03f192c91f6bd6fda32794356413c861833d18630e5b646eb904bf64f80 status: experimental description: Detects traffic or activity related to http://218.60.254.147:54350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.254.147:54350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.14.96:49179/bin.sh id: auto-e27b210854e7a5353d34ffdc39297551d84d23f79c00261ab35da0830d2bc71a status: experimental description: Detects traffic or activity related to http://221.15.14.96:49179/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.14.96:49179/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.16.253:33352/i id: auto-ead20700490d444bab01494a02599e19cfa5d115a5593b0e7922b6f426b9fd9e status: experimental description: Detects traffic or activity related to http://115.61.16.253:33352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.16.253:33352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.212.125:39798/i id: auto-efeb375138048fc9ae16dc0bad904b921800270f7b533e37ef5a8b2e1363065e status: experimental description: Detects traffic or activity related to http://125.44.212.125:39798/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.212.125:39798/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.33.191:58355/bin.sh id: auto-2b59490e29618f8dd744eb50d049c4e7f691a981cc4641d79343123f161d7746 status: experimental description: Detects traffic or activity related to http://110.37.33.191:58355/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.33.191:58355/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.204.196.254:53159/i id: auto-4ee860f3c488558be65ca1d33dffdd5a307897306a479229e3c16f2bb425642b status: experimental description: Detects traffic or activity related to http://138.204.196.254:53159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.204.196.254:53159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.204.196.254:53159/bin.sh id: auto-a93fe4133ba117940cb22a6c77acfad2c0c28730990649c6057fc410df9be805 status: experimental description: Detects traffic or activity related to http://138.204.196.254:53159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.204.196.254:53159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.212.125:39798/bin.sh id: auto-019f57fa255466f966b1609e843ecc3741f251d18efcc998c94d339bbd5b3d11 status: experimental description: Detects traffic or activity related to http://125.44.212.125:39798/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.212.125:39798/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.211.175:59065/i id: auto-77c59074ea98d936976053a4a41dfbe38e2c5a8abbdeca64ba22a1fa6d6f7ef6 status: experimental description: Detects traffic or activity related to http://42.85.211.175:59065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.211.175:59065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/Photo.scr id: auto-5f1e576c930cd403d0b7a78d0e195624ddbecf885e3a7e4ed2bc3afc87b6fa79 status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/Photo.scr id: auto-7369f583045db3d74a3fa4d42b926a0fa44da1af124503288dd2d079134d26c9 status: experimental description: Detects traffic or activity related to http://186.6.233.238/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.60.10.116:45887/bin.sh id: auto-26ff25ab660c8c1c50f47838ea716deea8017e0c3e3941974ae75fb48344171b status: experimental description: Detects traffic or activity related to http://182.60.10.116:45887/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.60.10.116:45887/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.19:52563/i id: auto-8d9a675a1fe87ce71288ce1e3908c77bb8c96ac1282acd7f4bafcac3a8999ce4 status: experimental description: Detects traffic or activity related to http://110.37.53.19:52563/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.19:52563/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.27.122:47625/i id: auto-b7593c5ff5be52075e2ec64fab93fe982b0a9c9e992c429d984b2570fd97a622 status: experimental description: Detects traffic or activity related to http://117.206.27.122:47625/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.27.122:47625/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.27.122:47625/bin.sh id: auto-264b2e31471cb15e579febadd8391e5f2bda9ef2c5c9582a0344b0a421c2054d status: experimental description: Detects traffic or activity related to http://117.206.27.122:47625/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.27.122:47625/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.15.228:57777/i id: auto-a87c5b846aecbd7a6629350eb7757cf4a4e3e4b4ab3dba76789b8fce1747b5a0 status: experimental description: Detects traffic or activity related to http://42.85.15.228:57777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.15.228:57777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.167.69:54219/i id: auto-40bd6e99f3fffac0ccc1bd26c901d0a997b05a5c0c0c9b7739995c58b40b7ce0 status: experimental description: Detects traffic or activity related to http://123.132.167.69:54219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.167.69:54219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.225.7:36864/i id: auto-df915b581437870c26dbbf6f35e085aa8f614f3ccfc9116fcd34666dda216f25 status: experimental description: Detects traffic or activity related to http://115.55.225.7:36864/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.225.7:36864/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.147.80:33370/i id: auto-dfd49b0dcd7ee22d9ec36847bf58a609fe57a1cea23c6d1056a28f8b5500a777 status: experimental description: Detects traffic or activity related to http://115.62.147.80:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.147.80:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.19:52563/bin.sh id: auto-780bad90dcd4d73e1f14c7283f74259d57d6f941f4fe6d1f6b53b298d3d45dc9 status: experimental description: Detects traffic or activity related to http://110.37.53.19:52563/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.19:52563/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.238.7.133:54144/bin.sh id: auto-cf8b4b65ac24830d573ffcff0308e0e244e59c28e08b17d0bfc747cf4ca72e66 status: experimental description: Detects traffic or activity related to http://112.238.7.133:54144/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.238.7.133:54144/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.200.214.131:56986/bin.sh id: auto-7d7226f9b8e26dd74250c0ce9c83b4a043014ae6d72e0938ca32ada0de2245d4 status: experimental description: Detects traffic or activity related to http://197.200.214.131:56986/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.200.214.131:56986/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.143.149:53058/i id: auto-6b3d6bd2baf44bb53fe1d61bf532843998d8cb636c659d427b986db4240bc2bf status: experimental description: Detects traffic or activity related to http://42.239.143.149:53058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.143.149:53058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.201.96:35370/i id: auto-48d3c1149a6023030f7dc7e2e842ed8b45bb9acbee4f9e4d819d1eb1f83feba8 status: experimental description: Detects traffic or activity related to http://182.124.201.96:35370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.201.96:35370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.147.80:33370/bin.sh id: auto-6ef57e8bbdda7fc38d2a9314cb67a27b635a51575825ce90232644ef27faaf12 status: experimental description: Detects traffic or activity related to http://115.62.147.80:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.147.80:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.225.7:36864/bin.sh id: auto-e763a85deb26bceddd5bfccc550810b09661c8a4d3f9ed1b5106f0e42f93724a status: experimental description: Detects traffic or activity related to http://115.55.225.7:36864/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.225.7:36864/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.215.152:48571/bin.sh id: auto-ff81beebee04cbbc8d74b9d88d6be4bae31a8cd156b4436766adfcd2922a6467 status: experimental description: Detects traffic or activity related to http://110.38.215.152:48571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.215.152:48571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.226.229:58290/bin.sh id: auto-58b225e8cea3c5736361e9d851f6c609e97da529539e6680c8aa468a2fdd1db2 status: experimental description: Detects traffic or activity related to http://123.7.226.229:58290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.226.229:58290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.236.173:52001/i id: auto-d3243c150d144c4619d45f416e1e47b70d2b43f4a86769f49847ac31001acb73 status: experimental description: Detects traffic or activity related to http://115.61.236.173:52001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.236.173:52001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.231.61:37319/i id: auto-58aeba051c1b0ef8210c535be7a49ec9c87e7e526db569ea7f389210164708c2 status: experimental description: Detects traffic or activity related to http://110.39.231.61:37319/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.231.61:37319/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.143.149:53058/bin.sh id: auto-5449c38fd98fe4cbf016c56010cbe190d87125083ae98ca8656af6a5837fe310 status: experimental description: Detects traffic or activity related to http://42.239.143.149:53058/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.143.149:53058/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.201.96:35370/bin.sh id: auto-1e357295354846d1c3bc6fb929649edc007d2daa6970188160ae09b752daa498 status: experimental description: Detects traffic or activity related to http://182.124.201.96:35370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.201.96:35370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_arm6 id: auto-a4371182ec1ba359b3081135cdb7a5bb83ffdbb59a9309d02d432a85b5b4b687 status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/arm5 id: auto-0e44cdd633de43d2f117f7e8fc7cdc6a87343fba2a0a9cb300f873216e3de30f status: experimental description: Detects traffic or activity related to http://91.92.242.42/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/arm id: auto-cbb42b577daaf7eba160a561410bb6556ae03392657b5beadf2d5bcefab6dc5d status: experimental description: Detects traffic or activity related to http://91.92.242.42/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.mips id: auto-0b76c7f775f573fece1b0536beb1a471243e28977f12b90a8edf7c22655dc4ed status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.x86 id: auto-3174ac6e825915abd494da16464a8164a05d1f9a31b74c3bd65ed286bcfef48d status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.arm6 id: auto-36a56fc39658b7ee6e696e44be4324fd30d31d9c682f931667e077758356387e status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.spc id: auto-56a334fe4af3aa0f0d67977d37d2c3f9a5a257f6422cfafe0df0f2985137ff48 status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.arm id: auto-4c966cf5ecfd83deec276fda5201259eb4a97951c609a0fc39e6921ff3c79e39 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.sh4 id: auto-c7cca7fc6d6e7c3a466ed41f098f014d095cdedf7ca4cf4f81ea6aec2fc6d6db status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.mpsl id: auto-465f9397f4efe35c2619bd0ed7c388377227c0f09d135aaaab75f33138f48bff status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.spc id: auto-2fe7966e7a4f3e58f0f8ab85346c3cb9ea0ca65f34d1dfa48859ac9bb9d19339 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.arc id: auto-2e8c2f995c513de69fa0f0a3a62a9c1c7e12d2f3e8dd751e8da1f1ed969db86b status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.m68k id: auto-d7dfbe1865a8a176daef2ba85d40776a30ce3c8cbdc3224dee068d685f7276f8 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.mpsl id: auto-de80f48e53ec53070bb39743c101d6903a46b272adb31cb41b5ad76ac7e96616 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/arm4 id: auto-b5faff1f16090d118d7f044f1824f13860b9bf959293433c0703e2333d78bcfc status: experimental description: Detects traffic or activity related to http://91.92.242.42/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/arc id: auto-da1f765351b301aa5d22167f191fcd16f4c186af22ebf637e0e5f5c87fa01b5f status: experimental description: Detects traffic or activity related to http://91.92.242.42/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/mpsl id: auto-399fb478c5b9dc937b8f2e04300118429345e6d8077e7cff9be41d49754895c0 status: experimental description: Detects traffic or activity related to http://91.92.242.42/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.arm5 id: auto-63e32adca76cf8b23120de718a411ae497370f5d1ee087abc983a1dbc4e0d2e6 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/arm7 id: auto-7cf34895d884358f5da32865f64f9ba3eaefe7c4a110eb3ce749fb7f48a503ad status: experimental description: Detects traffic or activity related to http://91.92.242.42/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/aarch64 id: auto-7c256f842d1215f157efcb8a34c6609abfe72686a2d9a095a5e4f4c30da30d0a status: experimental description: Detects traffic or activity related to http://91.92.242.42/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/mipsel id: auto-4714a83d4c1b2905a1ba17912b78cb00b59c69ebef29d8dc1724fe87c112bc8d status: experimental description: Detects traffic or activity related to http://91.92.242.42/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.242.42/mips id: auto-88477f63f25002baecbdd30368e3d02b72dd85fb6106780b53957fdcd03db1d9 status: experimental description: Detects traffic or activity related to http://91.92.242.42/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.242.42/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.m68k id: auto-ac0ded1de520bd64a199dfedfd19a86687ce0f66a38e1ba1ac80be32376656a1 status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.arm7 id: auto-9332f4ec657d3d231817d77f62661e31d3b93167aafab2bc3394cf35ab2618be status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.ppc id: auto-6d14b05ca25afcc2c6a0f71dba1384e60a2bea727f8952359c3cf80e5c67d28c status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.mips id: auto-53e76ae3450a1eb78ee5ecffcefde57b7f18f50238dfe9a0b77847d72855faff status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.ppc id: auto-8a3e6ef711be917ca4bea5effabfec66bdf459d3728d4c259d4a9994b1205b58 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.arm id: auto-f2c208aa9a2d2c2c23fedff63b96fabc29cae459585133b765133fef9d62cd18 status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.149.243/hiddenbin/boatnet.sh4 id: auto-9e13333ba9d6082475d7fca3e3d079250c2e093589198c872fba921baaf61d29 status: experimental description: Detects traffic or activity related to http://176.65.149.243/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.149.243/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.158.255:48699/i id: auto-39acba9e41ab7731bf3f38990039dcddf5de10ba34498c8b3bbcdbe2d45e686c status: experimental description: Detects traffic or activity related to http://61.52.158.255:48699/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.158.255:48699/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/based.sh id: auto-7de0f9cd5f4f9ad8ab41a50fe5c9b506ceec5ed9ebce777c59504808ba09f210 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/based.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/based.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.15.228:57777/bin.sh id: auto-56e49e91ec73be597b2527b3ed3428ee3933681ac0651bf4d0ecc8dbc9e000d4 status: experimental description: Detects traffic or activity related to http://42.85.15.228:57777/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.15.228:57777/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.231.61:37319/bin.sh id: auto-04750645503933a3ec86082fe2efb411921133fef89cc0cfde6e9737289a4ea5 status: experimental description: Detects traffic or activity related to http://110.39.231.61:37319/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.231.61:37319/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.182.239:50094/i id: auto-9b55bf8880c986b21933490088e36da44f0ecafab2c172fb553fd65a0fd13d9c status: experimental description: Detects traffic or activity related to http://115.63.182.239:50094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.182.239:50094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.158.255:48699/bin.sh id: auto-e3fcb6a192319ca92b1ef200d1b8ed36b72a3efb823a1dbbb52db6679b697b3a status: experimental description: Detects traffic or activity related to http://61.52.158.255:48699/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.158.255:48699/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://strilenfar67.rebelde.sbs/ id: auto-abdce84a00e143654a7f66b5c7d4a1dac5d5000bd709015d8625241c66b9948a status: experimental description: Detects traffic or activity related to https://strilenfar67.rebelde.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://strilenfar67.rebelde.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gruqual.abismodepasion.sbs/ id: auto-0c28c3d9650bc545371310d0e64a59e6deac45a539693dfa685d87964b853f10 status: experimental description: Detects traffic or activity related to https://gruqual.abismodepasion.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gruqual.abismodepasion.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fretansal.marimar.sbs/ id: auto-6c72b231d0979b55419737887678d18fe7c27fb48f5af834ec4b5c11e6915b92 status: experimental description: Detects traffic or activity related to https://fretansal.marimar.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fretansal.marimar.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glorinmingir.abismodepasion.sbs/ id: auto-2af87d60b93c55a50d2e79f6bbd3b3ffcf02548558b7447cdba6cfbbf0c60747 status: experimental description: Detects traffic or activity related to https://glorinmingir.abismodepasion.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glorinmingir.abismodepasion.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://staguntonsil.mariamercedes.sbs/ id: auto-d94f862aed80b3b3242e16f9ff7244fc3f90b8f9ec82f6d5d511909321d22317 status: experimental description: Detects traffic or activity related to https://staguntonsil.mariamercedes.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://staguntonsil.mariamercedes.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frarol.cuidandote.sbs/ id: auto-3f42fa4453adc6df3b109ecde2cb3efb89b4efc4c7898f2b91ff4613922342dc status: experimental description: Detects traffic or activity related to https://frarol.cuidandote.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frarol.cuidandote.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://plafinlungem.corazonindomable.sbs/ id: auto-dfc4ace585270f275fb01a59be33cf3d22e0b5ffd73a5d5c1e88cc586b2b7c82 status: experimental description: Detects traffic or activity related to https://plafinlungem.corazonindomable.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://plafinlungem.corazonindomable.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://trurol07.marimar.sbs/ id: auto-aa9d6bc0927e86a1f5e0e9f9c00ae8f8147fdfb4f5509391eb9d535c9dae8a21 status: experimental description: Detects traffic or activity related to https://trurol07.marimar.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://trurol07.marimar.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://clehal.triunfodelamor.sbs/ id: auto-21a6ffc9a7cab73f29c096a8a6b6235c6b2c441b2ee1a9c54b06e0cbe11553f9 status: experimental description: Detects traffic or activity related to https://clehal.triunfodelamor.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://clehal.triunfodelamor.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prarol.cuidandote.sbs/ id: auto-20ebd14dc5e2ee666713cce7c71d644e0c020c95f9db5aeb0a4f181888d57865 status: experimental description: Detects traffic or activity related to https://prarol.cuidandote.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prarol.cuidandote.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://platanxonjal67.sortilegio.sbs/ id: auto-118a5aea358131197f80430c96aa284842b457dbff2b8f4f1f6a59f91b861ea3 status: experimental description: Detects traffic or activity related to https://platanxonjal67.sortilegio.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://platanxonjal67.sortilegio.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://striranmonvaz7.lausurpadora.sbs/ id: auto-c737a93604727f059f90ee0f6855384a52f35133e471549c6ab8a4000d621787 status: experimental description: Detects traffic or activity related to https://striranmonvaz7.lausurpadora.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://striranmonvaz7.lausurpadora.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frepanfinbel7.mariaislena.sbs/ id: auto-f6340af3adf472884f17018d92d05fe51bf6e5026b652610b9e07112e5e6d24e status: experimental description: Detects traffic or activity related to https://frepanfinbel7.mariaislena.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frepanfinbel7.mariaislena.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://spruder.mariamercedes.sbs/ id: auto-9a694cda130764cde5ec6aa6fd6a8212d251af173260bcee2a7419ad938d21b5 status: experimental description: Detects traffic or activity related to https://spruder.mariamercedes.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://spruder.mariamercedes.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grambil.mariaislena.sbs/ id: auto-470c6911ff2af4c3aca15197d74df6b79dc6cd97d07fcc77779e16089159e6a9 status: experimental description: Detects traffic or activity related to https://grambil.mariaislena.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grambil.mariaislena.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brucal100.mariadobairro.sbs/ id: auto-5464b567a538cb148a7c62bf546eb34e6b7c36c1d95ea80f12ebea7dea94f229 status: experimental description: Detects traffic or activity related to https://brucal100.mariadobairro.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brucal100.mariadobairro.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://flomenrinder2.mariadobairro.sbs/ id: auto-2a74e80f2c3dc387d544eb09c9dc9cb3779bcb82ed8136461779462c3ff972e2 status: experimental description: Detects traffic or activity related to https://flomenrinder2.mariadobairro.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://flomenrinder2.mariadobairro.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://trugonder.rebelde.sbs/ id: auto-9264e12c7f6b9824c37c1cdaa028f75920a349467e7791d3879e5cdec9e8a46c status: experimental description: Detects traffic or activity related to https://trugonder.rebelde.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://trugonder.rebelde.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://plaminfar76.corazonindomable.sbs/ id: auto-660cf30830251c64f05b755d890996a31cd8031f75f94005b6b31e0c482012a8 status: experimental description: Detects traffic or activity related to https://plaminfar76.corazonindomable.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://plaminfar76.corazonindomable.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://clevaz.sortilegio.sbs/ id: auto-1fd840b63c4bbc64f9a67e11c6ab0bf0d256c14e67051f78a37c3621ee71e738 status: experimental description: Detects traffic or activity related to https://clevaz.sortilegio.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://clevaz.sortilegio.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://straranvel67.lausurpadora.sbs/ id: auto-63dff71a52411a507c03c33612989c9d30be1767b858e8567c36200df330fe6f status: experimental description: Detects traffic or activity related to https://straranvel67.lausurpadora.sbs/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://straranvel67.lausurpadora.sbs/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm7k id: auto-dc1aea111775e311a1408d370a5cc68a49829cad4b99ac3294863a1c84cbbc9e status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm7k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm7k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm5k id: auto-085159bb0477430fa954a3059bf694f00e03f9c95fee9c27d99549c497f74a67 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm5k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm5k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.182.239:50094/bin.sh id: auto-bf634aa73efefe532788c045b4511d681d0663eb97cc2231a4073a0cb30782e2 status: experimental description: Detects traffic or activity related to http://115.63.182.239:50094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.182.239:50094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentsh4k id: auto-f05e51334b0f60988cacf1f330d27fa6cb449c58f0b553515ac3f26b744d3a83 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentsh4k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentsh4k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentchromek id: auto-bf6f0984d9c8e3f4c91d71887986b1de886e864d301792e28c64519caab01d65 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentchromek which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentchromek*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentppck id: auto-4d72f4b32b2f677c65d842f8a539d35d68b2ed95ffa43a6ce798f83de11a9eed status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentppck which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentppck*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.210.95:32999/bin.sh id: auto-cb3677884b969e6dc31045bbadb52ae4f494c8846f3248b3fc3f7bc466afd43d status: experimental description: Detects traffic or activity related to http://182.123.210.95:32999/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.210.95:32999/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm6k id: auto-2242fb70c6761444921a102711385f06118ea3b69bb3a7b0e0ea6d4c856fd175 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm6k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm6k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/fb79a0ac/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/3c602b2b.png?id=fda89d6f-975f-496b-8f7d-0c3917e7a92a id: auto-fc9ef0ad70447c11d987350a4d25575fb8bf62be013e085aa51209506ad86364 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/fb79a0ac/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/3c602b2b.png?id=fda89d6f-975f-496b-8f7d-0c3917e7a92a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/fb79a0ac/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/3c602b2b.png?id=fda89d6f-975f-496b-8f7d-0c3917e7a92a*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/9b72f516/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/ff208dce.css?b=fda89d6f-975f-496b-8f7d-0c3917e7a92a id: auto-be4319ce3838a0f86ec6db8bc1a36cab42d6df744ec8286e84f6abfa973654ff status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/9b72f516/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/ff208dce.css?b=fda89d6f-975f-496b-8f7d-0c3917e7a92a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/9b72f516/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/ff208dce.css?b=fda89d6f-975f-496b-8f7d-0c3917e7a92a*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe id: auto-f3726c3d724de48c226bce489868d14d3b57ce78e6cfa016f6327025a4ccaeee status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/ea5bb855/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/9318f502.css?token=fda89d6f-975f-496b-8f7d-0c3917e7a92a id: auto-cf4743024528beb10a42f6b444634b8c7a94454d6ba1c6be5601c0ba337353e0 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/ea5bb855/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/9318f502.css?token=fda89d6f-975f-496b-8f7d-0c3917e7a92a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/ea5bb855/33f4d6cd-eda8-48e8-bcd6-7dc5663e96fe/9318f502.css?token=fda89d6f-975f-496b-8f7d-0c3917e7a92a*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/66bb777ecf2257ab4ffa52e86386a383 id: auto-048618656a0e49bde8d0998aec1f245ae230305fb26f22e2c15bea93fa7446d4 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/66bb777ecf2257ab4ffa52e86386a383 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/66bb777ecf2257ab4ffa52e86386a383*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/niggak.sh id: auto-2fd501546e7cd97f9ab8042140d28364780f11602d20d20c512f308b6597ff51 status: experimental description: Detects traffic or activity related to http://87.121.112.123/niggak.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/niggak.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.x86 id: auto-1f847fc5efaeda40b6426ab6f87e7b0d47a3f4a6d36e3b238bb5dea2e4611ae9 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.sh4 id: auto-3aa9ffbebad256c8ed0fffeaceeee0d5b741023b6054e3ee5f404d57b30459fe status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.arm id: auto-70b754bc97181fd908eb7bf60555d06b6322413453e0eef80436843721ed2014 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.mpsl id: auto-e9c7e6920943b2e7bd4b6f37e0674310387fad52c01bdaa02bce3c4855f39e4c status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.ppc id: auto-f9b0a5001ad3ac982a51ea88672646a0bc630515b8ed9e667f0292f218b2f901 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.spc id: auto-f407ba5efd21e342c8619f11bd691295a6eaf3a2263cb80504230073805126f9 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.arm5 id: auto-a359ab0bdfe3a4a2c70b774747db0fdd217b9f49fa5ba475e64e3eed04dfe9d7 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.arm7 id: auto-7f826ae7ee2e4d54678c03a34ff19c7943a8b77a1dc52ffcf5311cf283c48fb1 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/3422b3a9-c126-4bfb-b9d8-41caaf39220d id: auto-361646edd8234c71ecb38ec96ddec7f972cee0b9a4a5e99779e4c8a171af5010 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/3422b3a9-c126-4bfb-b9d8-41caaf39220d which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/3422b3a9-c126-4bfb-b9d8-41caaf39220d*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.m68k id: auto-74abd39f5c9bbd19929ae1ca765d910ea43a15d795e47c87def70aa7185bbba2 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.arm6 id: auto-4d210969bfa63234a7022f2c3c509aa336922bc1bf174d7acbf5ef74534691f7 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.mips id: auto-9db12b508a8aa5343ba9ffffdafaa57943278b468db866fcf31c33c4b697d52e status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/46fa0c2d/3422b3a9-c126-4bfb-b9d8-41caaf39220d/430e7187.jpg?id=7c01eed1-8ff4-477f-b450-6ed3f6a00148 id: auto-c190c791466078c984b99e17d019745384bb1848bec80fdc0b4a264b26473784 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/46fa0c2d/3422b3a9-c126-4bfb-b9d8-41caaf39220d/430e7187.jpg?id=7c01eed1-8ff4-477f-b450-6ed3f6a00148 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/46fa0c2d/3422b3a9-c126-4bfb-b9d8-41caaf39220d/430e7187.jpg?id=7c01eed1-8ff4-477f-b450-6ed3f6a00148*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/b8ccaea3/3422b3a9-c126-4bfb-b9d8-41caaf39220d/e6da5834.ico?q=7c01eed1-8ff4-477f-b450-6ed3f6a00148 id: auto-f8b6fcbec42bb125654d9415026bf95927a9c341bb61819d6e32707ad647bb66 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/b8ccaea3/3422b3a9-c126-4bfb-b9d8-41caaf39220d/e6da5834.ico?q=7c01eed1-8ff4-477f-b450-6ed3f6a00148 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/b8ccaea3/3422b3a9-c126-4bfb-b9d8-41caaf39220d/e6da5834.ico?q=7c01eed1-8ff4-477f-b450-6ed3f6a00148*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/f0b429f8/3422b3a9-c126-4bfb-b9d8-41caaf39220d/5b4b82d0.png?b=7c01eed1-8ff4-477f-b450-6ed3f6a00148 id: auto-10ac3704ec8f39a45777b36c1b94e6232b9bb2d8e87914f65826f0e37c99e5f9 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/f0b429f8/3422b3a9-c126-4bfb-b9d8-41caaf39220d/5b4b82d0.png?b=7c01eed1-8ff4-477f-b450-6ed3f6a00148 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/f0b429f8/3422b3a9-c126-4bfb-b9d8-41caaf39220d/5b4b82d0.png?b=7c01eed1-8ff4-477f-b450-6ed3f6a00148*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42:3000/api/f6f94cd1/3422b3a9-c126-4bfb-b9d8-41caaf39220d/8f47b7f5.css?v=7c01eed1-8ff4-477f-b450-6ed3f6a00148 id: auto-570eedcbd98b1381efe305d4f36a17f489ad64e7830610b5237f374d381550f4 status: experimental description: Detects traffic or activity related to http://91.215.85.42:3000/api/f6f94cd1/3422b3a9-c126-4bfb-b9d8-41caaf39220d/8f47b7f5.css?v=7c01eed1-8ff4-477f-b450-6ed3f6a00148 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42:3000/api/f6f94cd1/3422b3a9-c126-4bfb-b9d8-41caaf39220d/8f47b7f5.css?v=7c01eed1-8ff4-477f-b450-6ed3f6a00148*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.221.139.173:49180/bins/old.x86_64 id: auto-966ba21eb4396361064308d50706f1c5026f19c60c877f27f78f76a9035603a0 status: experimental description: Detects traffic or activity related to http://82.221.139.173:49180/bins/old.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.221.139.173:49180/bins/old.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.85.42/18.node id: auto-e90a4b3f0053f2d9ecac6f1ba1e36c4175561c013da9ee9a21e759b80ca65876 status: experimental description: Detects traffic or activity related to http://91.215.85.42/18.node which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.85.42/18.node*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.160.112:47100/i id: auto-dbd62bd9134e7543f2e01bc3fd9e70cd17ba43369e666aecd426d10e8d045668 status: experimental description: Detects traffic or activity related to http://112.248.160.112:47100/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.160.112:47100/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.87.29.154:33500/bin.sh id: auto-93d244774b3d2401569670c8d2c7f5d2057425320c4cb5d73b261c23b7c2045c status: experimental description: Detects traffic or activity related to http://39.87.29.154:33500/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.87.29.154:33500/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.124.238:55189/bin.sh id: auto-0b37c2be1b5b71e9760526136b165a3299d9365be4e912f86c76b0b7bf49830c status: experimental description: Detects traffic or activity related to http://123.5.124.238:55189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.124.238:55189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.250.84:46645/bin.sh id: auto-8fc59af0a931b0af6ac44cd0c3456caf988d04615d9da0a0d91cdaaae5ffe7d8 status: experimental description: Detects traffic or activity related to http://115.50.250.84:46645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.250.84:46645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.236.114:57701/i id: auto-ea82086533cb336a5cc84fa242476dad63622305fb97f37b7b4e22fb6495d886 status: experimental description: Detects traffic or activity related to http://123.12.236.114:57701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.236.114:57701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.129.21:58342/i id: auto-9dc3d7321d3a41db6122b0397ae99324d268cf3becb78014510a64feeeb82dcc status: experimental description: Detects traffic or activity related to http://115.55.129.21:58342/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.129.21:58342/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/id-core-rs-com/core-1d/clock id: auto-420e1ac25aaa5791578872b1120eb83282d86e48b26a43199708622a159a456c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/id-core-rs-com/core-1d/clock which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/id-core-rs-com/core-1d/clock*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.232.255:41069/i id: auto-b8da50927b916a1a6c024ebbece9916a4ced09f43a201ea10455b8717efa20d9 status: experimental description: Detects traffic or activity related to http://113.237.232.255:41069/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.232.255:41069/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.160.112:47100/bin.sh id: auto-3b6c9eef02b075be712fde6d9cceb3eee266ccc0a0e5387ae9f4b833167d76c2 status: experimental description: Detects traffic or activity related to http://112.248.160.112:47100/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.160.112:47100/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.236.74.65:52449/i id: auto-885120183b940deadf87e83d1e526001ce3b3e92b631fee066c7d74c5aa12173 status: experimental description: Detects traffic or activity related to http://77.236.74.65:52449/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.236.74.65:52449/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.236.114:57701/bin.sh id: auto-b3dbe0308f8d6e8d41fdff5f10497f0fed0390f6a22b6d22ec8dd22bc7f73dd2 status: experimental description: Detects traffic or activity related to http://123.12.236.114:57701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.236.114:57701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.66:57182/i id: auto-018651fdfdd20d5332afcbbc6c2f387fcb290ae3900f545befbcd1bee6e1bfc9 status: experimental description: Detects traffic or activity related to http://110.37.11.66:57182/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.66:57182/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.129.21:58342/bin.sh id: auto-ce56eb39ca35ff231270cb43d139f415ea7586e3ae9827d076e592ae2cba804d status: experimental description: Detects traffic or activity related to http://115.55.129.21:58342/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.129.21:58342/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.232.255:41069/bin.sh id: auto-ba7963f0ff89ce2d29e302f93e755c3c21383d8cc7fcb009bfd59dae288f0dab status: experimental description: Detects traffic or activity related to http://113.237.232.255:41069/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.232.255:41069/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.84.219:37887/bin.sh id: auto-f5a947a003b24fa4c3f61e7ee7a6fd77827b4c7ba034c1f4d0f493ac86de5bbd status: experimental description: Detects traffic or activity related to http://182.117.84.219:37887/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.84.219:37887/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.61.253:44262/i id: auto-d4a6a99631858fdad22c532f2ebc7cd65d5bf5cc93734dfaa6ff2334368ee268 status: experimental description: Detects traffic or activity related to http://115.50.61.253:44262/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.61.253:44262/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.mpsl id: auto-6c6e11487684577a3bb6e829a41c0cd25ba4683eb533ca1aa2747ad4f87bad99 status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.x86 id: auto-d1664f0de195046c0ea42556379d9aee4f83e0ae50f8a3d532c322fcebc837cb status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.arm7 id: auto-50fa6232bbc6d46dac62476749bef77609d77053d4509d3605604a48d69203d8 status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.arm5 id: auto-6c0b39b03cdc6a0eb61eeb8887f6430e960dae4fd03259d66ffb07d6a0cf91cd status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.arm id: auto-5b5d2e124b1247c44b20ef0826ca54a1d73eb66783d761fa340bd8302df530ce status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.arm6 id: auto-25c02d5c77aa0c218ad5a7bbc72ee3778b080edbb3f64649d49b2e7d225f8f86 status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/nexuscorp.mips id: auto-2664fd5dfecb7eb03f731ddb2e9e5127f73e194dde75d83243dd6923cd87df3a status: experimental description: Detects traffic or activity related to http://84.200.87.36/nexuscorp.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/nexuscorp.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.200.87.36/faith id: auto-618b1d720d363a05aa72e2bf5071b48945464929b79688a25709967cd4c0c071 status: experimental description: Detects traffic or activity related to http://84.200.87.36/faith which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.200.87.36/faith*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.130.153:52199/i id: auto-0bbadf2cb1be213996a493752853b342c69d2256250f0cedef854cd11b192eaa status: experimental description: Detects traffic or activity related to http://115.55.130.153:52199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.130.153:52199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.130.153:52199/bin.sh id: auto-78a6e7f611e965c8be5a7773f594be6b7a49b291a5782cd1d283ee92f3cda8b5 status: experimental description: Detects traffic or activity related to http://115.55.130.153:52199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.130.153:52199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.199.94:57371/i id: auto-996a1edcdfe9410f2d59e32c00c0591fb366b4cc3d174fa138bbbf3770ae9527 status: experimental description: Detects traffic or activity related to http://123.12.199.94:57371/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.199.94:57371/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.184.124:54807/bin.sh id: auto-65d6bf954ab46879045021c3f1b389a4056fa2e02d3e9130dce91d0ef7b49c1c status: experimental description: Detects traffic or activity related to http://221.15.184.124:54807/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.184.124:54807/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.174.37:41936/i id: auto-0c1a0108d3261b902dabc529623401c06e50f364902b8c72b4d003e577e62482 status: experimental description: Detects traffic or activity related to http://123.5.174.37:41936/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.174.37:41936/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.199.94:57371/bin.sh id: auto-84741fcf7d734db41c4a7670beb7fc6facb10972a7ce7eae90dd7de7f2ce031b status: experimental description: Detects traffic or activity related to http://123.12.199.94:57371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.199.94:57371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.174.37:41936/bin.sh id: auto-06b739ca947eacf6a9fac9ce7ec870399fc5fc5845a05f1b62c7677e76bd31c4 status: experimental description: Detects traffic or activity related to http://123.5.174.37:41936/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.174.37:41936/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.96.67:48034/bin.sh id: auto-f28b6cb9cd36702452407b5fe5b6d2c6e455620346f5fc73491b82c9e0863634 status: experimental description: Detects traffic or activity related to http://175.169.96.67:48034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.96.67:48034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.3.238:59964/i id: auto-9df925267a1a514510f500096eeef3674569fd49713b49405bf139dd01c97980 status: experimental description: Detects traffic or activity related to http://61.53.3.238:59964/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.3.238:59964/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/r.sh id: auto-8a639d3e607113a4141dcecda8c53d75a005b55a6e2441417bb74bf3d792229e status: experimental description: Detects traffic or activity related to http://185.236.25.149/r.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/r.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.236.25.149/t id: auto-35973129568b3c376bb9bee11310078331727596b449321cd06e8cde94fd11f7 status: experimental description: Detects traffic or activity related to http://185.236.25.149/t which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.236.25.149/t*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.3.238:59964/bin.sh id: auto-2f034448642547447f9f153afec7be9cbc331e47aa7a911418b29b65060bfd16 status: experimental description: Detects traffic or activity related to http://61.53.3.238:59964/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.3.238:59964/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.60:41316/i id: auto-befdef88443ba0ff3db981ef7cbebc613391d59fd320016f1155c2bb6be6fae4 status: experimental description: Detects traffic or activity related to http://219.157.67.60:41316/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.60:41316/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.132.164.234/bins/sora.x86 id: auto-24439bf49fab0c9eac54736436f97dd8dc900308e4d81ebb77cc84934810e4f0 status: experimental description: Detects traffic or activity related to http://23.132.164.234/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.132.164.234/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.2.166:36544/i id: auto-630ff5eac47324648939c6c0e014db5dc76b1fc0a5344f2f5ed6dd03eb740854 status: experimental description: Detects traffic or activity related to http://182.120.2.166:36544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.2.166:36544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.231.244:34899/i id: auto-8ed80f155cc59603ed5235f7c84595937c6aa0c43b6010571acd044bd9c6d4c7 status: experimental description: Detects traffic or activity related to http://115.49.231.244:34899/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.231.244:34899/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.60:41316/bin.sh id: auto-fca0b58819f045142845c71e959eafaebaafaf2807b036c339be1a7630a9d4d6 status: experimental description: Detects traffic or activity related to http://219.157.67.60:41316/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.60:41316/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.250.84:46645/i id: auto-2c2fd2eb035c67f19c9626ef114d578892466b841baee1796b3ac1eac8354d60 status: experimental description: Detects traffic or activity related to http://115.50.250.84:46645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.250.84:46645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.231.244:34899/bin.sh id: auto-469a337dbca37eb1dcd81d4a84016346b6cd25e4ffd830067a5c64a9e1fe8559 status: experimental description: Detects traffic or activity related to http://115.49.231.244:34899/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.231.244:34899/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.2.166:36544/bin.sh id: auto-3c22504effb71127c72e2c881ab375adc31d58c3cc702d1aade0270e0d4a3a86 status: experimental description: Detects traffic or activity related to http://182.120.2.166:36544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.2.166:36544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.227.1.27:40257/bin.sh id: auto-87e431d08a96b0eef88472c0f9caebf8afbbc3bf84bf426af090d54e4b5b53e4 status: experimental description: Detects traffic or activity related to http://112.227.1.27:40257/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.227.1.27:40257/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.213.222:40810/i id: auto-85831fc7efaf213058ec9af59652fd3c17f8fa2bd19ceb28571a38833313ce55 status: experimental description: Detects traffic or activity related to http://42.230.213.222:40810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.213.222:40810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.194.65.235:8040/video.scr id: auto-fab220ead8e845f283fa874aac0ebc2ae4e95681e8d993a881ff1a8f8cb684f0 status: experimental description: Detects traffic or activity related to http://2.194.65.235:8040/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.194.65.235:8040/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.109.85:54104/i id: auto-c506fb74ea033973d365719b1ca70e7c8772191304fe25cb6387e8d3838a9ae7 status: experimental description: Detects traffic or activity related to http://175.173.109.85:54104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.109.85:54104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id4/stage id: auto-e63f9b8d4c1365a1305d3b2f6466b8f5dfc87927ac15cb9130800ab21c71b10b status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id4/stage which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id4/stage*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.194.65.235:8040/photo.scr id: auto-2a9a3139a49342bd9f07a21d52f9f3f1426b780ee472acc59493bb5c5d90e217 status: experimental description: Detects traffic or activity related to http://2.194.65.235:8040/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.194.65.235:8040/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.10.105:43726/i id: auto-96c617fc9396388795052c6e0a328bf93954d623939b8052696f94085bfbae3b status: experimental description: Detects traffic or activity related to http://123.12.10.105:43726/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.10.105:43726/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.85.237:34167/i id: auto-7d557ea9549154c06638c9e0568546009e71ac1707d49a7e8a1067f7d747b54c status: experimental description: Detects traffic or activity related to http://182.121.85.237:34167/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.85.237:34167/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.162.221:36739/i id: auto-c9963bf2a2a8baef1449bd7d749afb4c82a12f5b3f4b2d1b733772d5c38a1014 status: experimental description: Detects traffic or activity related to http://182.121.162.221:36739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.162.221:36739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.10.105:43726/bin.sh id: auto-4b913b1bfaea72885af89f7ceccb8c8f116965974393a299cf368b8460344815 status: experimental description: Detects traffic or activity related to http://123.12.10.105:43726/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.10.105:43726/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id/fact id: auto-4d48b100dd7146450ae7657a255dcc00250bebeca6f08e676bf2f6293143d936 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id/fact which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/id-core-rs-com/core-id/fact*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.22.55:34712/i id: auto-bcac50c5bb8b2e0da91a12709bfd0c972983270505d3b83f7a65a2e724c2df8d status: experimental description: Detects traffic or activity related to http://123.9.22.55:34712/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.22.55:34712/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.162.221:36739/bin.sh id: auto-82eb8023cd9b1fea410f3eb40d428cdbbed29556e448ea5bb715530f076f7501 status: experimental description: Detects traffic or activity related to http://182.121.162.221:36739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.162.221:36739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.230.205:39804/bin.sh id: auto-ff632b5271caf7aeebef471ed890d674f906335af0c48bcde2fc6f98f4f6eb32 status: experimental description: Detects traffic or activity related to http://61.52.230.205:39804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.230.205:39804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.22.55:34712/bin.sh id: auto-5f2fed3dae5cade5eb2d1f769e642140b674db7fa0b0fdab42b8c061719a53d2 status: experimental description: Detects traffic or activity related to http://123.9.22.55:34712/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.22.55:34712/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.176.30:55703/i id: auto-a8612417031d27898006e8e8c6433dbb8e1113e7dc3068ab9c770c0f27449e1d status: experimental description: Detects traffic or activity related to http://221.15.176.30:55703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.176.30:55703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/womp id: auto-27afb462abb1708336a759d6b65d46e2e77fdce028c3567b85f250e460fb3cc6 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/womp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/womp*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/video.scr id: auto-128a9397e0f0201f1818c26888387f8be584b7863f96291a9662903a14c5bb9b status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.245.64:41799/info.zip id: auto-d64ab93db6572a7d61195889801e9d16b9afd4aa27b59e7df4f83ca45a83cf22 status: experimental description: Detects traffic or activity related to http://177.212.245.64:41799/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.245.64:41799/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.68.254.207:8080/photo.scr id: auto-047800764103b8372f2c952da3cfcb7e385a38fc890e2c9b276d5a9db62cbd03 status: experimental description: Detects traffic or activity related to http://118.68.254.207:8080/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.68.254.207:8080/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.78.252/photo.scr id: auto-75292a0f39fd7240ce77c481d6a23f9df9eb891764c9e838001902ce017143f3 status: experimental description: Detects traffic or activity related to http://149.210.78.252/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.78.252/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.78.252/av.scr id: auto-144b56e8572e74a053e2788ac7a65df1edfda1578a4409b9e568ecff3949367f status: experimental description: Detects traffic or activity related to http://149.210.78.252/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.78.252/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:50000/video.scr id: auto-cbee75cffee0f42ff73c81fd266e06c8f0f4c6f425c0b53b3f4ae62a8d1c51c9 status: experimental description: Detects traffic or activity related to http://124.72.91.32:50000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:50000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.78.252/video.scr id: auto-5da0b13c3646ed5399242670bc31cab69fcf8062943ef3e0e9b6af48f60a54b0 status: experimental description: Detects traffic or activity related to http://149.210.78.252/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.78.252/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/photo.scr id: auto-a7f328c84ba60eaaba0a89382132243a20400d74b03efdb3fa27f3be41ecb4ca status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.43.192/av.scr id: auto-080cf0af6bff7099773504225f66730beb0d347d0a7f4ab63dcb402392ed3f25 status: experimental description: Detects traffic or activity related to http://149.210.43.192/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.43.192/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.43.192/video.scr id: auto-d390f7147b0fa181549c92538f97c4cb95e551db3410ff8ef50e33417ab04c91 status: experimental description: Detects traffic or activity related to http://149.210.43.192/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.43.192/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.43.192/photo.scr id: auto-4f11ad71537e2abcf8cdb666ecdab9b4dd24a6d4f2aa59a3a29a28330f7df84a status: experimental description: Detects traffic or activity related to http://149.210.43.192/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.43.192/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.150.66.69/video.scr id: auto-741d112e094e66a2a67e28578f593f73ed729465ee0277450715fc00bf0f5b93 status: experimental description: Detects traffic or activity related to http://79.150.66.69/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.150.66.69/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/info.zip id: auto-a64efa1564bd28ddafd16d4e79f23315c1f4ddccb41e14dd20f7ae5cffcb0edd status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/video.scr id: auto-2753b8a3b5670437649531afbcb393cf1880d88a4921b56d5c658f3d14cc6c3e status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/photo.scr id: auto-29cb961da191c7db899d39e8b17385d4844c9047995eb1cb1ccc2276195fc667 status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/av.scr id: auto-0ed9e4c0dec05ec4acf0e1adf10d6a1dd32afa3da9baa0584c90673dc7a211a9 status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.68.254.207:8080/video.scr id: auto-dac785f5708a640422cead5c4337e53e8e87916c40f4d58e3a29d7a812ee565a status: experimental description: Detects traffic or activity related to http://118.68.254.207:8080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.68.254.207:8080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.19.29/info.zip id: auto-53dbb67c06f5b3731dfe3c73210cb707ee205939438ed7fa6320ca7d6e12c61e status: experimental description: Detects traffic or activity related to http://37.84.19.29/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.19.29/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/info.zip id: auto-d4008eff8f53a86c43f960dba5ee4268db0f23f22d043a1977cad7324bee9df6 status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.83.107.20/info.zip id: auto-84ca87119cc4262bdf8ec0498e798c56b39e32a0a4f93aa2cb1769b1b6dc27d3 status: experimental description: Detects traffic or activity related to http://37.83.107.20/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.83.107.20/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/av.scr id: auto-8e08b631275cd67915c09c4bb25cb8f0a00f6161bb98b78e62fc93883f1dec0d status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/video.lnk id: auto-2c3f826f884c71ee2b53f97f7ebe4846a112eb9c19f74e3d45ff918262541c74 status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/av.lnk id: auto-3f9f16d2e4c983b7fdb3bee39906d0ba2302a1750b10ee43b2ca30be295749c1 status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/photo.scr id: auto-7396ae680abd352e72fdd12875b7c0305f74288cae8c38e9fe429a250776183a status: experimental description: Detects traffic or activity related to http://189.159.134.240/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/av.scr id: auto-2b8fd1d493465752f5f12c73cd9de7328784880392aa7f7bcd7a60803e7e7b22 status: experimental description: Detects traffic or activity related to http://179.89.220.208/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.227.107/av.lnk id: auto-241a1065fd4cd93b38967024353a66e709ca0e53950c9016ccb1ad76531dace5 status: experimental description: Detects traffic or activity related to http://37.81.227.107/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.227.107/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.104.115/photo.scr id: auto-cbd3a45e429dda0b4f9b0867dba419802a8f0d2fd3564f8f8c93bb41d93037e9 status: experimental description: Detects traffic or activity related to http://37.84.104.115/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.104.115/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/av.scr id: auto-ac4b25ebfe2011394d42884ab52a1c96913d25011492f6a8bdf22e1750dd4ac2 status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/video.scr id: auto-e58be5de567d9f9e75ba22c7612ab2624721c9b10cc28601a9433e6dabb542fe status: experimental description: Detects traffic or activity related to http://189.152.125.155/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/photo.scr id: auto-978c1bc728f720e839aa9e76833ce80f6d5c9f5a733546c21aae1e893426706e status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/av.scr id: auto-e066ac34dcef3c10e2949dbbb0ae2e9d7534c6dae35956991a3e381047ecedc4 status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/video.scr id: auto-5b0ac81013ce7a7b5dd9d66a5ebe678fe92054a421dbe92a5d4bb118c23073e4 status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://76.238.215.206/info.zip id: auto-a67c8555830eafb722115816c4806f70cab797153a31f4fa64342e00375c4472 status: experimental description: Detects traffic or activity related to http://76.238.215.206/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://76.238.215.206/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/video.scr id: auto-8ec80b740009b17c1f312a8917ff65a57481f2ddf6910cf8571daf51b005b6f8 status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/av.scr id: auto-944559eb1edc12f0bb196307dd35626c9981ca84a9e1341765ccddd313417902 status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/video.lnk id: auto-ddeb423f733bbefb66f57a3ce033aae31c915c87f967f1b07a9d7efd9f20ec8c status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.19.29/photo.scr id: auto-e791f0b4f28d6e4ce5419947b59f36a7a3a97305a2734837658a3d99c865378d status: experimental description: Detects traffic or activity related to http://37.84.19.29/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.19.29/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/av.lnk id: auto-48316e9c7cb7228f7273451dbd9e6d70b16165712bfe44604e91e6739dd95a9f status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.14.24/photo.scr id: auto-51d0a6c7159a686ccc7106354f78a4e8183c42feb3804a01352091da995a5371 status: experimental description: Detects traffic or activity related to http://37.82.14.24/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.14.24/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.198.234/video.scr id: auto-066fd3145045696f8b17be12333079e61ed01587cc8e5601f21b16537f8605a9 status: experimental description: Detects traffic or activity related to http://191.25.198.234/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.198.234/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/av.lnk id: auto-cadb071401af8005bc93b511140b8ff88eef076a2f7266e68dcb9c762a110fba status: experimental description: Detects traffic or activity related to http://189.152.125.155/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/av.lnk id: auto-462b0e049dd888007ebd1dbfa8a222d3f8f2956eaa9005ef976fa9fe738b5018 status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/photo.scr id: auto-570bdfea71412c570afd1335199061cfb25386dfd163c33714dba1a36a210249 status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/photo.scr id: auto-8e382e256527b4623fc8f8f5371749e3cc26bd61f5af7e24874281bd5a0bae90 status: experimental description: Detects traffic or activity related to http://189.159.155.250/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/video.lnk id: auto-4b0065b1cc885042cd9c66d10ee590bfd0a38637b4eef47dbc8a1b5a6391488a status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.144.181:10080/av.lnk id: auto-3b04f93debe4b3d4f6d1b9ec2353a2ced88525b4bbf5fc398c10f256d7fb8f8a status: experimental description: Detects traffic or activity related to http://122.117.144.181:10080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.144.181:10080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.198.234/av.lnk id: auto-0b795f4b135a3b354553b6d61e07ac9a12ffd35ca30100cfb0cfd909e3fbf0c5 status: experimental description: Detects traffic or activity related to http://191.25.198.234/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.198.234/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.43.192/photo.lnk id: auto-a04b7a4e961f6cad69d90fabf0971a5291a799ba0205e416c955992ebe1ba92a status: experimental description: Detects traffic or activity related to http://149.210.43.192/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.43.192/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.52.142/info.zip id: auto-0b2cea1d9467b495b0b08bf13fe9375146205837c230a528c02e0765904519c7 status: experimental description: Detects traffic or activity related to http://103.67.52.142/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.52.142/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.52.141/info.zip id: auto-c8c61e558e887d4a16752beded4485eed151d347b18bf7b16ee1feb2b44856b3 status: experimental description: Detects traffic or activity related to http://103.67.52.141/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.52.141/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/video.scr id: auto-04e42ecf92098866cb8d90d33970bde86151e896545ddb377498dd0dc85b960d status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.104.115/info.zip id: auto-fc32b3d0480dad05f1bbd6e3a499931b4e371c6b3e8d646c0d244d5669cf58eb status: experimental description: Detects traffic or activity related to http://37.84.104.115/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.104.115/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.198.234/info.zip id: auto-ebea06658965351dd9fbeb42c608d3bbd5dba2e60ac61d628f21d042dd145725 status: experimental description: Detects traffic or activity related to http://191.25.198.234/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.198.234/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/photo.lnk id: auto-c646e027bcab1fdc5304219001342247454242142e89a6640ef399e08880c2da status: experimental description: Detects traffic or activity related to http://186.6.233.238/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/video.scr id: auto-fc3f7d2216cb400d5144ac5c7826555e26518410820c6564741dc1bc089d9359 status: experimental description: Detects traffic or activity related to http://189.159.155.250/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.26.129/info.zip id: auto-f13e211ffbf4503285d4ed8a91f7bf3735ef939d8111a55cf7abc3c3090f6a8c status: experimental description: Detects traffic or activity related to http://37.84.26.129/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.26.129/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/av.lnk id: auto-fe496b6f96250c5e4abe8d537f727fe12211d95bc2947e3b18ba56f61e3aa03e status: experimental description: Detects traffic or activity related to http://187.213.115.213/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/av.scr id: auto-9b8d9c52b2b5adebaac9b95139529640f352469d09dc1ee2f7461b5f700483c8 status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.10:41799/av.scr id: auto-233e73e44590c820948f2d858aeef91987fe839effd8d5fb679210ab9cd8042d status: experimental description: Detects traffic or activity related to http://177.212.255.10:41799/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.10:41799/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/info.zip id: auto-b0964fc2aff8d9bbc06eedba011862e6d69181fac7b61449edfd9936a55d0076 status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/video.scr id: auto-b7537f1e56c113c557bf07d7c25550fac0eb7adf09e20078d38a6fdfe7756c2d status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/photo.scr id: auto-37cee417015500549668ae9f514232ae98041c6f07e734c2d6ab86aab41481e4 status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/av.lnk id: auto-f7d5cca309e0a235e5794912afde091d1e6c63591500d3d17a7ffc2ba1781ece status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/photo.lnk id: auto-01a51157a629a1030cd922064a65398241221f7c62d1b671286c2ad09e2e2181 status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.160/bins.sh id: auto-23170bb50aa851814232d0b04c0a57af20005ecd1d4089a4c9c8afc63062b1a1 status: experimental description: Detects traffic or activity related to http://151.243.109.160/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.160/bins.sh*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/photo.scr id: auto-aa5e210a4e99790a4f17dd1e8309715498f6f74805af4371d0dd475d748bc7a2 status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:50000/photo.lnk id: auto-5bcebf9aeb59d8d18b887b1487f1754fe2ec9dfbbf46e3e1c38616cfc96e81ab status: experimental description: Detects traffic or activity related to http://124.72.91.32:50000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:50000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.150.66.69/video.lnk id: auto-07111b71c47eff5eea6bfb4b1827d0ecdcac6b85bcd2e6f400deef45377911df status: experimental description: Detects traffic or activity related to http://79.150.66.69/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.150.66.69/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/photo.lnk id: auto-13af5d23ac82eaf79bf8645d01e702e762c8db89409b896900e6ca850fd3b734 status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/info.zip id: auto-3d0319be62e67e276eab947d2f3465baf4aff87960dec91dba485f042e8852e4 status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/video.scr id: auto-9f8b87aa3c92a1835d9ef56f5cd4f51088462324c83a22d93f94c5efc39a5b23 status: experimental description: Detects traffic or activity related to http://179.89.220.208/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/video.scr id: auto-b4c07b8f7ab109583eff9013ae588de81b2e3fa0a8b9fe87403e1533cbfbe35f status: experimental description: Detects traffic or activity related to http://189.159.134.240/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/av.lnk id: auto-3a6bde11941b9be6e9afee3999012e93210d28fa83d198a4aec0619b0a062ba3 status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/photo.lnk id: auto-a65564a12b230e4e2b951e8eaee7b4d4435f9fdae496c1aed1fd0f348f987e75 status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/photo.scr id: auto-5ec94387107b3ea428a09edbd5b285a0bd0966ae350c92e0883d437f3e177ba6 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.68.254.207:8080/av.lnk id: auto-05a9998e5a01709f6dc1270bb17993fa2ccb17a1fb29519fdc5d135616e36b4b status: experimental description: Detects traffic or activity related to http://118.68.254.207:8080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.68.254.207:8080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/photo.lnk id: auto-a31124b3fadbf17c5b447b5be309609d6b73cf7b8c0191e59e0fde896605df76 status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/photo.scr id: auto-10600966608206c296faafc76b76034c97ee62c6e987af35ab34af099ca9c4a7 status: experimental description: Detects traffic or activity related to http://179.89.220.208/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.52.143/info.zip id: auto-8b0226a74aa08130645cc18fa5c811dd9620abeeaab82c72eed43171bbfd5c15 status: experimental description: Detects traffic or activity related to http://103.67.52.143/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.52.143/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/info.zip id: auto-4715828f72a33db16968570e4335f5c73a8ca0189a8fafacb545e50e4cff0fec status: experimental description: Detects traffic or activity related to http://189.152.125.155/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/photo.lnk id: auto-cc47ab3db03a31c6839d65274f73ec1c7ad5dad92fc40c8a95d33c8c22ebec9d status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/info.zip id: auto-52e4d6e2baa864c2a15dfe2baa7d8683b060b6a8ca6337403c12be94c1287ff4 status: experimental description: Detects traffic or activity related to http://189.159.134.240/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/av.scr id: auto-43756d54d81cc433efa58f51a574fb7ce964bd074657bc68aa9e4eaff2fe836f status: experimental description: Detects traffic or activity related to http://186.6.233.238/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/video.scr id: auto-d87c5e508fd4897cf430dfcafcb6de925d0b1e369002bfc51cf99b387b829057 status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/av.scr id: auto-d5a79b75d9ba669b95a63d2c6c27873b15c690d502e77b233c937eb6a2576490 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/video.lnk id: auto-af989dd743bd4aaad2c887fe63528358f78a87bd1a1f57c590280d200e05c7b1 status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.78.252/photo.lnk id: auto-e62dbb1863414b8f18274296b67bce81fe4eb822436023fb9a43de3989c81f25 status: experimental description: Detects traffic or activity related to http://149.210.78.252/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.78.252/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/info.zip id: auto-588e8da0689e63d2711a328e8afed7a48551428fb4d0ded4715f0463939f897d status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.68.254.207:8080/video.lnk id: auto-43a277339bf1ca96f08cb7b504bc690b298b55dc263b77e3c1eff3b462dc286d status: experimental description: Detects traffic or activity related to http://118.68.254.207:8080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.68.254.207:8080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/info.zip id: auto-d038d978437d6f7ac7161a12e0a4e8f7e0097758f34a59f9c59ad5a7cd671785 status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.227.107/photo.scr id: auto-79778369fc9a952e9817d9a2296d4c46c4175cd8d3f4ab155ce970bc99801bc3 status: experimental description: Detects traffic or activity related to http://37.81.227.107/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.227.107/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://71.7.239.142/photo.scr id: auto-6a6f1c42dc4c70a246ea7fdda8e40aecc48563f307789fcc84ce0a3dc1f073cd status: experimental description: Detects traffic or activity related to http://71.7.239.142/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://71.7.239.142/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/av.scr id: auto-86490c03b051fd96eac6d4e7703ff870847d5eb7e6fbfe0e6a4d9241e6109a15 status: experimental description: Detects traffic or activity related to http://189.152.125.155/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.209.135.175:5000/video.scr id: auto-ee7e4234c7f0730167c7a5b2401df22ed0f817d8660be6246ea84d0dfc7f8de0 status: experimental description: Detects traffic or activity related to http://175.209.135.175:5000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.209.135.175:5000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/av.scr id: auto-ad2048b830280ee5f78314989fc01bf9a5c8eb39a4473f861512be3fe2bd0f27 status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/video.scr id: auto-be0d0139b21add3df181a111ff0d63f01276f36b69056a16da2fca83785f20aa status: experimental description: Detects traffic or activity related to http://186.6.233.238/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.10:41799/info.zip id: auto-324bc977ce16a44f074775d34b0098677fa683073c656b15a9391098f44b4a80 status: experimental description: Detects traffic or activity related to http://177.212.255.10:41799/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.10:41799/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:8001/video.scr id: auto-3d622960c916146780d0bb92d01b058d4072da24e3ed83248c185154c0e02b77 status: experimental description: Detects traffic or activity related to http://124.72.91.32:8001/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:8001/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.43.192/video.lnk id: auto-69b9f9a0f110c8fe862d7f8e5f83cc4f29df26e35c4fe02c3632b61062b38b16 status: experimental description: Detects traffic or activity related to http://149.210.43.192/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.43.192/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.10:41799/video.lnk id: auto-7bd80f9b0d97a9203467db9ae7f31971a8d744381b91a909ae78be8466313b75 status: experimental description: Detects traffic or activity related to http://177.212.255.10:41799/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.10:41799/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.10:41799/av.lnk id: auto-1408ba3796fbfac3a3228c4fe699b7c75c67e0799f4b59d0a625adfa16a4f6c4 status: experimental description: Detects traffic or activity related to http://177.212.255.10:41799/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.10:41799/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/photo.scr id: auto-efcb60338a11bf317f849d4993e0d5a6320f65c19ad5c0cd6adffccb61524ca8 status: experimental description: Detects traffic or activity related to http://187.213.115.213/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/info.zip id: auto-ff9d6cbea2377284aedcab0daffbda54121e4c28e9a6257da95df2de5ae39838 status: experimental description: Detects traffic or activity related to http://189.159.155.250/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.144.181:10080/video.scr id: auto-e86f3548adeab0c1138d9a7145796fc5c9a9bdcb17a5c62b587eecc9ba1e98a1 status: experimental description: Detects traffic or activity related to http://122.117.144.181:10080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.144.181:10080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/video.scr id: auto-89fb21603d532c6159785aecb6d8e2f136aa97e37009e4c2d022d2ee82221964 status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.113.193.91/info.zip id: auto-71f5ca8e1f27bbe9532ac8334594e6e4495813a58b756544c43280866db07db2 status: experimental description: Detects traffic or activity related to http://42.113.193.91/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.113.193.91/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/av.lnk id: auto-3e306ab37f4770999ceb3d4e3a5d8cc155de17dac4dc054d28e4674b7f85d54c status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/photo.lnk id: auto-1ca625475fa09d40c12d66ed14dbad1ef88be22d74d7c9d331dedacb4f9c8e41 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/photo.lnk id: auto-6310b268ff2fdf30367886570a24f86c11726ec54b9614b1179d0bfede730776 status: experimental description: Detects traffic or activity related to http://189.152.125.155/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.198.234/av.scr id: auto-f4509618745d38879cbc394e367421ca18998bc2977c998548c024533ff7c3ec status: experimental description: Detects traffic or activity related to http://191.25.198.234/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.198.234/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/av.lnk id: auto-3238dead9b88176803e99e2afeb72af3c87f85f9ed4f1a0fa7a7d5bd1844a3b0 status: experimental description: Detects traffic or activity related to http://186.6.233.238/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238:81/video.lnk id: auto-3d3410932d031d16dcbc337e638248ec42c8d3194230526bf3a46986da697ebb status: experimental description: Detects traffic or activity related to http://186.6.233.238:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.144.181:10080/video.lnk id: auto-6144f808ebd8e83b6ab0bc61d7d00e75f87848efe5e4c37d0a937f1f0fa7c30d status: experimental description: Detects traffic or activity related to http://122.117.144.181:10080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.144.181:10080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/av.scr id: auto-0a244f4e3d356376b1489408d8502e61c4fe836effb3febae0223a978dcd44ac status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/photo.scr id: auto-c2c4bca90f57b3e5490bcdb58fc0ba2c36726985feef39ef531d0151b73a3d99 status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.209.135.175:5000/video.lnk id: auto-0419ea15fb1ff045c2dccb5361dad00aa67c6ef5d8fbb2368e6422afcfda8b76 status: experimental description: Detects traffic or activity related to http://175.209.135.175:5000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.209.135.175:5000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.52.140/info.zip id: auto-73077eb30a8186a2308c85225708c81cc868a682b052b2ce49c8a23fbdadecff status: experimental description: Detects traffic or activity related to http://103.67.52.140/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.52.140/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/photo.scr id: auto-8c8bbb42d85d84bae1a826c92a107f2e067393cee58a16e95cdc3be225aea11c status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/photo.lnk id: auto-d082571d489a4cce4b07987cdc234369c9f409920819d82b7b5b1eb5f4acc7f4 status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.144.181:10080/av.scr id: auto-54803e0b0ef703a76c037d07efdaae73ed9e393392fa7e18c53524e1ce719236 status: experimental description: Detects traffic or activity related to http://122.117.144.181:10080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.144.181:10080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.209.135.175:5000/photo.scr id: auto-dfe74359a6de2f61e71775730397f27a257ce7139d40177bd6e648f759670af6 status: experimental description: Detects traffic or activity related to http://175.209.135.175:5000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.209.135.175:5000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/info.zip id: auto-f203e7d1cee92c20d5c79277c7ca6af6a63bb114b8cdefbc4d6e1ce499bd67f5 status: experimental description: Detects traffic or activity related to http://186.6.233.238/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/av.lnk id: auto-e5ea7d541d2f9b7091ef3b28860d04bd11a6ca0a93ea7970cc48465807dfb09e status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.45.137/av.lnk id: auto-f6544a45e2f7adf2deae4353f141ab89e607ce7b42ea98ff75f26423b9d78ed1 status: experimental description: Detects traffic or activity related to http://138.188.45.137/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.45.137/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.38.198/video.lnk id: auto-382a833472e7cc9935c796af895ef8921450a0b5a873832df378e406e55a47b3 status: experimental description: Detects traffic or activity related to http://138.188.38.198/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.38.198/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/av.lnk id: auto-7c50ed6a941d24b9e3237ce77eba25f28dbb81a19a5ee6233ce95b07701eff11 status: experimental description: Detects traffic or activity related to http://189.159.134.240/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/photo.lnk id: auto-42cc08999523e542530639282192794f3def55c643f639ad7689af1e7c4a3649 status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/photo.lnk id: auto-52b548310a10888328b7ccd2a249dd770a20d940b2fcd0522eba368378c5fd02 status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/info.zip id: auto-37b75ad4daa359721326d28a4fb5f2524b9a5fd0a5a8ae73834482e275c3c205 status: experimental description: Detects traffic or activity related to http://179.89.220.208/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.198.234/photo.lnk id: auto-290e59e8c37078bc538ef6b90d3ab97d8b2a9780ee94b7f528e7c6df55276058 status: experimental description: Detects traffic or activity related to http://191.25.198.234/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.198.234/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/photo.lnk id: auto-794693bc12408ea593fc5c1fd2f25815dabafdb31ab56d6afbc23874f60ccc48 status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/info.zip id: auto-eff27df007bf20458c0360d4808c0a6683efdb5f3a035cca4af4a5a30de94ae1 status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/info.zip id: auto-dd18857ea7d47a0dbd7e2c423a86a5ab8765f803d973f381fdd91461b8517abf status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/video.scr id: auto-03b81d4f14973137ac9904f137a46885ed95d8a9e149d1a08bb85c4c772b10a4 status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/video.lnk id: auto-cd0c1b1a2daf29ff65fe8ff2af7106dbfd13e4a2922769a27419522ccce585f5 status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/av.scr id: auto-12c9c5bb36e223d6845e72897c628c707a4cf0ae95c510076d7c890633c8771e status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/video.lnk id: auto-28e72538fa8fa3de78f45af7f7411cde46f0419a80fc038390027699f9b69cd6 status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/av.scr id: auto-645ae6a63bb8f4c19af677846e568d3ea7cf90d3d1924f72c6e9bbc686b2f18b status: experimental description: Detects traffic or activity related to http://189.159.134.240/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.144.181:10080/photo.lnk id: auto-c032b58276d63b89710458b58cd5979d7ac2235f4369dfdfe83b710dc4b7df85 status: experimental description: Detects traffic or activity related to http://122.117.144.181:10080/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.144.181:10080/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/photo.scr id: auto-01d21927e112eb6170df35354af826a52e9625afe437c7c9cc696a28f57dac1e status: experimental description: Detects traffic or activity related to http://189.159.154.166/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/info.zip id: auto-4de928f05c5c72945899325132792c9c63610e982327de4114da540fa824c0f4 status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/photo.scr id: auto-fae31b2e07dfb52ab20a648f678520c028b03552eb721e73081a1bce629f4623 status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.6.233.238/video.lnk id: auto-072e8e5d259b51281ae7677e57f0972487dbcff34808d662cae2ae73ef65d0a7 status: experimental description: Detects traffic or activity related to http://186.6.233.238/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.6.233.238/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/av.lnk id: auto-be425c4d3f2b39dd477e5bb5c8e54e0d9ead212c325e6fdceb1ecfab2b819561 status: experimental description: Detects traffic or activity related to http://189.159.155.250/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/av.scr id: auto-cc383b0223479d44ba7ce1d164a7122e3213ac567a562020d52f451d545513c1 status: experimental description: Detects traffic or activity related to http://187.213.115.213/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/info.zip id: auto-39d72b3418180519875669c3a89fd547208ab49060e7744b50dac435f0fb5daf status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/av.lnk id: auto-bdf985868315eedb9f231a6eba023cf633f7af3769d17ee0191373e789e3482c status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/av.scr id: auto-46e447e4ecaf77fcb071f5f908411acaba156e3fd410766b79b2eb2de5d96223 status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/video.lnk id: auto-564b3a06f89848b61875809793cfaea7468166d1955f2db8181b399315b9718f status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.168.95/photo.scr id: auto-a7356bb27472e057f3df2d8f8abd11030343b5632eb5e459f3d18aeafbefc63e status: experimental description: Detects traffic or activity related to http://37.81.168.95/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.168.95/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.208.6/info.zip id: auto-dbc3f9db1bd1de09434b0d78ea5654537675194c35add913902e3d37f042ed30 status: experimental description: Detects traffic or activity related to http://37.81.208.6/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.208.6/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.208.6/photo.scr id: auto-4aadb2b9b0aa54a397f4877baa232bc7d70fde485e21eadf81081feac8a45c2e status: experimental description: Detects traffic or activity related to http://37.81.208.6/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.208.6/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.158.67.146:22420/av.lnk id: auto-8ce7f1b3f67ccc2d69e457150139d2e89d1c7ac60107babdb8fcc2578fba2637 status: experimental description: Detects traffic or activity related to http://50.158.67.146:22420/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.158.67.146:22420/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.14.24/info.zip id: auto-421c921b48829e8abbafa63307d1b2ccda2a93660b834ba3e7f80b7155a34f05 status: experimental description: Detects traffic or activity related to http://37.82.14.24/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.14.24/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/video.lnk id: auto-12a31a254260c438dde45583ccb7157c30228a51a9019d0eeebc8db2b2100614 status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.209.135.175:5000/av.scr id: auto-1ce76c46aab3e3e49b003c6239cd5d4c5809d0d05f333a51e61d45384fb17795 status: experimental description: Detects traffic or activity related to http://175.209.135.175:5000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.209.135.175:5000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/video.scr id: auto-f489363a8470267ac094b5327d12a83fd96ce26ef7f319f09c53a3b81044525f status: experimental description: Detects traffic or activity related to http://189.159.154.166/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/video.scr id: auto-244bbbbadafc643c7cd96def03ff4d2b8171de351654d2209d8de0d042be9ed6 status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/photo.lnk id: auto-dbb4415acbdfc07263a1ea616282c142bea5e09c85e4a631e02fd1b79610d405 status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/video.lnk id: auto-5436769f020689e907a0966a1d2d8a91bbe63a06d039ba9ffacd4313478003fe status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/av.scr id: auto-63986b3c1bf0205c33a6a2d7d82b7f6534ac0ed1e32304dd8ba993eb36e43545 status: experimental description: Detects traffic or activity related to http://189.159.154.166/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.150.66.69/av.lnk id: auto-062b1cbbaac5a731e7f8bbb9456a8badd70b8093f8d4f396662f9c12273a24a4 status: experimental description: Detects traffic or activity related to http://79.150.66.69/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.150.66.69/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.67.52.144/info.zip id: auto-cc458bd866ab1c265e44a095f5d6f27901a3c84b3c53b9d1ad27dd023c43ea57 status: experimental description: Detects traffic or activity related to http://103.67.52.144/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.67.52.144/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/video.lnk id: auto-2b08bd74c0603d14bdd6d94486d39142c7e6c7e1c3d2d42a5108c7397aff6cc6 status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:8001/photo.lnk id: auto-1f265c59928611b12043cdb0eb1067df1ae2b719ccc4ce8fa347adf573117f67 status: experimental description: Detects traffic or activity related to http://124.72.91.32:8001/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:8001/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/video.lnk id: auto-1eee5720b0a6d45b0e944cec55b9ddcb11168085addab2b7cfc5fad0ec52e2f7 status: experimental description: Detects traffic or activity related to http://189.152.125.155/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/NecatiSoftik/netframework4.7.2/refs/heads/main/roblox-fix.exe id: auto-666045ac11c4924e8047581cf74ef014fc380adb2fefbae63a55a2aa28ec43d9 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/NecatiSoftik/netframework4.7.2/refs/heads/main/roblox-fix.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/NecatiSoftik/netframework4.7.2/refs/heads/main/roblox-fix.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/av.lnk id: auto-b379431f6d790ced6837200105f7c40be891a13197345ec926604de530c3f359 status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/video.scr id: auto-d96d8086d63cd0db34df3720c1e155b1a0f9dcaa4f2b04d8306317dd32a99679 status: experimental description: Detects traffic or activity related to http://187.213.115.213/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/av.lnk id: auto-e08968ad2a2fa643149183317ab22860dae9efe37f04380971164f3b67e1b685 status: experimental description: Detects traffic or activity related to http://189.159.154.166/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.78.252/av.lnk id: auto-0084cfc665efaa23ea4b2987690447f6c52ba5d1c25de33c24fd09a1ef661345 status: experimental description: Detects traffic or activity related to http://149.210.78.252/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.78.252/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/info.zip id: auto-1f930c56c6305b925aea8857bb318344ec83788ecaf0f3ef6b90516132ef8b23 status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.227.107/info.zip id: auto-4122aedb5e215ca8c34444db65f813052e82b27c3223922b3587b3643416efa5 status: experimental description: Detects traffic or activity related to http://37.81.227.107/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.227.107/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.158.67.146:22420/av.scr id: auto-26f6edecb63b542b5d431bf9f8baf630224aa8b36b4a68c635452dddae4cec43 status: experimental description: Detects traffic or activity related to http://50.158.67.146:22420/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.158.67.146:22420/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/video.lnk id: auto-1ccb44d6af3eccc7f409b1803cc3f1f750c38fa421ee466f5e761af72e4f1729 status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.155.135:9000/av.lnk id: auto-b53a0935d14a16c46a9a57790972f0ea1f1eba7a3cb00cae1c0d1c926f23424b status: experimental description: Detects traffic or activity related to http://117.24.155.135:9000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.155.135:9000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.144.181:10080/info.zip id: auto-4e08e5ac5bcca01f695e3fa91a81adc81a305e6caa79d1fb41e6f16dde4cf6d5 status: experimental description: Detects traffic or activity related to http://122.117.144.181:10080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.144.181:10080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.68.254.207:8080/av.scr id: auto-4d00477f63c8871414426942d30f06a3f53ca37dafbdca2724fc5aacf725e06f status: experimental description: Detects traffic or activity related to http://118.68.254.207:8080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.68.254.207:8080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/av.lnk id: auto-abf0b8effc358c416b48191668a4009cec40db435c9a4a1eff5cbbf466e99362 status: experimental description: Detects traffic or activity related to http://179.89.220.208/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/photo.lnk id: auto-ad46a14c4b8fe44a5a4d38e5c4709e4596e041e4e10baba787fdaadd3b864ff8 status: experimental description: Detects traffic or activity related to http://187.213.115.213/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/video.lnk id: auto-73cf40d0325540788c8faf34c553c251c1a82d9f7464fc2434e0194507fe8546 status: experimental description: Detects traffic or activity related to http://189.159.155.250/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:50000/av.lnk id: auto-417c1969585fab9bbb03b369fdb1dd85373a1a90b7b4b0d67b4809c35b719983 status: experimental description: Detects traffic or activity related to http://124.72.91.32:50000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:50000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:8001/video.lnk id: auto-10d6d4101da05625530b559bf1ac34ce90d9227bc4680b7a7b20ffff5e7ef2e0 status: experimental description: Detects traffic or activity related to http://124.72.91.32:8001/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:8001/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/photo.lnk id: auto-ed63a89d462ef8618675fec5400dd78697828b08383780a43479dc2866ed8419 status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/video.lnk id: auto-a800a66e12a0537e948c09395dc14d2176efba28dfe9febf9ad600b854869fb3 status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.227.107/photo.lnk id: auto-f5e048c1eddfb7314b6e88ac1cddd626d863b5f00e3cc87bf8052a3f6f33c6ba status: experimental description: Detects traffic or activity related to http://37.81.227.107/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.227.107/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.202.194.206:8602/info.zip id: auto-4675c37e2f95e401cc5dc50b9e683359f8b4bebc0d526c751bb628800d091bdb status: experimental description: Detects traffic or activity related to http://119.202.194.206:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.202.194.206:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/video.lnk id: auto-bcf9e7a1f0a92a8cb0ed47c096a3320073301a0233a5f9382a85abc3e80f3303 status: experimental description: Detects traffic or activity related to http://189.159.154.166/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.223.242.89:82/av.scr id: auto-bf58778b40da852320962fbe0be82129b664129bc565d8fad5f6379c0916117f status: experimental description: Detects traffic or activity related to http://201.223.242.89:82/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.223.242.89:82/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.45.151.28/info.zip id: auto-de2977668fc46c46fd704703d8ae854da5be2e5179b13f356ada83b5b8fb2ca5 status: experimental description: Detects traffic or activity related to http://70.45.151.28/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.45.151.28/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/av.lnk id: auto-8eb3afdaf724c2b5467887a66e8eca2b97c7c0eaaa0a6a13e801c0157b06262c status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.152.192.85:8602/info.zip id: auto-2ecb9231cad057bbb79c31f18be8b243a717ea55c0d15d6342898f6d44eec709 status: experimental description: Detects traffic or activity related to http://121.152.192.85:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.152.192.85:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.158.67.146:22420/info.zip id: auto-d7f35e7b26a4c1b7e897ea5cef19a1b9d4bb375b003ddfea5fb3a52ae52f00fe status: experimental description: Detects traffic or activity related to http://50.158.67.146:22420/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.158.67.146:22420/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/av.scr id: auto-4e136fbac9e53546a916babe9c0c161af6082e643e46533e54e58a0cb85b9906 status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/photo.scr id: auto-3e34b57cb2e0fdd6af5c9f71154bde29025836efc5f769accb520f022f39a088 status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.168.95/info.zip id: auto-a4b9d3496a83fcc14555ff3f78d2e6e1a5f9f31cb69b0d575075728e878cbcb1 status: experimental description: Detects traffic or activity related to http://37.81.168.95/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.168.95/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/photo.scr id: auto-f8bc8fdfb0f0e53f60e179fe6f9518529d04721ac8690b6f42e5955f57b4b79b status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.10:41799/video.scr id: auto-ef81be2ddbc66f983c4c58832ce3cc7003e3c228061949fdc1d99adbf2e7c2b7 status: experimental description: Detects traffic or activity related to http://177.212.255.10:41799/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.10:41799/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.152.125.155/photo.scr id: auto-84ee4729e5d1bdc729b498415d2219c5a43e1feca44be3801ada78b87337c158 status: experimental description: Detects traffic or activity related to http://189.152.125.155/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.152.125.155/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.33.156.74:9000/video.scr id: auto-0e3f64c742e13087eba719ef730016ae72777ab904241203989e1353b1fe8d07 status: experimental description: Detects traffic or activity related to http://120.33.156.74:9000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.33.156.74:9000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/video.scr id: auto-c1bb63655bfb0b746eb793183fadf8e76c7a10202419c0973c8222ac42666f40 status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:50000/av.scr id: auto-60953515245bbb92029a90b471eb03b2830963f606cc98d64b096952c37cc251 status: experimental description: Detects traffic or activity related to http://124.72.91.32:50000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:50000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.45.137/photo.lnk id: auto-9fb1420c562bc3c456f16e803ddda3df0f1e0ec28d92bac63110784438700674 status: experimental description: Detects traffic or activity related to http://138.188.45.137/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.45.137/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.68.254.207:8080/info.zip id: auto-c8b70498f97068e4d70cea1621af3be3cab17ea806e9a1759fde09f950bbd87e status: experimental description: Detects traffic or activity related to http://118.68.254.207:8080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.68.254.207:8080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/video.scr id: auto-6a904bfeae3070a8caddee9ae01581c8f13c7a0c5503da89664b234ab78900d1 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/photo.scr id: auto-64c692a5e935669b41b2d441952e09253a4a758746e35ca977a7d1f999d0e76d status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.45.239:41798/video.scr id: auto-8d68f9a106e4cbf390b28d48566bc580fae34b0fbde27e37b66aabe6ca3d8de9 status: experimental description: Detects traffic or activity related to http://115.217.45.239:41798/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.45.239:41798/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.198.234/video.lnk id: auto-7543158bdaa08be225b2012e9a6ffbfc8f478b9cec7243bf4ad687252be098e4 status: experimental description: Detects traffic or activity related to http://191.25.198.234/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.198.234/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/info.zip id: auto-94914b23327ea2ae6cf1ef0f75fb6fb0a5417dc55ece5708d2451573a33ec4ab status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.38.198/photo.lnk id: auto-513b292f4f0657bcafb371fb5340a446400197c41406dbb5493b64ef1f68ec3d status: experimental description: Detects traffic or activity related to http://138.188.38.198/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.38.198/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/info.zip id: auto-d7086af629a1e8c82c27d32ab38e8129e7495285f747eb9b4ad4c5b374c95317 status: experimental description: Detects traffic or activity related to http://187.213.115.213/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/photo.scr id: auto-9f9850c203db2c9c4a714022e4d4572bc705c67915c8e684da2212d99fe2698f status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/photo.lnk id: auto-999f2d4986d0798b61b3af4488b0b065d8277331630dbe6bc08c4694700c12a9 status: experimental description: Detects traffic or activity related to http://189.159.134.240/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/photo.lnk id: auto-7a28cea60cb2cc6cc6b9268b4d1f584f256a30e61e58cad79d0ad17980e8288e status: experimental description: Detects traffic or activity related to http://179.89.220.208/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/av.scr id: auto-53033f3dfad3ba06fab8d2762bc5083ae2f2e22cde63ad60feb5ed3df55f65e9 status: experimental description: Detects traffic or activity related to http://189.159.155.250/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.158.67.146:22420/video.lnk id: auto-422266ab21824490bfb317ca5b6599c9549676f11d67d4ff61c389a6ad87e564 status: experimental description: Detects traffic or activity related to http://50.158.67.146:22420/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.158.67.146:22420/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.158.67.146:22420/photo.lnk id: auto-504e28f847aa86a90ad52a1a17b45725f94fb660c38fb29a890601eb08170530 status: experimental description: Detects traffic or activity related to http://50.158.67.146:22420/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.158.67.146:22420/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.158.67.146:22420/video.scr id: auto-38f3b05a585809bcd2bc5ee6935e836455c9c4d34a4753201d6e6ed0eafe6175 status: experimental description: Detects traffic or activity related to http://50.158.67.146:22420/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.158.67.146:22420/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/photo.lnk id: auto-3f698b59d083b888d696b054ae32394ccde6d3195f0d7e8a83798e61e2341e27 status: experimental description: Detects traffic or activity related to http://189.159.154.166/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/video.lnk id: auto-aa4af8de3ca8b1b8725f08987bb83f3d7bee896413793384c7e45ad192fa3389 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/av.scr id: auto-fbfade014e0f7a1fe9e066f3c036145535d070bbfff4a3eec72f7f619eb98d0c status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.220.208/video.lnk id: auto-ee9d824765f33fb9030f579937269cbbd4c837daf987848537cd1650d2c0c518 status: experimental description: Detects traffic or activity related to http://179.89.220.208/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.220.208/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.209.135.175:5000/photo.lnk id: auto-a4483561262cace6c88d91b4a44de177dbc5491cc084472ad4cffc26751c7b88 status: experimental description: Detects traffic or activity related to http://175.209.135.175:5000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.209.135.175:5000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/av.lnk id: auto-a87455dfddd6566c4e7bda1fa7b8b75375bb3fd26a30dc7c2ecfe6c5bc206554 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.134.240/video.lnk id: auto-530e54ef02281372b8e1691347fbe2ae4ed62a80889e27973d1e08f664e3fcb4 status: experimental description: Detects traffic or activity related to http://189.159.134.240/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.134.240/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.95.135:3389/av.lnk id: auto-87cba7b7bbda61ad0c00fa44f6c843096c72e98202e6b9d49af0031e2e67f3c3 status: experimental description: Detects traffic or activity related to http://27.154.95.135:3389/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.95.135:3389/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/photo.lnk id: auto-2c77f630b7787dd5c3160d0cfdec6832151eca834037afff80150f6d461453bb status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.215.240.101:8081/photo.lnk id: auto-f837e1985f00b20676b30b2551d785ba048cb36a726882ddcf351cde80ba04b7 status: experimental description: Detects traffic or activity related to http://115.215.240.101:8081/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.215.240.101:8081/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.129:8080/video.scr id: auto-3440b2d2ef9ed6f4c039b7faf754aa78761783ef7215324d21487ac306310fee status: experimental description: Detects traffic or activity related to http://116.48.27.129:8080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.129:8080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.151.162.116:81/av.scr id: auto-22b3d038c92cbe90d5dbefd705013c6a91befb251f1f8dc1c8616ea61bdf469f status: experimental description: Detects traffic or activity related to http://27.151.162.116:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.151.162.116:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:50000/video.lnk id: auto-1326f827d5ea41181a83f42e49eb7d8fe0706adfee87ea6bd1e787b01e55265e status: experimental description: Detects traffic or activity related to http://124.72.91.32:50000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:50000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.28.134.204:3389/info.zip id: auto-da473cdf49208853aba8fb0be09e62ab25f2eb4f6a7c9aca0bb511406018a7f1 status: experimental description: Detects traffic or activity related to http://117.28.134.204:3389/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.28.134.204:3389/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/info.zip id: auto-88e4394b7c6972a723cc495b41cbe17a4ab29a76586aff736bc687853cf2269e status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.45.137/video.lnk id: auto-26a9a8a8876a7d33acdccfc8e52945564246dc0febdda9b68dd8d8e285edb566 status: experimental description: Detects traffic or activity related to http://138.188.45.137/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.45.137/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.107.43.120:81/info.zip id: auto-cf916e802b98b1afe6d74f67bde3932d2bc58b14c58dd34754a74af14d63907e status: experimental description: Detects traffic or activity related to http://14.107.43.120:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.107.43.120:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.72.91.32:50000/info.zip id: auto-c1fa474494f58af8840e21fd9af2b248ae25e8a5b89350967072444da131b0b3 status: experimental description: Detects traffic or activity related to http://124.72.91.32:50000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.72.91.32:50000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.154.166/info.zip id: auto-5b90b7818d4af5c9c5671c0b9d6d33c888c98d1aa0e868e54b1739526618f268 status: experimental description: Detects traffic or activity related to http://189.159.154.166/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.154.166/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.159.155.250/photo.lnk id: auto-5dfed370d8deb4d1d893c1038937db873a9ce6c51c9a850e81a61b464bf5ad7d status: experimental description: Detects traffic or activity related to http://189.159.155.250/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.159.155.250/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.144.186:9000/video.lnk id: auto-40380f01ed7b2c5d6f5ef09bd07d992ea1be7bd8a0fe0e384bcb9a959ab60d1c status: experimental description: Detects traffic or activity related to http://27.158.144.186:9000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.144.186:9000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.38.198/av.lnk id: auto-d7eb6d23e8173512fff8e323d258b5fe7dd64ce56c25e5558d830e6d56b550a2 status: experimental description: Detects traffic or activity related to http://138.188.38.198/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.38.198/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.78.252/video.lnk id: auto-f3cbbb69936c4c52db1ee52e6b71e3f323bea33de8255c9a7de44c6991b67ed0 status: experimental description: Detects traffic or activity related to http://149.210.78.252/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.78.252/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.43.192/av.lnk id: auto-cddb08dc00b2cb8bb59353a0c5006d26a498591d88d6c3bbe2ec88ce2054be6a status: experimental description: Detects traffic or activity related to http://149.210.43.192/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.43.192/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.162.35.196:8088/av.lnk id: auto-85f78c820078e2946b14e2789985247b136b4d10d708532fdc603a3f15ea61da status: experimental description: Detects traffic or activity related to http://220.162.35.196:8088/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.162.35.196:8088/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.209.135.175:5000/av.lnk id: auto-01810b8bfb2d462cb665df707efd576d306cb1cac03eade408dbf210315fabd2 status: experimental description: Detects traffic or activity related to http://175.209.135.175:5000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.209.135.175:5000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.150.66.69/photo.lnk id: auto-0b446cdbe19a26249db5a381ba91fa4a640a806ae2a53b07984daec971cc21fa status: experimental description: Detects traffic or activity related to http://79.150.66.69/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.150.66.69/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.115.213/video.lnk id: auto-1b5ce72e4a95615d56a8e23f28570023a633c9fd1e1e7cc66c3b5d1cffa27a2e status: experimental description: Detects traffic or activity related to http://187.213.115.213/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.115.213/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.45.151.28/video.lnk id: auto-19ef0e50d9893fa14f788054820a005c4c7c9af57050069c2379e5f743d4d425 status: experimental description: Detects traffic or activity related to http://70.45.151.28/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.45.151.28/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.255.10:41799/photo.lnk id: auto-fdfb557715ba0403e26424a8f70985caf1409209c00cb1ca9182e01b75893ee7 status: experimental description: Detects traffic or activity related to http://177.212.255.10:41799/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.255.10:41799/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.95.53.91:81/av.lnk id: auto-0d1a2703aa95fcb9415bd1caff86699daec2bb69577ecf324e395ca4a0519daf status: experimental description: Detects traffic or activity related to http://218.95.53.91:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.95.53.91:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.89.189.174:9090/photo.lnk id: auto-ddca3dd1c139af7719e3ca776a0fb6fd5cc5954b0b0f6417edaea9e0f8573ac7 status: experimental description: Detects traffic or activity related to http://187.89.189.174:9090/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.89.189.174:9090/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.23.158:42017/i id: auto-ba3ed8378aca2dec60a4c575029a1737fcfb1e502dc3bc2c798b6382e1a176f9 status: experimental description: Detects traffic or activity related to http://117.223.23.158:42017/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.23.158:42017/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.153.99:34320/i id: auto-da006c24b5f45e1dada93f6f4d2b56e3607c5743dfaeecedcdc638a9ec620d1d status: experimental description: Detects traffic or activity related to http://123.13.153.99:34320/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.153.99:34320/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.176.30:55703/bin.sh id: auto-f6e9d47a4b0eacdf911895f224e22c20d5e9e2117427a2a73c1540d555fd078b status: experimental description: Detects traffic or activity related to http://221.15.176.30:55703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.176.30:55703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.225:42020/i id: auto-b2d94faffdd901f20af785614d19dfd70dc8d7b77c1cfcb9a81efe16b61b5837 status: experimental description: Detects traffic or activity related to http://219.157.67.225:42020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.225:42020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.153.99:34320/bin.sh id: auto-6ccc00b809e0386f1daf6736945fdd4304458cb5b516647ad0d229f97e38905f status: experimental description: Detects traffic or activity related to http://123.13.153.99:34320/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.153.99:34320/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.23.158:42017/bin.sh id: auto-e7c1eacf1e010fd726455c6fcc84946070cec5ad1251fecb35670e2337994f36 status: experimental description: Detects traffic or activity related to http://117.223.23.158:42017/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.23.158:42017/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.58.23.242:53859/i id: auto-de004f127965ed9700be72316547006c0985982b7ca5015946239047c77d0fda status: experimental description: Detects traffic or activity related to http://106.58.23.242:53859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.58.23.242:53859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.157.9:55347/i id: auto-af999138994842c130ec721af64e745854d456e71869a9daaaed7ac7b634aa77 status: experimental description: Detects traffic or activity related to http://42.178.157.9:55347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.157.9:55347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/id-core-rs-com/browse4/das id: auto-3086a57dc8df38fb5182c4e6fc9b5c2acb274b339d9b66a9e9d3d045ebecf121 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/id-core-rs-com/browse4/das which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/id-core-rs-com/browse4/das*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.177.94.105/1.sh id: auto-35b8f6180f5a0ef901c1f374e30a8809f82e33ce2472833c5d6a157ad3a60373 status: experimental description: Detects traffic or activity related to http://195.177.94.105/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.177.94.105/1.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.arm id: auto-83064ad64a1dbd71215146563ef983fc9bb1b4baa2ed90a157bb2c47a32e1d82 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.mips id: auto-927d1319cf8612f0cda271a81b9ef55e68e1a5133872e9b85616ec2c03339019 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.mpsl id: auto-26ee17c985f0a3e370e71077c969ad08e2370c34b2798e9b19318147238fea0e status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.arm5 id: auto-e75456994f4071bf125c36557db76e3de7512aaf8d1ed1791fe82d8af7395c76 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_sh4 id: auto-965b5ddb642e8dd860e0a0be3afdace7bf7dc49d1ff502ddf331e3083b6cee47 status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_arm id: auto-132d519dbb4fe91da718a814ab6a7b4ce73b7025ab489ef211989c1b669dba30 status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_x86 id: auto-28bbfe3c3a7af3a03e12837ebec6a41aad65d30c02859156046961525355817b status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_ppc id: auto-5118ed50aa421afe220daf1d95669efc6cb8bd3e86c82fd8dd355a780ff4b90b status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.59.58.26/main_m68k id: auto-9a79244b67a61fd02e0ef153484c459fd55e99fa46e9642d1992d98f6df1393a status: experimental description: Detects traffic or activity related to http://31.59.58.26/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.59.58.26/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.60.208:60727/i id: auto-7b2bc5b67f47caf1e72e86151af27bae48047ce52b01d23a7310270df411652b status: experimental description: Detects traffic or activity related to http://42.178.60.208:60727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.60.208:60727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.67.225:42020/bin.sh id: auto-ac8180f9e2754f9265c116a0f29d1128fd5e3ee293c97faa191ff23381ff0288 status: experimental description: Detects traffic or activity related to http://219.157.67.225:42020/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.67.225:42020/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.157.9:55347/bin.sh id: auto-4b4ad9ef4491417b5d753ece6d744ff19dc69ecc2a7a4e0d3ff0897be16dbbca status: experimental description: Detects traffic or activity related to http://42.178.157.9:55347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.157.9:55347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.58.23.242:53859/bin.sh id: auto-ec36a99b63d4aabd8697886dec26a42919f6e5a35d0146924ca837ac584a4569 status: experimental description: Detects traffic or activity related to http://106.58.23.242:53859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.58.23.242:53859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:46714/i id: auto-0868a1c2a7a3600889cba01128594743e5ba4b14f3fe25ee1d770594befd5c09 status: experimental description: Detects traffic or activity related to http://110.37.73.233:46714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:46714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.60.208:60727/bin.sh id: auto-b6f706554f244d75c5df3bd0abc74843c73ac764caf10dfd5564686524de8447 status: experimental description: Detects traffic or activity related to http://42.178.60.208:60727/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.60.208:60727/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.89.212:59699/bin.sh id: auto-0f13a438f9e78632c25f5b611797544a475bfd16ee652cf3ac355ab87dfd8192 status: experimental description: Detects traffic or activity related to http://175.174.89.212:59699/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.89.212:59699/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.82.196:57700/i id: auto-468e467c55c8179df85d67e06170b96a4054e5509de9b23085caf098f1dcbd68 status: experimental description: Detects traffic or activity related to http://219.155.82.196:57700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.82.196:57700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.0.211:57207/bin.sh id: auto-5ffea9d78d4acc45fc1c0bf85864069993c7212878d677a0e1e7e1c5db57d187 status: experimental description: Detects traffic or activity related to http://221.15.0.211:57207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.0.211:57207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.93.210:57072/i id: auto-2722b434cacb260f54eace9c4e2d2ec48c1fa38a3328e1d8f3091751cf0da59d status: experimental description: Detects traffic or activity related to http://182.121.93.210:57072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.93.210:57072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.83.0:33209/i id: auto-7420c2e41b68cda4b2a6039f4134f40432a0750c8e0888d292c97311f2618c04 status: experimental description: Detects traffic or activity related to http://112.248.83.0:33209/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.83.0:33209/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.130.38:42916/i id: auto-2b60a66758e0643a165c580dde9876e3c9ae43c1b379c1e7f29e70bb84b07202 status: experimental description: Detects traffic or activity related to http://222.140.130.38:42916/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.130.38:42916/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.28.89:49208/i id: auto-674b46bdcfee87173d5a2d4fa2983a918da31deb0c49d40cbc50fc9599190ef2 status: experimental description: Detects traffic or activity related to http://42.53.28.89:49208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.28.89:49208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.66.177:58092/i id: auto-99ac6d6f01f46ebd72fff214aa85605c4f689144a4f4b7bd7b99df9b0bb5e130 status: experimental description: Detects traffic or activity related to http://39.74.66.177:58092/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.66.177:58092/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.130.38:42916/bin.sh id: auto-161851bb7a2f1ab09547ca5a4f71e5f142d6a058a9a4aba9a9ce0a309d59ce14 status: experimental description: Detects traffic or activity related to http://222.140.130.38:42916/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.130.38:42916/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.208.31:57812/i id: auto-4b49c5473a7f4507e153e92b033eb7923bba2da9eca09a54f6008625a184b84d status: experimental description: Detects traffic or activity related to http://222.137.208.31:57812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.208.31:57812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.207.17:49674/i id: auto-8e878e3d32bc70e8aecdf625486f8deec1eec6237ff3ca2f5cecdaf5083117fd status: experimental description: Detects traffic or activity related to http://124.94.207.17:49674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.207.17:49674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.47.157:36292/i id: auto-7a4e85f78b1482fdf72d4d45006c5e07dbab121ac60c235410eaf72f3f8eb923 status: experimental description: Detects traffic or activity related to http://182.127.47.157:36292/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.47.157:36292/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.93.210:57072/bin.sh id: auto-ec49c44498f3347172162038b5e9d3b1d12c46b75919a77bbb2ce8d38ce30e87 status: experimental description: Detects traffic or activity related to http://182.121.93.210:57072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.93.210:57072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.153.196:43228/i id: auto-5ee217c5d50bb21f4b565ba88b2b22bb4cf338424a8eacb2f669c054e891802c status: experimental description: Detects traffic or activity related to http://182.127.153.196:43228/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.153.196:43228/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.1.154:59855/i id: auto-b3625121bdccaad1f70b818007273bb4aa36bf0d44f54810de794a876aaf835f status: experimental description: Detects traffic or activity related to http://175.151.1.154:59855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.1.154:59855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.180.30:49511/bin.sh id: auto-28dc0213e0b68dfe4b47738fc7a724f5e957d346006dd04121c593d16b7bddbf status: experimental description: Detects traffic or activity related to http://123.8.180.30:49511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.180.30:49511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.208.31:57812/bin.sh id: auto-489f5c437aef0b32596cfb80ec022127a316b864922eb839eef802eb11944b34 status: experimental description: Detects traffic or activity related to http://222.137.208.31:57812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.208.31:57812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.66.177:58092/bin.sh id: auto-3f6152f02763ceaef65b1a62f5c91ad376f0412d31070e56ec2733f2e49de310 status: experimental description: Detects traffic or activity related to http://39.74.66.177:58092/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.66.177:58092/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.172.187:60633/i id: auto-449dbe020b038e4ed1f42d7213f0f1eceb069baec4c5f9d25533b5993baf2261 status: experimental description: Detects traffic or activity related to http://42.86.172.187:60633/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.172.187:60633/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.47.157:36292/bin.sh id: auto-98d2692676fa6f825e6e22117e97d43e918f44994f2e6cce5338b098f16dec14 status: experimental description: Detects traffic or activity related to http://182.127.47.157:36292/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.47.157:36292/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.1.154:59855/bin.sh id: auto-4c8421ef2fb330acbb71407d15bd0c00a66a7eaecd532ebba1ed362892d9293c status: experimental description: Detects traffic or activity related to http://175.151.1.154:59855/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.1.154:59855/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.137.158:60134/i id: auto-9e4d94c0d978edf9d6efac02d635ffb03aadf480f268f95046e37de1b436a1e3 status: experimental description: Detects traffic or activity related to http://125.41.137.158:60134/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.137.158:60134/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.56.14:56519/i id: auto-39d24963ecb490ee16ef0dcb90b3acfbecf523302b8f5e319366aece3be66a60 status: experimental description: Detects traffic or activity related to http://219.156.56.14:56519/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.56.14:56519/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.36.5:57506/bin.sh id: auto-c31a82c9633c3d33fa9c3072922912c6b5102a0307b7c060035dc2a9dbbbb0c2 status: experimental description: Detects traffic or activity related to http://110.37.36.5:57506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.36.5:57506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.50.196:59303/i id: auto-d7da7091bd06722de445afff059fb9d1770839c73e859c75cdda0d9f684cf1fe status: experimental description: Detects traffic or activity related to http://115.63.50.196:59303/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.50.196:59303/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.39.201:42842/i id: auto-f6ae3d724933bcaa4c0502ca101bcc4d5c46cbf6e3a9848d5f9063116b0d8c09 status: experimental description: Detects traffic or activity related to http://42.228.39.201:42842/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.39.201:42842/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.24.200:47720/bin.sh id: auto-5dd45c20198b3d9c3ef7ebf96d1fdfd22f2b8adda0d9bb6249e808f352d85f09 status: experimental description: Detects traffic or activity related to http://42.230.24.200:47720/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.24.200:47720/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.56.14:56519/bin.sh id: auto-f0357f323abb69913d9bf79bedf4c974c0cd3a18ecefd6edb03d423a835e4bc2 status: experimental description: Detects traffic or activity related to http://219.156.56.14:56519/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.56.14:56519/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.137.158:60134/bin.sh id: auto-403733a0d27916de1f162f5c21d53ec4572a1bfc1bd1af12f5e17081f0281166 status: experimental description: Detects traffic or activity related to http://125.41.137.158:60134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.137.158:60134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.31.246:58454/i id: auto-13e6280efabcf2caf4dd31fb8d4440565fc8c5e015d615c56291ffc3e848d88c status: experimental description: Detects traffic or activity related to http://182.112.31.246:58454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.31.246:58454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.183.224:38811/Mozi.m id: auto-cfd39b3a1b31555729da3847d85520f52a8ec480cdf7ff811bfd59507fd2319c status: experimental description: Detects traffic or activity related to http://117.216.183.224:38811/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.183.224:38811/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.208.45:33124/bin.sh id: auto-4392e02e1f514c2c35c095baec4fd82972e63071d0142b8ad65e8a26153bf2ca status: experimental description: Detects traffic or activity related to http://182.123.208.45:33124/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.208.45:33124/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.31.246:58454/bin.sh id: auto-cff1980b0081c23fdcd0f518650bdccc88b4dca4dd68d9bca22ca9e29d9459cd status: experimental description: Detects traffic or activity related to http://182.112.31.246:58454/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.31.246:58454/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.39.201:42842/bin.sh id: auto-d7bb11341f416b5eecaf5b1c258fa01cf8799f2c95b70dca292e260fcbd8d49c status: experimental description: Detects traffic or activity related to http://42.228.39.201:42842/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.39.201:42842/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.252.171.171:46032/i id: auto-863644d8c48bc42be6a1165af3a97a4e498f24eec053ae504b27f34cc5d715f3 status: experimental description: Detects traffic or activity related to http://112.252.171.171:46032/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.252.171.171:46032/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.10.159:40285/i id: auto-05046b3437fb42d1009e78428912ab187f4b2bc8416f6ea4c5ee1c3435deb3db status: experimental description: Detects traffic or activity related to http://115.63.10.159:40285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.10.159:40285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tBNB-morf id: auto-d021573d76f90c03e6bdb2923069944f2e6ad55c346a940ef7b3fa56fe26dbfa status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tBNB-morf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tBNB-morf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.50.196:59303/bin.sh id: auto-6ad1c67f7e9d61e1cf0588389f9b703c215a8b88bb1d5926c23c903587ff7842 status: experimental description: Detects traffic or activity related to http://115.63.50.196:59303/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.50.196:59303/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tBNB id: auto-0ff92ce9aeb72900c0ee64c0b11f0a557aaa1669b8999952196c551d688fdfcf status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tBNB which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/tBNB*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.10.159:40285/bin.sh id: auto-bc5d918a3271d56ee3b893f0ea8564b80a27dd4cb53dff36b213f77ea19e41d4 status: experimental description: Detects traffic or activity related to http://115.63.10.159:40285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.10.159:40285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.210.95:32999/i id: auto-7efed7c617062ca6fe1d11e6dfad76e7d093e2e26b648e0190afd3f2dfbae346 status: experimental description: Detects traffic or activity related to http://182.123.210.95:32999/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.210.95:32999/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/404 id: auto-8ee43da0834d7d1fbc1b8355d8e277e9d765508da92d544936cc1f4429d23faa status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/404 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/404*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.180.153.24:47554/bin.sh id: auto-36f49b6ca160cb8b0c661f1656afe8b3a7ef8328d08a71783786e47678d18d5b status: experimental description: Detects traffic or activity related to http://59.180.153.24:47554/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.180.153.24:47554/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/bnb id: auto-324ac949816b73705a75f5abeeec28e81d7ff7f884ddd5e4b5cc7170317a6b20 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/bnb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/bnb*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.19.9:47441/i id: auto-3ed067f424d36ebbccb3e89503145765310bbf1216bdde48d8653d041012faa4 status: experimental description: Detects traffic or activity related to http://123.8.19.9:47441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.19.9:47441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.69.231:56476/bin.sh id: auto-81df0e7693b4bc52609422bea3e791658dd13a732f663308b2d05ec2a445ff4d status: experimental description: Detects traffic or activity related to http://182.117.69.231:56476/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.69.231:56476/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/ghhhhdhhh id: auto-aa297816669f0c056bddd8213424169ecd683ac6d5db059f8f3c81aac2cc3297 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/ghhhhdhhh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc457-api357-metadata-regist8/ghhhhdhhh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/fooot id: auto-c0d71027e7434aecc7b99388069f16c7811b3dfa3ef5cf07c9034fca9747f89c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/fooot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/fooot*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.66:56068/i id: auto-159a550559dead230afc89afe8e72fe5803bb00351b861308a89ced0418e9f08 status: experimental description: Detects traffic or activity related to http://110.37.118.66:56068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.66:56068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/bmn id: auto-7347ec760cdf7c31b31013d9fdf56a370267bfeffab691f75a3e46aa1b7e472a status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/bmn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/bmn*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/nigga id: auto-947dceb86ea94bc64c20fd115295ac4d5a15872f9506fd0451ca0454985334e4 status: experimental description: Detects traffic or activity related to http://91.92.241.10/nigga which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/nigga*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.19.9:47441/bin.sh id: auto-6013eb4c20b16d0b6263b0d468c6fa921bf72109748137e6ed0497e48a7e48ee status: experimental description: Detects traffic or activity related to http://123.8.19.9:47441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.19.9:47441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.0.6:42438/bin.sh id: auto-cdd82bcc2c6c84fa3594128325c2146e50e2ea8511a89a81b2c1f65217338f52 status: experimental description: Detects traffic or activity related to http://180.191.0.6:42438/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.0.6:42438/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.54.174:51705/bin.sh id: auto-0ee8f01bdd2c4670262d208db6551b9a1e9ff94bd8dee9026ebd9203398796d9 status: experimental description: Detects traffic or activity related to http://125.44.54.174:51705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.54.174:51705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/opal50 id: auto-5bb59eac9a5a87623857b09c7c7b38d0f19f9a57f2f036272cd64b889827ad3b status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/opal50 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/route-s215/opal50*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.156.118:58286/i id: auto-48c6367bd8bf0da20126012839382a0b6474f00dbedb61a933d38c6e3e330c35 status: experimental description: Detects traffic or activity related to http://115.50.156.118:58286/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.156.118:58286/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.66:56068/bin.sh id: auto-29675b381c0971170fcb4f231563b9138dd63feef89b72a69a78dabe632b78eb status: experimental description: Detects traffic or activity related to http://110.37.118.66:56068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.66:56068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.113.64:55883/i id: auto-bbded3535abdfbd23061132b65f62b6c14d8304b27e44efc1dd882fb63d5e7f3 status: experimental description: Detects traffic or activity related to http://112.248.113.64:55883/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.113.64:55883/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/ino5f id: auto-81b55c1daaf8a8b741b68b6031a1db864675bb3b71eeb25c25a7aeb7a0010fad status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/ino5f which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/ino5f*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.37.29:45068/i id: auto-1f85c770fb47b86dba8b2ee5bc2dcbf403bbfb2d4479e7a31d065291aab76e95 status: experimental description: Detects traffic or activity related to http://42.230.37.29:45068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.37.29:45068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.156.118:58286/bin.sh id: auto-789835751e286feee1cf301c83ee6064f4f7aa19265ced776d6aaf5e313e371d status: experimental description: Detects traffic or activity related to http://115.50.156.118:58286/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.156.118:58286/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/arm id: auto-0ada2d4e219d499e8ee10a04980ad61449828bb59540c3ffd9e177c2fafadb86 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/arm6 id: auto-92e5474df6998a9a21f9cfff373b71cee96e6f88349a52dcf6290f7d07c94182 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/x86_64 id: auto-e606e0ac75c8cd24dc7606be325aec2bffabb4f9ded1ee2b37f72da9e3cf86dd status: experimental description: Detects traffic or activity related to http://js.byxly.vip/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/sh4 id: auto-7c7c6f0263f1ffa1b5cf82a307057ad4fab60bc01c74fab573b6eb15a9e74770 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/tvtbtn id: auto-a2e852e32e933a474795a0ecc6e267d0732b82884d60f234ec777dfe76259f04 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/tvtbtn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/tvtbtn*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/i686 id: auto-c9c3052d7ab2213f8b5704d4f2ef31880e7bcfbbaef37b35876a894aca249394 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/i586 id: auto-892120a5a9661c8eeb1ff5f695c921f34012119886566fdc3a6e15d98fbbb0d6 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/arc id: auto-f263b43d50a833f588c5bc3e37bd0fd79e9cfb3fcc0758c816d6e743c3a92528 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/arm5 id: auto-4e4a8133b5e67baf8fe381816a043318e09c7d5ecc3487309ba025daaaab192c status: experimental description: Detects traffic or activity related to http://js.byxly.vip/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/mips id: auto-7ea17f7e5e85f014e276ecab540f461811095b407817ddf645bb9077edb3ae1c status: experimental description: Detects traffic or activity related to http://js.byxly.vip/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/mipsel id: auto-c7de75b7c4c63bc81c18049c51872084209a130dd555de558b4f425bc82bc867 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://js.byxly.vip/arm7 id: auto-53bc0944c78c23a90f8fd42b5517eca65ff806df96c40d0dbc47d021f9d74355 status: experimental description: Detects traffic or activity related to http://js.byxly.vip/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://js.byxly.vip/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/baa50 id: auto-5b9c6e8cfcc1e0f0a1608fad012abf03b9550b2dc6b6f917508684869f1854b4 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/baa50 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/tkn-mgr0280/baa50*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.106.220:59369/i id: auto-04e8909ab40e99d6fe5b81cab65406ad29be23b84f3f9329126e077c9bdde382 status: experimental description: Detects traffic or activity related to http://115.52.106.220:59369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.106.220:59369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/x9-auth-mn-rs/momo id: auto-b3d29f9f3595b68f1dd81c273e40fe00a825628df7b386e4f670f7fcea2fcd16 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/x9-auth-mn-rs/momo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/x9-auth-mn-rs/momo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.sh id: auto-3d6dbcff2e837cb0b8e69863007beecde5dcf8b09f54423fbee21c6962dc438f status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Zovefuduf id: auto-4887e0fe31790f268b7e5036975210315a556836efb25d0930c255d6d8c484ac status: experimental description: Detects traffic or activity related to http://103.27.157.202/Zovefuduf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Zovefuduf*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Telonep id: auto-36a03ed78be282b09840b909b754ef79d5d4043eed205cea7ac10e28aeea4f6a status: experimental description: Detects traffic or activity related to http://103.27.157.202/Telonep which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Telonep*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Yayemolum id: auto-2b23e5bf48c207b09e4780a3121d2b2747afa130da19656e6fc8754f09725fcd status: experimental description: Detects traffic or activity related to http://103.27.157.202/Yayemolum which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Yayemolum*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/123tet id: auto-d7d96999cc1816701b17f5dd7ae414c8f3ceb0a8e0708789c2d8a3db9b2aab74 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/123tet which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/123tet*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Dovewiku id: auto-09a95a15793b7ef89b9b28825e18ad2fd42cbc3fdd9d0127d1e80d6e14e15688 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Dovewiku which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Dovewiku*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Vutopuca id: auto-3161c13a9ae205710c8be0d774572ce997e2f65cc09bc7609b87e6eb9b0e848b status: experimental description: Detects traffic or activity related to http://103.27.157.202/Vutopuca which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Vutopuca*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Pekawu id: auto-f056557b2ab6f3d4ea0a03f60f4d3b61e9f3d6cab9dde14176c05ef1965be985 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Pekawu which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Pekawu*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Dimejehu id: auto-3c82cb0f49b28a113cbda6e89cd9d6650ffdbc413ab9b162c78e693dd6799dc5 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Dimejehu which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Dimejehu*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Wosisapi id: auto-1d1f74a1422172972e6c7751fd27db743782a929d715d68369273454c89704cb status: experimental description: Detects traffic or activity related to http://103.27.157.202/Wosisapi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Wosisapi*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Tokidimi id: auto-fa1ddfd115b77c648fa1666cb84e1232c36a2f8213541db8896eb0e997338619 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Tokidimi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Tokidimi*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/default id: auto-04698e7383bbc5af6a445f54b9de290023c023cec41eb38281ac37690aad4d6f status: experimental description: Detects traffic or activity related to http://103.27.157.202/default which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/default*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/jgjfghkgjk id: auto-28dec413ff71c68e83110ed1b0aa4c2f8afb26724dbe4605c25c33a632d27687 status: experimental description: Detects traffic or activity related to http://103.27.157.202/jgjfghkgjk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/jgjfghkgjk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Xoxovi id: auto-629d0ec11eb1a0db9dd229a6e77525be7fe9df7ec75a60055fdf2371b2ddb1c8 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Xoxovi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Xoxovi*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Fegadut id: auto-46c5dfe2e4498015cffb5b5ce1fa5352a7a7e136fdd856655b17d4841f5de8e1 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Fegadut which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Fegadut*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Paxaga id: auto-82ea70f103c3902ed1fce769bff804447a7cd1b17ef33d19ca11a81228c52e41 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Paxaga which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Paxaga*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Dijuvuse id: auto-7259abf8750ecfd90658389c4caff71f85f768cf7d32ca79cf74b14b802d4a8d status: experimental description: Detects traffic or activity related to http://103.27.157.202/Dijuvuse which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Dijuvuse*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Jipuguga id: auto-1c92cad53a7c96fd9917505daa814662d50c716ac4ab796bd8e6c3088fdc16b5 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Jipuguga which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Jipuguga*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Bupumogic id: auto-3859106b5574def608326f25db8402bbf7d3b3f975b10b81100a6ed6f14a766f status: experimental description: Detects traffic or activity related to http://103.27.157.202/Bupumogic which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Bupumogic*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Wiyegu id: auto-13d39e637ce076775cbb6e28f286da77f3984b36d459d738afe41349ef4e55d7 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Wiyegu which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Wiyegu*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.27.157.202/Gudamepo id: auto-f366bd071d20e10b905cd906415134ebe8be6f0f406adaa1b2f6b81087e87bd0 status: experimental description: Detects traffic or activity related to http://103.27.157.202/Gudamepo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.27.157.202/Gudamepo*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.20.74:51113/i id: auto-b760f1d2d4b217a146e44f553a8f808aae4b0c1f269ea99e6618d0d9f76a834c status: experimental description: Detects traffic or activity related to http://123.190.20.74:51113/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.20.74:51113/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.mipsel id: auto-8959140c784dedd7a89092a4568c406ab42cbd1403ba79f8751d5d93e232e964 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.arm7 id: auto-04f9266b05ed8e3704677def7b317753dde5916caeb556dc74346ec9ec4ba66c status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.arm5 id: auto-8f105f04647277a4295a2eb122c9eff9680be2ae2db18ae08119fe6c10fdb4e1 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.205:44261/i id: auto-8960ed6202ec57e19bab1de24182e561811c33f7c624e81f6844f66a94b0c50b status: experimental description: Detects traffic or activity related to http://110.36.0.205:44261/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.205:44261/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/m-i.p-s.SNOOPY id: auto-fb7224452b7eb02e92f17431e8cc04d6ace6279f9d74cb04478c6c6a1033f50e status: experimental description: Detects traffic or activity related to http://151.243.109.235/m-i.p-s.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/m-i.p-s.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/i-5.8-6.SNOOPY id: auto-74b4cd04a2890dd65a1db8d24bf62c77cf950381140f74f70ca13f6eed954326 status: experimental description: Detects traffic or activity related to http://151.243.109.235/i-5.8-6.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/i-5.8-6.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.i586 id: auto-6061aaeb803a51d561c82a246a38d5b1d55b2f011163400da8dd67dc92b529b7 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.m68k id: auto-7f919f7762913a1e15fc93b1844bae640d14a7e1bfe04e280f1242068501642e status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/a-r.m-4.SNOOPY id: auto-64ce3f487cc299e67fd226cee3e7d7f5dcea8a20c2fa76605c5007b75d7f6ac7 status: experimental description: Detects traffic or activity related to http://151.243.109.235/a-r.m-4.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/a-r.m-4.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.x86 id: auto-797c8ea96b3ee1f9e9abde6232635e8ebe9329bcbb8f00f6ce0b0fa514937ac0 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/p-p.c-.SNOOPY id: auto-4a9c3aec6a9e6e9cad54f19281c083743bf99af4345502b65511ea46824eda31 status: experimental description: Detects traffic or activity related to http://151.243.109.235/p-p.c-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/p-p.c-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.ppc id: auto-af40346489dbce76d3dc9aad79de1339a5a466e9a6c6473b33174c357f6ae0af status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/s-h.4-.SNOOPY id: auto-27761d13baee3a5b4910a18fa6fd376fddafe427296b9731beb8e82877cb3eac status: experimental description: Detects traffic or activity related to http://151.243.109.235/s-h.4-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/s-h.4-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/x-3.2-.SNOOPY id: auto-1483344ada5bd9bf8570eb28f57ec8de9f36da32b0882a7368470d2bdff76f6b status: experimental description: Detects traffic or activity related to http://151.243.109.235/x-3.2-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/x-3.2-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.sparc id: auto-af8c25a041de6f69c2c97e43643e3b0df392da70d97b716ee44e350759712caf status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/m-6.8-k.SNOOPY id: auto-514962039b70f6b7d7dea882161edecfb20fcb5141671e24863fe8d07540db6f status: experimental description: Detects traffic or activity related to http://151.243.109.235/m-6.8-k.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/m-6.8-k.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.i486 id: auto-7e17eac4a4338e265a336402ec2bd47095f2b239fe322d53511e1141ab411983 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/mipsel id: auto-5979a5c0468ed54e1d7778b8cf6aadb015c30c977eb2a98d1ba0455c4701c6e5 status: experimental description: Detects traffic or activity related to http://151.243.109.102/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/x86 id: auto-419a40b4365248956b9e54d700f1e1d521c9049eea011775ed77ffcabdb591c3 status: experimental description: Detects traffic or activity related to http://151.243.109.102/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/ppc id: auto-25960443b9099ae829c923ce8c1b15fce669c11966e1e1154d057f3a77d21c6c status: experimental description: Detects traffic or activity related to http://151.243.109.102/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/dc id: auto-187c36f4ca819d9066661c30effb9e64fe782c7668aaec517bf732703aad4e30 status: experimental description: Detects traffic or activity related to http://151.243.109.102/dc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/dc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/sh4 id: auto-34723dbfec75b3f1ba2017b7989c901f1fee3f5ba4469793f06f3682c90d6b0d status: experimental description: Detects traffic or activity related to http://151.243.109.102/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/586 id: auto-a69b5da1b82e1b3557b3e1b872a88dfc4d28f8307960948348f3cbf30defb645 status: experimental description: Detects traffic or activity related to http://151.243.109.102/586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/mips id: auto-d260ad8d4073af3d6bbeb0c0417012d1d36092d2d6baa52b5888d456374563db status: experimental description: Detects traffic or activity related to http://151.243.109.102/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.arm6 id: auto-c528e0d5257105ba9a9e84b2a210a69d25bb9b20bd06b80e2bfa6651fae3083e status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.arm4 id: auto-28ad30e99c5ca03536aa16031581d408f91e3dfb82335c42505f73ce3f062857 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.i686 id: auto-b22e624e195d4382329590485df7861c6f07a91ae43705d947a348f13d8b0eec status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.mips id: auto-8502e98a82766aaac40bcb91e72db764f8b5b93b027fb52f2dc15e3a6ca2bea6 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/a-r.m-5.SNOOPY id: auto-dbe1593e7f228f1b95f02343b8cbea0efac1aaefd57662a69e21b5d7b4526afc status: experimental description: Detects traffic or activity related to http://151.243.109.235/a-r.m-5.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/a-r.m-5.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/m-p.s-l.SNOOPY id: auto-1c91091fc26e11ca29ee60ec11506f9898751fbce1ff9527585ff54ef31886b8 status: experimental description: Detects traffic or activity related to http://151.243.109.235/m-p.s-l.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/m-p.s-l.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/x-8.6-.SNOOPY id: auto-64cb83fed6b7deca256510b4a7ea48d3b257e11efd7bd645e53591d58460f622 status: experimental description: Detects traffic or activity related to http://151.243.109.235/x-8.6-.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/x-8.6-.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/chernobyl.sh4 id: auto-e331b18269e6dd5da19ebf79e32aa298235461c494458d6f8ebe9bc8c805c010 status: experimental description: Detects traffic or activity related to http://151.243.109.71/chernobyl.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/chernobyl.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/arm61 id: auto-cac72d7d0c0dc8f5026cb9df089b5b93729ab93fdda428b90c29af121929ae86 status: experimental description: Detects traffic or activity related to http://151.243.109.102/arm61 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/arm61*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/a-r.m-6.SNOOPY id: auto-d7f8d5a1ec20fc68f3e2aa0abaf2894594b699aa645a35607a0e5c8ae06c6971 status: experimental description: Detects traffic or activity related to http://151.243.109.235/a-r.m-6.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/a-r.m-6.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/scar id: auto-13d2d52b27f0255667098fb71d04ac23c84bdde5537c6d2ae983057efc375a16 status: experimental description: Detects traffic or activity related to http://151.243.109.102/scar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/scar*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/m68k id: auto-5c7c7fb80abdee654c0a6720735515ffdea84ab4c7d09305ae07f9898392c65e status: experimental description: Detects traffic or activity related to http://151.243.109.102/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/co id: auto-4cda8835f7475997a506a559c6cb3a9a23a969e1351e184f3981e08f56c12bfa status: experimental description: Detects traffic or activity related to http://151.243.109.102/co which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/co*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/dss id: auto-fb1e42b49c97c3cbecc731098eb8b276c326363501a1299d14287dd17c59bbd1 status: experimental description: Detects traffic or activity related to http://151.243.109.102/dss which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/dss*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/i686 id: auto-2c9e72f24b377f58da64ec7398de0c1048d217b2ef2688f4e53f9b4e42f53a51 status: experimental description: Detects traffic or activity related to http://151.243.109.102/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.102/sex.sh id: auto-1b61e3607fd1681366897c3c39f0ae51692a55422b9c27abd30270d055775ebf status: experimental description: Detects traffic or activity related to http://151.243.109.102/sex.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.102/sex.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/SnOoPy.sh id: auto-70e0f1763be95203a5b73bd5542a224f2045b2478cd909f5133da0262e3f29ad status: experimental description: Detects traffic or activity related to http://151.243.109.235/SnOoPy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/SnOoPy.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.235/a-r.m-7.SNOOPY id: auto-2a6d795d4a309aa066de793329dd0e6627630d5d568dd26d6302beda6c1c252f status: experimental description: Detects traffic or activity related to http://151.243.109.235/a-r.m-7.SNOOPY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.235/a-r.m-7.SNOOPY*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.109.71/cache id: auto-21f62e7c43346aa738148498d8ff1fcd8b92e0a781ba0b93f81a379a97a56937 status: experimental description: Detects traffic or activity related to http://151.243.109.71/cache which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.109.71/cache*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/te78 id: auto-68c96102727b8f5fe0a54b7ac153e6848a3ec10d5160083ae43b6f7fc69a7ffc status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/te78 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/te78*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.106.220:59369/bin.sh id: auto-62ae4a6a465d327e3aa6f647d1ce79039caee2adfd8039cf67b184bc32332c8c status: experimental description: Detects traffic or activity related to http://115.52.106.220:59369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.106.220:59369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/Setup.exe id: auto-2a1a2674a356fd27c56988511d71616787b52b68431c8017edcec08fca7ef11a status: experimental description: Detects traffic or activity related to http://62.60.226.159/Setup.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/Setup.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.mips id: auto-c6d0abe9fe1793da3ddc20b9665fe62a0fd2befee9543bb870e4b72828093872 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.arm6 id: auto-c9852c1d9a649fdd8703df3cdcdcfb6d0ec775d2588c321eb58d82f91941e68f status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.x86 id: auto-3ce9f9ed417eedc7e377c70d25ca8aa9bebd830d4e72b4f06e3ee39a0dc675bf status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/mipsel id: auto-894394739de75d9778d62fe8842d9e430e1bf883dd9e75529cdf9a7477745228 status: experimental description: Detects traffic or activity related to http://149.88.87.49/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.spc id: auto-7ee6a2407a3821eb0b4b0721c0da0eb8ec0043c68d1dbac02dbf3ac03c5cf7f8 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.ppc id: auto-1d212491bad89d16cb36f7ee150a7b4b66e4b1abfbd8f1ca026aae3b39c45d42 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.arm5 id: auto-aff56d4d1bf50cdcef87c0d99c0d6fe626272a128138158f64865089fff7f3d5 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.arm id: auto-7b446daf12aca9101448a282eaeb43f9268a83d18350b0c78f289b7fae6a472f status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.mpsl id: auto-1a73aba38addd7dd4eaab2d5e956eec39a9970353bd873a2014f8721737aeb53 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.sh4 id: auto-5fa327d371934efaff502c9954de67567e0819adbafb39ac8381d2e69e1cae87 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.m68k id: auto-f794b75311b7266dcaf7cd1b013933925f8f8b1e7e694b1ed38b15a416561ab2 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.163/bins/sora.arm7 id: auto-0b8033e96bb810de3f7dd8168d1a39cdecbf76b4bf85283f99172e6c5a2067a3 status: experimental description: Detects traffic or activity related to http://130.94.58.163/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.163/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.x86 id: auto-7552a490c06879dfe2b42c204392f68bb0fe702377b11dd78ea223ddc1e653dd status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.ppc id: auto-7bd5194cfb4ef330c97a80db0c83ac77c05127e214b7903512c59d067123add3 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/i686 id: auto-4e0bf47765d021fc9c2ce7ddc16eed8986bd3b32884db4b733bf7ff4460baa80 status: experimental description: Detects traffic or activity related to http://149.88.87.49/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/sh4 id: auto-692587a76a7369490e6fd6e445254b7d674467c9d844412b8a658febc7e13c71 status: experimental description: Detects traffic or activity related to http://149.88.87.49/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/x86_64 id: auto-caa2777f3c084c76830f40ad36ac7bb8feb7494cf43e405a8d0f3d3676481876 status: experimental description: Detects traffic or activity related to http://149.88.87.49/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/i586 id: auto-3f8cbf68bca4c41d78a0573ad65a8a588c6e645b3e9aececb9c2bff4a0a7ecd9 status: experimental description: Detects traffic or activity related to http://149.88.87.49/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/arm id: auto-41a84810e7fc58a8bbe0ef8c57a855459abc00bb7013505fe8ca99dd31a90a87 status: experimental description: Detects traffic or activity related to http://149.88.87.49/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/mips id: auto-84f37fe2472d2dda88fa9c7ff576561a03e30fe9a7ff89fe25f4592e762610b8 status: experimental description: Detects traffic or activity related to http://149.88.87.49/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/arc id: auto-e7deaf16e452973a5d8822f3a5f0d9e8448209a49ca771a61f7d52aeda61d286 status: experimental description: Detects traffic or activity related to http://149.88.87.49/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/px86 id: auto-f5f835e3c64c9df9c9da880a8a84594677838039f790140234322ba56cdcf891 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.arm6 id: auto-9787b07b89d9f33ce9512145aa4a353f07f9d2365ae531237e9b1457c18005a7 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.spc id: auto-02a793bb6acaf6bbd1bb2af1d425f4807842cb064c55f77a63384733b05c470c status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/pmpsl id: auto-4f7ebd4c109f0ba2ae6d1cbfca21826c8d06f9b19b36ce9ea9ccd9a04db51a23 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/pmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/pmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.sh4 id: auto-49da80b0f5fe12e6e6b723a8c6af6a014117439d0e3cc59a4174fdb53fa3bf1a status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.m68k id: auto-307eafccd4a4e44c6f13f99f97099c3dec579c6e90794f22d3e0502475d43752 status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.arc id: auto-c8e72a1829ba82cd4337c6fb57d429da2bf391181fc6b6f312e71c380890ab3e status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/arm6 id: auto-45ec8e39c1edaa505c7176efceed358fae8f15eee703ae2c5393d5eea6b1b2cb status: experimental description: Detects traffic or activity related to http://149.88.87.49/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/arm7 id: auto-02410cc022a44d67dcfc27366bd2201cab83f06d47fcdfc1de0e835e840de2ba status: experimental description: Detects traffic or activity related to http://149.88.87.49/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.88.87.49/arm5 id: auto-224bc2a23769e958084109f3a7b2f9b0822f5e1d3725b08e37ae96d51338444c status: experimental description: Detects traffic or activity related to http://149.88.87.49/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.88.87.49/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/pm68k id: auto-5b775447635218bd76f3a5e3895117a8167649ff6ad847d89cf4a88530e90f7c status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/pmips id: auto-8a2842bdff09828a94abfc989b90ba338b923805e3abda91b4612621791ba935 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/psh4 id: auto-7edf09a9668fb5cac4a4119959a3bf40b251381279e0e8da11978bac95ea2f88 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.83.36:52096/i id: auto-9caf3405644abf0d7924d34db7682443ac6afd45724e99c25852d4ce8e1037e2 status: experimental description: Detects traffic or activity related to http://42.224.83.36:52096/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.83.36:52096/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/gsdfg654 id: auto-6b3fc2ba1b532cf536464ccf314d40e89106a7820b5c8c5cf381f386a308a629 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/gsdfg654 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/gsdfg654*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.205:44261/bin.sh id: auto-53b0d4e1054bc7b6f1d8660a06ecba5d39f6d04ad92763bc84d868cb592c4a4c status: experimental description: Detects traffic or activity related to http://110.36.0.205:44261/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.205:44261/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.113.64:55883/bin.sh id: auto-617a4ac9f2f6663cad2e18b0286e2c86a483f70ac41614577aa6f0361f340f93 status: experimental description: Detects traffic or activity related to http://112.248.113.64:55883/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.113.64:55883/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.20.74:51113/bin.sh id: auto-2e9176277f1598484e436f72d4080e0fda49f902651ca6cfc3bc909c81a89888 status: experimental description: Detects traffic or activity related to http://123.190.20.74:51113/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.20.74:51113/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.83.36:52096/bin.sh id: auto-5a7c93635b1cb2a3aa92b00e731628e1693a43c652422fbbc4b695e3b2030a59 status: experimental description: Detects traffic or activity related to http://42.224.83.36:52096/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.83.36:52096/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/sdsdsd id: auto-523d8c3bde9819a95af807a3d4071bbb0da6a5c5633b3923577a83245d95bc12 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/sdsdsd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/sdsdsd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.153.196:43228/bin.sh id: auto-c3969585eb9de9db3508253c26294c63009fa73edab8c543de81c40bfd0c719c status: experimental description: Detects traffic or activity related to http://182.127.153.196:43228/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.153.196:43228/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.76.12:36543/i id: auto-61f14091033c79ec5ce380bcedfa8366dddff92d5d22b979a3eaf367c4149577 status: experimental description: Detects traffic or activity related to http://182.117.76.12:36543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.76.12:36543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.237.215:42516/bin.sh id: auto-1f032171395ae9472f197e0e86657615e7a11cd2ff8b67e64ab24bbaa062338c status: experimental description: Detects traffic or activity related to http://123.10.237.215:42516/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.237.215:42516/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.42.16:47450/bin.sh id: auto-81d9a684ee51ff1045c3deeffd95f2debc096d7896309e217b08b6035c8574b6 status: experimental description: Detects traffic or activity related to http://116.139.42.16:47450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.42.16:47450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.161.67:58576/bin.sh id: auto-a32b60ed05bc4c9b9c636039c9c039b852709c5ed0309ba9f9a1a4a43ea384a6 status: experimental description: Detects traffic or activity related to http://115.57.161.67:58576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.161.67:58576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.76.12:36543/bin.sh id: auto-4728cc72bfb8787e7c45f93371e873884e701d86a9c35e6bfaff8cb24f5de8df status: experimental description: Detects traffic or activity related to http://182.117.76.12:36543/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.76.12:36543/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.113.218:49797/bin.sh id: auto-42c4a7a63e70bb6cad40e161f938f0be2687809250371eb29ec7548187b25517 status: experimental description: Detects traffic or activity related to http://115.54.113.218:49797/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.113.218:49797/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.118.10:41691/i id: auto-fde3db8f15a3a0b38a27b92f761555b2d68692fa298e0c1a74168b47cbec1234 status: experimental description: Detects traffic or activity related to http://61.176.118.10:41691/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.118.10:41691/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.214.198:59084/bin.sh id: auto-3399612486f96766fc7dbf44c500d60c9413b0d539ec79ca1ac4970de3fe1ec1 status: experimental description: Detects traffic or activity related to http://27.37.214.198:59084/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.214.198:59084/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.228.201:58632/i id: auto-83f55e99ef47fcfafec062a19e959a367cc75990890af79913f5ecfb38b9d93e status: experimental description: Detects traffic or activity related to http://115.55.228.201:58632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.228.201:58632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.255.198:48829/i id: auto-8f653981f85c6374fe3dc8b573f27c428c0e57abcfdf5fa68085bfbba2636f16 status: experimental description: Detects traffic or activity related to http://125.44.255.198:48829/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.255.198:48829/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.118.10:41691/bin.sh id: auto-0ef325f73ad0d50684e9121e6095252c4204cebf6d7f845ff6678454371f6be6 status: experimental description: Detects traffic or activity related to http://61.176.118.10:41691/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.118.10:41691/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/opopo id: auto-f2e23a79af9e2450555b0c7b2976b890432f8b51f6652217e510d613ec078d05 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/opopo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/opopo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/herf54 id: auto-55e303e79ac457d4e1de654abb2ddc5689c52ff186b3cc547d3710a45063bb0e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/herf54 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/fd-svc-api-ctl-p0/herf54*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.27.192:50895/bin.sh id: auto-11eab5c2f232fc38f48742413d59ef1bca3356e9312a3c18ba9dbbd92ff153d1 status: experimental description: Detects traffic or activity related to http://117.206.27.192:50895/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.27.192:50895/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.233.136:44958/bin.sh id: auto-1048d5478e092c2eeb2f8b55f8ee239c5f5fc7d26d05d9f34ecdf79089d4f8de status: experimental description: Detects traffic or activity related to http://182.123.233.136:44958/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.233.136:44958/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.184.124:54807/i id: auto-945a4ce17f5260cbd8209fb134651529f56f4a7704f8c1a038dc41d9690387d3 status: experimental description: Detects traffic or activity related to http://221.15.184.124:54807/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.184.124:54807/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.173.23:40366/i id: auto-ca65941a1791d8bb1375d1abd2c464eba0e07047e6ef292403fd1ac093645134 status: experimental description: Detects traffic or activity related to http://182.115.173.23:40366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.173.23:40366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.237.36.22:58416/i id: auto-b5c4277f2c1083e6d0194477e9cb81b8c5d96fe42dd53540513bb4ba02bae27d status: experimental description: Detects traffic or activity related to http://140.237.36.22:58416/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.237.36.22:58416/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.173.23:40366/bin.sh id: auto-11ae5efb61e4645f84a76628967b31abcad4ab4b8ed3bf60ff574679470303ff status: experimental description: Detects traffic or activity related to http://182.115.173.23:40366/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.173.23:40366/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pippyheydguide.com/endpoint/logout-script.js id: auto-3eb66c6276d73335898933c1e0c9b3983a93853151db277061164e71f8009ba7 status: experimental description: Detects traffic or activity related to https://pippyheydguide.com/endpoint/logout-script.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pippyheydguide.com/endpoint/logout-script.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.241.64.43/cherry272.exe id: auto-27d6876f236264856c28ccbcca3bb078baef7755f245dc39eec2231ab6431830 status: experimental description: Detects traffic or activity related to http://150.241.64.43/cherry272.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.241.64.43/cherry272.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.4.223:55204/i id: auto-2debabcc9d15c689fc4e9ce09b5b575409b84d3ae41daffbfab2abee993b363d status: experimental description: Detects traffic or activity related to http://175.174.4.223:55204/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.4.223:55204/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.161.122:52189/i id: auto-ac4e05f85dc752d017f5f811b7011d1d7a723d2f3d00fb1ba818e563f0133566 status: experimental description: Detects traffic or activity related to http://42.229.161.122:52189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.161.122:52189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.156.191:58160/i id: auto-7f3b28d3f84f361d650c63b3ef64400ee0fe098b544e430757bf0e548a93549c status: experimental description: Detects traffic or activity related to http://113.236.156.191:58160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.156.191:58160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.11.113:35305/i id: auto-d6358257d64dff5fa10fab6fcbea2d5ef6c9980e19ac56da2e190bae7682f1f5 status: experimental description: Detects traffic or activity related to http://221.15.11.113:35305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.11.113:35305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.4.223:55204/bin.sh id: auto-282a9935e2904abc7ba9b16ecd6db8b186735301312242642568b597ebfca87f status: experimental description: Detects traffic or activity related to http://175.174.4.223:55204/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.4.223:55204/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.112.226:57898/bin.sh id: auto-5440e8e5e606c20c183541e699a1bfb01dc51dfd5d5fe463c8aeae9c3818b7e8 status: experimental description: Detects traffic or activity related to http://115.61.112.226:57898/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.112.226:57898/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.161.122:52189/bin.sh id: auto-d5832009ab2ae6f3b3090ad1f7862814e6b660f0722a60ecbd46ac1b7c57622f status: experimental description: Detects traffic or activity related to http://42.229.161.122:52189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.161.122:52189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.121.52:59604/i id: auto-a3526ff22c3a96bdb4ae889a8fe31b7f8f0d2738da08c373374d7896f24c6d90 status: experimental description: Detects traffic or activity related to http://42.224.121.52:59604/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.121.52:59604/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.227.37:58290/i id: auto-d5561756482335dd6510a288df7e2625d2b794f40a07e5784aa29dc87fcd1034 status: experimental description: Detects traffic or activity related to http://123.7.227.37:58290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.227.37:58290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.121.52:59604/bin.sh id: auto-ac7640b2329ed5e288f9b04d5aa4383b55ebde118566c4e912077d445c754911 status: experimental description: Detects traffic or activity related to http://42.224.121.52:59604/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.121.52:59604/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/atom id: auto-7d58e4ac8f2539f73e5c4dfe2639ff5ff58e93151a39d7ce4ea4af2e6fe0de1a status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/atom which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/atom*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.218.138:52514/bin.sh id: auto-b12c916fdd0be065114f189fab14fc1469dc609fed8a4e0c308db9a2e4c5e6cb status: experimental description: Detects traffic or activity related to http://123.9.218.138:52514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.218.138:52514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/erg46erh6g54 id: auto-ca5bcdbbe796e228661e6c4e5cc5ade71a53937f5c1e3573e0b6a1237022cc63 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/erg46erh6g54 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/erg46erh6g54*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.227.37:58290/bin.sh id: auto-e8b109cfd532447b181ba130112e4e2ece479031f9042ad56ce765501d860b03 status: experimental description: Detects traffic or activity related to http://123.7.227.37:58290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.227.37:58290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/gsr4rg2444 id: auto-3937cb7ed7b784493efa1d7bd7614ac23fe2daafedec4fd2623d58398e0b0568 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/gsr4rg2444 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/svc-api-metadata-regist/gsr4rg2444*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.99.183:39182/i id: auto-7a85899321644ad550b7cc8324edc412a30144fcf108ba539418c73e34eb198f status: experimental description: Detects traffic or activity related to http://42.178.99.183:39182/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.99.183:39182/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.146:53815/i id: auto-7f992bf8a24ea5c393550c92c5beeb714d22f118d907c63778017a253096a4e3 status: experimental description: Detects traffic or activity related to http://59.96.137.146:53815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.146:53815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.24.132:54514/i id: auto-7fa1a4a5c15005a77f8dd230ce715a2482e5ba692d1d1c1241f68f5828ff379c status: experimental description: Detects traffic or activity related to http://182.124.24.132:54514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.24.132:54514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.44.166:40909/i id: auto-86be07dfb46ecb8b7468197ea3de5f72e6ac3a92e595cce70cf7e0abfa598d62 status: experimental description: Detects traffic or activity related to http://42.237.44.166:40909/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.44.166:40909/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.146:53815/bin.sh id: auto-5fee4f4dde2f9c495e70f31ea3c3c3bb911ba6170bbebb41c71c8afce0ee8284 status: experimental description: Detects traffic or activity related to http://59.96.137.146:53815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.146:53815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.237.215:42516/i id: auto-90700e99db8654f7bce51b7acadf9302c62cac0064de05fe0d83b59154d554e5 status: experimental description: Detects traffic or activity related to http://123.10.237.215:42516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.237.215:42516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.54.129:47605/i id: auto-6a04c39e52d9e737cfae91a2251593999c0a5c078e77323ee3b49d7a53b33dfa status: experimental description: Detects traffic or activity related to http://125.40.54.129:47605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.54.129:47605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.230.205:39804/i id: auto-7ba71835d3dfb13baa5c3f48aab2f0e25acd5dcec4bc084346fecc4da7b79597 status: experimental description: Detects traffic or activity related to http://61.52.230.205:39804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.230.205:39804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.24.132:54514/bin.sh id: auto-b0f43ddfe4fdd04aadf9c6e6ece7ea853f9384f987dbe77efcc890457a659152 status: experimental description: Detects traffic or activity related to http://182.124.24.132:54514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.24.132:54514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.13.117:35840/bin.sh id: auto-565487ffb3b6a6d655cefa7f795c9145d5302cba911801809ecabcdd59c5726b status: experimental description: Detects traffic or activity related to http://42.179.13.117:35840/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.13.117:35840/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.54.129:47605/bin.sh id: auto-37104a9be59c0dd3c78b5ae1e8f9c2cb6041e96c5c7599ba6b8142b8266f8d90 status: experimental description: Detects traffic or activity related to http://125.40.54.129:47605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.54.129:47605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/64gs65th id: auto-390e4185d81c5483405b788b411fb3f7a6aa90ba1ea48509a614ecf999c21ecc status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/64gs65th which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/64gs65th*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/of70h8.ps1 id: auto-b7d7332cf5bf4b815996028e9a5d4520687afe058232718489a37f5b3189e947 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/of70h8.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/of70h8.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zyhunkenya.co.ke/arquivo_20260108220815.txt id: auto-6a26a78d43250cfc925dd68c6e71a62dda003e33842a38d7453bd2610de75b67 status: experimental description: Detects traffic or activity related to https://zyhunkenya.co.ke/arquivo_20260108220815.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zyhunkenya.co.ke/arquivo_20260108220815.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fastshippingsbd.com/ENCRY.ps1 id: auto-69920273f3a82c856cb49af138d0360d2b698b05aed7926bdec9013be99df16f status: experimental description: Detects traffic or activity related to https://fastshippingsbd.com/ENCRY.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fastshippingsbd.com/ENCRY.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/goi64 id: auto-980f987aa0225591b718789e791058b680b90765a5786de2742846a1f7ce2d89 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/goi64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/api-telemetry-collec28/goi64*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zyhunkenya.co.ke/arquivo_20260108221726.txt id: auto-0b872ee3205df1c9c56a77d1a2411c1f9d25eec2d49442a9c43dfc501adab182 status: experimental description: Detects traffic or activity related to https://zyhunkenya.co.ke/arquivo_20260108221726.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zyhunkenya.co.ke/arquivo_20260108221726.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zyhunkenya.co.ke/arquivo_20260108150355.txt id: auto-5fbe8040ea3cd87337cf91a8acf268ea75a91942d064b45c5fb77279eb4bf8a2 status: experimental description: Detects traffic or activity related to https://zyhunkenya.co.ke/arquivo_20260108150355.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zyhunkenya.co.ke/arquivo_20260108150355.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/deut1l.ps1 id: auto-3f1001761049ef631d991f0ef60498ea933062f440ff42d323e3932c44fcc8fc status: experimental description: Detects traffic or activity related to https://files.catbox.moe/deut1l.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/deut1l.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fastshippingsbd.com/OWEN.ps1 id: auto-5cea066f9bf35052da9dabbe337d2d5706e349e07d9b0f9a6dcccfbbaa66218b status: experimental description: Detects traffic or activity related to https://fastshippingsbd.com/OWEN.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fastshippingsbd.com/OWEN.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/6ndte2.ps1 id: auto-d066c2008371edeab5bd55d10c21ebf100b9b2ab306cdc75fcb055044790f2a1 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/6ndte2.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/6ndte2.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1zil1.s3.cubbit.eu/don-snake-vipupload.txt id: auto-78f764aaed6af422fff7dd90b0f8f0acc32715c8f34e5996d6d5539992de8ff6 status: experimental description: Detects traffic or activity related to https://1zil1.s3.cubbit.eu/don-snake-vipupload.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1zil1.s3.cubbit.eu/don-snake-vipupload.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://wkhayejmtdnobpaoaeim.supabase.co/storage/v1/object/public/hfgfjjj/image.jpg id: auto-5eddc8f9625b8f3a8e4d2f2c14a37f3dbda5dfec30595d53b213e859114fdf42 status: experimental description: Detects traffic or activity related to https://wkhayejmtdnobpaoaeim.supabase.co/storage/v1/object/public/hfgfjjj/image.jpg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://wkhayejmtdnobpaoaeim.supabase.co/storage/v1/object/public/hfgfjjj/image.jpg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fastshippingsbd.com/ENCRYPTED.ps1 id: auto-220f3c41f677513399ffdd6195daffd82d4ec686711876ab0d1dc563b3cc375e status: experimental description: Detects traffic or activity related to https://fastshippingsbd.com/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fastshippingsbd.com/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.149.213.242:56004/i id: auto-099ab4ac62370f5b93a4fde5c26437ccd2a8b944f7fd56c5fd417961b7bf5b18 status: experimental description: Detects traffic or activity related to http://200.149.213.242:56004/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.149.213.242:56004/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.168.182:49494/bin.sh id: auto-2fa56803ac505102ea5df2c919acea99e8c0d33b441ff1f96b900e84a4a6b5bd status: experimental description: Detects traffic or activity related to http://42.178.168.182:49494/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.168.182:49494/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/654s5dg id: auto-e3e822717deb04c4ef99c0021056bf3d589bb82fdc86e55cb8a266daa3ed9e25 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/654s5dg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/654s5dg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.151.194:53663/i id: auto-bd3fe3bd659ea735ba433198a8b5a4529d96bbc7b1edcd3bb452d9f944578d82 status: experimental description: Detects traffic or activity related to http://182.121.151.194:53663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.151.194:53663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.79.247:49963/i id: auto-7f20eb12e27d501ad39967c2a8992aee956b871789b2d660723ea1d4da5895ba status: experimental description: Detects traffic or activity related to http://115.63.79.247:49963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.79.247:49963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/4685w6e id: auto-6a16613a26d665388e83335ea507a4f600fd982ef17731321873c230c6b83f38 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/4685w6e which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/4685w6e*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.234:52332/i id: auto-622d406448cb4dd927e1ba82a00e52987519cf49028a64c989ccc388aedad0d1 status: experimental description: Detects traffic or activity related to http://110.37.39.234:52332/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.234:52332/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/gsdf49 id: auto-be3ba6ea556f9fa3b5fd1e2bac694b75c38626ec7fac7ff12b95981359ea39da status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/gsdf49 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/gsdf49*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zola040126.ngrok-free.app/OneDrive.exe id: auto-d637467d4d9ea4efb86ee64e9ae45268e8ad20514bc73e32e08f4a04f3b8db10 status: experimental description: Detects traffic or activity related to https://zola040126.ngrok-free.app/OneDrive.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zola040126.ngrok-free.app/OneDrive.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chokokft.hu/Overloy.aaf id: auto-b76c385de14ff87bb979e21483bca6dd10d0dd781e0f87e23fa89e4620ad39fc status: experimental description: Detects traffic or activity related to http://chokokft.hu/Overloy.aaf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chokokft.hu/Overloy.aaf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chokokft.hu/EQzRsaGAwTeoTzFPrm203.bin id: auto-0e4dfdd80426a36648d7e7e59255fed8d2f47d8b429bb4aa30100b69348c72b2 status: experimental description: Detects traffic or activity related to http://chokokft.hu/EQzRsaGAwTeoTzFPrm203.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chokokft.hu/EQzRsaGAwTeoTzFPrm203.bin*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://chokokft.hu/Deam158.rar id: auto-e6c559e936ad969c647c6b5cb4122762024da6cbf49271a03ec25acad980dfd3 status: experimental description: Detects traffic or activity related to http://chokokft.hu/Deam158.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://chokokft.hu/Deam158.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.172.218:39199/i id: auto-2ac5a54d741f79899d14901eee6c60ea439342789b395d75bd3a362793d2b33c status: experimental description: Detects traffic or activity related to http://175.151.172.218:39199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.172.218:39199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/vds61 id: auto-d38dd70082bf9730259783c7c1a680338a6c21c8ef2f57a927570526bae1187e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/vds61 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/identity-hub-rs-com/control-plane72-node3854/vds61*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://hostphpwindowsdriversappssi.duckdns.org/Nueva%20carpeta/Copi.txt id: auto-5176171cb8e1620a3dddc46517b75b5fa59c991acbc4c9192c89e27a6cb1f899 status: experimental description: Detects traffic or activity related to http://hostphpwindowsdriversappssi.duckdns.org/Nueva%20carpeta/Copi.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://hostphpwindowsdriversappssi.duckdns.org/Nueva%20carpeta/Copi.txt*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://archive.org/download/optimized_msi_20260105/optimized_MSI.png id: auto-b2d10b33a522b0d9ba959eace14de56ca36c04f8ce0137ea2d62d6c4a3665b06 status: experimental description: Detects traffic or activity related to https://archive.org/download/optimized_msi_20260105/optimized_MSI.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://archive.org/download/optimized_msi_20260105/optimized_MSI.png*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.21.110:55591/i id: auto-70833e85b6ab790cedd4e5622f3888c519439767f77922b4b6f9580827fd5ff6 status: experimental description: Detects traffic or activity related to http://42.178.21.110:55591/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.21.110:55591/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.1.53:49511/i id: auto-0bee53547a8c45886bed83683566a88688f465e8f59218a32469127fc667773d status: experimental description: Detects traffic or activity related to http://27.217.1.53:49511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.1.53:49511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.6.185.122:45711/bin.sh id: auto-18f83db20d0c3027d50a565ef2f5f661abdaa32d52e0255e2a0df4cd7015ec8e status: experimental description: Detects traffic or activity related to http://124.6.185.122:45711/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.6.185.122:45711/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.120.31:52756/i id: auto-0a9c96770b8f6aa94f78b41e5346033c4f03e91fdf22a8b435e348bee45fc59b status: experimental description: Detects traffic or activity related to http://113.231.120.31:52756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.120.31:52756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.8.158:37569/i id: auto-427eb83a2605e3f0b4063f10c0843c2fbcc17d6a7f02f792491fb9f0a5f23912 status: experimental description: Detects traffic or activity related to http://125.45.8.158:37569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.8.158:37569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.234:52332/bin.sh id: auto-e1e9828749c4afe5758ea78596d810001e6727adda946de82f0894219b241495 status: experimental description: Detects traffic or activity related to http://110.37.39.234:52332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.234:52332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sbdgtjh id: auto-7672aae13ac70f23e57e1284a9618731f16886c2ebc1591459e0b20202a7bb23 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sbdgtjh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sbdgtjh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:60846/ id: auto-f2dd3277427a09a6a6d9180db6f549ff355f9577324d51b9af73de76df7b0e15 status: experimental description: Detects traffic or activity related to http://95.6.41.155:60846/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:60846/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.212.53.219:59801/ id: auto-8be5ae10972b2ccb81617a458d34e4f892bd349c343f162cbf96cdf41ef43fb4 status: experimental description: Detects traffic or activity related to http://103.212.53.219:59801/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.212.53.219:59801/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.84.212.18:20781/ id: auto-dc4c12a727ae5e65998645b90d05e7795d118cc4fb12e0f2156ee7e2b377f1c2 status: experimental description: Detects traffic or activity related to http://154.84.212.18:20781/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.84.212.18:20781/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.193.59.78:39941/ id: auto-d7f4acea6a9ef88b4902d3b4c3a658bce557be70a170e532f21c5ce0f858ac6d status: experimental description: Detects traffic or activity related to http://181.193.59.78:39941/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.193.59.78:39941/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.24.33:48449/ id: auto-472972404d53950fcf1962540ba72b24bb13848f3919b60555d398e063b97f38 status: experimental description: Detects traffic or activity related to http://42.231.24.33:48449/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.24.33:48449/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.227.222:37804/ id: auto-8f707840bbdadf318cbecd153e49ef60ec698792893f16391699029ab8a5f4f4 status: experimental description: Detects traffic or activity related to http://113.229.227.222:37804/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.227.222:37804/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.175.42.18:46125/ id: auto-62ff3dbd19e13bf5dfa7411d308dc232575cadb0d2f8cdf44e296b0d9d3d169e status: experimental description: Detects traffic or activity related to http://79.175.42.18:46125/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.175.42.18:46125/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.47.176.138:50119/ id: auto-c25541388bf0172c8f9ad6284a21ca8ed4c40ddc6a85745015f55e580847091a status: experimental description: Detects traffic or activity related to http://95.47.176.138:50119/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.47.176.138:50119/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.156.191:58160/ id: auto-ea0f48d97025188a9d0ced1384b9dc689205535404d24aa45a215cebc6085530 status: experimental description: Detects traffic or activity related to http://113.236.156.191:58160/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.156.191:58160/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.164.50:48035/ id: auto-9daff909dee5d5530aeeaad4d8513b051060b16bc4558250ed9976ad45c47fce status: experimental description: Detects traffic or activity related to http://36.88.164.50:48035/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.164.50:48035/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.121.239.114:19828/ id: auto-5bc5356833eb7ec738ce5cf4be76227b145e4ce2212084ffa1b9a807a6afd9dd status: experimental description: Detects traffic or activity related to http://186.121.239.114:19828/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.121.239.114:19828/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.150.78.122:5005/ id: auto-f929b4a7234bdeab5d68a4a6f4e6c86314ca38e50276073cfea18dae4fb960b5 status: experimental description: Detects traffic or activity related to http://217.150.78.122:5005/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.150.78.122:5005/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.3.141.242:17459/ id: auto-d68576d71c7b72497037d664de594c0fea84755e006bbb7328c1a57088af1074 status: experimental description: Detects traffic or activity related to http://189.3.141.242:17459/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.3.141.242:17459/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.32.86.42:56871/ id: auto-facbaf0f5b295e0fc7a5dd267d3e39b840dbe559dd43f898812d41f392ff71d6 status: experimental description: Detects traffic or activity related to http://62.32.86.42:56871/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.32.86.42:56871/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.138.107.5:14491/ id: auto-9782d4ee862165f5c6f168f3621836d7a35ffa3536db33570007da71a320100e status: experimental description: Detects traffic or activity related to http://186.138.107.5:14491/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.138.107.5:14491/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.157.212.138:58474/ id: auto-bce54732d9e5b71758195661efea8e96033ddf4ffd4a9d38c41f6257303a29f8 status: experimental description: Detects traffic or activity related to http://37.157.212.138:58474/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.157.212.138:58474/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.114.200.50:48416/ id: auto-8f7c581f42a6fed4e114af8ef3c8e5b87a5108df2db2573e9f30a64241951202 status: experimental description: Detects traffic or activity related to http://82.114.200.50:48416/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.114.200.50:48416/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.154.83.4:1344/ id: auto-1ae94a81b1f07854671abe456b42a53a5577f9817503fcf6d34dee06db9e0549 status: experimental description: Detects traffic or activity related to http://94.154.83.4:1344/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.154.83.4:1344/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.131.234.26:51118/ id: auto-15b0f8863e15773d989b1ec292ed3f5fd719d968b345626465325eb9995fa8fe status: experimental description: Detects traffic or activity related to http://202.131.234.26:51118/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.131.234.26:51118/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.120.31:52756/bin.sh id: auto-6274e82707348c40c2e1c38668f16250c20ecf7562c01996a539204cd0a8cac2 status: experimental description: Detects traffic or activity related to http://113.231.120.31:52756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.120.31:52756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.68k id: auto-749face6cbe6f436a1f099118622551b0ad14e7bc86dd3723d879de3399c8aa2 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.134.254.50:62889/ id: auto-3cef0e93d5bee9e52fa4a4cba8f51dcd81941e69b971bf1736b7d7f43f1819ec status: experimental description: Detects traffic or activity related to http://197.134.254.50:62889/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.134.254.50:62889/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.168.0.46:48540/ id: auto-8dee54a4a6ed5a886a086bfdc6544cf62949a8549a82c591a39a3f8f754401a7 status: experimental description: Detects traffic or activity related to http://108.168.0.46:48540/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.168.0.46:48540/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://27.125.169.235:8443/sda1/Reynold/Video.scr id: auto-975039ee9b67ada6e5155c805e881f982bd2c5f2b44b4cab5251ecb39571bd1a status: experimental description: Detects traffic or activity related to https://27.125.169.235:8443/sda1/Reynold/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://27.125.169.235:8443/sda1/Reynold/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://27.125.169.235:8443/sda1/Reynold/Photo.scr id: auto-22f534a85c1b726ee55a870af49b1b9b6cf85c6178835d6d534942f5f8f9b9c3 status: experimental description: Detects traffic or activity related to https://27.125.169.235:8443/sda1/Reynold/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://27.125.169.235:8443/sda1/Reynold/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://27.125.169.235:8443/sda1/%24RECYCLE.BIN/Photo.scr id: auto-42280db94c68a5e3a4fdddc54383fc8183c9e287fec0a72194703e90ca2b7d58 status: experimental description: Detects traffic or activity related to https://27.125.169.235:8443/sda1/%24RECYCLE.BIN/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://27.125.169.235:8443/sda1/%24RECYCLE.BIN/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://27.125.169.235:8443/sda1/Reynold/AV.scr id: auto-67406dbb5f25784fbe9183b5dbbcf580b3abe3891ffdc6792fb8292573c63cbe status: experimental description: Detects traffic or activity related to https://27.125.169.235:8443/sda1/Reynold/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://27.125.169.235:8443/sda1/Reynold/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://27.125.169.235:8443/sda1/%24RECYCLE.BIN/S-1-5-21-513737667-1919666884-561045330-1001/%24RS1R5LT.scr id: auto-45418076b234cb284d7d4b9e6896427f56ba4df5f03f7b7619661686a424fe7a status: experimental description: Detects traffic or activity related to https://27.125.169.235:8443/sda1/%24RECYCLE.BIN/S-1-5-21-513737667-1919666884-561045330-1001/%24RS1R5LT.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://27.125.169.235:8443/sda1/%24RECYCLE.BIN/S-1-5-21-513737667-1919666884-561045330-1001/%24RS1R5LT.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.12.227.112:47664/ id: auto-4a8c388a174c70a2791b7efadd906a3089ab110031fa97d046c9e33ca3682b05 status: experimental description: Detects traffic or activity related to http://103.12.227.112:47664/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.12.227.112:47664/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.246.210.69:35347/ id: auto-d9aeb58b7ce9a486026ef43537968869b709cf770adb18c690367b8a0f921b2e status: experimental description: Detects traffic or activity related to http://91.246.210.69:35347/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.246.210.69:35347/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.65.15.51:14278/ id: auto-31166cf5a116d2b354459a0c8c29f1a50413800e0aeeae802dfad67d718f1e74 status: experimental description: Detects traffic or activity related to http://217.65.15.51:14278/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.65.15.51:14278/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.93.196.173:58392/ id: auto-1fe5e9cdfa91a5382d662159c46b3dbae43b1f067d03a12b09f4459079250eb0 status: experimental description: Detects traffic or activity related to http://110.93.196.173:58392/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.93.196.173:58392/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.84.195:44974/ id: auto-e8ecfc167d933005994275cf2b5644eb2a51ba28d0070e7a00edf160aab4d7f0 status: experimental description: Detects traffic or activity related to http://222.137.84.195:44974/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.84.195:44974/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.179.89:44239/ id: auto-4b60610ae0100b0d2d065420bf496572977556af4c4b609e4d8e16b25beba81d status: experimental description: Detects traffic or activity related to http://42.227.179.89:44239/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.179.89:44239/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sv13 id: auto-15b3a0e1092d504748154e624d3e17535ce1687bc97ba2fc7e89ecf0e654a1f8 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sv13 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/sv13*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/nlasdcl id: auto-6d930c5d19f16781a4026a3a224c2f1e5983eac698267624834e4e7eec4053a2 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/nlasdcl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/nlasdcl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.172.218:39199/bin.sh id: auto-bc767bb227a6caff43e8e96cca043570fafc4a21fc73d36c8e3159cdc38c29bc status: experimental description: Detects traffic or activity related to http://175.151.172.218:39199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.172.218:39199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.117.1.226:8545/02.08.2022.exe id: auto-5cf82acf52bbbad7deb3e48c2a9bbd281cdf40bc3e4f6364b293f314c0bf84d7 status: experimental description: Detects traffic or activity related to http://47.117.1.226:8545/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.117.1.226:8545/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.178.135.188:503/02.08.2022.exe id: auto-3d5f578b6f9d41d3b7bcfc3b253aabe1ead0a6236aa261be4dd08bee10047525 status: experimental description: Detects traffic or activity related to http://118.178.135.188:503/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.178.135.188:503/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/pang id: auto-2015751ffa7ef3ba6a6fe87bd5010b885fd678fb5ccd48be5b69bea05b6dede6 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/pang which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/pang*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.112.76.232:8080/sshd id: auto-3f9c026eff8fcc1ff8f67781d687a6a93eebb51fba6d1253ff96efcbac7e4bd1 status: experimental description: Detects traffic or activity related to http://42.112.76.232:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.112.76.232:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.157.142:2001/sshd id: auto-203a1ccf864d494970858f7e443fde2526bebca4709d77a614a592d1a78a89c2 status: experimental description: Detects traffic or activity related to http://59.182.157.142:2001/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.157.142:2001/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.113.196.195:23320/i id: auto-5dbbd39627468b0ae1af41e1131133bb1a6000c8acd22fb6ff1669a8f00e37b2 status: experimental description: Detects traffic or activity related to http://37.113.196.195:23320/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.113.196.195:23320/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.171.214.23:41776/i id: auto-dcf4d9b24c8dd75753a36da52ad19c608c83d7a542201469aed92cb648d5daf0 status: experimental description: Detects traffic or activity related to http://183.171.214.23:41776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.171.214.23:41776/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.235.254:2000/sshd id: auto-e2619aff0a6bd3acbf2e1198f2fdbb669dcfa1c8564e353d07d40c133eb997a8 status: experimental description: Detects traffic or activity related to http://117.242.235.254:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.235.254:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.180.219.165:8080/sshd id: auto-dcdc47d4f2ac11acebc7a8f934ae75a8d1ce1647ba8130131a3506974c0bb6af status: experimental description: Detects traffic or activity related to http://14.180.219.165:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.180.219.165:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.49.205.157:50005/sshd id: auto-635d6b1daa5bbace01313c0a9dd5208f7f0c430495e2499e41c0fcb6d2135ee4 status: experimental description: Detects traffic or activity related to http://180.49.205.157:50005/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.49.205.157:50005/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.147.166.152:51289/i id: auto-0a85303fbfb7307e7a0bf7f85e2c3118af0c43121d95a516163d4765ba448110 status: experimental description: Detects traffic or activity related to http://125.147.166.152:51289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.147.166.152:51289/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.1.15.223:12164/i id: auto-20cea709582e476512cfc0d3b7a5183e2ff944fa7194a33e630b602d0ca42588 status: experimental description: Detects traffic or activity related to http://181.1.15.223:12164/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.1.15.223:12164/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.173.247/sshd id: auto-9d341bfcf0d76838669c3baaf6249887112b12cd00295628f0ef6717cf159da8 status: experimental description: Detects traffic or activity related to http://91.80.173.247/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.173.247/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.63.9.77:60252/i id: auto-d90a1f52901e9520b8100f294451d1e05696a97e13173fdd75e57d8b0a7b2280 status: experimental description: Detects traffic or activity related to http://117.63.9.77:60252/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.63.9.77:60252/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lkejxfss.hoyenoy.com/MSTeams.zip id: auto-b307ac1405620897125f850f5bc4a0c5991e9ba1b3a49b3b10b1761cb8fedfb0 status: experimental description: Detects traffic or activity related to https://lkejxfss.hoyenoy.com/MSTeams.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lkejxfss.hoyenoy.com/MSTeams.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/creet1h/Swift-Executor/raw/refs/heads/main/Swift.exe id: auto-6019f973a6886eea17c9e5d7427f5086ed691379a44c622a76a30b6b55b9a392 status: experimental description: Detects traffic or activity related to https://github.com/creet1h/Swift-Executor/raw/refs/heads/main/Swift.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/creet1h/Swift-Executor/raw/refs/heads/main/Swift.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/eladiner199-create/raarr/raw/refs/heads/main/foto.apk id: auto-87d584362b736ca0bba120e1674d47cf64380e934c4114f6c2e2d4153289b8bd status: experimental description: Detects traffic or activity related to https://github.com/eladiner199-create/raarr/raw/refs/heads/main/foto.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/eladiner199-create/raarr/raw/refs/heads/main/foto.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/erolsenova9-tech/agarafode/raw/refs/heads/main/Chrome.apk id: auto-0931706497f34e41850a02253f36f1d8da1497970c7dfe5b6111b70f86c8ad30 status: experimental description: Detects traffic or activity related to https://github.com/erolsenova9-tech/agarafode/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/erolsenova9-tech/agarafode/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.139:34131/ id: auto-c13f8ee5920e79b8864ebbc192ab9f4ba60cf8112ffd2a448e179f2bb63e2fbd status: experimental description: Detects traffic or activity related to http://175.165.84.139:34131/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.139:34131/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.15.88:54526/ id: auto-c0325283c9283b1e391223536dd8c6a40dced42847bae3254a35918646b5b789 status: experimental description: Detects traffic or activity related to http://175.175.15.88:54526/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.15.88:54526/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.111.119.241:38922/ id: auto-b7ad10c8e56df03f413ad5503ea760fde72718f9ffc5c50033c058c05254eda2 status: experimental description: Detects traffic or activity related to http://79.111.119.241:38922/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.111.119.241:38922/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.178.100.190:4788/ id: auto-46a5cd2f9dc4d0f4b3b3eb65175b1f40203c190c3679cb585ee3242c540a5bed status: experimental description: Detects traffic or activity related to http://115.178.100.190:4788/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.178.100.190:4788/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.127.102.134:7554/ id: auto-6756ab7772f71b731fda9f38821c21b08764f4e54a89eda48d19a299c316bb17 status: experimental description: Detects traffic or activity related to http://128.127.102.134:7554/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.127.102.134:7554/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.210.50.116:39572/ id: auto-7fe14f01d6c2bd65307e8ee8b6e3d005f5cf8eb3436bbd3b21b09aa8d927ef0f status: experimental description: Detects traffic or activity related to http://178.210.50.116:39572/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.210.50.116:39572/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.23.51.237:60454/ id: auto-67e760579fe09561760629876750f639c72f3e50413f082715fdf733872657fa status: experimental description: Detects traffic or activity related to http://80.23.51.237:60454/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.23.51.237:60454/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.18.223.229:40464/ id: auto-2cfe785b7f601d7334927674c39de2243fc8763a0763cd57f802200b0ddd01a5 status: experimental description: Detects traffic or activity related to http://212.18.223.229:40464/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.18.223.229:40464/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.121.9:53012/ id: auto-d53649cc637fa614c1b6c5dc3d8d64efa459c5bb61f6ac1b5d166d09981de45f status: experimental description: Detects traffic or activity related to http://182.126.121.9:53012/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.121.9:53012/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/spc/ id: auto-b350009ecf49ae51c9c1f1bef047947d468d80131d6724bf54bbd805eb08177e status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/spc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/spc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.140.32.219:12617/ id: auto-481cfe34f7b83d68caa389e3c3e7cf4dba166de73b8fc9ddd2e002dda653f6f8 status: experimental description: Detects traffic or activity related to http://78.140.32.219:12617/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.140.32.219:12617/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/arm5/ id: auto-2f45cce1e30825ae1d049b83c37b2e1540fdc1c48025b3cded462ccf6a373c73 status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/arm5/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/arm5/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.181.66:55905/ id: auto-da38c5194e111093d1a7b81f8ae97e0a4dfe421e516b982cc14e9e43c65f9e19 status: experimental description: Detects traffic or activity related to http://115.63.181.66:55905/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.181.66:55905/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.178.44:38144/ id: auto-0bde7a9ec57edc59730a4c7af27566dce8c16ec3efa2a910aabb0e42281f2842 status: experimental description: Detects traffic or activity related to http://218.60.178.44:38144/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.178.44:38144/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.4.101.78:36786/ id: auto-06327c8c498a2ac084fb812b8c6aa752c094b3e8651bc2c5f19c5d4d48785541 status: experimental description: Detects traffic or activity related to http://202.4.101.78:36786/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.4.101.78:36786/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.109.174.102:22455/ id: auto-f1133025df9899997bb6a0f6ad6d6574869c6ba24edfe557f14b8ccf3ed0f564 status: experimental description: Detects traffic or activity related to http://116.109.174.102:22455/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.109.174.102:22455/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.85.143.74:47929/ id: auto-303c69b6d68eedbb8d4a27865740c33e27666a7e3d910234d0c5c3cf1eb92c9a status: experimental description: Detects traffic or activity related to http://172.85.143.74:47929/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.85.143.74:47929/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.160.102.188:16079/ id: auto-15da642031e81b18e4caf11b0efb0d33846abe52c58ae21da7fb0baa85d94e41 status: experimental description: Detects traffic or activity related to http://182.160.102.188:16079/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.160.102.188:16079/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.0.129.134:10702/ id: auto-ae29b2e42402f5dd7d5d0c6eb57a4ee6b12ce4d1eff6c0238e5d28c47556c3e7 status: experimental description: Detects traffic or activity related to http://154.0.129.134:10702/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.0.129.134:10702/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.152.45.93:37048/ id: auto-31e5896af49ababa2cde309ac71cc3ba522ed9862fd4f439d6b7694e9c003db5 status: experimental description: Detects traffic or activity related to http://202.152.45.93:37048/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.152.45.93:37048/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.66.163.195:43562/ id: auto-7d8718c377060ddb8b7adc9a961d0f3c775b769d5a6061f456bbffced55881d4 status: experimental description: Detects traffic or activity related to http://146.66.163.195:43562/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.66.163.195:43562/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.89.17:36199/ id: auto-752086d1d79dc12f7b5a797243d2a724b14f4a0698f3104936d4ac92537aabf8 status: experimental description: Detects traffic or activity related to http://115.51.89.17:36199/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.89.17:36199/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/arc/ id: auto-3dfcf7991990851c90b37563776246ecee324755f913c0c353d75dbdd8f79d36 status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/arc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/arc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.158.88.156:13509/ id: auto-4bc5f52233d3b32f90a808b34632d86df8066bc340a1d2436385468a6c54a572 status: experimental description: Detects traffic or activity related to http://195.158.88.156:13509/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.158.88.156:13509/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://down10d.zol.com.cn/zoldownload/ id: auto-d20e0f851b16b47d4182642a2eedce056c52f7e791f966f336f6fd5b9ca94aa9 status: experimental description: Detects traffic or activity related to http://down10d.zol.com.cn/zoldownload/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://down10d.zol.com.cn/zoldownload/*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/file/avahi_daemon/ id: auto-66d9d46ab3d85f80a0e7e8c60fcb303a7b45f497315be852ac1f45295961f3c1 status: experimental description: Detects traffic or activity related to http://194.26.141.203/file/avahi_daemon/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/file/avahi_daemon/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/is_OI/ id: auto-295f7c718b73c1afbbd3194abfd6bbb9755df42e94a0d42b51336cdb7be19d15 status: experimental description: Detects traffic or activity related to http://194.26.141.203/is_OI/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/is_OI/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/sh4/ id: auto-fe2e6ce6c2e81d668afe6282ef5e77b8f19d518ca85cc18f5d8aef8bb70b9490 status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/sh4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/sh4/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.231.14.137:2282/ id: auto-dd16a9c2ea41d43146578757a7330c0af96d51b3ef7462e83e604d4045d7b7f4 status: experimental description: Detects traffic or activity related to http://89.231.14.137:2282/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.231.14.137:2282/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/m68k/ id: auto-7797fd379dffff4752879c51b27caa27c0b8d4c4c136293935bf297e8c0b9ea6 status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/m68k/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/m68k/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.101.15.5:38914/ id: auto-8503352b3c639452dc1e880b79a30a1d1e7ef03947816cbfb0f33ae9bb772f14 status: experimental description: Detects traffic or activity related to http://176.101.15.5:38914/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.101.15.5:38914/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.201.25.95:56567/ id: auto-194d7999b0512c2a67e81bafb974321ff8237ae455369a8e7b547b8d74242b7b status: experimental description: Detects traffic or activity related to http://122.201.25.95:56567/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.201.25.95:56567/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.226.201.46:37521/ id: auto-e1106d1cc1c2258585932a63357b00c01c05d9de8c13572e3732273fc19b2ec6 status: experimental description: Detects traffic or activity related to http://81.226.201.46:37521/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.226.201.46:37521/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.184.0.137:57674/ id: auto-1847d9329d9ed1974a86ef562a96be79316a3c4c177af06e655c20c9b3809727 status: experimental description: Detects traffic or activity related to http://119.184.0.137:57674/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.184.0.137:57674/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.210.217.24:64046/ id: auto-4dc40cfcafd0d4fe4db397c90a4f8f2bf0a78d0367e001869708c8f5f3d29083 status: experimental description: Detects traffic or activity related to http://31.210.217.24:64046/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.210.217.24:64046/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.164.117.74:42924/ id: auto-6f57934d54d0af7e3f373728debca89333bbca80926224cf83e979c3f17b3780 status: experimental description: Detects traffic or activity related to http://103.164.117.74:42924/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.164.117.74:42924/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/1/CURLY_COCKTAIL/ id: auto-735ac9be5688cdd9a14f741bd0e3f2b0da742d4cdb9481378eaf436b1efdc9bd status: experimental description: Detects traffic or activity related to http://194.26.141.203/1/CURLY_COCKTAIL/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/1/CURLY_COCKTAIL/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.42.98.2:28072/ id: auto-2375c321ce7a34c87233563ab0d12bfe3823ef10eedb55b19dcce9c63745df99 status: experimental description: Detects traffic or activity related to http://186.42.98.2:28072/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.42.98.2:28072/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.40:57231/ id: auto-414db1b55a006167a0e5fa499d435e4fdeaffbadb056b9431055d8a295333dc8 status: experimental description: Detects traffic or activity related to http://42.7.202.40:57231/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.40:57231/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.113.32:51838/ id: auto-4e50fae566fc38330cc3cbda5a433d83c65060296b68db86c6e00d25d3f7730a status: experimental description: Detects traffic or activity related to http://115.61.113.32:51838/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.113.32:51838/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.218.189.21:5195/ id: auto-2b7bde4c94a0f142e5425c0a19a9d33e1f6796d025344a3f2b3bd01f64ee2a01 status: experimental description: Detects traffic or activity related to http://83.218.189.21:5195/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.218.189.21:5195/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.105.154.212:49820/ id: auto-392355ed78d1bcb31566a15d8ba88a93bc7360004f4142108c438c64cf57b036 status: experimental description: Detects traffic or activity related to http://174.105.154.212:49820/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.105.154.212:49820/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.127.75.219:6198/ id: auto-c61d2e78e593ea8d7fef5584745c5be42e5fc54a64429645c17fcfe5a5bf2bcd status: experimental description: Detects traffic or activity related to http://115.127.75.219:6198/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.127.75.219:6198/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.87.236.206:28992/ id: auto-5d20cd3c50bb716fcbd0044175454017a2442251b1be6411a6776ea5ecef8014 status: experimental description: Detects traffic or activity related to http://77.87.236.206:28992/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.87.236.206:28992/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.208.110.31:36064/ id: auto-32394d14b90b5d97dada219cf8087f9f25ef32d35402a08844905f8a8881d6c7 status: experimental description: Detects traffic or activity related to http://222.208.110.31:36064/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.208.110.31:36064/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.70.90.108:50093/ id: auto-3cb1935eaae01da689243cfa0bfa9d917c93e95db0b572c99d581cf286033961 status: experimental description: Detects traffic or activity related to http://219.70.90.108:50093/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.70.90.108:50093/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.54.221.234:55031/ id: auto-5811d96fdf3f7fa2c89ff8160664dc79cebf9d218a1a5bc33eb07a6c5931da09 status: experimental description: Detects traffic or activity related to http://200.54.221.234:55031/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.54.221.234:55031/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.79.114:33642/ id: auto-57a18bfa8a7bc19d37896ce2d1a57d1aecdd8b82fa49738b20b655013428cb84 status: experimental description: Detects traffic or activity related to http://123.172.79.114:33642/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.79.114:33642/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.28.10.93:54915/ id: auto-85dbfa0fdb03dc0c3356156f26c90cfc510aa44a096c81c0f1f25592010b0036 status: experimental description: Detects traffic or activity related to http://31.28.10.93:54915/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.28.10.93:54915/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.193.62.225:39941/ id: auto-b751e97a47702cdcf965df8ca6eb79a54072910988bd70135f6c0bd6a7784e56 status: experimental description: Detects traffic or activity related to http://181.193.62.225:39941/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.193.62.225:39941/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.170.119.57:1271/ id: auto-af35875ddd8efea1664569af82dd4ddfdbeb2584024cf45ee9b5b3586875f751 status: experimental description: Detects traffic or activity related to http://95.170.119.57:1271/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.170.119.57:1271/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.39.139.222:26103/ id: auto-ea0ecdcfa4fb8f4b53af9feeeba667e46f06888ddf89073f0a0e2ca7caf4cb82 status: experimental description: Detects traffic or activity related to http://103.39.139.222:26103/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.39.139.222:26103/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/ml_IS.elf id: auto-bb123767e6ea6d4221c8bc7d325fb0c4430bf7854c07bcfe6b9d03d6c3fe8b7d status: experimental description: Detects traffic or activity related to http://194.26.141.203/ml_IS.elf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/ml_IS.elf*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.39.20.176:57117/ id: auto-dcc55bb7caf65acd47f2afa53a8c723d76962b295432b5428676dce92a67aeea status: experimental description: Detects traffic or activity related to http://70.39.20.176:57117/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.39.20.176:57117/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.17.248.14:35299/ id: auto-9e8a19f7660201795e4a2190a3ae2de21887a26bd49755d3d0492ccb9c2f8ed4 status: experimental description: Detects traffic or activity related to http://84.17.248.14:35299/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.17.248.14:35299/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.191.156.103:6913/ id: auto-d396800a3e685a1c83ad0fd1bf1e0d787bdfe07e64bb28198daee013df7e944c status: experimental description: Detects traffic or activity related to http://201.191.156.103:6913/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.191.156.103:6913/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.59.100.71:59498/ id: auto-1dc0d72154c62d4ffe5ed9b8f23bc22568e257ebb2647617bc34350c60178588 status: experimental description: Detects traffic or activity related to http://106.59.100.71:59498/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.59.100.71:59498/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/public/avahi_daemon/ id: auto-189d6608e74f985d73e6d49ec797428a3ac36d940915b9d2c9dec94851b35be0 status: experimental description: Detects traffic or activity related to http://194.26.141.203/public/avahi_daemon/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/public/avahi_daemon/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.152.48:47421/ id: auto-caae3355f2dd94897dacb2a187ef542947e440420c6a95abff457989befd81c2 status: experimental description: Detects traffic or activity related to http://42.179.152.48:47421/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.152.48:47421/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.155.114:53093/ id: auto-3355f2bea195e41cb65e207a937fe94377253d06120dce182c822674e33af00c status: experimental description: Detects traffic or activity related to http://175.148.155.114:53093/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.155.114:53093/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:38888/ id: auto-d12a077bf0bc7f6080b804d511fa0e56cf21951c330a7771fb0732be19e93573 status: experimental description: Detects traffic or activity related to http://110.36.29.208:38888/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:38888/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/sh.elf id: auto-9a122230579b03e634925eb86970dfed65c867cf6cf5a2ea201b59a5d54ea567 status: experimental description: Detects traffic or activity related to http://194.26.141.203/sh.elf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/sh.elf*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/bind86.elf id: auto-ad96aceb02d895840fc0d7fa5abe147a31b62d8f53734b7a590fa1276e741141 status: experimental description: Detects traffic or activity related to http://194.26.141.203/bind86.elf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/bind86.elf*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.49.241:56441/ id: auto-c140e5a201c767b177ddca362dc94bbcf46b3b04cd3777b1abc41c31c4e52937 status: experimental description: Detects traffic or activity related to http://123.172.49.241:56441/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.49.241:56441/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://146.247.226.29:57901/ id: auto-46a5b1535bfe049e0bf1d8df83f952745c9f6215afcc1c7f24c15c838cd44f2f status: experimental description: Detects traffic or activity related to http://146.247.226.29:57901/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://146.247.226.29:57901/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.131.200.170:1794/ id: auto-d50e81b882470421da5e38606ad232ae53b9337a9a4f301c3ccdb471dcae7e1a status: experimental description: Detects traffic or activity related to http://37.131.200.170:1794/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.131.200.170:1794/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/x86/ id: auto-42bcccbdaf42b850af19229460e6d8d1ab3e39e122e2af3869867192e77e64d4 status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/x86/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/x86/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/x86_32/ id: auto-fe4ead6bd494e98997e2fa79b8cf1fd71fbf99052149c42a9ef3c2f43329d419 status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/x86_32/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/x86_32/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://netrip.ddns.net/systemcl/ppc/ id: auto-6c4c6b5113f7a12230068acc2372cbbb83a28f63457cd23eda55e971b4134a1a status: experimental description: Detects traffic or activity related to http://netrip.ddns.net/systemcl/ppc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://netrip.ddns.net/systemcl/ppc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.52.94.215:45318/ id: auto-9ed24a6d7217faf38a859fa69b17cfffbd16de1f94c402c77b92bd36afc671c3 status: experimental description: Detects traffic or activity related to http://84.52.94.215:45318/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.52.94.215:45318/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.76.33.15:1779/ id: auto-6b59bebd57144055b8329c64b0e14f9b20fbf7a0263f339ef587ecab042f7e44 status: experimental description: Detects traffic or activity related to http://87.76.33.15:1779/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.76.33.15:1779/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.47.208.198:7046/ id: auto-bac89a87b7eb67698f73345a93d48c9546eba97f44e895b479732d7181be6c00 status: experimental description: Detects traffic or activity related to http://186.47.208.198:7046/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.47.208.198:7046/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/memcached/ id: auto-7d5f3cdeb901070b77ef83004607b253b286f35956aff0de34cd01ef5d4d0e5d status: experimental description: Detects traffic or activity related to http://194.26.141.203/memcached/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/memcached/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/avahi_daemon/ id: auto-6d9671f166146abbe94290678a7b46fc40c952dee707ae373dea1aa9809b0e86 status: experimental description: Detects traffic or activity related to http://194.26.141.203/avahi_daemon/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/avahi_daemon/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.108.183.202:43383/ id: auto-a210053e16493cfc79ff7fd3b1c73838e97ee6eaa2dd02d36b5b81d02af257d1 status: experimental description: Detects traffic or activity related to http://171.108.183.202:43383/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.108.183.202:43383/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.21.110:55591/bin.sh id: auto-e6a9788978d367007d6386f1d84a287e7e6f11945728b0559d3658f2720c245d status: experimental description: Detects traffic or activity related to http://42.178.21.110:55591/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.21.110:55591/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.16.187:33518/bin.sh id: auto-8184d65733361ff01ce66c95a04ea69cd9f8b3e67298c9ba471dba19b12c0bdd status: experimental description: Detects traffic or activity related to http://115.59.16.187:33518/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.16.187:33518/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.5.68:41610/i id: auto-2c64090b750e9c31bc45f42efa7dc29709c6f61d0ca3168e5437ac5a371a504b status: experimental description: Detects traffic or activity related to http://115.55.5.68:41610/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.5.68:41610/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.241.198:56562/i id: auto-784944f36da56b66f72235e9de36fb5fc9f8f233aceb767b5945fde14f09906b status: experimental description: Detects traffic or activity related to http://119.185.241.198:56562/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.241.198:56562/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/csdoi id: auto-adf6a210e7c80cb955b4ac7bd8e85d0bd17a7522fdeb00e5e7750a8bed014512 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/csdoi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/74event-bus-sync-svc/csdoi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/parm6 id: auto-896b8ce496261af3e7485cc893974c6e8a93a1268fb3438f4625d4fc8d9bef3b status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/parm id: auto-3666ae65e0bfacb9540b62292667d269bf28477809c1655f81d7a284751564c3 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/parm7 id: auto-7c9dcd81d70fc89410709987576e1c437507a3b1ab92bf0ce6646bbd5feca171 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.232.205.249/bins/parm5 id: auto-fc264689609a3946622378d057b11c15649d3997dea681505e19fa7ea07ccaa9 status: experimental description: Detects traffic or activity related to http://185.232.205.249/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.232.205.249/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.192.123:52551/bin.sh id: auto-80ea5229f9cd80ada7fa486117153d54e53b1b126730cb5dafe08cbc8e166de7 status: experimental description: Detects traffic or activity related to http://120.28.192.123:52551/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.192.123:52551/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.3.96.207:56959/i id: auto-afaa90df93535c5a10cf6f85369f26bf89bd8e51a333a013f6be6b3df9ad4752 status: experimental description: Detects traffic or activity related to http://221.3.96.207:56959/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.3.96.207:56959/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.6.185.122:45711/i id: auto-6d295dad122ef2fa2e3223e306585bcae2b542e27b453f3346ad546b5ae15239 status: experimental description: Detects traffic or activity related to http://124.6.185.122:45711/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.6.185.122:45711/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.136.165:59872/i id: auto-ee4ab1c0a2ea143e716c1325bdcd4e5a4a659f5213e5816dc9821a008bb22b17 status: experimental description: Detects traffic or activity related to http://182.120.136.165:59872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.136.165:59872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.241.198:56562/bin.sh id: auto-78808cc310b94ad7306b84f059ac54d08a92f18e421e53811edcb7e27371df05 status: experimental description: Detects traffic or activity related to http://119.185.241.198:56562/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.241.198:56562/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.3.96.207:56959/bin.sh id: auto-56b42b6074749a5ebffd88317f15c5b0de56037f75374e8cba3ce46b69bf7843 status: experimental description: Detects traffic or activity related to http://221.3.96.207:56959/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.3.96.207:56959/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.82.39:41809/bin.sh id: auto-3d8a11602720beb05409fc67d7546829e3d6b5e78736bc43da7689994eea8f05 status: experimental description: Detects traffic or activity related to http://125.43.82.39:41809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.82.39:41809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.121.9:53012/bin.sh id: auto-1a6f9ff5470e68b7bae92a8b4971649d7be70bba64a42c7225a15e08d16a867b status: experimental description: Detects traffic or activity related to http://182.126.121.9:53012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.121.9:53012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.126.62:56401/i id: auto-afeed50ee2c734937a0329485672363761d0781cc44af5efa0a0dc76b38b2f7f status: experimental description: Detects traffic or activity related to http://42.7.126.62:56401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.126.62:56401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.247.7:55373/bin.sh id: auto-1298881f73659e444a26ec19c69252e02d172f62688aae3187284b1acf662d83 status: experimental description: Detects traffic or activity related to http://125.41.247.7:55373/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.247.7:55373/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.158.100.140:56904/.i id: auto-f0e03020158545697f1dac23add83a70587f0856527347aef5e9045263487d47 status: experimental description: Detects traffic or activity related to http://195.158.100.140:56904/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.158.100.140:56904/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.163.119.106:3896/.i id: auto-d4781215742b133496813a64555bfab025c0b895684183debbc6c19f54716a92 status: experimental description: Detects traffic or activity related to http://178.163.119.106:3896/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.163.119.106:3896/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.220.204:54855/bin.sh id: auto-e7f6bb2ccc0801111613aaa2d9f3305192ce49c97c442b996e7b68413535eb0e status: experimental description: Detects traffic or activity related to http://115.50.220.204:54855/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.220.204:54855/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.5.68:41610/bin.sh id: auto-1bb2d8211c2a1be7f008cd0dff1f25f905f6885364f9cda686a0ef07c63d7a97 status: experimental description: Detects traffic or activity related to http://115.55.5.68:41610/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.5.68:41610/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/arm5/ id: auto-45e909355b1630aa030677fbe978f728e84ae908c00114f118af797f0260efd6 status: experimental description: Detects traffic or activity related to http://89.32.41.172/arm5/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/arm5/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.240.250.176:51080/i id: auto-0e2626a6c3613a344f2f607d24b0f575a6105780d4f6635f137ab2888af302b7 status: experimental description: Detects traffic or activity related to http://112.240.250.176:51080/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.240.250.176:51080/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.235.174:50658/bin.sh id: auto-809886432c5eccd0419f21184418464d7dd911246b270d8d226e2bde5a2cfea0 status: experimental description: Detects traffic or activity related to http://123.190.235.174:50658/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.235.174:50658/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.47.234:33784/i id: auto-5af04ff56e1687f7c50764f3250429a62aec00c812555002dd009cd39a469634 status: experimental description: Detects traffic or activity related to http://27.215.47.234:33784/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.47.234:33784/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://foresposition.com/profile/router-request.js id: auto-4e1700600690e6b38b4851493ee3d8507a0ba9e2e9fa5446d3b7c38eb6a6b4a3 status: experimental description: Detects traffic or activity related to https://foresposition.com/profile/router-request.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://foresposition.com/profile/router-request.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://foresposition.com/profile/redirect-hook.js id: auto-eb990ba77257eeb089d4be74274e2e08ccb6bb6142d1dbf28042b559d7b62f6f status: experimental description: Detects traffic or activity related to https://foresposition.com/profile/redirect-hook.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://foresposition.com/profile/redirect-hook.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://65.109.93.171:1476/update.sh id: auto-65a2bb1393392831a9c5dd4711423bce23202ca4cda16cef8c8dbeda3fb2ae5e status: experimental description: Detects traffic or activity related to http://65.109.93.171:1476/update.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://65.109.93.171:1476/update.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.34.138:41294/i id: auto-de1ab131d91f454f184a2077442f4a3cce0e03e9f20f1306e27ddbad06863d53 status: experimental description: Detects traffic or activity related to http://182.114.34.138:41294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.34.138:41294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.11.28:36905/i id: auto-6b8f22f82923ca1c242241746fd332d4ec76360ae72082346598ba5e288934c9 status: experimental description: Detects traffic or activity related to http://182.113.11.28:36905/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.11.28:36905/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.25.145:44060/bin.sh id: auto-c4646fc5c074449e59132212d1be03e51faa810d34ce2b25035168171694d0ac status: experimental description: Detects traffic or activity related to http://115.49.25.145:44060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.25.145:44060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.143.160:50745/i id: auto-833f4cea9d5ecd156abf6fb77ed53918404642748b4625c5f52eabc52c807109 status: experimental description: Detects traffic or activity related to http://123.13.143.160:50745/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.143.160:50745/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.71.87:51840/i id: auto-25a8f23e88d2688271a1e35874d5b3131d5aa79a0b05c3b2d47d285f6923447f status: experimental description: Detects traffic or activity related to http://125.47.71.87:51840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.71.87:51840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.25.145:44060/i id: auto-966d19e4fb0f8242a202aaf08648ed7025bf8717d809afb1ab1b4e625ed7b1de status: experimental description: Detects traffic or activity related to http://115.49.25.145:44060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.25.145:44060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.224.83/hiddenbin/boatnet.arm7 id: auto-9181353ae6c172e7f1e7419b1628dc845a0c0b957a4dc02575274c6efdef4f6c status: experimental description: Detects traffic or activity related to http://216.126.224.83/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.224.83/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/rate-limit-gw-mn80/gstff id: auto-a2d9065c1081b17129e9188d7ad2c931b4d8cee2ed0378c652f6a8e99a2dc42d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/rate-limit-gw-mn80/gstff which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/rate-limit-gw-mn80/gstff*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.11.46:54466/bin.sh id: auto-c941b3a624dce07d2bad9d47a2dcd38da6656f46ba66ca79e8905fc73a635a32 status: experimental description: Detects traffic or activity related to http://123.11.11.46:54466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.11.46:54466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/rate-limit-gw-mn80/tor-vd id: auto-d1c774995d525d2412a4364338d2bcaa7268cb3de74f7e47c898c747c251649e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/rate-limit-gw-mn80/tor-vd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/rate-limit-gw-mn80/tor-vd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.12.232:45330/i id: auto-fe965429abdc55fb87e75243ec63a3a816e92b781ec8db99c6f8b41095f4024b status: experimental description: Detects traffic or activity related to http://115.63.12.232:45330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.12.232:45330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.47.234:33784/bin.sh id: auto-4d5199340135dd38a819ab41e81e093cca5779d78e779e0f47f7c4373c061914 status: experimental description: Detects traffic or activity related to http://27.215.47.234:33784/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.47.234:33784/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.229.199:56987/i id: auto-9d11dbc06937e831cc2f5823a6bad801ebb2a41fa0728a0e179019d963e81e86 status: experimental description: Detects traffic or activity related to http://42.232.229.199:56987/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.229.199:56987/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.197.252.54:28421/ id: auto-483f73e643a13edf76ac1d5380f19c9c77e3e6ccd9e22df195fbda6819cb3429 status: experimental description: Detects traffic or activity related to http://201.197.252.54:28421/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.197.252.54:28421/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.101.123.50:34583/ id: auto-ac2d5af77bf953370f316e0394734a59651fa6201e492af62286f889883f3746 status: experimental description: Detects traffic or activity related to http://89.101.123.50:34583/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.101.123.50:34583/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.63.213.49:51554/ id: auto-12862dc814c65f39ad5c874eb4d86370883be575221f9739008c8e0f8ed5dda7 status: experimental description: Detects traffic or activity related to http://181.63.213.49:51554/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.63.213.49:51554/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/i686/ id: auto-a4b1efff1705100dc64263f00695ff7e00d4e6e5b73b1429c69cad1ff3004106 status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/i686/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/i686/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.217.165.135:56169/ id: auto-51b56c8b3d10ed489ae8ae26415d1302389d25a2014338bec0d61d966b041efe status: experimental description: Detects traffic or activity related to http://178.217.165.135:56169/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.217.165.135:56169/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:58771/ id: auto-098a861ee19c66197e0e71094ad80dc0d819ee46787367b5091027dc9e188ce7 status: experimental description: Detects traffic or activity related to http://168.195.7.78:58771/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:58771/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/powerpc/ id: auto-e709239bbb5809e736e05b3b9725523c44b3bd44e129118ced665f3da64855e1 status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/powerpc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/powerpc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/x86/ id: auto-c0d4d65252ae976fff6c0213dc495a2365d9734a960b91644fc82b1e143815f2 status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/x86/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/x86/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/m68k/ id: auto-39089ec29f0a33a8d4f7f1d1ade701e216647acef7bcfbcc9cb9d7ba97b99951 status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/m68k/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/m68k/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/arc/ id: auto-cd5ee6f5f52bd34201deec84d961582b1c008de8b1deaff78294ab9c978944e1 status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/arc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/arc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/sh4/ id: auto-ec86b7c0e6d65b520ab476da80ae14ff2a649da76f2d6b9a734e9debfcfcf3d3 status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/sh4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/sh4/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/spc/ id: auto-17c5b64913a7fa444cf064ae9a9846133bb448e74000f7ee944fad96e5bd775d status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/spc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/spc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.49.100.190:56953/ id: auto-cf22abc8a1587533c18862e2607ca668e899633a32d5ce3ddde98a568418c383 status: experimental description: Detects traffic or activity related to http://181.49.100.190:56953/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.49.100.190:56953/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.41.202:21504/ id: auto-2b6a9c56aa0450681989160c18b0dafed7a7b1bc6ee516f78eeee7e24510980e status: experimental description: Detects traffic or activity related to http://110.39.41.202:21504/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.41.202:21504/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.187.151.7:8226/ id: auto-4a10c404d91f413e3cd7567b08d29ae2d3a465325fb7ec0f4f7f4a9e38085412 status: experimental description: Detects traffic or activity related to http://194.187.151.7:8226/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.187.151.7:8226/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.230.131:52966/ id: auto-f64930374b8ad915cf66d67db2ce4bfeba471a8dde0e419f2bd267155cfb4107 status: experimental description: Detects traffic or activity related to http://42.53.230.131:52966/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.230.131:52966/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.242.30.13/bins/debug/ id: auto-ece7898d3360690eb88f9b6899b50ceab7dc0dd2b54128751130c0a07357a00a status: experimental description: Detects traffic or activity related to http://151.242.30.13/bins/debug/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.242.30.13/bins/debug/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gitlab.com/texxhan/exxhan/-/raw/main/73R99XW1P0N7.exe id: auto-5460e74ca2b2046e97f2c1fdf1975ac04f824cf94acf72b52da4beff291cd8fb status: experimental description: Detects traffic or activity related to https://gitlab.com/texxhan/exxhan/-/raw/main/73R99XW1P0N7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gitlab.com/texxhan/exxhan/-/raw/main/73R99XW1P0N7.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.204.204:36899/bin.sh id: auto-36b6bdf58270cb12b9ae3e7edfaa9af6c07b40be229b6971477bd931c573fed8 status: experimental description: Detects traffic or activity related to http://60.22.204.204:36899/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.204.204:36899/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-keyvault-access81475/pro-txr id: auto-2165c8203873934b91e054e41936a34d82667455675bc9cdcfe605cb48cd82cc status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-keyvault-access81475/pro-txr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-keyvault-access81475/pro-txr*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.12.232:45330/bin.sh id: auto-c1651e29d017c0a24b110d5e23e5e4cc2ab7cd1f003fdcc1c61ffd13b214f9e9 status: experimental description: Detects traffic or activity related to http://115.63.12.232:45330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.12.232:45330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.159.1.58:25983/ id: auto-344c29ec94b157f25949e4a4f9fada06b4f3bdeebf9db25bb3ca55af654f7846 status: experimental description: Detects traffic or activity related to http://197.159.1.58:25983/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.159.1.58:25983/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/i686/ id: auto-517a3548a6c32035e9816b6f9ca2d99b5bb66cdcc8ffd5f5a0e70dbbd1241ae5 status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/i686/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/i686/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/debug/ id: auto-4cf6648e4c6fbd65aad5505d8ffe4e079e5d214d35cba7de7d51f2d8a24cef78 status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/debug/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/debug/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/sh4/ id: auto-22f3bf9b8718cdd6cce4c4084595e091e5cdc3bff77b43c64c3245402611ac18 status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/sh4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/sh4/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/m68k/ id: auto-40d1751d6a561a3d516149ccd744a9503c65addf02f805c5e73ae60792a6eaaa status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/m68k/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/m68k/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/spc/ id: auto-15cc7ef689afa2b9dc36b6522c98e8497709ed4661fa5fd059f83cc01607570e status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/spc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/spc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/powerpc/ id: auto-b9a1b06d2017689b602618e3e23794cd4b2ac308f9828739eaaa1b497784feb9 status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/powerpc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/powerpc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/arc/ id: auto-b1485e91e4b34df69e9f3bc33f9c53abdf2f38810cb0c61c171d5a8c02217a36 status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/arc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/arc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.teamc2.duckdns.org/bins/x86/ id: auto-6e5a6e7776956dfef91f5a60d690f907d940e66886f3910e37df7a2271a1ab96 status: experimental description: Detects traffic or activity related to http://www.teamc2.duckdns.org/bins/x86/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.teamc2.duckdns.org/bins/x86/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.215.61.181:26378/ id: auto-2f8600d08f299843e51c5dce212afa033ae8874647ad2efb4a7bc9bbe98a058d status: experimental description: Detects traffic or activity related to http://91.215.61.181:26378/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.215.61.181:26378/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.141.143:52964/ id: auto-f53d155a86deae00fb9ea9406b37960c0a0c7415d30342382ab8e942b2484340 status: experimental description: Detects traffic or activity related to http://42.180.141.143:52964/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.141.143:52964/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.86.237.250:18064/ id: auto-7068f9b81737e2a67c110c9b6f5ba370495f822ba91a0ff20682de76f5c3182c status: experimental description: Detects traffic or activity related to http://109.86.237.250:18064/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.86.237.250:18064/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.55.2:52585/ id: auto-c7a8020c648625731590dc015fb052d5a193e1e15a371a8ce83d09f53b9d3ab7 status: experimental description: Detects traffic or activity related to http://115.55.55.2:52585/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.55.2:52585/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.34.177.78:34414/ id: auto-74ad17ede7723372232169cc476083621d0499542b6ede3ae69c67776b301774 status: experimental description: Detects traffic or activity related to http://178.34.177.78:34414/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.34.177.78:34414/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.129.106.146:38440/ id: auto-4720d9ca3a6e9f3e34d399940f0d50695366586b0a6256535887b4a28171339f status: experimental description: Detects traffic or activity related to http://181.129.106.146:38440/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.129.106.146:38440/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.119.151.142:10462/ id: auto-67d0922d025092d7318113b12cd8ba5418ef7fe1cc25979f29a6c2f489589344 status: experimental description: Detects traffic or activity related to http://88.119.151.142:10462/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.119.151.142:10462/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.237.4.20:46151/ id: auto-227002c6a0d088444d0981385bccd1138b47194c027cb2d148d14054baa754f0 status: experimental description: Detects traffic or activity related to http://151.237.4.20:46151/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.237.4.20:46151/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.3.141.243:17459/ id: auto-510ffbbda5d5f8840b9c5518bf3f971d59754bddb87572393c52fe30a939afbc status: experimental description: Detects traffic or activity related to http://189.3.141.243:17459/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.3.141.243:17459/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.89.168.93:35246/ id: auto-fe72c8a6e14f132c06a5c86f885ca30f37d90c943e219bb1b73f2f359c89b297 status: experimental description: Detects traffic or activity related to http://208.89.168.93:35246/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.89.168.93:35246/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/namuvpnxp.exe id: auto-1f8e98894866fb1083247aab119bf1e889336eff2e15a7455e8b4ed34acc4be8 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/namuvpnxp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/namuvpnxp.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.125.163.10:7080/ id: auto-2bdc93d255a90ea37e78400cf597b2b18817515c0b9711ef5c484afb9a0c1f35 status: experimental description: Detects traffic or activity related to http://103.125.163.10:7080/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.125.163.10:7080/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.36.197.3:61741/ id: auto-d0e791ede6d53cdd465242ff957c8d925306c566fc965d73e727eba15ba05757 status: experimental description: Detects traffic or activity related to http://194.36.197.3:61741/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.36.197.3:61741/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.190.69.6:26285/ id: auto-32f8918a7fa3021f54d675f097b48ce15d1c3a6ae5dd12391b2ceefeb2af5afd status: experimental description: Detects traffic or activity related to http://41.190.69.6:26285/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.190.69.6:26285/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.232.158.148:43716/ id: auto-ae47f21c499fd0763ad190569fe6535854cb6c79e79186faab4a7c74d72936df status: experimental description: Detects traffic or activity related to http://168.232.158.148:43716/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.232.158.148:43716/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.241.19.127:61882/ id: auto-ab656d1cce5d14b3503635506367666d63860cc09d1d63651fa278e5edcf6934 status: experimental description: Detects traffic or activity related to http://92.241.19.127:61882/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.241.19.127:61882/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.77.228.166:37077/ id: auto-7ffa62863d5d63daab0e8413fd705cb2dd86397006d462af19df99f1cf32f7c4 status: experimental description: Detects traffic or activity related to http://178.77.228.166:37077/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.77.228.166:37077/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.201.140.48:45744/ id: auto-53bd2ba3a38598fc66cec531dfb4649a128f8c6f2345df47656521f0cd0abe62 status: experimental description: Detects traffic or activity related to http://27.201.140.48:45744/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.201.140.48:45744/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.95:46021/ id: auto-a65345e3ae9b4e183ef2203b24e5e8c1052ade2c7cfa545d2cbb989796a505a4 status: experimental description: Detects traffic or activity related to http://175.165.84.95:46021/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.95:46021/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.13.25:46653/ id: auto-ca5426feedd1fc8b3f25a1fa953763026a2460a9bfa660352171a16baed43964 status: experimental description: Detects traffic or activity related to http://115.63.13.25:46653/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.13.25:46653/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://70.79.175.75:27219/ id: auto-06e9c8e051113e74e7d179519395ce877e81abb55cc352ff95045ebb5232d221 status: experimental description: Detects traffic or activity related to http://70.79.175.75:27219/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://70.79.175.75:27219/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.155.92.203:3956/ id: auto-083cf21a09c2333c7180b54d8da3413d5c9e04d33ec5dfac447295049ee28c33 status: experimental description: Detects traffic or activity related to http://216.155.92.203:3956/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.155.92.203:3956/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/NAMUVPN7.exe id: auto-fbdeb24e5000fe5c65d8925d2cf1c91e376144bbf431bc4d578aaa5dbe185199 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/NAMUVPN7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/NAMUVPN7.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/namuvpnx2.exe id: auto-d59e528836b1689e69160824634cd4157898c725e1aeef5afcf3c79622353420 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/namuvpnx2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/namuvpnx2.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://167.250.49.155/bin/x64/mimidrv.sys id: auto-e88c7e0b627aa2cc5e8038c94d207154f8a2646da3e43158de1385eb216d2202 status: experimental description: Detects traffic or activity related to https://167.250.49.155/bin/x64/mimidrv.sys which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://167.250.49.155/bin/x64/mimidrv.sys*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/key-cnfg7win/br0wser/file id: auto-01f20157be056a7aacc4811d8e836a81a7e560091140e8ffea1c48c2390d50ba status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/key-cnfg7win/br0wser/file which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/key-cnfg7win/br0wser/file*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.171.210:54763/bin.sh id: auto-46c004c9de2ac2aea650a120921df593a0c04eb209b32d95cd8b5155b3c50a57 status: experimental description: Detects traffic or activity related to http://124.94.171.210:54763/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.171.210:54763/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.151.194:53663/bin.sh id: auto-d37c5887dea5992b6d96c0460b7d6d5f1ef7540ca01d84561f9de91b8ed6b0d1 status: experimental description: Detects traffic or activity related to http://182.121.151.194:53663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.151.194:53663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.107.232.167:21838/ id: auto-af62fdca53f39d4b6afb085ea42f31618a6fd5be00021138cb693f231bc84d84 status: experimental description: Detects traffic or activity related to http://212.107.232.167:21838/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.107.232.167:21838/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.245.131.27:1203/ id: auto-3c5594c77566eb1fb2e4828e62c603655b76cd26cf301e67da6b83d7402bea95 status: experimental description: Detects traffic or activity related to http://43.245.131.27:1203/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.245.131.27:1203/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.6.118:7055/ id: auto-ff6803671e8582a5b2fae7f1acfac682bd7d38a62d64c2e097ca34d8b5977c1e status: experimental description: Detects traffic or activity related to http://103.43.6.118:7055/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.6.118:7055/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.119.54:48009/ id: auto-61bb83dd7ff2acf77cff439bcfe6813b02448a8ac55c58ba71aa476e630caac3 status: experimental description: Detects traffic or activity related to http://120.28.119.54:48009/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.119.54:48009/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.83.157.119:7335/ id: auto-2932ee33150e1ef20bfe06e130d7af07e37219e27c211d0030bb0d56c542af66 status: experimental description: Detects traffic or activity related to http://162.83.157.119:7335/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.83.157.119:7335/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.91.19.138:54120/ id: auto-b5ee2e04fd322c77499d1f9406ecc32722200547a4a336f9918e276fea6412a7 status: experimental description: Detects traffic or activity related to http://218.91.19.138:54120/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.91.19.138:54120/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.75.193.34:9432/ id: auto-78252827ac00c60c1b01cee52f1135661ff6996848caefd2eef0705837b1ec52 status: experimental description: Detects traffic or activity related to http://217.75.193.34:9432/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.75.193.34:9432/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.71.0:42556/ id: auto-3b8a9b256ad6d603a70c6dece87e0a570bd52fe228fd2d3e9fb5f3adfad4ad99 status: experimental description: Detects traffic or activity related to http://175.150.71.0:42556/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.71.0:42556/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.16.250.173:2957/ id: auto-7066d43a71207cfb504a8890f1a478bdef43a9d731379121b49b67c57307e7f2 status: experimental description: Detects traffic or activity related to http://81.16.250.173:2957/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.16.250.173:2957/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.219.58.34:28990/ id: auto-61b80438f5debc07e8195b750fcbd47dd0348aae61dd3e449f1a4d849627f302 status: experimental description: Detects traffic or activity related to http://138.219.58.34:28990/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.219.58.34:28990/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.198.242.56:13277/ id: auto-080fd8bca171c0ff7738128553b18956f7df71230247090a28c4d48fdeeefb40 status: experimental description: Detects traffic or activity related to http://5.198.242.56:13277/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.198.242.56:13277/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.44:50944/ id: auto-65dd09723d5227fe950eacedeb7d15c21b043e780a9427545539b6d638735ae6 status: experimental description: Detects traffic or activity related to http://110.39.227.44:50944/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.44:50944/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.143.133.215:46668/ id: auto-4241f9122392abf829a92c668a950b172b2112a918ad2dfdc495e66b71e2ba08 status: experimental description: Detects traffic or activity related to http://37.143.133.215:46668/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.143.133.215:46668/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.113/b/brute/ id: auto-1a7fde71881236af513474b6390d229ceca5d1b5207771ea00f5480e5cf5a20e status: experimental description: Detects traffic or activity related to http://195.24.237.113/b/brute/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.113/b/brute/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.160.213.108:26676/.i id: auto-e7a40d67baa55a412b3a11f473b8ccdba76eef8ca7ce750584e6a59cad241344 status: experimental description: Detects traffic or activity related to http://46.160.213.108:26676/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.160.213.108:26676/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.142.120:59950/.i id: auto-53910dc236bf73631e83e9611901798b5e135fd0d7dbd6230b69adbb46ee864b status: experimental description: Detects traffic or activity related to http://116.140.142.120:59950/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.142.120:59950/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.227.173:34556/ id: auto-1625832968bd979dc0f1fc9258112ba184429b8797611bc49ad3e2320b189ad4 status: experimental description: Detects traffic or activity related to http://42.59.227.173:34556/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.227.173:34556/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.128.195.138:50368/ id: auto-b357c979f6e43ec417280b0096bcb1f9ae9e94ea3fb5b471dc541f2912ca2d6c status: experimental description: Detects traffic or activity related to http://190.128.195.138:50368/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.128.195.138:50368/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.12.99.194:28516/ id: auto-f4b85943fbc3d6f6fc35ef4f10e2fba5ad096b79ec967a24789440329b240d17 status: experimental description: Detects traffic or activity related to http://190.12.99.194:28516/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.12.99.194:28516/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.155.46:37688/ id: auto-467fc8297f3214dd5e7d3d977bf1c84bbc6202658ed5a2f31329eb1853e70f95 status: experimental description: Detects traffic or activity related to http://113.236.155.46:37688/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.155.46:37688/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.151.34.26:9354/ id: auto-3f03845c4ed0f845d1ed7ec62443a81207660356d907a16dccb6c3b10f3a5971 status: experimental description: Detects traffic or activity related to http://178.151.34.26:9354/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.151.34.26:9354/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.63.137.82:65510/ id: auto-557949e52f8fa148d785196952b333c785190e8b72771d3b712c3a2962b2a2a4 status: experimental description: Detects traffic or activity related to http://64.63.137.82:65510/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.63.137.82:65510/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.111.14.68:25041/ id: auto-37ef3ca8e1903ee6ad7f0169f44f551f736f7e488d93ffb7cd2d24a6a3bbec06 status: experimental description: Detects traffic or activity related to http://79.111.14.68:25041/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.111.14.68:25041/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.119.108.21:40462/ id: auto-9a93b4d5387c8e57288d3176572aa42b2c0d72db55a250226ecfa5173719c3c5 status: experimental description: Detects traffic or activity related to http://87.119.108.21:40462/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.119.108.21:40462/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.252.69.10:58829/ id: auto-386e66c130285a4be85a6e3ce6d84501b9d0de6aa893cd7b39bef8bbf1c9936d status: experimental description: Detects traffic or activity related to http://37.252.69.10:58829/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.252.69.10:58829/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.242.149.32:38302/ id: auto-d460b37f1c7d17d3538446400166bc0617517830a5ef949a39087ec95d4e050f status: experimental description: Detects traffic or activity related to http://193.242.149.32:38302/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.242.149.32:38302/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.239.20.75:16958/ id: auto-e3b651b63114411f3e28e26bc8fff8bd3f3248d907c02ed8b26f1692c722b635 status: experimental description: Detects traffic or activity related to http://77.239.20.75:16958/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.239.20.75:16958/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.148.20.138:24291/ id: auto-b0d248b5e8f356d66349fd6afb38fdf4328f1205d70cb1d59f1606ef9ddd5f6e status: experimental description: Detects traffic or activity related to http://202.148.20.138:24291/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.148.20.138:24291/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.57.20:43011/ id: auto-ea18070d102296cab2995f25462bc4657cd3445e93520287893826135f2e6034 status: experimental description: Detects traffic or activity related to http://182.119.57.20:43011/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.57.20:43011/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.96.57:44938/ id: auto-e9771768ac70acec1f3054e881c0784272b15e4004f7f54a9fd6dda129d7b27f status: experimental description: Detects traffic or activity related to http://112.239.96.57:44938/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.96.57:44938/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.113/b/banner/ id: auto-29f6312fa90d89e573e80eda3918d1f4ffef8de853d47ec8b4b2e1ce51537049 status: experimental description: Detects traffic or activity related to http://195.24.237.113/b/banner/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.113/b/banner/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.113/b/masscan/ id: auto-5de5b6e2b275f9655e3afcdfd2435c5b252621348231e7a109897367f5c15e6e status: experimental description: Detects traffic or activity related to http://195.24.237.113/b/masscan/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.113/b/masscan/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.14.55:43536/i id: auto-6160233b18cdf914e99f95cf13c6dfedd74a55f64f7a7150c7e0bfade2cba505 status: experimental description: Detects traffic or activity related to http://123.11.14.55:43536/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.14.55:43536/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.armv5l id: auto-154bcfb22563d2480dc16ae2420fd9c92b14f269132835bb57eee901339adc53 status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.m68k id: auto-e019b30ec71f65ddaacf677da152e5044ba7449a7d1c71e9524028996306ad97 status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.mipsel id: auto-1b6263160b1d46ab6b709a00170fa21fc2d5079491088861c163fac1a97700ee status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.armv6l id: auto-ff8226255203e93d9d2d10c9c6170443fe4fa9c94949ced32d1fc21a9d84122c status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.75.240:47328/i id: auto-939ba6e9db572cf881ff3e01f874d4923103879496c590c7ab3e495f1df1c174 status: experimental description: Detects traffic or activity related to http://115.49.75.240:47328/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.75.240:47328/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.arm4 id: auto-fb1576fa60781f81884c85226ace6b52861f7f9bba1f088a916c0125a65f4989 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.m68k id: auto-42c874841e3885933da3e36ea8db25f9ca9882a997560af9438f06decbc787e2 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.arm7 id: auto-a7baf99b531b2692328df12ceec15ae28efea5c77d37534a05c5aa97ed1026ab status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.powerpc id: auto-939981a7226099ddbbf775a4a5920ec1d39be79806b306e0a7bd4a6216dc436a status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.i686 id: auto-7cdf3d7351079b679ed4a09796cc6d36754e2e6fe418922b74d41098410f75d9 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.mpsl id: auto-69346af9f546bb2b04e2aba9606b9beac78a38d0f8851f1fecb8956e1e27b620 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.mips id: auto-ee1f1a17084a8845d69b9092affcd8791ff1fdee9929199d486eb18a580957a1 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.sparc id: auto-f1e42d808a93a9d5fbf80c8c5ba9e4efed3d55d40f7eb21657d5ffba6486b6af status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.arm6 id: auto-bd2dd37fa3dea2e6a8a9999e362045ceb26aff26eb4f2012e08ab2364a6f16ce status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.arm7 id: auto-d6e4ecdf9a618f79c85e8516e142e1b9a174ebca8f3074fd5dceab9cb7b1a65f status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.ppc440fp id: auto-aef7387bdb2c600a11a253b386d47648067c1e7ee16674538501fb38020bd01f status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.ppc440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.sh4 id: auto-99a50b99b80402af2d95a357e5da6e3731209c2388c2c086044856ae178e48ad status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.ppc id: auto-85b4acc21917996b5a53c23ace961b4f321438c575271a291b94dafce0f8ef27 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.sh4 id: auto-2f3077c375b60483b2fcefc76c527cc00317a47e78d41c368ba857a412366d7a status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.x86 id: auto-b8559564a2715cccd05017ecd493eafd8f30965fa448f39a942251b029bd17a8 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.m68k id: auto-a016d2304ba802ebe035d0d212308e73b6b937274f328430f5ac77c2f82f4fff status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.arm6 id: auto-476b091f9518631a0a2371d94f158efd9ecf6ffd6656e5d15e73bd84d019f623 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.sparc id: auto-c7a1529537ffe3a472224decb7286a1565354ec96a2ac54327be39c289f982ec status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.armv7l id: auto-a6d0e331edb12966b84407192c145d41c5fb06b21f16c8ad7b39f3f980745910 status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.mips id: auto-22c2fc9a89ed8bf27e20c1e009e79dc2f021c391e8fa19447fb39f836663e91d status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.arm4 id: auto-5ec0f892776ec99bc1ceed7747a001a3397023f766cd9f08ac8594239c1c2361 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.mpsl id: auto-8f8af6bea8ce1ecfd9b0165ff645a7b075e285be37ef2c986fb891d53b885cb3 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.ppc id: auto-31b0245d9d69c3fc3ef4b08ed1a6e83f3f8965a5b252b5b0cbf2962c1e209df3 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.i586 id: auto-311d3e6a2157931a7c0f6799358ebea95814146dd77e0284fbd28658ed01dd07 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.arm5 id: auto-4f7b7162ed7e94f5f37087e88c4b1459927ec40d6f3ceb7558b07c67ee6d32b4 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.mips id: auto-b450beffc90123b3589413734412c51d38d328b6f8fe21289c8dbf912a7e5eb1 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.i686 id: auto-cf7af9ac10a812f599760523ba2cbd92bea40dc03c0b8078283b6f5652c1c48b status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.x86 id: auto-322d84f890f25f239bc9f00017ddb281c8b3fa661e1879b1606572c91e021a21 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Okami.arm5 id: auto-43dae4703e1be401bdd6e652f6514ad6cd7df8a2cb91c7cc2c582908188e9ab9 status: experimental description: Detects traffic or activity related to http://95.181.175.155/Okami.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Okami.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/Demon.i586 id: auto-dd44d75e7aebc1bee2cf786440f83d7d5ca68f0b187d4f5f70989af84a27b20c status: experimental description: Detects traffic or activity related to http://95.181.175.155/Demon.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/Demon.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.sparc id: auto-ad416fd655e1e0894fc870a93ccb52971c59bcebeb09d242f6ad5515e268662b status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.x86_64 id: auto-a2a34a47ea949fe76b52f1deb57627c16b1b156c62757b62a9c20ae6ff16fad0 status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.i486 id: auto-db427b03fc808d3d108964a622d566be67c3f16dc4e4dcf0ff18f54bf1b7586f status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.sh4 id: auto-9a250cc91b825f9d62ec4ba7ddd97bc744fb26583be52cd6cb8694c62c01e62f status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/arm id: auto-1c419859dd8f2d1ca1f53a7d3953f93bef83f92737198191d612756c57f775d7 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.armv4l id: auto-777b8699bd98dce79b331997d2d6bbc1ace4673367856539420cb15df156f756 status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.aarch64 id: auto-27be0431f7c05472650e426075a0901dedecee374b608510f43e250e89a4a38c status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11:84/iran.arc id: auto-8e36fa6bffcb1a6d74a8da2d7201afc7111384bb26c72b85f8c0784c56b36b86 status: experimental description: Detects traffic or activity related to http://87.121.84.11:84/iran.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11:84/iran.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.180.30:49511/i id: auto-410313b267775ebd390b3a0bfe595150832b91786b0a3bd7fe5c466bb2bd4997 status: experimental description: Detects traffic or activity related to http://123.8.180.30:49511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.180.30:49511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.79.247:49963/bin.sh id: auto-cf6f5bbc39e5c6b7dd567ac0633f3ec8143333e36d405ae06cd065aedb0c3d78 status: experimental description: Detects traffic or activity related to http://115.63.79.247:49963/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.79.247:49963/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.141.117.162/maybe.exe id: auto-db3c0c2a90a27b4832dbfcd584542b94fefc8ba9e3e0b82429adddd8ea020f25 status: experimental description: Detects traffic or activity related to http://45.141.117.162/maybe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.141.117.162/maybe.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/nigger.sh id: auto-b64852a4cb9aa67c3df3b6247a81584b92d7840156a8b078952be3a99fb80a01 status: experimental description: Detects traffic or activity related to http://91.92.241.10/nigger.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/nigger.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.169.107:47840/i id: auto-a334eb08532d9a4d5c50490b6882acf77eea3edc25c12470247340f312f38c5b status: experimental description: Detects traffic or activity related to http://42.87.169.107:47840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.169.107:47840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.19.204:39005/bin.sh id: auto-b9a57aa431313ec69fafe4a5e626f6cf99bc7a9a2cecdac78056f00bd728ccb5 status: experimental description: Detects traffic or activity related to http://123.190.19.204:39005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.19.204:39005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.193.23:34539/i id: auto-d26fbbc66f3597361a7f6ebece6c266694355bf3b2b72557441f5588cae9e510 status: experimental description: Detects traffic or activity related to http://61.53.193.23:34539/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.193.23:34539/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.125.71:37538/ id: auto-a1114f05e422866260e7a61d9c61d16b457ba45117e6061a3387e665761a8121 status: experimental description: Detects traffic or activity related to http://124.95.125.71:37538/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.125.71:37538/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/AV.scr id: auto-3eb148972e8ccc25242e6d9032ce9209401b11c7fd7c5cf93344a806af59ddec status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.253.75.188:81/pwn/ id: auto-1a6def5298bbe3bd414f231ca9a03507b0658b51070d006c538c477467541328 status: experimental description: Detects traffic or activity related to http://185.253.75.188:81/pwn/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.253.75.188:81/pwn/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.79.98.79:46851/ id: auto-d818038d6062c76517e680b1f83798d055f54e0ceead2959ab2024b7bec71b74 status: experimental description: Detects traffic or activity related to http://95.79.98.79:46851/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.79.98.79:46851/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/rv32/ id: auto-e2b95fa76a02829aec3a8b63b40467e6603f525b6f69cc57a4259ab9fe7cd4d4 status: experimental description: Detects traffic or activity related to http://89.32.41.172/rv32/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/rv32/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.150.45.193:45464/ id: auto-54866a6d94b5e4285bc5d528c091229c9de8a4160abead20cee7aca5d665f740 status: experimental description: Detects traffic or activity related to http://188.150.45.193:45464/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.150.45.193:45464/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/Video.scr id: auto-44c4774c91aff9c4f1b5f6aeaf43688cf94577e52067f18aab368a95d6356bd2 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/AV.scr id: auto-2c3e1542798718fef4c7236632feeb6237905d0761ae8c88895e5d5e95431fd2 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/Video.scr id: auto-bf3fe554e94bfb205fe0ad6543b020efccba74784242d85fe30606d6fe7c8932 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/sh4/ id: auto-ad587585a40614657c4098c9d77995c7fbf27de1f394b53697ea43f885bab473 status: experimental description: Detects traffic or activity related to http://89.32.41.172/sh4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/sh4/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.16.249.96:46703/ id: auto-692f3e71b054c76977754ddeaf45fbc135bf791f5b63dd174037a4b1eb4f2a9c status: experimental description: Detects traffic or activity related to http://81.16.249.96:46703/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.16.249.96:46703/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.220.234.5:53133/ id: auto-d9355b6a1f13c8c7db629354cd80cb50556f305c03b2f93490ec00b8d6b6e7e9 status: experimental description: Detects traffic or activity related to http://178.220.234.5:53133/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.220.234.5:53133/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/Video.scr id: auto-c50089aa68bca3c0ce327004ce4f4faeb07e69c0dfdfc05964a3aec9212b11a2 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/AV.scr id: auto-b7debab7a5218459b12f67683f7fcf719f8fdf25c87f7544f5819993a16b04dc status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.135.26.83:32710/ id: auto-f455f1350c5fb07b13c027fc11d953758b80614b04440f26f6e1ec4fe0044995 status: experimental description: Detects traffic or activity related to http://88.135.26.83:32710/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.135.26.83:32710/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.208.188:41798/ id: auto-e6a670258f6d9d486adb554188e930fa755fde3326e70c0597d6704422e5ca9d status: experimental description: Detects traffic or activity related to http://222.127.208.188:41798/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.208.188:41798/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.244.113.217:53408/ id: auto-1e4dcde84832faee043afe32ec1c3d1c2d8f8e156a32baa5032ea34acc91a5d3 status: experimental description: Detects traffic or activity related to http://94.244.113.217:53408/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.244.113.217:53408/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/AV.scr id: auto-c99bb4bfb10109c7df6b20e9509a7ccbbe6bfb227ba004a17e4be36fe85ec3a1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.255.46.245/formind.php.old id: auto-219358d220063388b3ec952a50dba9d49d4182b260adce1a3269c0be1f13e16c status: experimental description: Detects traffic or activity related to http://51.255.46.245/formind.php.old which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.255.46.245/formind.php.old*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.203.218.38:45842/ id: auto-17c296c42bf4643b046078b2c656bfca681ad0c6c4c1c2c945eaa9523e01e8c7 status: experimental description: Detects traffic or activity related to http://41.203.218.38:45842/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.203.218.38:45842/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.129.182.138:50370/ id: auto-740ee30d236e742f5d41b5d706aa0ae48bfaf8bc2acba8de504d3c4ad699e822 status: experimental description: Detects traffic or activity related to http://181.129.182.138:50370/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.129.182.138:50370/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.197.168.148/11_freyja.zip id: auto-48c4c3b2c212d84d3d3e8eeb6dd9e718419e9e61ade9a24b77e8d949bfdfa17a status: experimental description: Detects traffic or activity related to http://89.197.168.148/11_freyja.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.197.168.148/11_freyja.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.173.173.98:58982/ id: auto-375d5b055fe91068a0ea7b82ffaaedebc126952fb6caeaf306230972392b16ba status: experimental description: Detects traffic or activity related to http://103.173.173.98:58982/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.173.173.98:58982/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.155.92.204:2876/ id: auto-c374ae75d4de48bfbf531cf2dac070756e708a941040fe486c8fb438224f2344 status: experimental description: Detects traffic or activity related to http://216.155.92.204:2876/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.155.92.204:2876/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/AV.scr id: auto-02eb49a6eacdb252ba1a29f7870b1c328c683513be3d30e1278ef7055ecccb4b status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/Video.scr id: auto-ee647f943573d5cd2f29beaafe8a6dd0dbed1433fe75dbb70985154cb900d9a9 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.46.63.2:2206/ id: auto-569bb34fe08c467c22cbed9b16c78338fee014bc2658094fbe77190ac175c897 status: experimental description: Detects traffic or activity related to http://118.46.63.2:2206/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.46.63.2:2206/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.29.14.127:29050/ id: auto-649b6bccf04fd4d505ee205b569e3e8f09b51eb5c13f6fe049031275a250b93f status: experimental description: Detects traffic or activity related to http://78.29.14.127:29050/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.29.14.127:29050/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.78.254.83:38585/ id: auto-b08f3b1a838b0c335104245ddc614036a536226bd3424bb31b1885b374bda56d status: experimental description: Detects traffic or activity related to http://174.78.254.83:38585/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.78.254.83:38585/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/Video.scr id: auto-28d4373efa218cac94903ee4d3086060a6b01dcea5191910d867791bdd0388d9 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Music/AV.scr id: auto-77506016276f8958102d9c77b041dbad2be8b2c1d62a9753434bc3cea8fcd1bf status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Music/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Music/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.37.211:34753/ id: auto-ea9bbc8255a18dddd3129e8ed1a8d6487c13dc4d3ee1b4353a059926a730a09c status: experimental description: Detects traffic or activity related to http://222.137.37.211:34753/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.37.211:34753/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://65.87.58.122:4954/ id: auto-ec23cd254e5d7e6b28710ab313be0649f880bbb2d77a7ca9bd2f7fcfb45befd4 status: experimental description: Detects traffic or activity related to http://65.87.58.122:4954/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://65.87.58.122:4954/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/Video.scr id: auto-8762476aeb08819a20d0a44386b27ffd65db313de81c40dc739929fa794d0c97 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/arm5/ id: auto-e6af21c2eac6888ee3d774b19ae5850e8b29eec06f242d7e9afc890742408318 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/arm5/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/arm5/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/Photo.scr id: auto-6c1587b24f143d101e4492b9835c69e8b4159c504bacb5e37593b7722ece9c98 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Video.scr id: auto-92de0a9c0cd3d7955ef2d969bd0be73e8faf5781abbfff67475f0d11c29f31c1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/AV.scr id: auto-46685713e921478213e2bec34bd6cd039eb0f9e37454a4e49ed99ff50d131349 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/Photo.scr id: auto-0f2883580e23267da73ebb7c5909c0114f9dbaf5867315f4218b7ad5fe5d2a8d status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.249.142.93:44646/ id: auto-b2ee902bf41bb66f5cef3b255fdb0902c3e367869d27106d07b29441b346bb41 status: experimental description: Detects traffic or activity related to http://2.249.142.93:44646/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.249.142.93:44646/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.181.28.63:5945/ id: auto-a3636d0be212e5c0b99e91092b0387f750516f4b42e7522d261265dd882c137c status: experimental description: Detects traffic or activity related to http://5.181.28.63:5945/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.181.28.63:5945/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/Video.scr id: auto-b7ff08aaa437e5c9478c81656c75fc72d2c990c7cd40d4a21c5094aa541115e1 status: experimental description: Detects traffic or activity related to http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.33.243.139:8888/DebugView%2b%2b.exe id: auto-92ad917f4214f2ab78dc7e449a6fcfc4039041ec27805161e7ca599c1c8a14aa status: experimental description: Detects traffic or activity related to http://101.33.243.139:8888/DebugView%2b%2b.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.33.243.139:8888/DebugView%2b%2b.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/AV.scr id: auto-9d8e832182ad2b4f20902c0be074e1f9b5d3f7c14338a43de9348bac8ac6c3a9 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.178.251.212:8888/DebugView%2b%2b.exe id: auto-2b3c3971884da6cfd877ff95b7f0f542d6b8591dc253a0519056f7c576ef182d status: experimental description: Detects traffic or activity related to http://175.178.251.212:8888/DebugView%2b%2b.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.178.251.212:8888/DebugView%2b%2b.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/AV.scr id: auto-c6a5e53ebe64ff4ba21c5f6b261ab2b8e0eaa0ed3b0b549ec05fe37aadac22cf status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.71.3.17:8253/ id: auto-45ad8b2e8ed725c67a9b957367f8a3b36a44c5fb60301e0b7df8406e98b9a38e status: experimental description: Detects traffic or activity related to http://80.71.3.17:8253/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.71.3.17:8253/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.191.160:59266/ id: auto-ee7ec75ae46493b7a34c95c44de28b7568d74374432a519d3f9893cc903502ae status: experimental description: Detects traffic or activity related to http://42.239.191.160:59266/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.191.160:59266/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.73.70.114:16828/ id: auto-fdf1ae8ec4b4679ebbd31f217c1e60482b9e27fa85605de51d42015a87efa6d5 status: experimental description: Detects traffic or activity related to http://80.73.70.114:16828/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.73.70.114:16828/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.42.229.80:15195/ id: auto-a4a0ceda49b857dd6d9e65faed7e312aa0b0e178069f1ac5667fcb3623ef48d0 status: experimental description: Detects traffic or activity related to http://118.42.229.80:15195/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.42.229.80:15195/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.216.192.119:47959/ id: auto-df403d4d060cc6eeb6947bf9e15793fc77d8e92dd91611a3261afecc02728773 status: experimental description: Detects traffic or activity related to http://185.216.192.119:47959/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.216.192.119:47959/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/AV.scr id: auto-1ebe3e88c24358671f7a2267c24242c6189b889b3cfbde0500eea168319048bc status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Notifications/Video.scr id: auto-71ecc7228346bcc66dd29d78f2a51639ea266d72038406c4fc4b99e7edfa9f37 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Notifications/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Notifications/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.9.14.86:44780/ id: auto-984d2ec47f4829974176093b753162fc9e0182d04eb83b6c24d76c0b65d0f917 status: experimental description: Detects traffic or activity related to http://195.9.14.86:44780/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.9.14.86:44780/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/mpsl/ id: auto-c7873f43598e64b8f2887d134132c414cfa572f1c3963cd0a57e6bf6601a16f5 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/mpsl/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/mpsl/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.77.175:46385/ id: auto-350ff071367e512cfd36e8bfcbcc4ca6f2b7f2ac52bbb225112595dec1683945 status: experimental description: Detects traffic or activity related to http://175.149.77.175:46385/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.77.175:46385/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sancaktepekombiservis.com/js/apps.exe id: auto-a4e5fc69760a73c22ea7c547a9f864f937e37b7d48401beef5cbe04e7f07922d status: experimental description: Detects traffic or activity related to https://sancaktepekombiservis.com/js/apps.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sancaktepekombiservis.com/js/apps.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/Photo.scr id: auto-611a84c3f09e1fc81a75fe48eedd6840597efbc905e5c62fb74e7ffea890711f status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Alarms/Video.scr id: auto-20f175f4a04c6fb9e3cfdaa9355246001bd093b06b1a8846846d231d7a482325 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Alarms/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Alarms/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.149.178.117:29096/ id: auto-36007e3cc827b6d1cb379c66f6f708c1c1b5f25cd495ee9bfa1e4d6029609471 status: experimental description: Detects traffic or activity related to http://213.149.178.117:29096/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.149.178.117:29096/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/Video.scr id: auto-bd07ea3ef73ec7a631137aab0e0be4b17d848f9ea06740416cf9dc3505fce71b status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:57106/ id: auto-5309550ed23b441c4285910f50a04a90718f9e9ee6c305101698261385463b8f status: experimental description: Detects traffic or activity related to http://110.37.101.252:57106/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:57106/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.231.131.90:34165/ id: auto-6b206ae5a0f2f79cf62af61ad1bae69a063670a53bda98133ce4694739e04d87 status: experimental description: Detects traffic or activity related to http://171.231.131.90:34165/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.231.131.90:34165/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/AV.scr id: auto-33d281c70522e502cc1c6e16e7fc685511ea97975d6019926b8939ea719eb932 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/Photo.scr id: auto-812a41a652e561b180a57f6105f81adc8c6addfb58a38eabdcb2203f81929caf status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/Video.scr id: auto-00684a17c29dd217961fd27b645727ec33e34229a716ac1b5c30c0d5e433c35d status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.179.121.235:1123/ id: auto-bb42cccb7720b0b765a03ae1144e724e6ecc718744eb69aa9c3adc9c5a28f837 status: experimental description: Detects traffic or activity related to http://118.179.121.235:1123/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.179.121.235:1123/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.72.2.83:3950/ id: auto-b52ae2c74c0a19e062a8a51dec5767092e3b237548dc328a268b4b0df7c8faa1 status: experimental description: Detects traffic or activity related to http://116.72.2.83:3950/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.72.2.83:3950/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.221.36.18:7124/ id: auto-2d014ed7fe5ab1486f27cdd517537c54576982f10b5e151e0644ca9063cf0156 status: experimental description: Detects traffic or activity related to http://213.221.36.18:7124/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.221.36.18:7124/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.12.78.161:36220/ id: auto-86c907f797e4fd8027f189f36966eeb999c83e94bbdc3d5089d69574411440fb status: experimental description: Detects traffic or activity related to http://185.12.78.161:36220/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.12.78.161:36220/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.166.197.212:34117/ id: auto-4e4ce08d3b05e6026418eefeed8739f22ad8fa1e1ad932cfbabccac2658eeafb status: experimental description: Detects traffic or activity related to http://83.166.197.212:34117/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.166.197.212:34117/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.170.110.131:9105/cryptography_module/base_library.zip id: auto-4bc75924cdb11064eb983b071d70d63c5484175eb35e63ef5aad5056ff1dde16 status: experimental description: Detects traffic or activity related to http://122.170.110.131:9105/cryptography_module/base_library.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.170.110.131:9105/cryptography_module/base_library.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.153.161.181:16906/ id: auto-9c37944c218afa03fb66daa9c2d9f5d694cd3bc334717ebbe158d813b9864826 status: experimental description: Detects traffic or activity related to http://218.153.161.181:16906/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.153.161.181:16906/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Movies/Video.scr id: auto-6813b0a84e2db75a75bf3dc5c9b5cf35271f16910570efffd8d26499f1fce8dd status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Movies/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Movies/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/AV.scr id: auto-c0bf571c5125a20ea3b570b11b07cd7cd43879a12469fabbf4cf527ded9e3a38 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/rv64/ id: auto-fcc0f7bc693a2f30a47ff19af7c1a8757de239154812118cae4c55f5cd355de9 status: experimental description: Detects traffic or activity related to http://89.32.41.172/rv64/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/rv64/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/ppc/ id: auto-1b092e617c23672557e182f512b3c7f476979cf484fcb81de38c27d57900fa68 status: experimental description: Detects traffic or activity related to http://89.32.41.172/ppc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/ppc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.252.89.75/001010101010010110101011101010101101010111010101/debug/ id: auto-6a766b3a8b6d73398fc6f9d680a078e3a9a3994bfcdaf6b5a0671bc43ad05258 status: experimental description: Detects traffic or activity related to http://103.252.89.75/001010101010010110101011101010101101010111010101/debug/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.252.89.75/001010101010010110101011101010101101010111010101/debug/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/arm6/ id: auto-306f0a770a4deaa0e0979251a4c8cffe0dbcada347fa53ea5fe0b009b187cbb9 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/arm6/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/arm6/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.240.70.185:14868/ id: auto-ea1c794a6455e59db67289358d224f4760e49cbf81610f304e73e4a1ddd63d49 status: experimental description: Detects traffic or activity related to http://115.240.70.185:14868/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.240.70.185:14868/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Download/Photo.scr id: auto-beffda33c12917029db40b76f569d1ac415c9ce86ef4788668b87802c7ac88c6 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Download/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Download/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/Video.scr id: auto-5f07e9d03a35793475efb59ca4c1d6abda4e588ff3547a9614aa5744e18d12c4 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/Photo.scr id: auto-2d9b9d2e573c8bacc234ec1a8c4fb7b0866611fd639513f9cfe993da0edf9b9c status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.70.85.113/data/Diamorphine-master.zip id: auto-3beab407d69972e36ce03cfb804261205bce95b0ef42d77a241032df23e5f176 status: experimental description: Detects traffic or activity related to http://81.70.85.113/data/Diamorphine-master.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.70.85.113/data/Diamorphine-master.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://161.132.50.128:8443/threat/eicar_com.zip id: auto-5f88815fb2f81897149b28ac8323c135469448370e8e31d66e8d3fbb06e0e752 status: experimental description: Detects traffic or activity related to https://161.132.50.128:8443/threat/eicar_com.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://161.132.50.128:8443/threat/eicar_com.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.248.56.14:23199/ id: auto-a79cc36c36db9f092d379bee3498e62532bb651452a76566351cdaf56cef700f status: experimental description: Detects traffic or activity related to http://151.248.56.14:23199/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.248.56.14:23199/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://161.132.50.128:8443/threat/eicarcom2.zip id: auto-b7acd7e3861fa5785d01236be867537574214b4ae3577deffd8f1cbd3c1047b7 status: experimental description: Detects traffic or activity related to https://161.132.50.128:8443/threat/eicarcom2.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://161.132.50.128:8443/threat/eicarcom2.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/Photo.scr id: auto-c39e93a5852b54ec8cdb02f2f62ed00a05dd2312cf046c227f40413b1ada291e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/reverse_shell.exe id: auto-c6155bc251392a899849ff57cf4891c880b6b7b53a1e3cf6d4abdc58ac46cead status: experimental description: Detects traffic or activity related to http://194.26.141.203/reverse_shell.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/reverse_shell.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.196.62.177:10159/ id: auto-911965a101fb821f0801f7e5d5be024623a86b588657ffafc7a89a24f1b528cb status: experimental description: Detects traffic or activity related to http://66.196.62.177:10159/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.196.62.177:10159/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/arm/ id: auto-9cc103612cd03d9996f20e1178056cd0e8c66fee42d2b0aafce3bf0d1283148d status: experimental description: Detects traffic or activity related to http://89.32.41.172/arm/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/arm/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.247.124.188:8937/ id: auto-7c1f27f0705029b63681807b0a223f727824b3b8c084275bbcd66978793839cc status: experimental description: Detects traffic or activity related to http://91.247.124.188:8937/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.247.124.188:8937/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/arm64/ id: auto-83907663cbc0fa2b5e9eca5907e6f3ed41ebddbe02385db695d15475df45c8a4 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/arm64/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/arm64/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.69.79.44:55952/ id: auto-01217887ab46249ee6c56528a5ef9571006705b1bb2820cc0270e8f49c2a43a3 status: experimental description: Detects traffic or activity related to http://109.69.79.44:55952/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.69.79.44:55952/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.154.84.37:64790/ id: auto-3bfc4b9775f752816676734fff8cb0d094af5dc5cb95267e43f2a3d1afe0e5d8 status: experimental description: Detects traffic or activity related to http://94.154.84.37:64790/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.154.84.37:64790/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.182:37783/ id: auto-69b68da0d4fad2df212f4f7dbd010831fd25a25472db40be3bce9ecbcaa2afad status: experimental description: Detects traffic or activity related to http://115.63.51.182:37783/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.182:37783/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.50.136.42:34226/ id: auto-a72e2783d0b8a66e00085c0494c55469257d0b95bd279523dc0b085910465b80 status: experimental description: Detects traffic or activity related to http://92.50.136.42:34226/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.50.136.42:34226/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/namuvpnx2.zip id: auto-d849200ee7f035c5d71ba3c78793e276a63d23964a543e0973e7da845cf4b034 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/namuvpnx2.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/namuvpnx2.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zenglobalenerji.com/assets/fonts/setup.exe id: auto-7cce9740bdd6c2cea84408c05c1dbf3e59668a524ee8f919cb3daa3b38ba8d15 status: experimental description: Detects traffic or activity related to https://zenglobalenerji.com/assets/fonts/setup.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zenglobalenerji.com/assets/fonts/setup.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/DCIM/AV.scr id: auto-5390b43b0ca37caf9934e5056a84e73c42a290a1091a0122355ff67fe854aa97 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/DCIM/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/DCIM/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.30.204.252:2213/2358VS%E5%A4%A7%E5%B8%88_20250613.apk id: auto-9d6ba94ff307b3a1b1237bdc55423d5f08a5363e08d01764a1b9ebcae18bcbb3 status: experimental description: Detects traffic or activity related to http://183.30.204.252:2213/2358VS%E5%A4%A7%E5%B8%88_20250613.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.30.204.252:2213/2358VS%E5%A4%A7%E5%B8%88_20250613.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.223.60.33:38054/ id: auto-533432af246e8e5f2723ab14a0b31bc5d291e0c9b862a1d82a1ef76856259be0 status: experimental description: Detects traffic or activity related to http://31.223.60.33:38054/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.223.60.33:38054/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.102.87.68:58721/ id: auto-32bed2268f83c89c3e181b31fbe3048eeccbd9f6cb4ec43f1ebbab4ca07f002e status: experimental description: Detects traffic or activity related to http://85.102.87.68:58721/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.102.87.68:58721/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.190.57.114:8141/ id: auto-7edddccb35c0ccf89fb81c82f93ae2ecc6fbe07ba525a1a36107aecbb6a52b0f status: experimental description: Detects traffic or activity related to http://41.190.57.114:8141/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.190.57.114:8141/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.109.138:25236/ id: auto-7ffdc63fcd8e23c6297b83199aada1756059b7cbbb23c413eaefa0f89d02306a status: experimental description: Detects traffic or activity related to http://36.88.109.138:25236/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.109.138:25236/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.255.45.54:48893/ id: auto-28ca74a913efac6ff2ad65f523cc5c3da4f19a54fd1c9f017e34c7a9c124a3e2 status: experimental description: Detects traffic or activity related to http://83.255.45.54:48893/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.255.45.54:48893/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Movies/Photo.scr id: auto-8675fa2a7cff6e457f0b43c37d456181b99113f0fa2491a3df018ee3a9abae50 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Movies/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Movies/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/DCIM/Photo.scr id: auto-fbc8cfa2e6f1275662fab77e7118329db830e05e8d97207722ad2d99ba68a71e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/DCIM/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/DCIM/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/DCIM/Photo.scr id: auto-724de38b057b495fb73e53ff145b7f9e54ef122ec27feae7d933fcc2eed0f7e1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/DCIM/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/DCIM/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/mips/ id: auto-8335d8a085169800460d793ef4926a428ace301ff8621d85d54be8611743486b status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/mips/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/mips/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/Video.scr id: auto-ed51e01cd716959251982a3a092fb809f11c1b0c2d8bedbcd84ed66f64d9ae09 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/Photo.scr id: auto-ab08d2ea427acf622b4271a36b80d80667452fc3d820b469b78faa0a9a632dad status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/Video.scr id: auto-3871bda229e7c5eac88002cb60be1ee24ba3cf95ec3ba8a43a966f7a27ebc360 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Music/Video.scr id: auto-265e638e51380fd8c99c5e5b4484dd2f0f8ba3a49bc8805f7f406a4a4f1d0cc7 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Music/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Music/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.146.123.111:8143/ id: auto-4a17be050e142814b27de508f62f13cd4d0e91e5e5b6450c86c0f5234616a32f status: experimental description: Detects traffic or activity related to http://121.146.123.111:8143/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.146.123.111:8143/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/NAMUVPN32.exe id: auto-cf45bd995a11db94f2a27810962245e27986eb0a5afa0a83e9dd0a776183713a status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/NAMUVPN32.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/NAMUVPN32.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.214.241.150:28760/ id: auto-457a1c3d4c1f90c955317f1397b9b0486076fadc5f9e4ccce2925d571f0165d9 status: experimental description: Detects traffic or activity related to http://178.214.241.150:28760/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.214.241.150:28760/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Download/Photo.scr id: auto-e9a4845036bdfac8cf37735d5c11bcf7bcd70758f0e8fb759eba9843d0dd472e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Download/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Download/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://download.pdf00.com/pc/pdfconvert/ id: auto-e1b35f4575a08e4ec335644e1459df3d1b8b0a5b6030e5d8d1768adbdc65740b status: experimental description: Detects traffic or activity related to http://download.pdf00.com/pc/pdfconvert/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://download.pdf00.com/pc/pdfconvert/*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/Photo.scr id: auto-f3b0f399dc8a1bcb5bd20981d1af6f81db9f58902d5162c39b3d0ac46fdedc9f status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/namu864.exe id: auto-b64d84c51c8b87a018e989a6e33d9781faeab76d1118b0f8053345b1644e9ffd status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/namu864.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/namu864.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/NAMUVPN32.zip id: auto-31ab40ec49ec4f9fc0d02119dddf2049d4439f457c4a4de06a5d8a13845c5e3e status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/NAMUVPN32.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/NAMUVPN32.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/AV.scr id: auto-ec473477168c3530bdc8c3c3bca6c02825a7de979944031117e58057747d0641 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/Photo.scr id: auto-fca41aeb06b30a498e08c76f3593d684caad0c91d78862f295fd356330491aa9 status: experimental description: Detects traffic or activity related to http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://sfa.com.ar/activia/soporte.exe id: auto-d1c094e9a1d56be55b3fbac7f43799d0388180215a6b318c81cd2dd801c7a713 status: experimental description: Detects traffic or activity related to http://sfa.com.ar/activia/soporte.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://sfa.com.ar/activia/soporte.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://49.156.46.134:31244/ id: auto-ed2e3a7969239b3c55e0fc1dcfae59865983e42df9295b951e1a3f6439684780 status: experimental description: Detects traffic or activity related to http://49.156.46.134:31244/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://49.156.46.134:31244/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.9.25.206:36858/ id: auto-cdd107df885e5dc8079249e8f75241962b11a20487ca7fe986f59d478ba7c96a status: experimental description: Detects traffic or activity related to http://37.9.25.206:36858/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.9.25.206:36858/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/namuvpnx2/namuvpnx2.exe id: auto-8aabb72d5a71c967bf685e591f34b2cd654fb3b1b689d69a12503e61f2db0ab6 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/namuvpnx2/namuvpnx2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/namuvpnx2/namuvpnx2.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://63.245.127.62:63963/ id: auto-f671d30764676d733812718f43209fcad0b2ceaa94bef7e2e73d5532bf249a46 status: experimental description: Detects traffic or activity related to http://63.245.127.62:63963/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://63.245.127.62:63963/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.98.236:50756/ id: auto-e7b2f130b254b641398ebbd0fe7c64de96fea7344bacc24e6852b949df0f4555 status: experimental description: Detects traffic or activity related to http://202.107.98.236:50756/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.98.236:50756/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/mips/ id: auto-119075c185b2b96e8c53d80614c69400ed2cad42857912cdada837c985add0b4 status: experimental description: Detects traffic or activity related to http://89.32.41.172/mips/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/mips/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.59.36.18:2339/ id: auto-b11e8a5244771687061000c09ee1aff2a72033dc251b4b3784936a8b37641865 status: experimental description: Detects traffic or activity related to http://45.59.36.18:2339/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.59.36.18:2339/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.143.172.66:44726/ id: auto-9dae1b45ad51db6f6685913bb11eaae0d867d47eae3a648c427662519970f114 status: experimental description: Detects traffic or activity related to http://91.143.172.66:44726/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.143.172.66:44726/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/Photo.scr id: auto-811cb055f23495821568f59e2ce4db7a76f48991be1529eda1822e11f5754f7c status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.35.217:34455/ id: auto-6b27ecea04a803cd948846f5f686c782aafe37a0201f7ccb3d332d8ba2db92e5 status: experimental description: Detects traffic or activity related to http://115.55.35.217:34455/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.35.217:34455/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Download/AV.scr id: auto-8ab7f9e3dd5a05308e2c7e83cddcf1adea55ba656739cb1e03e7c3338751f8e4 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Download/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Download/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://49.233.178.5:8888/DebugView%2b%2b.exe id: auto-f9e5899277e35c107459248c29422bacf9894a4ede42ab4d18e8d4853af7d7e8 status: experimental description: Detects traffic or activity related to http://49.233.178.5:8888/DebugView%2b%2b.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://49.233.178.5:8888/DebugView%2b%2b.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/DCIM/AV.scr id: auto-a8a2da20bc2340902ba678ccccacea315283313f4681a3b00e82e577c9034192 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/DCIM/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/DCIM/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/Photo.scr id: auto-0e70eca2b716b0a541d60eb9b2d3c0822a2e579cc733585ae38a816e0378fe9e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Pictures/AV.scr id: auto-be09b6a0af34847dc312bffc78033173745c1e381b4877c99d98de54fc047e38 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Pictures/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Pictures/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/AV.scr id: auto-720d6950c839b20ef72384e3b7e6624e08edec065729746e4d26f1c3da4bf4a0 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Alarms/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/Photo.scr id: auto-34d5b335e21c8d5d0aaf94ba7edaaf676e9f51a6f83c3e364b5c82a1139cffd0 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.30.194.134:30357/ id: auto-a844892c2cd4d0618b353f0d1de175d3763326e6480f45c447cf7b4f7566aadf status: experimental description: Detects traffic or activity related to http://81.30.194.134:30357/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.30.194.134:30357/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.106.42:40538/ id: auto-6f0071811be941a23832a882ae5c436ba927b4da08ff79a9b60b9fd0ab4f26b8 status: experimental description: Detects traffic or activity related to http://58.47.106.42:40538/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.106.42:40538/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/sh4/ id: auto-7225cab9818c54ab3d7f9cec60d9fcbaf5774aef51f5a118fedad5014f4d54d3 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/sh4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/sh4/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:37476/ id: auto-e4074bd2595684992de7bd4599cb5f125bc335ce4aec8209b12d300eb79b192e status: experimental description: Detects traffic or activity related to http://110.36.0.116:37476/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:37476/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Video.scr id: auto-947bd9261b5e9e40ae175461cd2cf97bcde9c715d838cfb5c98efa1e0be019fa status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/x86/ id: auto-d6de32862ce0d1d53ead17dda1858a1a60eb28a34e6279ed1f7e9154b7a66fe4 status: experimental description: Detects traffic or activity related to http://89.32.41.172/x86/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/x86/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/Photo.scr id: auto-5c2e9b9fc8154fa35694ffef73c62a0467550f19783d93facba83e0d5b73325d status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Podcasts/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/AV.scr id: auto-9382c58d884894b8e8db9d930360184431a21d7cc5bb69110d3a879b6b544445 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.154.241:47166/ id: auto-fc0716284a301a884946fbaca44e89aa2eff5c0145e44c8c4dbca931c10f2ae3 status: experimental description: Detects traffic or activity related to http://112.248.154.241:47166/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.154.241:47166/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/Photo.scr id: auto-43da3bc6f35d04c3830b1e7c637eaa10e50c2f4a6299d60106c5523d36badee6 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/obb/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Music/AV.scr id: auto-e626e773cb3730962e9a6c2b6dc13ad34df6673028522153ee470ea77ad34782 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Music/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Music/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://sfa.com.ar/activia/folderagent-2017-01-03.exe id: auto-529ec10be0c6945887320f9b2a99ff17a2447a8adf52f5ce7b9d2e9b1aa96417 status: experimental description: Detects traffic or activity related to http://sfa.com.ar/activia/folderagent-2017-01-03.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://sfa.com.ar/activia/folderagent-2017-01-03.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/Video.scr id: auto-31c1fc8c67d28e866c6553162c8f2fbdd97ec9e42040f3bbc80fb5ebd8b91491 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Ringtones/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.50.149:56251/ id: auto-e7b52b9249bdf3abe2527f4205a38768f300449cb2db347adedae74974bd0d1f status: experimental description: Detects traffic or activity related to http://175.146.50.149:56251/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.50.149:56251/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.56.42:28186/ id: auto-812e55d3de5253913970059f95da3bf050fdbdc2503a14357a591569d89859a3 status: experimental description: Detects traffic or activity related to http://46.151.56.42:28186/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.56.42:28186/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://sfa.com.ar/activia/ShowMyPC3510.exe id: auto-91a156b0f4fdfd7725431139e0b4eadfb0a7331d59bc3a5a8af0b7a4e746be47 status: experimental description: Detects traffic or activity related to http://sfa.com.ar/activia/ShowMyPC3510.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://sfa.com.ar/activia/ShowMyPC3510.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/AV.scr id: auto-98759a942c8619595576aedb7724d302be2c9cf80d5dbf846b14f14b5dfd30c6 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/obb/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.253.170:45851/ id: auto-7a2702c56eb7115a629279b401f268ccecf7830caf30d06feceaa5ae738058d4 status: experimental description: Detects traffic or activity related to http://119.117.253.170:45851/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.253.170:45851/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/AV.scr id: auto-f7f8185ccc1bbf9e3f900bfeef850d0dea4a95fb7492c97d30290c36f5aade68 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/Video.scr id: auto-c091cc46da427aad814415b706f2cafbe22c6ab61ab687212dd8d9557e7cb767 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.245.244.254:37898/ id: auto-96f6732598ad55e64a157463264a7afb9f808389df95e9793fbdba49ebaae1d1 status: experimental description: Detects traffic or activity related to http://197.245.244.254:37898/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.245.244.254:37898/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/spc/ id: auto-35840210c4622fea99d9e797ae5636339f90f9d014f0390258243041b9e1fb65 status: experimental description: Detects traffic or activity related to http://89.32.41.172/spc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/spc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/mpsl/ id: auto-7450592fd7a47a7b2bef2e3b75b479e24c15c87ec6969e3e3d811577db4937b3 status: experimental description: Detects traffic or activity related to http://89.32.41.172/mpsl/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/mpsl/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.253.75.188:81/openssh2/ id: auto-1286baf451ef3c1a0f2857e0d6394a113851a9316627e8d0cd43bf8bf3bc0e58 status: experimental description: Detects traffic or activity related to http://185.253.75.188:81/openssh2/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.253.75.188:81/openssh2/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.79.114.29:17429/ id: auto-bb0b132c635162d4dc8598c1c471ceb078f6822a3c6b82412509be830260ab19 status: experimental description: Detects traffic or activity related to http://103.79.114.29:17429/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.79.114.29:17429/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Download/Video.scr id: auto-db8cab6f1bbf10495a21ae43b5bd4bd6049f645e43207343ee81b2608731cf2e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Download/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Download/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/Video.scr id: auto-c3b9d3d99ff1ab4cc6017a0e3a960f8d8732b70564aee6ff6d3915b97b7671d5 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Podcasts/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/obb/Photo.scr id: auto-9a2486f0deeb06873ecb48e51d7a3fea9012de1be2617904aac1610ca95e20eb status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/obb/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/obb/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/namuxp.zip id: auto-f315e55a9365eb90dbc61c5015045976c2af0e67928aba4026a63128f314fcce status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/namuxp.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/namuxp.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/Video.scr id: auto-37cd8872401de5a94e25ea477c36726e2708f3704d09e65d251bc7bc0e8e4f79 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/Photo.scr id: auto-272fde16d8e662de624591b362c723943e8f3b6a18e574e2bf12f77cd0332f47 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/obb/AV.scr id: auto-2f86d9740445ccc58109752174c38227d2224fcbf50a1c440290d1cd6a9d44f9 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/obb/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/obb/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://80.89.131.190:37280/ id: auto-18c95962d1605d68cc2824b1713f9c4f767e6072de764c7d927d1918427dfd6c status: experimental description: Detects traffic or activity related to http://80.89.131.190:37280/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://80.89.131.190:37280/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.147.91.21:23459/ id: auto-d94ce6b473064eb3c6f82ddfb18a2c83ce45bddfaad9ce36f45b6e4e7619a950 status: experimental description: Detects traffic or activity related to http://91.147.91.21:23459/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.147.91.21:23459/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.19.47:57644/ id: auto-498fd2dbec4239bc2eec32662b330633da2cb873813c560cc13c7a69f898347a status: experimental description: Detects traffic or activity related to http://27.217.19.47:57644/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.19.47:57644/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/NAMUVPN7.exe id: auto-494141d3e5e7f838be7daa36312bc4fc290888149dda8d4a05f944ac9aa19d24 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/NAMUVPN7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/NAMUVPN7.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://devilnet.xyz/001010101010010110101011101010101101010111010101/debug/ id: auto-a8a378ecf19e81f7f1a3b1fd9fb06d3d2823ec9e986b9e7f0311fe67c9511aa6 status: experimental description: Detects traffic or activity related to http://devilnet.xyz/001010101010010110101011101010101101010111010101/debug/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://devilnet.xyz/001010101010010110101011101010101101010111010101/debug/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.43.201.85:19410/ id: auto-7e8b228ceb4ba6b61b85754dcae0d679fe7d521dc398744c2ef2dceb0aa29341 status: experimental description: Detects traffic or activity related to http://118.43.201.85:19410/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.43.201.85:19410/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Photo.scr id: auto-7d3813d2688058d579040e395523b9114443ab053fda4ee3aaa66a1dec72e5e3 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.213.255:53441/ id: auto-0117b3c5598763f8a774ee7bfb6a43863c1de38d01888c371600ffb69bef845c status: experimental description: Detects traffic or activity related to http://175.168.213.255:53441/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.213.255:53441/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://goboadvertising.autodealertech.co/BankBrute.exe id: auto-5d1185ad839356034c637953ddd3914c44375e8567e5f2a7c9d8595d610b8007 status: experimental description: Detects traffic or activity related to https://goboadvertising.autodealertech.co/BankBrute.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://goboadvertising.autodealertech.co/BankBrute.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.30.204.252:2213/2358VS%E5%A4%A7%E5%B8%88_123.apk id: auto-d846020a062ddd61a11eb133afa0895ba2d3c12dac091e4bbe9184b56658b3a6 status: experimental description: Detects traffic or activity related to http://183.30.204.252:2213/2358VS%E5%A4%A7%E5%B8%88_123.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.30.204.252:2213/2358VS%E5%A4%A7%E5%B8%88_123.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.91.58.97:8888/DebugView%2b%2b.exe id: auto-81170e320a2accf7880c846d69a823442ede4bdfca399f0ece1f0fefc9369e34 status: experimental description: Detects traffic or activity related to http://119.91.58.97:8888/DebugView%2b%2b.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.91.58.97:8888/DebugView%2b%2b.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.141.203/reverse.exe id: auto-42076043116df704c8d08627c0587762c4c8229a0e1dfaf2148f7b4bc6613169 status: experimental description: Detects traffic or activity related to http://194.26.141.203/reverse.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.141.203/reverse.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Movies/Photo.scr id: auto-ddd922cdbc6c1c2373e95eba5dff5ab0aae1e8562a0cbbe28a41ba2e9b9059f2 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Movies/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Movies/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/NAMUVPN7.zip id: auto-f8ec291f58ead88fdc74f4440b8890fba6eb2bc5ee4e61ac280129b71b094fe6 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/NAMUVPN7.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/NAMUVPN7.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.218.189.32:11882/ id: auto-1bc36afa549d02c7f31111bdb794c4a33e75821bcd13f1dff8479e3a6a3df48b status: experimental description: Detects traffic or activity related to http://83.218.189.32:11882/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.218.189.32:11882/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.214.55.142:23120/ id: auto-72739be4b42c7c41e8f48ec4bd8b6211c9e97a237acd2a4af760ff57a7bfc8b2 status: experimental description: Detects traffic or activity related to http://190.214.55.142:23120/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.214.55.142:23120/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.226.139.149:8166/ id: auto-f53615c8656ede61b22756287814b38418524c0c67a0f7626960c73c7777e49e status: experimental description: Detects traffic or activity related to http://14.226.139.149:8166/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.226.139.149:8166/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.164.191.74:12576/ id: auto-c0a529fab26d4eb196873615364e519e737eec7b25b7edf34ec7a7fc0aad2543 status: experimental description: Detects traffic or activity related to http://103.164.191.74:12576/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.164.191.74:12576/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://90.228.239.131:49075/ id: auto-3f242d2dcbc1bf5f570bdc8b2e9dc55dd8a5391ba367d426276056b2ce866e60 status: experimental description: Detects traffic or activity related to http://90.228.239.131:49075/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://90.228.239.131:49075/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Photo.scr id: auto-42541f4b973041d97e04ae987adfa796e55fd110e0d08938d9f8aec72f92b1cf status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Photo.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/Video.scr id: auto-1058a57da023901536c20aaddd22dfe3d533047436a81ae498a73ace21d928ef status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.154.209.206:16122/ id: auto-13d013cbb326666c524f5cc798fa58df7034ae41534f9050497570b966506493 status: experimental description: Detects traffic or activity related to http://212.154.209.206:16122/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.154.209.206:16122/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.195.159:42447/ id: auto-ae111a03b3c826907b36c17ed370ce708d9fbe564b5d0eb9ddf2c73abd6bdb3a status: experimental description: Detects traffic or activity related to http://60.23.195.159:42447/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.195.159:42447/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://49.158.206.47:52010/ id: auto-be3334967227cc102844a7939529f01a2425eeafe9ad76617ef203c9a5f47987 status: experimental description: Detects traffic or activity related to http://49.158.206.47:52010/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://49.158.206.47:52010/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Alarms/AV.scr id: auto-dc393c91f351e95a7831ea25508c943bd1481b651afdc88ba8e810017330e089 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Alarms/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Alarms/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://96.246.156.236:16077/ id: auto-90cdcd4c40b7ee3d2cd07743c9febccced2d36635dee24ef5ca0660484911f60 status: experimental description: Detects traffic or activity related to http://96.246.156.236:16077/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://96.246.156.236:16077/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/ppc/ id: auto-aeb04cea985b84abefb2541c08dcbc1b3a61ef60f9893781de65f90eb51ecfd8 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/ppc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/ppc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.249.54.246:17771/ id: auto-818a3501c34e4196c5974060b0742590f583f2edf17a0408ff4b34e77d4c07f0 status: experimental description: Detects traffic or activity related to http://43.249.54.246:17771/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.249.54.246:17771/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Movies/AV.scr id: auto-2e879b20023e2f5ef357c92fc11345eb6fe21dd961611cf732a888a89e425454 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Movies/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Movies/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Music/Photo.scr id: auto-f12a952f084df577fabb6d530b30153f23852dcbb9dea4cb5233acdd5b50def5 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Music/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Music/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/Video.scr id: auto-30f573ea91bc5f5c188687a619d30c90b84b96971802a4bc2aa16b6916c9d0e6 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/data/Video.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Alarms/Photo.scr id: auto-5d1541c92b3e55c57a49a426fe75333a5a9ebbba0cd03a7184a6b94b8ce6f14d status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Alarms/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Alarms/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Notifications/AV.scr id: auto-ee1d17d826c5234619d81383105c68031eb26dbbcaef6f662b32473ded784acb status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Notifications/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Notifications/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Download/AV.scr id: auto-1e35a3e1863acad25cd8fe916c9ebd004f6944cc7805a79aa4d51eb41ac941a3 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Download/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Download/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://197.157.195.161:23932/ id: auto-2a1c6803eaa3b6dfc15e497cce52ee2648e6db79f1f671d46debb7b14b24d611 status: experimental description: Detects traffic or activity related to http://197.157.195.161:23932/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://197.157.195.161:23932/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.2.43:56454/ id: auto-b6f069199adb55491bfe3d5f4200c4229f9de468a7a6a66d66fdac94290216ec status: experimental description: Detects traffic or activity related to http://39.79.2.43:56454/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.2.43:56454/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.117.254:37341/ id: auto-06ed04f6620fcafb6ccf50f6f6e30d27c3420bee0296d0554fa2580048dc6028 status: experimental description: Detects traffic or activity related to http://113.239.117.254:37341/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.117.254:37341/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.242.67:59642/ id: auto-c3ece495c847b6d107d7929aa4300109b576c70df71b26b453d8049d39521966 status: experimental description: Detects traffic or activity related to http://106.40.242.67:59642/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.242.67:59642/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.24.200:47720/ id: auto-c881cc15605830de064cc785e8500474aa29d1b4f9184f748f6922702dcfec70 status: experimental description: Detects traffic or activity related to http://42.230.24.200:47720/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.24.200:47720/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Music/Video.scr id: auto-4d33f42cc6bcc874e23aaaf9b62eaf1e6d64664983b57d40670c80209557cdce status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Music/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Music/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/NAMUVPN7/NAMUVPN7.exe id: auto-85dfb5fd867a20339ffba9881adbbe0b81567f70e5891cf30d9aa4bf6e94629c status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/NAMUVPN7/NAMUVPN7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/NAMUVPN7/NAMUVPN7.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.154.135.81:16122/ id: auto-69a383161539d108573cec13a05d07ea3349f6cd3c30f3124b1cc8985aeffea8 status: experimental description: Detects traffic or activity related to http://212.154.135.81:16122/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.154.135.81:16122/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/AV.scr id: auto-73056174469747b3cba046e88285504dc3b6acd85536ecab26ad254d092a7a73 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.70.85.113/data/connect.php.mallox id: auto-8c8ef89ae92a790b61cefddaadfc47b9d052a84a71abba410d9ba95352995400 status: experimental description: Detects traffic or activity related to http://81.70.85.113/data/connect.php.mallox which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.70.85.113/data/connect.php.mallox*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/DCIM/Video.scr id: auto-d94c416ec3fa8e320ab560e9328356456a6ab12dea33144c8bb0f4f18c42e6c1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/DCIM/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/DCIM/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/AV.scr id: auto-04a042f09b79866fb20d92cf4a9787ebd74292be568d3f7b8080a1e1ce3bd8e7 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Ringtones/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/obb/Video.scr id: auto-c664d3d9276b929ffca0d98b31eb7f710da06b75bd5b5b1515476c75e87b5a8d status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/obb/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/obb/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/arm7/ id: auto-f352a3745173af57fef9ed49de9cb462cec5802c6d01deecffe585502327800d status: experimental description: Detects traffic or activity related to http://89.32.41.172/arm7/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/arm7/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.86.182.176:23620/ id: auto-6ace166805e2136b5272b2fb56443fcb47e898b544440e9b9f29d54b45a3ef4d status: experimental description: Detects traffic or activity related to http://103.86.182.176:23620/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.86.182.176:23620/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.90.248.149:2862/ id: auto-6943c0f8643e628740d1937eed5089232ad699ce7c92a835f5a99b0a393b87ec status: experimental description: Detects traffic or activity related to http://78.90.248.149:2862/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.90.248.149:2862/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/AV.scr id: auto-2b6b5d35b7bd47c5e8e1184060caaa8d72882d5c8be8608b5aef909bae8914d8 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.205.142:57084/ id: auto-61bc2f63e4090edab2e3915214663b0a1757961aea1051c1044faf92a1c1c0f7 status: experimental description: Detects traffic or activity related to http://175.146.205.142:57084/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.205.142:57084/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.255.67.189:26678/ id: auto-bffc5e23cfac1553ea94a725f058335c20e707eb7a342c61c2ad98081af088fe status: experimental description: Detects traffic or activity related to http://139.255.67.189:26678/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.255.67.189:26678/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/data/AV.scr id: auto-3a3102cb6efaa74bf04faeb67d2285b5d75a5bd56db8e89c8e1b507fd11a06f1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/data/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/data/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Movies/AV.scr id: auto-548d873dea0d59f37f64e6a50efbdfa52bf58403ab60be806773b4c983d1e518 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Movies/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Movies/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.28.58.131:24363/ id: auto-df0562b6eb3de0f1d1d4f41d787d7cc4da06dc98dde8a2915c33936a32b9f2ba status: experimental description: Detects traffic or activity related to http://89.28.58.131:24363/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.28.58.131:24363/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.229.240:49705/ id: auto-ed4b067126820fe85d562d9c183e9b63696ba5efeb7eadc390ff614d277caa5b status: experimental description: Detects traffic or activity related to http://113.231.229.240:49705/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.229.240:49705/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Download/Video.scr id: auto-52a7971149061dce69b0d950363abf7c8f496d4ebcec860baf1878a321af6a7f status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Download/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Download/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.127.218.102:21792/ id: auto-3bb87d577cec4734bc55222a2745f60a8e596829cba6f396096c9c52369ee871 status: experimental description: Detects traffic or activity related to http://185.127.218.102:21792/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.127.218.102:21792/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/Photo.scr id: auto-08e31594de9466d803a158c9bb1b80034f6f1f035ed409bb94e0fb623bbe78b1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Notifications/Photo.scr id: auto-9f802b17cff1c3669009f51ba1b7f985529fdbf86d3c28e930f58ccd6a6e8728 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Notifications/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Notifications/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.158.238.2:42830/ id: auto-800a4aa0319adb53a2d25cd619280f5fac26cac04dd0cfc3fb0fdd4cf597376b status: experimental description: Detects traffic or activity related to http://178.158.238.2:42830/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.158.238.2:42830/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.197.168.148/09_medusa.zip id: auto-038a819a57df35374ce60b1cb22bfe3ffc54ab33fe9a6f8fcb88ccc1e0c03a50 status: experimental description: Detects traffic or activity related to http://89.197.168.148/09_medusa.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.197.168.148/09_medusa.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.namuvpn.com/install/back/NAMUVPN32.exe id: auto-028f8d56e5a1bb15c0eb316addd74e7b4f660729ce5208794d8a749c579c7885 status: experimental description: Detects traffic or activity related to https://www.namuvpn.com/install/back/NAMUVPN32.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.namuvpn.com/install/back/NAMUVPN32.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.169.225.252:46349/ id: auto-6095bc2ff6c526f997b0968629c16866b9fe475733039fe78f16b4d97319b16a status: experimental description: Detects traffic or activity related to http://121.169.225.252:46349/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.169.225.252:46349/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.80.61:54052/ id: auto-447163ec7120e6057791894d00f748ca58c23454d085063f658119b83db47d91 status: experimental description: Detects traffic or activity related to http://182.116.80.61:54052/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.80.61:54052/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/arm/ id: auto-95232dbd7d18c198152a4da1acc9719e4dffa9d4f36d6890196dc1a12526cf7f status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/arm/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/arm/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/arm6/ id: auto-3f08a8ad7865a95383bacb2e587184c01e82a09950a8421510951567f5be3e00 status: experimental description: Detects traffic or activity related to http://89.32.41.172/arm6/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/arm6/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/x86/ id: auto-c158c20f2fac7c45a7ac70625363d9f996341ebde38ef1b63fa0a183ea455d28 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/x86/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/x86/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/arm7/ id: auto-46645d0590086698d2fa3a5383f472650c42998c3b045e1a833d9fdbc11f75b6 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/arm7/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/arm7/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/m68k/ id: auto-c7d51241bd28ab046e76bf1b1e307afcec05fd41c18214ca51bf3adfd2dc719a status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/m68k/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/m68k/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/data/Photo.scr id: auto-ec73d756a1f5053f74df589b67719b1cb3dad47cfe11ba2d05a07d281a05966c status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/data/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/data/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/Video.scr id: auto-3fff4bbd1ad3250c5a1ad46f0ca8b108aff54537961488b26bf937723e1727ac status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/data/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Movies/Video.scr id: auto-859efffe651beb306727cb49b7f38892e56dc2fe7904585dc209ce94c798ad2e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Movies/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Movies/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.197.231.77:49743/ id: auto-9f53e7e1e85cb8a79496878c34fea94d192ced7a859f56e95d2e0fcdc774f41c status: experimental description: Detects traffic or activity related to http://223.197.231.77:49743/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.197.231.77:49743/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Pictures/Video.scr id: auto-55f7e6b4764cf46a2d56885b05d71ab6320b0c72d0985859bcfe1317fa2cec4f status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Pictures/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Pictures/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.153.155.97:8080/html/info/index.php id: auto-0a2ee3c4104b0c48b3e93609116a8c0c6cb9df92872b5ba19d1892329b6cc7c6 status: experimental description: Detects traffic or activity related to http://78.153.155.97:8080/html/info/index.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.153.155.97:8080/html/info/index.php*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.116.219.139:9980/123.zip id: auto-39a8330f24cea6f73e026e5ef40a1029e4114aacbb7d49bf4ff09b2223b7121a status: experimental description: Detects traffic or activity related to http://113.116.219.139:9980/123.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.116.219.139:9980/123.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Music/Photo.scr id: auto-8fc82bd756d5c883b8166ac81dee00e39aac1808fe16e91b15cec94fc30c053a status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Music/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Music/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://sfa.com.ar/activia/AnyDesk.exe id: auto-bd4ae0bc4d341cadf235698bdf1eeca32ee97d9b018cf79cb9e1a71bd583d911 status: experimental description: Detects traffic or activity related to http://sfa.com.ar/activia/AnyDesk.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://sfa.com.ar/activia/AnyDesk.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.102.171:49372/ id: auto-66ed193b1c7e413c6cab98dbddd9c043240ed4b51b7bdcbd516b84511a629ec0 status: experimental description: Detects traffic or activity related to http://113.230.102.171:49372/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.102.171:49372/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.253.75.188:81/img/ id: auto-a015790e225122867f9d70e05589dbe04f49c0393f68cff7fd5c29827f89a828 status: experimental description: Detects traffic or activity related to http://185.253.75.188:81/img/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.253.75.188:81/img/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.170.110.131:9105/cryptodata/archive_to_send_decr.zip id: auto-041b4dd8d2e0865601cc624b1c666644738e6de482adfd8417c4ea234c13d052 status: experimental description: Detects traffic or activity related to http://122.170.110.131:9105/cryptodata/archive_to_send_decr.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.170.110.131:9105/cryptodata/archive_to_send_decr.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.246.29:42932/ id: auto-fee300f9d0cfbfbb8114b878c851b2235b5283fdaa0b4316cc07eb4047f3cb64 status: experimental description: Detects traffic or activity related to http://175.147.246.29:42932/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.246.29:42932/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://sfa.com.ar/activia/ACTIVIA.zip id: auto-a24bd3850be63a9d5b6dc79ad29d350f41f5f3fb2a37d004841b697c8f3acf08 status: experimental description: Detects traffic or activity related to http://sfa.com.ar/activia/ACTIVIA.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://sfa.com.ar/activia/ACTIVIA.zip*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://book.rollingvideogames.com/artisan/ id: auto-4e059c44a15e95d6dd259812ce9d44872016ae5bc0be9aa5f477839bf31f3482 status: experimental description: Detects traffic or activity related to http://book.rollingvideogames.com/artisan/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://book.rollingvideogames.com/artisan/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/AV.scr id: auto-3641ecae77eec8d34c677407e2212513a04353845ec762590829f5961baac478 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/Photo.scr id: auto-4ad1207da746fc0be0659d311ed2f10ae1e92a7aa2cc1263e746ce9f95bc888b status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Pictures/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/data/Video.scr id: auto-ff2a81230682661dde21d4e7fa8e17c6cc2835945647f2076626c4734cb6eb61 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/data/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/data/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/Photo.scr id: auto-e6c57fa777f0a743fa01f875dfa915150e6fe7dfc24f7505c7e2fdba67a1fe71 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/rv64/ id: auto-8aeae45115ff8858a7e91bbd0688997acdbc90c69a06e2b7564762623820d286 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/rv64/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/rv64/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/Photo.scr id: auto-4bef4498069a781008ce25b7bb003ac43fa3e7e2584a406697d04bfe6a527052 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Android/obb/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/read/emulated/0/Android/Video.scr id: auto-d2ce8fd52cfb05bd286b5e8c2fbf15b9fe7227192faa4729e2387b45f6d3c548 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/read/emulated/0/Android/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/read/emulated/0/Android/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.68:42703/ id: auto-9bc8b4491c2ab29b2af0c0bd11883aebe7a210cd11b13d3c059a6f45fbc47dff status: experimental description: Detects traffic or activity related to http://59.97.252.68:42703/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.68:42703/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/Video.scr id: auto-b0a82bcefa7039c6a25c64ffa66f59b6587df7ae6099d7b0d6c50f06a8a34db1 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/DCIM/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/Pictures/Photo.scr id: auto-32ae00a643f4214b7eb8e09d68e7b2cdf8a952dbcc83288b57dcc87401e1cd20 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/Pictures/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/Pictures/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/self/primary/AV.scr id: auto-14afeceb5a437e5bfdc5586e8024b264dbb0e580cf047035f10c5ef01012c900 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/self/primary/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/self/primary/AV.scr*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/Photo.scr id: auto-f446bf013d91d33e26073d0592d5d7fdc5445b1bc28b86802d70a2a7af4ee1fd status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Notifications/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/IMG001.exe id: auto-9bd76c875d432a94f707943151d2b44b79cb0f81fe6188ffebd76845d5ebd4e3 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/IMG001.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/IMG001.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/info.zip id: auto-e65f8d38da8e61c2c3819605b171fef50b75fb94b34b99e9e5a2f0ae2b84bd9f status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/info.zip*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.132.86.182:8888/DebugView%2b%2b.exe id: auto-8675ce2d6836a11fcfef41ea4f47f5d83367c243c1bf64eddb2841104a514e8a status: experimental description: Detects traffic or activity related to http://114.132.86.182:8888/DebugView%2b%2b.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.132.86.182:8888/DebugView%2b%2b.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.160.116.52:57196/ id: auto-ab3fa620079766d0e63343d7a42fd0ee6c075dc0f004ce950c62d5304b0e337c status: experimental description: Detects traffic or activity related to http://182.160.116.52:57196/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.160.116.52:57196/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.127.68.162:55090/ id: auto-eebcaece850204ef6d3991d88799be295e63e5b3bfdc520c4cf0480778f1d5ee status: experimental description: Detects traffic or activity related to http://115.127.68.162:55090/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.127.68.162:55090/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/Photo.scr id: auto-75c916b1f1c55659e7bcfd0bb671f0fba0aec0610ead62679d2438c2a0ba537e status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Alarms/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.34.172.44:50350/ id: auto-975ad39bbe1d9275d0de1fefebec63d200d2ca99f61880dd60e62c884b934ae8 status: experimental description: Detects traffic or activity related to http://37.34.172.44:50350/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.34.172.44:50350/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.211.187.190:23576/ id: auto-caef611ebfe25469243bbdead3c24b585a8c1e5c05111968eba3794bb105dcb2 status: experimental description: Detects traffic or activity related to http://180.211.187.190:23576/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.211.187.190:23576/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.50.10.30:27726/ id: auto-9d79ca0554ee4e1aaf03636bdae4927f7a2fde1c55067c48608707312784e2e7 status: experimental description: Detects traffic or activity related to http://120.50.10.30:27726/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.50.10.30:27726/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/m68k/ id: auto-886e377bd6fde41c7b9d7d8c5725601307d37c1169b5aae167c70f5dc5403ff1 status: experimental description: Detects traffic or activity related to http://89.32.41.172/m68k/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/m68k/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.159.160:50619/ id: auto-9b6df44fb1cdb3aab9dad90a517027206e38a2a9c69f64f4b3874167ad2804aa status: experimental description: Detects traffic or activity related to http://119.116.159.160:50619/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.159.160:50619/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://141.149.36.27:30673/ id: auto-7b19c40e3598b7b98469ed30b9c6628dac3aaaebba99887aaeae1bcc200cb2da status: experimental description: Detects traffic or activity related to http://141.149.36.27:30673/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://141.149.36.27:30673/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.4.13.252:25937/ id: auto-3ec53b8711c5b078406fe881fd148186f28a8012558721a7c6079accd9531d1f status: experimental description: Detects traffic or activity related to http://110.4.13.252:25937/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.4.13.252:25937/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.191.205.40:52499/ id: auto-47b51bf00c2914a69086035fa64a825134ae3563d938761a0ef787f427db2057 status: experimental description: Detects traffic or activity related to http://222.191.205.40:52499/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.191.205.40:52499/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/spc/ id: auto-fc1f21c90d8dccd6cd99229e2d31eab2ff248143629d296c8f8549f711992cc4 status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/spc/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/spc/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.166.103.98:24408/ id: auto-bc1203c55a5be8f809c7570d1bd96335c3e3be5928778fbdcd38d99979cb1a6c status: experimental description: Detects traffic or activity related to http://181.166.103.98:24408/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.166.103.98:24408/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.123.89.226:29277/ id: auto-bcaaf945818cd68df4a5abf71419474ba76d14cb687597ee21fabed08a940e08 status: experimental description: Detects traffic or activity related to http://93.123.89.226:29277/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.123.89.226:29277/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/runtime/default/emulated/0/Android/AV.scr id: auto-8f16a1f60227628447d6a87258ae60a48b41a92117fb72b4fa4e1d3c03524809 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/runtime/default/emulated/0/Android/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/runtime/default/emulated/0/Android/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/bins/rv32/ id: auto-3a9ba0e54b2a8e7ed86eb67e07df8bebf379082e2fc3e455bd814437e76c9d7e status: experimental description: Detects traffic or activity related to http://89.32.41.172/bins/rv32/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/bins/rv32/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.32.41.172/arm64/ id: auto-3862f62b1e40944e4e1925b0701588bfca1462b9f3c0a9e76ed893e65b1a3790 status: experimental description: Detects traffic or activity related to http://89.32.41.172/arm64/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.32.41.172/arm64/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/AV.scr id: auto-bcef9337d7b363835d1feb6ec34dc83a51d8e1ca48b0c6b8915391214c4773fe status: experimental description: Detects traffic or activity related to http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/USB-%d0%bd%d0%b0%d0%ba%d0%be%d0%bf%d0%b8%d1%82%d0%b5%d0%bb%d1%8c/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://167.250.49.155/bin/x64/mimilib.dll id: auto-c8c8f82efd954a8ce8e0f356c505a228a01a54153c89ff73d47921424196ec7f status: experimental description: Detects traffic or activity related to https://167.250.49.155/bin/x64/mimilib.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://167.250.49.155/bin/x64/mimilib.dll*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.197.168.148/Calendar-Update.zip id: auto-d830a3c71570f472e7f6ffbab857ca467f8c9ebe434e69db4ab42e57927a6ec0 status: experimental description: Detects traffic or activity related to http://89.197.168.148/Calendar-Update.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.197.168.148/Calendar-Update.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.255.46.245/test.php id: auto-a71ab82019c707f13db9d695fdf2e523a4eb6a52c128c7dae439a72d0eabdbbf status: experimental description: Detects traffic or activity related to http://51.255.46.245/test.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.255.46.245/test.php*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.233.95:40904/i id: auto-53c3d1211d7128fb1a4c58279f1d528bb3d7f51e5e80a21459a7563563af8aa0 status: experimental description: Detects traffic or activity related to http://42.232.233.95:40904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.233.95:40904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.14.55:43536/bin.sh id: auto-8e6dd5bb798cfa99900643e522e4a5f981254a6e606f1258ebc17b5073c029e6 status: experimental description: Detects traffic or activity related to http://123.11.14.55:43536/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.14.55:43536/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.132.166:55666/i id: auto-18569aca0acbac1e2f64befbcfc08b4c7f255967c372f16ac2c09598dbcbfc27 status: experimental description: Detects traffic or activity related to http://113.236.132.166:55666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.132.166:55666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.7.189:37277/bin.sh id: auto-26cb068c4e5fb6891e9dfc62b7d290d3b51632a8bce7ef32621c27fbfb0cf800 status: experimental description: Detects traffic or activity related to http://115.49.7.189:37277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.7.189:37277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.193.23:34539/bin.sh id: auto-78355410de00fa5ae8f9a5086f42335152ae96fc5168e4e21d4f18c2e62a83c2 status: experimental description: Detects traffic or activity related to http://61.53.193.23:34539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.193.23:34539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.133.223.72:50411/bin.sh id: auto-15b070d82b42c3e21523c644679824292241f9b38af7952e030887471d4f9d76 status: experimental description: Detects traffic or activity related to http://123.133.223.72:50411/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.133.223.72:50411/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.51.0:51145/bin.sh id: auto-f2937e550764c6a51219d8a7858eea92a7fcbb7efa1e50a3f7954595ff6b637c status: experimental description: Detects traffic or activity related to http://182.116.51.0:51145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.51.0:51145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.42.16:47450/i id: auto-194a235faede94d165fb8b3cba8985eeeca559e23dbf7df13b2423280cccbebe status: experimental description: Detects traffic or activity related to http://116.139.42.16:47450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.42.16:47450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.57.20:43011/bin.sh id: auto-2ef25e1b9f7bc6229bc9d7dc9176ee2afc9b9e1ae5529113d8912c071a4beb78 status: experimental description: Detects traffic or activity related to http://182.119.57.20:43011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.57.20:43011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8272401505/5iXTOyj.exe id: auto-b9525e27330e7d6ac1689e60f0fea595cb33097cd4ee5e61c13f8203a09b9ef2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8272401505/5iXTOyj.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8272401505/5iXTOyj.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.35.217:34455/i id: auto-26fe608f712e73786cc39bbfbba16e69139a120250ebec44aac68c82c634493c status: experimental description: Detects traffic or activity related to http://115.55.35.217:34455/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.35.217:34455/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1400796521/pI5QZQk.exe id: auto-ec32e2de19a706df792ca28a293a7cec9964001ba17fd56ea6a544b665b90614 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1400796521/pI5QZQk.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1400796521/pI5QZQk.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.41.63:53683/i id: auto-e243a40f120ee51740190ce1574deee5f5962facf8248abd332fcaea8e33860b status: experimental description: Detects traffic or activity related to http://59.88.41.63:53683/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.41.63:53683/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.96.181:56897/i id: auto-be46d1d35e716a73569561ed853926715d89b90d5f955e999096722585c785a4 status: experimental description: Detects traffic or activity related to http://123.10.96.181:56897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.96.181:56897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.58.152:39771/i id: auto-79845dd0a16bdb4e31a8d5947c776ddb535272418f0b4e47020d0ed0b8d21d34 status: experimental description: Detects traffic or activity related to http://42.237.58.152:39771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.58.152:39771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.81.144:55742/i id: auto-4e7d341b5a52d79c84314f60791eff88c2c757734608762e2024fe4fcf03fc4e status: experimental description: Detects traffic or activity related to http://42.178.81.144:55742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.81.144:55742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.60.118:59544/i id: auto-ee344302fc12615d98ac29afc61f5b8b5966b52d46d606ccf3c33e723351688c status: experimental description: Detects traffic or activity related to http://115.55.60.118:59544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.60.118:59544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/kdgXbnm.exe id: auto-8d3bc5cdb6bbef2c27939aa14fe53e12edd76b7aa87a68c6d265c5dd0933fa01 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/kdgXbnm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/kdgXbnm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.247.88.124:55628/i id: auto-dff1970a1dfcd86c7ec7bd0d5494793111508a2a703bc4c4e93de1fe91e07cc2 status: experimental description: Detects traffic or activity related to http://77.247.88.124:55628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.247.88.124:55628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.84.94:43184/i id: auto-77d1dc8f01b17657e21025552e64eab4259be8af81d3a102fcd0b39a39af99ba status: experimental description: Detects traffic or activity related to http://182.126.84.94:43184/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.84.94:43184/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/key-cnfg7win/browse/fl id: auto-fec837b869f8b98cf32c480902687124df364ee47d7174e412f3578f7296918f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/key-cnfg7win/browse/fl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/key-cnfg7win/browse/fl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.196.157:48994/i id: auto-4e8bfa483d7fcb76ac969719c90170b62b0c54dbc549ec08332ef5387fd60277 status: experimental description: Detects traffic or activity related to http://123.4.196.157:48994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.196.157:48994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.105:43167/i id: auto-8e6c5a92c068dd8584070a8040834ee1f6b7dbb19c3c8cce5c2abff029a1dc03 status: experimental description: Detects traffic or activity related to http://168.195.7.105:43167/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.105:43167/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.87.39.3:59987/bin.sh id: auto-bf5d39b3663c3d956f8c2c068eee84b4adf7fd6570f39f27d32b2d052e0d0912 status: experimental description: Detects traffic or activity related to http://39.87.39.3:59987/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.87.39.3:59987/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.37.211:34753/i id: auto-c3ff8ca82b61754f8c03293033cf6ff8c4371838ee7cce23f51e10974efc665b status: experimental description: Detects traffic or activity related to http://222.137.37.211:34753/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.37.211:34753/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.228.44:60548/i id: auto-6533534e6b3fc6eeda994323b92869526ea2c915517dddf260ab86be9a275d7e status: experimental description: Detects traffic or activity related to http://123.12.228.44:60548/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.228.44:60548/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.71.0:42556/i id: auto-05f9d3889145fa8ffb134ca6a7f73392742814aea3b2cc5e77865f28e23e16ff status: experimental description: Detects traffic or activity related to http://175.150.71.0:42556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.71.0:42556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.54.174:51705/i id: auto-8349f905f7e3ef4d147f75a7b6fe248299ce8c610d88bdb4af345b596d1e5357 status: experimental description: Detects traffic or activity related to http://125.44.54.174:51705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.54.174:51705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.196.157:48994/bin.sh id: auto-2a0793fe118612a4bd13d80ca513f27cf014cf6d39c26950426251b013a32bdc status: experimental description: Detects traffic or activity related to http://123.4.196.157:48994/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.196.157:48994/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.14.22:42127/bin.sh id: auto-86b84254ef1766f953517ca35e47190d4661bf1deb7663893cd942c51d89e4e0 status: experimental description: Detects traffic or activity related to http://59.88.14.22:42127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.14.22:42127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.71.0:42556/bin.sh id: auto-05b1ac8dba8b919d09134a901cb625e16a659a5165c66f97b083ec96527c1ad7 status: experimental description: Detects traffic or activity related to http://175.150.71.0:42556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.71.0:42556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.230.80:34200/i id: auto-08cee3f49ab2c1c21bcc92347fd14d9d91d206c2211bb71265b79850f25c1b0f status: experimental description: Detects traffic or activity related to http://59.88.230.80:34200/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.230.80:34200/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.86.125:44323/i id: auto-a9c2468d1c980853182a4ca140e7752aa2b150db153243ecb884cc9907336087 status: experimental description: Detects traffic or activity related to http://175.173.86.125:44323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.86.125:44323/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.2.108:36497/i id: auto-86f2dcf7d50e9ca7786e9199bc11300ab101bfcef09c0b585cbf527260a856c7 status: experimental description: Detects traffic or activity related to http://125.41.2.108:36497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.2.108:36497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.145.181:45053/i id: auto-b7b2f5841930f2be5d5183b97bb683eb44a9e922965e63bdf8a45286d3e099d2 status: experimental description: Detects traffic or activity related to http://221.15.145.181:45053/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.145.181:45053/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.21.70.162:49776/i id: auto-e3c861a8ea791e3842ae72e3b107e9e180f946da3b92d315bf9106158d40d29f status: experimental description: Detects traffic or activity related to http://38.21.70.162:49776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.21.70.162:49776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.112.226:57898/i id: auto-a1935c5e7094eb5a58be59fe992e5a11ecde9ccc2ada105fff458a7768ee259c status: experimental description: Detects traffic or activity related to http://115.61.112.226:57898/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.112.226:57898/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.103.23:52151/i id: auto-c63ef6de4a561dbc5abedbdd4dcea5e9ea200c44584956c2dc7c029b8b1a639a status: experimental description: Detects traffic or activity related to http://115.50.103.23:52151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.103.23:52151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.161.110:57946/i id: auto-2f73a8157eff1bc1ec06a4c06a36f399d7ec4e09fb69a1c1a003bd19237c138e status: experimental description: Detects traffic or activity related to http://115.48.161.110:57946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.161.110:57946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.0.211:57207/i id: auto-ee21c8fc66f67830a1930acce632cb66bc7e3eee86c65ba3be16a18f035b0a73 status: experimental description: Detects traffic or activity related to http://221.15.0.211:57207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.0.211:57207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.60.161.184:46475/i id: auto-50945f078493d55930c1faf1c701c6dfea1d8c1ec88ae18f6cf0ba3bed9e9910 status: experimental description: Detects traffic or activity related to http://109.60.161.184:46475/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.60.161.184:46475/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.80.61:54052/i id: auto-978ef5f76cf3ab05e09aa0eaac854a39adc60125274ff8e316685b9a73edcabb status: experimental description: Detects traffic or activity related to http://182.116.80.61:54052/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.80.61:54052/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.230.89:34632/i id: auto-95110720420f2b857329f37d9949bfb3d0a286be77aae741c0d7b44dd4d85004 status: experimental description: Detects traffic or activity related to http://42.232.230.89:34632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.230.89:34632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.134.172.250:59543/i id: auto-ec9308a5c679ec5420a9882e13ba34cc0753fb69494966e28fbc1d46b182e14a status: experimental description: Detects traffic or activity related to http://222.134.172.250:59543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.134.172.250:59543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.161.67:58576/i id: auto-5c60653a54dd105db8a2dfd056c0b608e299d516ae6f6b71aab35b3668294252 status: experimental description: Detects traffic or activity related to http://115.57.161.67:58576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.161.67:58576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.96.57:44938/i id: auto-fd4e796448a3f5e2f74417564d9cea96ab39008c3eb26f48fcf631336d452544 status: experimental description: Detects traffic or activity related to http://112.239.96.57:44938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.96.57:44938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.49.56:54043/i id: auto-63240bf6839ab1c9da9089ee4db5926e8ce7b9d360d82354b2c5e55ac23b5429 status: experimental description: Detects traffic or activity related to http://182.114.49.56:54043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.49.56:54043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.220.54:36534/i id: auto-a64d288effc1047f2fc5058c7a2f55670674019c3068ca9b3baf4f807261f0be status: experimental description: Detects traffic or activity related to http://42.226.220.54:36534/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.220.54:36534/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.86.125:44323/bin.sh id: auto-0949fbac7a0a084b4b93977561c7005afae67beace342f765c173c39fa0c20ea status: experimental description: Detects traffic or activity related to http://175.173.86.125:44323/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.86.125:44323/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.49.56:54043/bin.sh id: auto-448639ed643c0ea3c38087f72e76002a9e7a8fac1e5ccdf9b42c366dbc822c15 status: experimental description: Detects traffic or activity related to http://182.114.49.56:54043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.49.56:54043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7103746036/Z4H0HNY.exe id: auto-c6a6cd6101222bbb0924cdcd233581da9e3993f2259c3e16da5a077226604be3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7103746036/Z4H0HNY.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7103746036/Z4H0HNY.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.50.199:56001/i id: auto-99ce5d36ba9c6b88052d3bd35a8fa2c09e1453b7e8cad1307597c151ca7457b0 status: experimental description: Detects traffic or activity related to http://42.56.50.199:56001/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.50.199:56001/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.253.150.8:58336/bin.sh id: auto-3782c5688f4ad069c6df0e405efc01a95c0c8cd6a3f22f973686029d8856bd4f status: experimental description: Detects traffic or activity related to http://117.253.150.8:58336/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.253.150.8:58336/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentsh4 id: auto-0330777e4c2c1584561c738082215723298cb34891d68ee05f14ae4893f25e9b status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentsh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentsh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm7 id: auto-cdf88d3e3d376f3af3976410224fed4fc4bca5225a196ec2c3af98c95a2d1cb9 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm4 id: auto-c6ce1d66ea69a43b216d5323a9ff4c38c7c7e6104da91f9caf3cf666d8389598 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentdots id: auto-f0bddce22c3ac1579809d93ee95b23778b47290ece623feaecbabe61f0b223d3 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentdots which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentdots*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm6 id: auto-86b557fb36f71d5532cccf98aef4acd62c11cc755db1a702afa2bc480a02b9f2 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentppc id: auto-0c04dcb5de84009d093686f557a0d208cedd5ddcaa2235a7c00c22f2d403be41 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentchrome id: auto-461eea8d16e878456dc48c212c55587fb7e084ff374b65450d1ae7820d082af3 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentchrome which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentchrome*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm5 id: auto-b5f36149ac9720ad84d5a5c978ab469cb10f6429e0a21393052f3c1953e732e8 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.23.179:53196/i id: auto-8d91101f6563b68d7625b9ccd6a7068d980514cd5e792534b74535c7cf69a17e status: experimental description: Detects traffic or activity related to http://182.116.23.179:53196/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.23.179:53196/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.161:60272/i id: auto-2db9912526c392a113ffe5064d89192f3a673c5836c9dda07f71b98c7cf132ac status: experimental description: Detects traffic or activity related to http://42.227.238.161:60272/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.161:60272/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.220.54:36534/bin.sh id: auto-c85df5a05713a658f9eb66258c40d116be4c0551f6dcbd09254b30f8230701e3 status: experimental description: Detects traffic or activity related to http://42.226.220.54:36534/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.220.54:36534/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/wap id: auto-395da5134ee0c0ccbeb706da4e38bf823524222eee6904d9c6051dc08879491b status: experimental description: Detects traffic or activity related to http://87.121.112.123/wap which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/wap*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/Josho.spc id: auto-6f91fc7e00cbc1fa3ba1d7f2ddd85e13ce6d9c3230742689ab333f8e32abac6c status: experimental description: Detects traffic or activity related to http://87.121.112.123/Josho.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/Josho.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/rt id: auto-f622b8cccd5584656015a45585d155ebbdf32ac677816ed5649ca3eb37641e51 status: experimental description: Detects traffic or activity related to http://87.121.112.123/rt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/rt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/Josho.m68k id: auto-23b8a54034fba97ba1365e6beede1c7ece5feea5075fcb0d68abe68bec080deb status: experimental description: Detects traffic or activity related to http://87.121.112.123/Josho.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/Josho.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.25.107:55680/i id: auto-791749d6e7a0595f6d6b3c446d8f62da17e55d852ad8a942d8d5ebf99d09812c status: experimental description: Detects traffic or activity related to http://117.248.25.107:55680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.25.107:55680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.25.107:55680/bin.sh id: auto-5399369bcd3ce155aae8a1913651d0c7b60e3157625e1483c938d76ae8938021 status: experimental description: Detects traffic or activity related to http://117.248.25.107:55680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.25.107:55680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.8.158:37569/bin.sh id: auto-57847b55f7711882e29d43fd82600e27b9652e5345a691559058c00e45604392 status: experimental description: Detects traffic or activity related to http://125.45.8.158:37569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.8.158:37569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/modules/Video.scr id: auto-f598d63c4e6cb23ce61581fb4ccccc276c5d960cbb57260efb9c8b2355fbc36a status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/modules/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/modules/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/images/Photo.scr id: auto-7cbb8baf1c6cc48957c1404f8863157314fd8a3917aa85b870e6af830e460f1c status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/images/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/images/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/modules/Photo.scr id: auto-d9310a445dfb6ae492efcee3ae18dd99bfb315d4970cf16307ec152e21747462 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/modules/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/modules/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/Video.scr id: auto-6b4f85017104e23c597f8b7618f1684ba0aa91a384c7b05a7ddf00f04d47eba1 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/images/Video.scr id: auto-2fcea362a370f9097cef0ab0eb8cac3a972edaa70912466761bd38345f7f5f6a status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/images/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/images/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/Photo.scr id: auto-8e4860dbeabedc3b209e0554697a6488e3d183e59b9e56765660f14f84a57b29 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/Photo.scr id: auto-18255673120a2e95b3222d663c726184670f0dc98371ac193241e8e2e1496f8e status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.116.219.139:9980/Video.scr id: auto-087027eb8100239d6f1b8b21f5cfc01f9429f2510ff13e524fddad7b8a2c2727 status: experimental description: Detects traffic or activity related to http://113.116.219.139:9980/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.116.219.139:9980/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.116.219.139:9980/Photo.scr id: auto-e67ade2fe77fac8c390345da2bf53b72c121ecae40e672ccc25391166a2ca19d status: experimental description: Detects traffic or activity related to http://113.116.219.139:9980/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.116.219.139:9980/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/images/Video.lnk id: auto-8e86c37a00a4ab450eabd59da521137b499e0bf09c2e255433beff898d458473 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/images/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/images/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/Video.lnk id: auto-98f72c698a2958dd97865fd1efd450370ac53483b3577097773f8bcab138e628 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/Video.lnk id: auto-f03b6e247cbae10ec36e4a6e2949760570287d6e1c03bcca966b890a548897dd status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/images/Photo.lnk id: auto-a04651dca1f903ccb5b7f5791e2c6de9ec38f381b7995ceb3a74cc9f9fbaf6a0 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/images/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/images/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/Photo.lnk id: auto-4da97c38746eb4046f0775dd64e311cdf116f244d7780ccb96568d707486fd7b status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/modules/Photo.lnk id: auto-aa1ebcaa517004d37a8ef3222bfb38cde9b274ce556e3a872ba66cfd4176dca9 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/modules/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/modules/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/modules/Video.lnk id: auto-1be8c03e6c26ebdc1029db192e79664e9f8d721ca5936c781774f33832525d7b status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/modules/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/modules/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.23.179:53196/bin.sh id: auto-ac63ed857bc378fa42e5ee5353b1e79305593ef0f306d6de07c05202244f9538 status: experimental description: Detects traffic or activity related to http://182.116.23.179:53196/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.23.179:53196/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.220.247:40819/bin.sh id: auto-a6e158aaf24b84812119718dc7a429da48b066302976dadfc1dc83b354fec953 status: experimental description: Detects traffic or activity related to http://115.53.220.247:40819/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.220.247:40819/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.161:60272/bin.sh id: auto-5949dcf24ff6828d2575808076a016912c79317d55196288e1b6653d76aff65a status: experimental description: Detects traffic or activity related to http://42.227.238.161:60272/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.161:60272/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.190.205:51293/i id: auto-c5be0c55222b6a5795806f858f5bba0a4dcbc90fa9d1c4574a68d48c5da7738e status: experimental description: Detects traffic or activity related to http://182.118.190.205:51293/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.190.205:51293/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.37.9:35845/bin.sh id: auto-17e4f96f8e1b368e9f0601e437c5c637e10105c3764eee637d0d3112a548461b status: experimental description: Detects traffic or activity related to http://117.244.37.9:35845/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.37.9:35845/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.84.94:43184/bin.sh id: auto-5f3e013654c7625f5c8384722ae4ca9a056c0008cad6356e7bfa3ca65bf3e6a3 status: experimental description: Detects traffic or activity related to http://182.126.84.94:43184/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.84.94:43184/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.120.224:54557/bin.sh id: auto-190161f87de1695794f1b540a928c9488b9f112a2f4d9bca6c9bbc5d4085e61c status: experimental description: Detects traffic or activity related to http://117.192.120.224:54557/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.120.224:54557/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/fonts/AV.lnk id: auto-6b6b09c7a02b586b0389eff68dd361e4dd8cf8bf27a39ac789113f788839774d status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/fonts/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/fonts/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/AV.scr id: auto-d7a782a406e12f26d12bee3f84787c85b1a0b1fb66f5c1f2ea200e5844b12a7c status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/images/AV.scr id: auto-20a153f14cdc2a51e278b949bbdf96e48d050f362ea07a8b84ecb28a1b31a5c1 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/images/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/images/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/AV.scr id: auto-e7c7d5fac9c2ea4d8023191a1382ab498d77e774e7facfa141fc41790ebcfa31 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/modules/AV.scr id: auto-8acfc55590c0b15fadbe4eb9be286568d77286de0d963b6e3fc97140d18139a5 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/modules/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/modules/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/02-08-2023/info.zip id: auto-86e1fcb32e7837408b9f902892784129c6fb646371e8af91634ce0c4f86d56fa status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/02-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/02-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/08-08-2023/info.zip id: auto-a094aa93d01f0a50c32197e9c9d949fa9286db5d1641bdbcd2d4cbdbb5b828d4 status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/08-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/08-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://76.238.215.206/dev_hdd0/info.zip id: auto-12dc68b3b0210ba72d4c2a67bae9648c0a7e7880837d5ffa11a277920eb29df2 status: experimental description: Detects traffic or activity related to http://76.238.215.206/dev_hdd0/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://76.238.215.206/dev_hdd0/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/10-08-2023/info.zip id: auto-bfd48b7197fe724840d2d1bf1481bd23e628da95a3c038743e70637bf466252f status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/10-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/10-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/11-08-2023/info.zip id: auto-ebda5370415be7ba65bb8683425a0624f057839340783e7daf902bd487572db4 status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/11-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/11-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/04-08-2023/info.zip id: auto-f9f9f6879a0fc6ef45c2b035a5ac10a7804543cd15f971be06b16dd4cde3614a status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/04-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/04-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/05-08-2023/info.zip id: auto-0d1585a7b17b83e06cabae0a1004281db17b5b2181166cda28810f271279557b status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/05-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/05-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/07-08-2023/info.zip id: auto-484844d6d91fb0c88f67a885a754351ccbe97dab8027ba642c3f963aaca52ffb status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/07-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/07-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/03-08-2023/info.zip id: auto-6d786ec851c50d26a6aadb650cd8b64be8dd693f54f548e45d44058251cd4fff status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/03-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/03-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/09-08-2023/info.zip id: auto-f2ddfebc5596d08609ab798fa1f381b4ab28a419bb05fe7a1c37a562ce449b69 status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/09-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/09-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/info.zip id: auto-f96caef82f23fa29d979904c6b96420c4ec5089c4f2ad75d3d22aae318b1527b status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/images/AV.lnk id: auto-3f723ec0ea4b171fb2be0c5dd3f2a033733c60c91832ba8b7779c33dec5bbe79 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/images/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/images/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/06-08-2023/info.zip id: auto-2a419aa86252f8680318d87b84660e574137bd2075f57cad00824c310c181843 status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/06-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/06-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/info.zip id: auto-fadbb5dcd6195e9121a20aafe688f96fef096d2a728d6a011f3ec55984bebc6a status: experimental description: Detects traffic or activity related to http://125.19.150.122/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.19.150.122/Aug/01-08-2023/info.zip id: auto-2c9eb6fe783fd538bf78b64204cbc41141746f39ff909b826270b38464c78d62 status: experimental description: Detects traffic or activity related to http://125.19.150.122/Aug/01-08-2023/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.19.150.122/Aug/01-08-2023/info.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/Photo.lnk id: auto-7d9c5646a6346eee9f1713405d034f92534a31a4b29e981d415c828f14e278c9 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/forge/AV.lnk id: auto-de901dd00433b8ae1d0edffe2b14d17bf81297eca19da106ede2809e7c6e600a status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/forge/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/forge/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/tesseract/AV.lnk id: auto-555e70cba020fc7347efd28c8e5e7bc06442285e5533d9f8c3183971fbd8a046 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/tesseract/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/tesseract/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/AV.lnk id: auto-4412d88afa3d646a73cb527b9a69dcb933a1feffc8694a84067791251dbcdeae status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/assets/AV.lnk id: auto-e47470e67df7e8b79a5f462e9c7d613115ba92ac9627a97d397051d61fe78920 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/assets/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/assets/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.115.130:81/modules/AV.lnk id: auto-aaebb489014a1281d78037e77e90eb2f10ae1fba96ebb5f591735b4948e56a99 status: experimental description: Detects traffic or activity related to http://182.143.115.130:81/modules/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.115.130:81/modules/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.190.205:51293/bin.sh id: auto-7fdf70cb44ed45f4f99ad5820585222d6917934095c8278cfb07863c7b7e1666 status: experimental description: Detects traffic or activity related to http://182.118.190.205:51293/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.190.205:51293/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.31:46687/.i id: auto-3a748ab5da4ab8da19c60d0853c4d83a5aac09306d290e9548cf011ef825b3d6 status: experimental description: Detects traffic or activity related to http://117.209.92.31:46687/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.31:46687/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.14:54236/i id: auto-d408de2b304d837c23eb862ad65a275dbd9b1b00eecdd21052427a7bcb06c6e2 status: experimental description: Detects traffic or activity related to http://117.209.16.14:54236/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.14:54236/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.233:36246/Mozi.a id: auto-e6e0ea34243e72068901593714a0fbeccc6361fd7825654f8f44289532806fba status: experimental description: Detects traffic or activity related to http://117.209.20.233:36246/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.233:36246/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.67:36039/.i id: auto-7f0811de47f48b14e28d717a4be7ad674829b4724fe24cb515f6586b68674494 status: experimental description: Detects traffic or activity related to http://117.209.86.67:36039/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.67:36039/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.136:44615/Mozi.a id: auto-0cbc54302adbb50438b711ca262cb68b5b3c718bb8c13b72173a41189a98937f status: experimental description: Detects traffic or activity related to http://117.209.27.136:44615/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.136:44615/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.77:56690/Mozi.m id: auto-ea808a967740c517709dfe535a662893458221fa737eaf4beb3d6b6a83de3219 status: experimental description: Detects traffic or activity related to http://117.209.118.77:56690/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.77:56690/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.14:54236/Mozi.a id: auto-a930feaf0cb60c3fd600be38d2af43050b5a22fb66b2a7fded1d95035daa0dde status: experimental description: Detects traffic or activity related to http://117.209.16.14:54236/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.14:54236/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.144:43910/Mozi.m id: auto-15cf48a97e251b675fc6bf60d85a91c7532d6baf0fb7202a670fdf23e319d2e8 status: experimental description: Detects traffic or activity related to http://117.209.95.144:43910/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.144:43910/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.248:53462/bin.sh id: auto-546f103a7e214a76f3c77ecabc9903618bf73603cf7e4df2c91a88846771f387 status: experimental description: Detects traffic or activity related to http://117.209.92.248:53462/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.248:53462/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.15:33422/i id: auto-ab9dda3f1fb346b5f9dd1609f8a08f67001cdaab485e10f83aadbb28b61a5717 status: experimental description: Detects traffic or activity related to http://117.209.29.15:33422/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.15:33422/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.108:39952/i id: auto-bde874e412dceea9e5b0caf0d150f508f66a2f843039997e758ae58d6d23e912 status: experimental description: Detects traffic or activity related to http://117.209.25.108:39952/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.108:39952/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.196:52922/Mozi.m id: auto-639483ddff6afbe3f416d23046bae0b2f62dc9d72ddd846c008132dd4c0f80b6 status: experimental description: Detects traffic or activity related to http://117.209.15.196:52922/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.196:52922/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.55:34920/Mozi.a id: auto-95314aae0d7b8bf02a50f3e0ad070393d7f6c23e762456710ec14391a7439a9a status: experimental description: Detects traffic or activity related to http://117.209.89.55:34920/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.55:34920/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.79:54526/.i id: auto-fa34b80446a49eadf48c8d6af6a012dd11349b4366c750feba4df1c82d08cd11 status: experimental description: Detects traffic or activity related to http://117.209.84.79:54526/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.79:54526/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.0:34679/Mozi.m id: auto-53f9b5748dd8e6de8cfcea777b04be2255c0887d5bead949d82aa82944660cac status: experimental description: Detects traffic or activity related to http://117.209.90.0:34679/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.0:34679/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.182:37470/bin.sh id: auto-c914e3aa14668774ea7db4f00c1498e514192c6d1390204210681bf4da6e1ed7 status: experimental description: Detects traffic or activity related to http://117.209.22.182:37470/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.182:37470/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.100:53306/i id: auto-00d38129c8a7e550f97bb182c173691eed4fcc2381c412e37cb4d3d2691ae9ec status: experimental description: Detects traffic or activity related to http://117.209.24.100:53306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.100:53306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.139:49602/Mozi.a id: auto-572389402c75e3ea2c2613260cd140aaa126244294134ca8912f54c20a8cebb9 status: experimental description: Detects traffic or activity related to http://117.209.23.139:49602/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.139:49602/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.250:41318/.i id: auto-abc725999f78c84c90c21fa78f5dd5dbebac9c9ad5efda0756af61abf91f3b3d status: experimental description: Detects traffic or activity related to http://117.209.89.250:41318/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.250:41318/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.61:44118/i id: auto-c7120c17a5e14365ef02271f9b2374c5e2ceb98b98dc783ef4387358c475db62 status: experimental description: Detects traffic or activity related to http://117.209.3.61:44118/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.61:44118/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.53:46938/Mozi.m id: auto-4e7ae57fbea9e091a4e6f0b482239eb5c04bfb7ebb11169b6e6263699d313020 status: experimental description: Detects traffic or activity related to http://117.209.31.53:46938/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.53:46938/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.250:41318/Mozi.a id: auto-930b4da4f283429f2d2d70e323b2fadcf395d6175afd7e75657454ede56e04d8 status: experimental description: Detects traffic or activity related to http://117.209.89.250:41318/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.250:41318/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.55:34920/Mozi.m id: auto-dd0bd08cffffbea1b5284f0e1f8d022f3952e1387450790074d86c926f4d8636 status: experimental description: Detects traffic or activity related to http://117.209.89.55:34920/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.55:34920/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.139:49602/i id: auto-2bf3695c0fc292cb54cb66794f1b8c8df7a42fc37f2965d8f20c5a6ecfce32a2 status: experimental description: Detects traffic or activity related to http://117.209.23.139:49602/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.139:49602/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.108:57724/Mozi.m id: auto-e32f7d26377df74b6e4e4c58ef02154a6aa50baf7d9d7aa08b9ad58faf2570fe status: experimental description: Detects traffic or activity related to http://117.209.22.108:57724/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.108:57724/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.53:46938/.i id: auto-f498f28a65609349fc6e5d07727e10d929a9173fe94398dcee40a37cbc420817 status: experimental description: Detects traffic or activity related to http://117.209.31.53:46938/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.53:46938/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.123:51325/bin.sh id: auto-1a3875739491d006c7886a0c022831b91b0f4df9fc837d323e60c132541058fd status: experimental description: Detects traffic or activity related to http://117.209.88.123:51325/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.123:51325/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.183:45942/.i id: auto-3bbcbc8e1f4f2c0cf2e2e96e0f4eb82782addd7fb50f23bc9154473a8d00ddf1 status: experimental description: Detects traffic or activity related to http://117.209.86.183:45942/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.183:45942/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.143:45286/bin.sh id: auto-879bd05624fa71a28df53ce9230c45135879676a6cdb9d327475840b5c67020f status: experimental description: Detects traffic or activity related to http://117.209.28.143:45286/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.143:45286/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.14:54236/Mozi.m id: auto-30b9c6c1dcfb7bf051fdde1875e788966bae83362bd3519f43d4876fe4650afc status: experimental description: Detects traffic or activity related to http://117.209.16.14:54236/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.14:54236/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.220:35943/Mozi.m id: auto-376ec50739a542d64003b5919487bc5ecb1f0049f889595c5e1f54d15f99349d status: experimental description: Detects traffic or activity related to http://117.209.23.220:35943/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.220:35943/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.163:43327/Mozi.m id: auto-b8c3e8fee01b49123cd4ff5f7f810b83ab35299224392e7f877384f2f71787d3 status: experimental description: Detects traffic or activity related to http://117.209.87.163:43327/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.163:43327/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.206:46579/.i id: auto-04100685932c2d62e3c1a871eac74311c89bb896d6497216e014e0b65f53e2da status: experimental description: Detects traffic or activity related to http://117.209.88.206:46579/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.206:46579/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.189:33145/Mozi.a id: auto-027eb612661605c1b6802a3616934443928d5b5005b590cd390429957ee9cffe status: experimental description: Detects traffic or activity related to http://117.209.88.189:33145/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.189:33145/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.189:33145/.i id: auto-c93671ec7898f1ac864acfbf601e0e4ad682eb0e4fe357732a8b46f541d81369 status: experimental description: Detects traffic or activity related to http://117.209.88.189:33145/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.189:33145/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.183:45942/bin.sh id: auto-ebcebda122ba01295344ba69cf77d7f458b32db250997fbfb11916a2100617f4 status: experimental description: Detects traffic or activity related to http://117.209.86.183:45942/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.183:45942/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.233:36246/i id: auto-7ec04277a7c2029b3b72ffd7b9757e9543757cb355f8101b60926e7db38a2c91 status: experimental description: Detects traffic or activity related to http://117.209.20.233:36246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.233:36246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.136:44615/bin.sh id: auto-2c988666f3728b2b6a3cc47162979402deff25e07251b8922bd5c6a93c0b2741 status: experimental description: Detects traffic or activity related to http://117.209.27.136:44615/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.136:44615/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.79:54526/i id: auto-292b04700ffc1670fa2840fcb7171f11d1a8247135046d59f73e6375943c574b status: experimental description: Detects traffic or activity related to http://117.209.84.79:54526/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.79:54526/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.241:44116/Mozi.m id: auto-e5f3efb77ed9cfa5aca7696cfb9f82179e9f90c66834f2af5c3fa82023cb51c9 status: experimental description: Detects traffic or activity related to http://117.209.23.241:44116/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.241:44116/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.74:40347/i id: auto-3c343229da4a5e23586b71f021007332549ebae64f491c2a00150d82ee70b23a status: experimental description: Detects traffic or activity related to http://117.209.87.74:40347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.74:40347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.14:54236/bin.sh id: auto-eccb77559786c75906e1bc79fc5993f5c39a980bb99e1899ce5ae990c009c20e status: experimental description: Detects traffic or activity related to http://117.209.16.14:54236/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.14:54236/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.67:36039/Mozi.m id: auto-429b27b0a8293c95b7ce7aaa7cfe42dbf8bf4d21873b7e0cc42fd3a15489807b status: experimental description: Detects traffic or activity related to http://117.209.86.67:36039/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.67:36039/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.2:52278/.i id: auto-bfd4d9cc3b9629da0e7cc880de52bb01fff38c6f799e2b459ad80c11569daf50 status: experimental description: Detects traffic or activity related to http://117.209.92.2:52278/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.2:52278/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.143:45286/i id: auto-8f1eb1e9dd703b147f32bb119c85e26f44df0fa142523173fc3d493be1b86511 status: experimental description: Detects traffic or activity related to http://117.209.28.143:45286/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.143:45286/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.206:46579/Mozi.a id: auto-9d9af22b0efd41400793fb28dbc7451a3921e303ac03854587a118fd3c3ec5d7 status: experimental description: Detects traffic or activity related to http://117.209.88.206:46579/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.206:46579/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.24:32956/i id: auto-1bbe35cc41a40232d05909aba244247f6d7d126f00a02d25289dbdd41d24ab1b status: experimental description: Detects traffic or activity related to http://117.209.16.24:32956/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.24:32956/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.223:45869/.i id: auto-d83ca902fbb9091778e02d11e48cff04881a6b018975a150f29ea2af36b834e4 status: experimental description: Detects traffic or activity related to http://117.209.83.223:45869/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.223:45869/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.133:46353/Mozi.m id: auto-02a8f710cf101751d9f820b64eb2350b6938a81783ee6de22b9ff1543d521f89 status: experimental description: Detects traffic or activity related to http://117.209.23.133:46353/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.133:46353/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.220:35943/Mozi.a id: auto-3f7c630ed21848d931fde0e6d8fea5ac6a20d00f38deea887b5ea25370238be8 status: experimental description: Detects traffic or activity related to http://117.209.23.220:35943/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.220:35943/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.144:43910/Mozi.a id: auto-16e300d5fb423153578fd63a38c49ec937107e1b8dd3f358d3b1958c6d2814df status: experimental description: Detects traffic or activity related to http://117.209.95.144:43910/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.144:43910/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.84:57511/Mozi.a id: auto-88ed5a13e81c02dcebf3481650f2fdbbd9a5d57d3a9c2684727c04c04588111d status: experimental description: Detects traffic or activity related to http://117.209.93.84:57511/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.84:57511/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.248:53462/Mozi.a id: auto-ae91bd196b243ccaa62aba77a522e158c5d1c04fe66aed47066a2e2fe2da7c9c status: experimental description: Detects traffic or activity related to http://117.209.92.248:53462/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.248:53462/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.55:34920/.i id: auto-78f4ba754000ee1c311c4d22183f135c3239b228feda3431445e908cd161f6bc status: experimental description: Detects traffic or activity related to http://117.209.89.55:34920/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.55:34920/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.189:46708/.i id: auto-4fef40ded5a8da8eb3c1f8540f3aa354f9900f233893738a5c2a96a14448b5ab status: experimental description: Detects traffic or activity related to http://117.209.81.189:46708/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.189:46708/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.142:34748/Mozi.a id: auto-de4bd979025802276a84c959ed5c7ef255a62e56eb188814dbd921cd8d93738b status: experimental description: Detects traffic or activity related to http://117.209.84.142:34748/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.142:34748/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.220:35943/bin.sh id: auto-9f940447abf78b06b9fdf17f431ae6dbb3387bbb962575a71436eee0e3219b12 status: experimental description: Detects traffic or activity related to http://117.209.23.220:35943/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.220:35943/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.0:46656/bin.sh id: auto-1ad0de496163fb862ff2e9deda71506f8726490f5db764be4f1dab1572c63c38 status: experimental description: Detects traffic or activity related to http://117.209.19.0:46656/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.0:46656/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.189:33145/bin.sh id: auto-0eeaa14b331de6c35ee0919a4103c4c25a2d4095ee06af457aed32641fd5daf2 status: experimental description: Detects traffic or activity related to http://117.209.88.189:33145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.189:33145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.133:43505/bin.sh id: auto-d0e14b3255b6bc2847094b3e738f3937c7119a48ddd8e90588829b0581ee77de status: experimental description: Detects traffic or activity related to http://117.209.88.133:43505/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.133:43505/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.185:45386/i id: auto-45c50d1f8ab03ae07b999c7633ae3653f61aca45ba64c3b9ed32c930723ed347 status: experimental description: Detects traffic or activity related to http://117.209.24.185:45386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.185:45386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.31:46687/Mozi.a id: auto-549853b8d6c2b25ea690a82759373bb759a637b8a793d5c73285cf91e50c144b status: experimental description: Detects traffic or activity related to http://117.209.92.31:46687/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.31:46687/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.2:52278/i id: auto-b6c56c72ff18fac751a6f0ecfcf168fac4a670ea042790d3e999542081527d77 status: experimental description: Detects traffic or activity related to http://117.209.92.2:52278/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.2:52278/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.0:34679/bin.sh id: auto-0af0757046a12ae286e8206b813aa1a1e241be8894ae4f52b832b8eff2a68ba4 status: experimental description: Detects traffic or activity related to http://117.209.90.0:34679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.0:34679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.133:46353/i id: auto-fc8dc54c5e59880323a839507c64083cb9ae383b816e048cc5bc5b1fad14ef5f status: experimental description: Detects traffic or activity related to http://117.209.23.133:46353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.133:46353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.123:51325/i id: auto-7ba01e1d244615642dd02a44c5b7621b196403cf30fc48da6c4ae34ed1ec4871 status: experimental description: Detects traffic or activity related to http://117.209.88.123:51325/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.123:51325/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.189:33145/Mozi.m id: auto-08c7bcfd0e615cfd52739d532fa34c77234231e7102491a59c9c39964f851b88 status: experimental description: Detects traffic or activity related to http://117.209.88.189:33145/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.189:33145/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.248:53462/Mozi.m id: auto-dff53edf0e5298ee3e3c0363625d16ca1910539dd1b6cadf6a3908095fd7902d status: experimental description: Detects traffic or activity related to http://117.209.92.248:53462/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.248:53462/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.214:40760/Mozi.m id: auto-4d71f89a5c7e3af5fdffa0a5623371f9cb1fb7b41a1140cfdcd5ca57cc686d3a status: experimental description: Detects traffic or activity related to http://117.209.85.214:40760/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.214:40760/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.108:39952/Mozi.a id: auto-05ffb8d44d5ecc4503f8bdf4713afd42de7d28796d5df6d58fba67efe00d1646 status: experimental description: Detects traffic or activity related to http://117.209.25.108:39952/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.108:39952/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.24:32956/.i id: auto-5cae7993dc6e75de8aa1f56e0e9bbf1ee1ce6697c7f2c0ff892bc37cad22c5cc status: experimental description: Detects traffic or activity related to http://117.209.16.24:32956/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.24:32956/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/MVvd2DP.ps1 id: auto-3c18f280a6c0e2e81de8e0aba1634974018616b2808d0386f133e9a3965476f0 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/MVvd2DP.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/MVvd2DP.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.24:32956/bin.sh id: auto-ff37011c1d4d5d550e6e98d339836051ed78122da15892dafcc0089afc42154a status: experimental description: Detects traffic or activity related to http://117.209.16.24:32956/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.24:32956/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.227:47437/Mozi.m id: auto-fdcf17b0beb96d91f17b9af96586e47a555a7d6c66f5d8f85ec2b85079a76121 status: experimental description: Detects traffic or activity related to http://117.209.12.227:47437/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.227:47437/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.241:44116/i id: auto-cb2bb6d05e4d4360c89cf39e07c3a92ec354cf8201236ed7d4d640ffb134b54d status: experimental description: Detects traffic or activity related to http://117.209.23.241:44116/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.241:44116/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.108:57724/Mozi.a id: auto-40e71d6981279bee0b9588a74ab70a7b16403c00dc08c10a59148bfc81f0a3d3 status: experimental description: Detects traffic or activity related to http://117.209.22.108:57724/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.108:57724/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.108:57724/i id: auto-f3e54ac30af02b498580e3e69984c882449cbc8e15145d8dd3888017fa87fb66 status: experimental description: Detects traffic or activity related to http://117.209.22.108:57724/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.108:57724/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.143:45286/.i id: auto-1cbdfbac184ccede064f0a23dbcaf19d4e1924b5bb17d0454db5f04339cdfb54 status: experimental description: Detects traffic or activity related to http://117.209.28.143:45286/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.143:45286/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.183:45942/Mozi.a id: auto-b6d75529884fd9443b9422bb9a14bd2658826250c27e560bcbd300ff3504126c status: experimental description: Detects traffic or activity related to http://117.209.86.183:45942/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.183:45942/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.157:33343/Mozi.a id: auto-43ebde1c1ff099299a5baeaedb3ebef9c231bab00d8edc55723af436bc01194f status: experimental description: Detects traffic or activity related to http://117.209.31.157:33343/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.157:33343/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.53:46938/i id: auto-e1c198d84b7ab2105d524761b118becb48dcb00e354ee22b0a483a34e12db426 status: experimental description: Detects traffic or activity related to http://117.209.31.53:46938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.53:46938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.22:34152/.i id: auto-fd6a07fafda9c26e2c8c132730e5150f5db10726ae4faf5988b20fd10c94dca1 status: experimental description: Detects traffic or activity related to http://117.209.85.22:34152/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.22:34152/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.223:45869/Mozi.m id: auto-d6e589d6a898b6dd05f3102c016180cb6b6c03b0e397ea3430a8fc72b47c5c1f status: experimental description: Detects traffic or activity related to http://117.209.83.223:45869/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.223:45869/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.67:36039/Mozi.a id: auto-784816abc707f85c1d562060d9aaf3873c5a54b9b5cf6ccce7247a4f51f4254b status: experimental description: Detects traffic or activity related to http://117.209.86.67:36039/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.67:36039/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.157:33343/Mozi.m id: auto-c56e461be1f3c9cf518123910efac31decbdb9f4f3975fddbaeb45a0dcde5252 status: experimental description: Detects traffic or activity related to http://117.209.31.157:33343/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.157:33343/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.74:40347/Mozi.m id: auto-1bd768ec8106bf1f961022d7e1cd96b3525405edaa28e1ee5b74db3a0e1ea9f1 status: experimental description: Detects traffic or activity related to http://117.209.87.74:40347/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.74:40347/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.189:33145/i id: auto-ebf7eca3c4000d5e0d013babf8a3e480b44317684c268a93da04a90f2156fe95 status: experimental description: Detects traffic or activity related to http://117.209.88.189:33145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.189:33145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.157:33343/i id: auto-db1854dce23e5a67c57a8689acd63e039a90abe81d29148b4485b874b88a5d1c status: experimental description: Detects traffic or activity related to http://117.209.31.157:33343/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.157:33343/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.250:41318/i id: auto-824c3247bd2043f1c5c0b20aaf350c2611a22268afdd95209d28251983be599c status: experimental description: Detects traffic or activity related to http://117.209.89.250:41318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.250:41318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.15:33422/Mozi.m id: auto-447588b8f874adccc96aab7dd28cf36394523d74965ffeecf266db906a9143de status: experimental description: Detects traffic or activity related to http://117.209.29.15:33422/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.15:33422/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.157:33343/bin.sh id: auto-409b78b8ea38bd0ca3edd9d8d2c6e2caff118b9f8e9727901dc216f2579b9731 status: experimental description: Detects traffic or activity related to http://117.209.31.157:33343/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.157:33343/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.84:57511/.i id: auto-a744bd3f769025d07e05f6986f7e9d73bbf5adba56fd3cb20cde2f07f618e86b status: experimental description: Detects traffic or activity related to http://117.209.93.84:57511/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.84:57511/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.157:33343/.i id: auto-a867286da84f7377aaf876b38edc236d64a9351fae8f47ed0a0f68d83f9936e6 status: experimental description: Detects traffic or activity related to http://117.209.31.157:33343/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.157:33343/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.0:46656/Mozi.a id: auto-7ecb1e74976e7f66973e874749d160788127c053b5a48f25a1a9444dec0a6d63 status: experimental description: Detects traffic or activity related to http://117.209.19.0:46656/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.0:46656/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.227:47437/Mozi.a id: auto-2faee1a6f27cdf09ae070370f2146f32d033f851d44082851d6fd79f4effc066 status: experimental description: Detects traffic or activity related to http://117.209.12.227:47437/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.227:47437/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.133:46353/.i id: auto-dcda0fde9d952f7a886ab09b917216a58878abba14d07c0ec4c30c536e769ee6 status: experimental description: Detects traffic or activity related to http://117.209.23.133:46353/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.133:46353/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.154:38968/Mozi.a id: auto-35b06904a1d66ffa78e0e79f6059465c398978893b5e7e413c6a35a7aeb543c5 status: experimental description: Detects traffic or activity related to http://117.209.25.154:38968/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.154:38968/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.108:39952/.i id: auto-91b9db81aa078a5e621d410ce0c4e1609f81b55110a50af0eb511592a777637a status: experimental description: Detects traffic or activity related to http://117.209.25.108:39952/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.108:39952/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.143:45286/Mozi.m id: auto-d4ff0feecaf6435ed1d3ed33bd4d426b24dadc383debce53660ecdd42c8b9fc5 status: experimental description: Detects traffic or activity related to http://117.209.28.143:45286/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.143:45286/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.133:46353/Mozi.a id: auto-ae3252660e9b586e12344f14384212056cdd48ce32c8b9bb048250e3a4a2dfee status: experimental description: Detects traffic or activity related to http://117.209.23.133:46353/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.133:46353/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.108:57724/.i id: auto-624db8a22844d0f1c8175768e70fc680519f4d1d470f3126674725a372b82e33 status: experimental description: Detects traffic or activity related to http://117.209.22.108:57724/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.108:57724/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.31:46687/bin.sh id: auto-7df5f9d9ba2b8d3bf7b0fe52f3c7de1eb70de26510f7e1f7027421c9ce0588ed status: experimental description: Detects traffic or activity related to http://117.209.92.31:46687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.31:46687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.133:46353/bin.sh id: auto-c00f45241ba292b023bbca255f8455901594fd6dd16eb44110fb6157c0f38d88 status: experimental description: Detects traffic or activity related to http://117.209.23.133:46353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.133:46353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.123:51325/Mozi.m id: auto-2f8509dded081b6e01326b10f8a25a7e41ed86b5fc19e86b82dffb660c210fac status: experimental description: Detects traffic or activity related to http://117.209.88.123:51325/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.123:51325/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/MVvd2DP.bat id: auto-c4496bf9de05724bc69b67a57717657fbfe91b1a91584135caec17fbba9f5c6b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/MVvd2DP.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/MVvd2DP.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.223:45869/bin.sh id: auto-a82d60c1642584d2b2234a335cd20d0559c574c00c854d9cd53a454e134574e4 status: experimental description: Detects traffic or activity related to http://117.209.83.223:45869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.223:45869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.154:38968/bin.sh id: auto-8555e4481a249dcf07f22a612cc5d0a789e7f70ccbeb8da768a289e91f1325b2 status: experimental description: Detects traffic or activity related to http://117.209.25.154:38968/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.154:38968/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.250:41318/bin.sh id: auto-8a5e12c89949d14e8996e54755c89006b1bb993ee01567ca03e26ed52eae7a90 status: experimental description: Detects traffic or activity related to http://117.209.89.250:41318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.250:41318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.0:34679/Mozi.a id: auto-e16d491be3515b3761956e95302dc71e9c298acf12120b975f8eb5574ddbc62e status: experimental description: Detects traffic or activity related to http://117.209.90.0:34679/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.0:34679/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.183:45942/Mozi.m id: auto-969d54f535f56b081f3211ba4e53f381ee698e2dc5fe1ec93c4a34076fb327ed status: experimental description: Detects traffic or activity related to http://117.209.86.183:45942/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.183:45942/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.189:46708/i id: auto-ae0b168d71706f9a4f0244b334f646e2268f25d97df4f34ae41c7f29e44a5c34 status: experimental description: Detects traffic or activity related to http://117.209.81.189:46708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.189:46708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.241:44116/bin.sh id: auto-fcb293b34465d1f4a39db7f3864ce00df3edcd1ec6919d09248ea7419fa0cb79 status: experimental description: Detects traffic or activity related to http://117.209.23.241:44116/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.241:44116/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.154:38968/.i id: auto-e58e92507aea7468ebb8aa465b5a6b5a4b053f0ab871c2b99f0e455124e07141 status: experimental description: Detects traffic or activity related to http://117.209.25.154:38968/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.154:38968/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.109:33428/Mozi.m id: auto-7202310848d0b34f276a1b8ddf146fa39694869c51263ff5de4803f15593fc8b status: experimental description: Detects traffic or activity related to http://117.209.15.109:33428/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.109:33428/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.109:33428/i id: auto-6965009546842119a545595522cb1476ad68e0846e87460fdc0e100e10f94ea2 status: experimental description: Detects traffic or activity related to http://117.209.15.109:33428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.109:33428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.0:34679/i id: auto-4bfdfd1314a3dea9035761d9ea04f2747a26b2c003e11acfdfc1afc2284f4c2d status: experimental description: Detects traffic or activity related to http://117.209.90.0:34679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.0:34679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.196:52922/i id: auto-073955a543c2097322f0e5ca4fc310169c3c1055be08b2928cbe206beec42ecc status: experimental description: Detects traffic or activity related to http://117.209.15.196:52922/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.196:52922/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.100:53306/.i id: auto-c27e487285986661986bcfdff2248f5e25f265b29f2e0a16d9bfae5b97cab572 status: experimental description: Detects traffic or activity related to http://117.209.24.100:53306/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.100:53306/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.67:36039/bin.sh id: auto-d771362f0f7031945c87a44f40368f9ab56bb4e1de38c4e11b47fd5de0bd4f40 status: experimental description: Detects traffic or activity related to http://117.209.86.67:36039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.67:36039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.196:52922/.i id: auto-4a6c0b9f5a19c89ac9e5d38eab04efcfb6126bf67ed615156ec4c7f51228ab3d status: experimental description: Detects traffic or activity related to http://117.209.15.196:52922/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.196:52922/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.143:45286/Mozi.a id: auto-e9ad16e83d4787e9865196acb2cd962bae366fc2b4399035ac93bbfdb0f573e6 status: experimental description: Detects traffic or activity related to http://117.209.28.143:45286/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.143:45286/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.31:46687/i id: auto-8042aa6de2402111f290f999d217a6d9cd2bc40a4bf16591714c8efba86951de status: experimental description: Detects traffic or activity related to http://117.209.92.31:46687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.31:46687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.196:52922/bin.sh id: auto-cffbbaf4f3511fadaf7dac998cfee83b01f9668a2a1a2df1ad83bf543868c6b7 status: experimental description: Detects traffic or activity related to http://117.209.15.196:52922/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.196:52922/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.0:34679/.i id: auto-13b2978215d585988b75a4f965a1cf5960233d2a915f6dd2f71dd4ce128fe15d status: experimental description: Detects traffic or activity related to http://117.209.90.0:34679/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.0:34679/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.77:56690/i id: auto-c2154bdda23622dccda06259074f7c8dc74429a526ccfe6cc83233d4786d6fad status: experimental description: Detects traffic or activity related to http://117.209.118.77:56690/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.77:56690/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.196:52922/Mozi.a id: auto-306b3f971895b198c9c86b10f7460371a11f3dda5beff1abb26e74d0b1db8c56 status: experimental description: Detects traffic or activity related to http://117.209.15.196:52922/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.196:52922/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.233:36246/.i id: auto-a598170e3923b98ca7a30a22a0eef39e05877b761f819b308fe6f35067a0e68d status: experimental description: Detects traffic or activity related to http://117.209.20.233:36246/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.233:36246/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.233:36246/bin.sh id: auto-3f2223fa970871bd774fe7acc14f80ac73c3bd8b3b1cf106361c7e53a62ab612 status: experimental description: Detects traffic or activity related to http://117.209.20.233:36246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.233:36246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.77:56690/bin.sh id: auto-d824f31fa7017b498355e549fc9855517d4a444ec338c3ba7e989826b60253d6 status: experimental description: Detects traffic or activity related to http://117.209.118.77:56690/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.77:56690/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.61:44118/.i id: auto-38186c417f3dda6658b29c93e72a5916e9aac177a56131bf1332aea846b42e7c status: experimental description: Detects traffic or activity related to http://117.209.3.61:44118/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.61:44118/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.136:44615/Mozi.m id: auto-15fe43ef6ed6cff6c7db4aa31a8a500baca903275c8044db7a2eb63ded23f214 status: experimental description: Detects traffic or activity related to http://117.209.27.136:44615/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.136:44615/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.227:47437/.i id: auto-c60a1f8bd1376a607594a5b9c5769209e69e7e9b267dec748a97e086dd88b944 status: experimental description: Detects traffic or activity related to http://117.209.12.227:47437/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.227:47437/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.74:40347/.i id: auto-ce83b44f83743f8fdc777936ca082bbceaf23a1f95769e0a4055eb5e107a5a67 status: experimental description: Detects traffic or activity related to http://117.209.87.74:40347/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.74:40347/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.67:36039/i id: auto-dfaa65c724b9fdea6f2f1971ce5d797499d211585266c026b7a5940ecae2547a status: experimental description: Detects traffic or activity related to http://117.209.86.67:36039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.67:36039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.139:49602/.i id: auto-d4220584a3b3fa370522a918b460d5d4754fbe126edcb651d8df065dc298ca6a status: experimental description: Detects traffic or activity related to http://117.209.23.139:49602/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.139:49602/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.144:43910/bin.sh id: auto-163ab25002b43539cb38fcb727b35888a5d0ac2824862ebc672b2c3aca313fd4 status: experimental description: Detects traffic or activity related to http://117.209.95.144:43910/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.144:43910/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.206:46579/Mozi.m id: auto-2e7207396a2e1ee28e6e2faa6b853d0b446a3a3fe05eecf20d34d14de3075273 status: experimental description: Detects traffic or activity related to http://117.209.88.206:46579/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.206:46579/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.2:52278/bin.sh id: auto-2d128c1dca79ed64631657516fa276cb2696bd8a19bedad882e62cb17936788a status: experimental description: Detects traffic or activity related to http://117.209.92.2:52278/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.2:52278/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.136:44615/i id: auto-c70b8b3e96012ee29e9ae3c381b0adf28382aa6fa0df593f22d44a976120c598 status: experimental description: Detects traffic or activity related to http://117.209.27.136:44615/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.136:44615/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.15:33422/Mozi.a id: auto-739af16d49e9b53f4bd6c2135a5483af8f625d53e318b263437ae993eddb249f status: experimental description: Detects traffic or activity related to http://117.209.29.15:33422/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.15:33422/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.214:40760/i id: auto-08b4f866ebefd660c1aca60ada705191bb83a84517f32a0ee2167986fcbf91d4 status: experimental description: Detects traffic or activity related to http://117.209.85.214:40760/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.214:40760/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.182:37470/.i id: auto-84d4e3ff9052c31a23ca9a613330ca000d8da8d5fd64d974762f3a29eee9e0c5 status: experimental description: Detects traffic or activity related to http://117.209.22.182:37470/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.182:37470/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.248:53462/.i id: auto-197d8e9532b35e8297eeb3734f05b57f6487d1f67916249aebbb93c35f73d42b status: experimental description: Detects traffic or activity related to http://117.209.92.248:53462/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.248:53462/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.15:33422/.i id: auto-e4e88d3fbe8efccba378f24b93a3f59f3b6281edb5d4ba1740ffb781b9a51532 status: experimental description: Detects traffic or activity related to http://117.209.29.15:33422/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.15:33422/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fxmixers.com/download/FxMixersInstallerx64.exe id: auto-cebdffec0b852a1ebe4e9c3ba37fbb875890f553f6d95f810dbee748c8bcfde2 status: experimental description: Detects traffic or activity related to https://fxmixers.com/download/FxMixersInstallerx64.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fxmixers.com/download/FxMixersInstallerx64.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youtube-rus.top/YouTubeRU.apk id: auto-a3d4b19b077f05a7c8261631f142059653d0dcedde0613bcce49bbd5415bd996 status: experimental description: Detects traffic or activity related to https://youtube-rus.top/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youtube-rus.top/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.163:43327/.i id: auto-46475f589555061677f8aed51471added007b9ddae6088ecca831690236276c0 status: experimental description: Detects traffic or activity related to http://117.209.87.163:43327/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.163:43327/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.139:49602/Mozi.m id: auto-f1e71dc73361fac455b4d32f64cc00fa09d8f26c5ccd47b76d190a67138e662d status: experimental description: Detects traffic or activity related to http://117.209.23.139:49602/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.139:49602/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.142:34748/bin.sh id: auto-db8ad43ccbee24b8eb8c29d17b405b35efbf95dc446c3bca12cfb33caf2b5f7e status: experimental description: Detects traffic or activity related to http://117.209.84.142:34748/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.142:34748/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.248:53462/i id: auto-b0e0af9a21958de100623c2dbb811e2a85ead6a58c1aa90ba8bb9c0d7c869c6f status: experimental description: Detects traffic or activity related to http://117.209.92.248:53462/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.248:53462/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.3:46896/i id: auto-93c876912fa5e97fc496ec62570c32a0212d807d8b104d65909301a479aadab5 status: experimental description: Detects traffic or activity related to http://117.209.95.3:46896/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.3:46896/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.108:39952/Mozi.m id: auto-843c698e4d422634230ecb2d1ee9248571514f9e59b2097347ce949a683b94fb status: experimental description: Detects traffic or activity related to http://117.209.25.108:39952/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.108:39952/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.24:32956/Mozi.a id: auto-0e0acca06369fd17de36170d385d824bf1c78d5c8814a62b74b90ac27c5e1e17 status: experimental description: Detects traffic or activity related to http://117.209.16.24:32956/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.24:32956/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.0:46656/.i id: auto-90b6396d1b332df0baaf5bf5113a310bf0a9ce0369ef09f44e5f98a97f075d31 status: experimental description: Detects traffic or activity related to http://117.209.19.0:46656/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.0:46656/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.77:56690/.i id: auto-80db7d1dc9f815018443b83dafb8e48c8fbacd6053b4f9453d9486b78e58bc91 status: experimental description: Detects traffic or activity related to http://117.209.118.77:56690/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.77:56690/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.185:45386/.i id: auto-c39c6feddecde1a0507f5c55c6277476e352fcef6abd0bc040b032a54685a0e3 status: experimental description: Detects traffic or activity related to http://117.209.24.185:45386/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.185:45386/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.24:32956/Mozi.m id: auto-912a81d415a285507f43132d5f290c1e16d0dd81b52a272748b4fa6a0a84bb47 status: experimental description: Detects traffic or activity related to http://117.209.16.24:32956/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.24:32956/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.154:38968/i id: auto-df1779e3089f2f2cd35f8b0eefe0365035bf9b4a0357a793a615b2f76850d71e status: experimental description: Detects traffic or activity related to http://117.209.25.154:38968/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.154:38968/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.79:54526/bin.sh id: auto-fa72d43948494f4dd8d0e61fe0fbd9aff134998c09f5d78eaf73451c409bd2c3 status: experimental description: Detects traffic or activity related to http://117.209.84.79:54526/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.79:54526/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.142:34748/i id: auto-a85c1fea4fbc2904370dc881d642befccd6d232276cec49569ed052951bf7ab6 status: experimental description: Detects traffic or activity related to http://117.209.84.142:34748/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.142:34748/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.109:33428/Mozi.a id: auto-17a1d89965923fb4cc57a048876a57b0a9a7bd25c828c3f696e4b6a24da2164e status: experimental description: Detects traffic or activity related to http://117.209.15.109:33428/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.109:33428/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.108:57724/bin.sh id: auto-e94c1f5693df9e8fcf064141df8e19483252e54549b2644aa242cef1118c6d3b status: experimental description: Detects traffic or activity related to http://117.209.22.108:57724/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.108:57724/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.154:38968/Mozi.m id: auto-2bb1ceac25af594d6d16e22af875cf5e490fa321fbc6f79c317b0c152b77a09b status: experimental description: Detects traffic or activity related to http://117.209.25.154:38968/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.154:38968/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.79:54526/Mozi.a id: auto-0dce82ffaa0b153a0edf6635c57d3941dc984e9075befc4b6b2e7a6ddac30cf1 status: experimental description: Detects traffic or activity related to http://117.209.84.79:54526/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.79:54526/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.189:46708/Mozi.m id: auto-688cba2769bba2b2b151fd82d4ded2852443c585f6e1f22f4e45e99356cb7077 status: experimental description: Detects traffic or activity related to http://117.209.81.189:46708/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.189:46708/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.241:44116/.i id: auto-5bb5457aa945f7a22839c4b505359b869e7ad8a49f4698eae0c94a61d44081c9 status: experimental description: Detects traffic or activity related to http://117.209.23.241:44116/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.241:44116/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.3:46896/.i id: auto-1c99dc46fcb24406ff4cd8b6f1b6aa18a9ac2703e1d4ffde5ed7aed998f6846d status: experimental description: Detects traffic or activity related to http://117.209.95.3:46896/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.3:46896/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.3:46896/Mozi.m id: auto-5c1f092a444dc62c8ca1659a0f2cb79819bb44c56ae89a28d615dde1edbab6b0 status: experimental description: Detects traffic or activity related to http://117.209.95.3:46896/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.3:46896/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.214:40760/.i id: auto-1011696cd6d64733d590a13450c71a6f023901fe4f6a9cd8128620d9896f3330 status: experimental description: Detects traffic or activity related to http://117.209.85.214:40760/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.214:40760/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.206:46579/i id: auto-bccba667769c76b947d8d95f9c0a0128c719fcdf5e75df6f9aa431dc14b82d70 status: experimental description: Detects traffic or activity related to http://117.209.88.206:46579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.206:46579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.214:40760/bin.sh id: auto-bb61d49b207fe20895d04f7e67d85c92ac93fba9c9e09d20d2ceba86c25dff75 status: experimental description: Detects traffic or activity related to http://117.209.85.214:40760/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.214:40760/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.61:44118/bin.sh id: auto-fda159cba6125d308251384c8b8181998a9c30f958bd260306932447ed9c203d status: experimental description: Detects traffic or activity related to http://117.209.3.61:44118/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.61:44118/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.133:43505/Mozi.a id: auto-a9d911fdf55f6d0e84cb7af845fca806d30fafa50c131e606683c57c057ad59d status: experimental description: Detects traffic or activity related to http://117.209.88.133:43505/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.133:43505/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.61:44118/Mozi.m id: auto-1694ecd9fd9cc5ef759b06e5f4eaeced50e00260575c654c6710991d4b9a509e status: experimental description: Detects traffic or activity related to http://117.209.3.61:44118/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.61:44118/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.14:54236/.i id: auto-c7800acae3685a8deb846ca4b470c185267db736929bbb33104a85f13adc82f9 status: experimental description: Detects traffic or activity related to http://117.209.16.14:54236/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.14:54236/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.233:36246/Mozi.m id: auto-6fe6422e363e6f3632d96f755d70aaf927d753bdaa0107a29714f084a2d69b28 status: experimental description: Detects traffic or activity related to http://117.209.20.233:36246/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.233:36246/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.61:44118/Mozi.a id: auto-266a1fc6b204e9fbc7dc397692e99b2528725a302365a9b4b6cf54ddceb9e4a4 status: experimental description: Detects traffic or activity related to http://117.209.3.61:44118/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.61:44118/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.136:44615/.i id: auto-65677229982883790e6336e9343c75690278fed6c382da01f3058cc52aab6884 status: experimental description: Detects traffic or activity related to http://117.209.27.136:44615/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.136:44615/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.79:54526/Mozi.m id: auto-d50c7c33763368ca364281fb929698d1aa035d4bac06f8c944d417e9560c1565 status: experimental description: Detects traffic or activity related to http://117.209.84.79:54526/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.79:54526/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.0:46656/i id: auto-cafe771427857ee6d8002a538fc5a3007e108ab2bb0f22186befa54ecb6b017a status: experimental description: Detects traffic or activity related to http://117.209.19.0:46656/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.0:46656/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.0:46656/Mozi.m id: auto-d6a0c60db0a287bcf1e38948e910fc6072232862f0e527417412c531a0d89bf3 status: experimental description: Detects traffic or activity related to http://117.209.19.0:46656/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.0:46656/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.77:56690/Mozi.a id: auto-0defda4175eee7effe5ebda6a59803020c29a23abbf3df351ba412ad35432ad7 status: experimental description: Detects traffic or activity related to http://117.209.118.77:56690/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.77:56690/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.55:34920/bin.sh id: auto-26ed551c9bbb53957d8930d99f0558ca5b0d959f7c87c603bbb27630f8b6ca68 status: experimental description: Detects traffic or activity related to http://117.209.89.55:34920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.55:34920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.84:57511/i id: auto-3fa5fda8e61ce5312c02d10e71f10aa4dc5d06ae77f83f7f120f9ee2482382f0 status: experimental description: Detects traffic or activity related to http://117.209.93.84:57511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.84:57511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.182:37470/Mozi.a id: auto-0ff8381fffa8ff1852d87168c42e55afa1d07585e0602e0f46cac4aa62e52889 status: experimental description: Detects traffic or activity related to http://117.209.22.182:37470/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.182:37470/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.100:53306/Mozi.m id: auto-c36e7bd24d0bab9ef5d57f1e58170414db231b982bd714452bcbea43c0922bf9 status: experimental description: Detects traffic or activity related to http://117.209.24.100:53306/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.100:53306/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.227:47437/i id: auto-314e7649399b136b1ddd3784ce4537b4c6d87e2573f3f664a3abe4a519e0f63e status: experimental description: Detects traffic or activity related to http://117.209.12.227:47437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.227:47437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.163:43327/i id: auto-7e310eaebb9fa4e46fff7d621275037ed63006ea3f85cd9459629abef25cc400 status: experimental description: Detects traffic or activity related to http://117.209.87.163:43327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.163:43327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.53:46938/bin.sh id: auto-8ee95cd88c76e55240ef3c1427f262549c29cc7bf8135fe80bc7018cf7167f2b status: experimental description: Detects traffic or activity related to http://117.209.31.53:46938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.53:46938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.3:46896/bin.sh id: auto-0ba4808bdb9d07133b752f475eab416006b22faffc070aee0941fc59a9737434 status: experimental description: Detects traffic or activity related to http://117.209.95.3:46896/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.3:46896/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.84:57511/bin.sh id: auto-1ccc325ccfa2cada314c0e2012016f477bbc47703ed703c560896fb6fe26801a status: experimental description: Detects traffic or activity related to http://117.209.93.84:57511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.84:57511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.108:39952/bin.sh id: auto-c0e8b4491c9fc2355ea82386bf6f9879ed4c50fc48eaee8542066a009bd9a50f status: experimental description: Detects traffic or activity related to http://117.209.25.108:39952/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.108:39952/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.214:40760/Mozi.a id: auto-238dc444c36ad2117200dd480fc3a0413e72475a965872a3645cef8605016176 status: experimental description: Detects traffic or activity related to http://117.209.85.214:40760/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.214:40760/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.163:43327/bin.sh id: auto-518bdc614e186a8ce85a3195746011f71492f9346099fc6115f04fa684038521 status: experimental description: Detects traffic or activity related to http://117.209.87.163:43327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.163:43327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.15:33422/bin.sh id: auto-f75d0cff8f872b5405f98bf35374b94c416e7b667972ddf56a9f2fd308bcb576 status: experimental description: Detects traffic or activity related to http://117.209.29.15:33422/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.15:33422/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.241:44116/Mozi.a id: auto-cc73f6eb0de37540154b70a2ada6b4adea5c1311d5d1666a0febb1b18cfa3b88 status: experimental description: Detects traffic or activity related to http://117.209.23.241:44116/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.241:44116/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.22:34152/Mozi.a id: auto-9cb845e594338cf68f208a3b1ea7aeef5c2ffe6d72909653a7d5b655f0060e3b status: experimental description: Detects traffic or activity related to http://117.209.85.22:34152/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.22:34152/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.100:53306/bin.sh id: auto-70569647e4f769d5851ae1a045aa3abb70525504a5494b1f3b23526cb958a06d status: experimental description: Detects traffic or activity related to http://117.209.24.100:53306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.100:53306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.123:51325/.i id: auto-2f7d3d3e2f6410aa7343e62ff3bc8ecefda61593dc1ccec33f23c7f1f0b4b6f2 status: experimental description: Detects traffic or activity related to http://117.209.88.123:51325/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.123:51325/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.109:33428/.i id: auto-07fc4b27401c308bdd5ea2f366442775d5fb3540b92dec370c3e9c74547a7e6c status: experimental description: Detects traffic or activity related to http://117.209.15.109:33428/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.109:33428/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.109:33428/bin.sh id: auto-5d224b0b2f59f95b09c05f9742a25f6f65f202abd45d3f18711880fe6d24cb8b status: experimental description: Detects traffic or activity related to http://117.209.15.109:33428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.109:33428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.185:45386/Mozi.m id: auto-28ab958523006133312e6363740009ff813533a9ac52cb649cb22e8f480a534a status: experimental description: Detects traffic or activity related to http://117.209.24.185:45386/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.185:45386/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.2:52278/Mozi.m id: auto-2380359c1efcb9163d720c9b384d7e5b07315a88852039ee3c01928506e45530 status: experimental description: Detects traffic or activity related to http://117.209.92.2:52278/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.2:52278/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.2:52278/Mozi.a id: auto-618c3955ceb885284606f3d8fb061cea156dc15ad3736f6f7521dc06ada7884a status: experimental description: Detects traffic or activity related to http://117.209.92.2:52278/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.2:52278/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.22:34152/Mozi.m id: auto-9410f8340aa99f7ec15a766095e78f36d3c00099e99a760b0446fbb7019356d2 status: experimental description: Detects traffic or activity related to http://117.209.85.22:34152/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.22:34152/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://yout-ru.lol/YouTubeRU.apk id: auto-6d11761bb72e37765adb8ef41389d80433373634966017c1c9e18c657cd92d9b status: experimental description: Detects traffic or activity related to https://yout-ru.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://yout-ru.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.220:35943/i id: auto-971e2c01ea76742bd51d6a9b41aac794171c1e4ea32e8e1ee83c4254a2775247 status: experimental description: Detects traffic or activity related to http://117.209.23.220:35943/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.220:35943/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.53:46938/Mozi.a id: auto-a4111acc935d798c5a021d920195e8966dbe990059075dc4583661b9b0f3e236 status: experimental description: Detects traffic or activity related to http://117.209.31.53:46938/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.53:46938/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.223:45869/i id: auto-844845c5941cbf78b4e29fe3045e29481d24189174c5e6e20aff7cb7bc45d72c status: experimental description: Detects traffic or activity related to http://117.209.83.223:45869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.223:45869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.22:34152/bin.sh id: auto-a7e7fcc2aa8ab197d5bd558336f50aa9e9d140f737c8caf7d0122e4e287ffb7b status: experimental description: Detects traffic or activity related to http://117.209.85.22:34152/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.22:34152/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.22:34152/i id: auto-ac02c8f01002f4e0fe1512200ce1cc6fdeb10efbeaa47464dcf8115a53a46a26 status: experimental description: Detects traffic or activity related to http://117.209.85.22:34152/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.22:34152/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.223:45869/Mozi.a id: auto-6bb18c9e740e931f5bb20acfc92c7a545d711069e185c5eb93670379c2cf83e3 status: experimental description: Detects traffic or activity related to http://117.209.83.223:45869/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.223:45869/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.84:57511/Mozi.m id: auto-276551face2d6b95b9ed59de50fead2305bc0218c3fa38b8625859035e36edf4 status: experimental description: Detects traffic or activity related to http://117.209.93.84:57511/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.84:57511/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.220:35943/.i id: auto-49c483033d8b3a48e495875f4ea9d783618e1887b7de973c71fa0437f4b15888 status: experimental description: Detects traffic or activity related to http://117.209.23.220:35943/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.220:35943/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.74:40347/bin.sh id: auto-74ca6d83656afc7b8d3cf31668f8d6f35db40b53c0b4d3c20b480fd1eacdcdb0 status: experimental description: Detects traffic or activity related to http://117.209.87.74:40347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.74:40347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.142:34748/Mozi.m id: auto-9f0d71188f156fd2483923f057bf5413424bef4d1e6e0e6ff909b4f44d5f4877 status: experimental description: Detects traffic or activity related to http://117.209.84.142:34748/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.142:34748/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.227:47437/bin.sh id: auto-b9ae58b3ddd263b53e81a4120dbbf73cf8de6eec76316fecfb9b338b6a02fcea status: experimental description: Detects traffic or activity related to http://117.209.12.227:47437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.227:47437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.185:45386/bin.sh id: auto-7f07957c964094cb4bc407c78469227e082e180423d2b5b8f5aa094d4986d580 status: experimental description: Detects traffic or activity related to http://117.209.24.185:45386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.185:45386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.183:45942/i id: auto-a6e62822e47bdc5d91ab67d194bc67e08f70c9c59d18c5652607a97c0510269f status: experimental description: Detects traffic or activity related to http://117.209.86.183:45942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.183:45942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.74:40347/Mozi.a id: auto-077b3f7968f5032e7366b077d6d2e601b38f0d10fece49979cadaec6e1413ad4 status: experimental description: Detects traffic or activity related to http://117.209.87.74:40347/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.74:40347/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.3:46896/Mozi.a id: auto-4773c0d82e0a000c23f5c7dd8b877e945ff189b7f4388869aed2e0220ab5b1c9 status: experimental description: Detects traffic or activity related to http://117.209.95.3:46896/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.3:46896/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.31:46687/Mozi.m id: auto-fcd68431a509fa0518928c303cebf710d21e38c39cb0500550e81667e7dcd46e status: experimental description: Detects traffic or activity related to http://117.209.92.31:46687/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.31:46687/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.250:41318/Mozi.m id: auto-d422b44c617c31c927b962fee3b2c6c5d734811bfe1a466d5989dc5521c7364d status: experimental description: Detects traffic or activity related to http://117.209.89.250:41318/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.250:41318/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.182:37470/i id: auto-0c0bbe4c275b9dadaed0eaec021ce46575cd29a5109a3d5d5ffcc300e06a9aaf status: experimental description: Detects traffic or activity related to http://117.209.22.182:37470/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.182:37470/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.182:37470/Mozi.m id: auto-b4f9ad38639e4647cf35f2aa468321b287fad0869fba93176ea1081e87e9aa3f status: experimental description: Detects traffic or activity related to http://117.209.22.182:37470/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.182:37470/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.139:49602/bin.sh id: auto-8517b33d089818f9c8f9fdf0314e49b32fa495de45f12b84ed0b5a6f069a64b7 status: experimental description: Detects traffic or activity related to http://117.209.23.139:49602/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.139:49602/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.206:46579/bin.sh id: auto-fc8960696cb133f3aede2ce99adeb356390a19531399edd37505b017c347c387 status: experimental description: Detects traffic or activity related to http://117.209.88.206:46579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.206:46579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.100:53306/Mozi.a id: auto-d642f1dde0d02957d1f45a4379b1f46396ea867b3599f13cc1e0aaac02b9d2dd status: experimental description: Detects traffic or activity related to http://117.209.24.100:53306/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.100:53306/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.144:43910/.i id: auto-df929a45d7573821c9475e80f6d79a528893aa831fbeea18593cc34d416d1087 status: experimental description: Detects traffic or activity related to http://117.209.95.144:43910/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.144:43910/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.144:43910/i id: auto-6bdf6b889c662f9d083976db4d2cd522b4578ebdee467220cd52d132d9d58c34 status: experimental description: Detects traffic or activity related to http://117.209.95.144:43910/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.144:43910/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.upload.ee/download/18961160/c8303162d77221e6b225/Mantanos.exe id: auto-183e256eabb39ddd63dda584c795417d3ea0708049efcbf9c6b4fc88012a1d1c status: experimental description: Detects traffic or activity related to https://www.upload.ee/download/18961160/c8303162d77221e6b225/Mantanos.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.upload.ee/download/18961160/c8303162d77221e6b225/Mantanos.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.189:46708/Mozi.a id: auto-b77d6562700ded599144176a3ffe52c911d388723a647b0526dd0685178037d2 status: experimental description: Detects traffic or activity related to http://117.209.81.189:46708/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.189:46708/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.142:34748/.i id: auto-25573206a237768c0880dc6b1aece0c06d8647c9753a2d716c46171796750104 status: experimental description: Detects traffic or activity related to http://117.209.84.142:34748/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.142:34748/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.163:43327/Mozi.a id: auto-e29051cfe57555533a9aa6674a21701b6e7902a38f543c8b4de60e2dedeea659 status: experimental description: Detects traffic or activity related to http://117.209.87.163:43327/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.163:43327/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.189:46708/bin.sh id: auto-062b5e279de66a10507c6f27017073266992673addd7ab50e4ac6d6b69179efb status: experimental description: Detects traffic or activity related to http://117.209.81.189:46708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.189:46708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.133:43505/Mozi.m id: auto-61812019d41b38830355811c963793964effc5b333788c30239b95aa3077ce43 status: experimental description: Detects traffic or activity related to http://117.209.88.133:43505/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.133:43505/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.133:43505/.i id: auto-b6f3c299cb700b72ab88241f7c63b674433d0726e9bca2d38fc4982f55711683 status: experimental description: Detects traffic or activity related to http://117.209.88.133:43505/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.133:43505/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.185:45386/Mozi.a id: auto-5bb62d8c928169a17798e3ac646a0651cdf4a4c9b0e02ccab9ce55caf2361866 status: experimental description: Detects traffic or activity related to http://117.209.24.185:45386/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.185:45386/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.133:43505/i id: auto-dcb548a0586bd838262906362e12750193273da88a0c4c276361aaa1bcb45109 status: experimental description: Detects traffic or activity related to http://117.209.88.133:43505/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.133:43505/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.55:34920/i id: auto-2a8ab16bd926145d823f018cb9ada8032ade9a75aaef17fc6afa4c758ba9623f status: experimental description: Detects traffic or activity related to http://117.209.89.55:34920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.55:34920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.123:51325/Mozi.a id: auto-5a81ae1023bad0b97a334355839bc44147048a293447cb12d821b8ff6eef92fe status: experimental description: Detects traffic or activity related to http://117.209.88.123:51325/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.123:51325/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youtruss.lol/YouTubeRU.apk id: auto-30d584340f60559585ff19c3bcbeac6320fb28d8864ca4c8db31659c2b54f846 status: experimental description: Detects traffic or activity related to https://youtruss.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youtruss.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6723359323/ZMz28h2.bat id: auto-6fade35a379ff527d6ac42b9f3bccb74d73a385e64a5ee376bfd5e0d35ae3817 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6723359323/ZMz28h2.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6723359323/ZMz28h2.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jkemdr.hoyenoy.com/shurufa15.12.zip id: auto-a1d5461fe1f607340a5dc6ec5f8e1e8df64c6d1424699aa14205d3cc52dfd933 status: experimental description: Detects traffic or activity related to https://jkemdr.hoyenoy.com/shurufa15.12.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jkemdr.hoyenoy.com/shurufa15.12.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://apps-sogou.com/downloads/windows/SsogSgooun.guanwang.1.5.8.exe id: auto-cdb188ebea6c6c129b581301d885a7405ab28a039ec498e42f99dae3e4ee218a status: experimental description: Detects traffic or activity related to https://apps-sogou.com/downloads/windows/SsogSgooun.guanwang.1.5.8.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://apps-sogou.com/downloads/windows/SsogSgooun.guanwang.1.5.8.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.11.194:56256/bin.sh id: auto-06cae64481df01e0ede5d9cf4420b9c1e04717c6b8e25bd62c2d722c0e176f50 status: experimental description: Detects traffic or activity related to http://196.190.11.194:56256/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.11.194:56256/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.10.252:37958/bin.sh id: auto-315e3980b63acaf98c1b53593be864252de9a6a9220a47fa4ca5bfbb1f7cf0a5 status: experimental description: Detects traffic or activity related to http://196.190.10.252:37958/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.10.252:37958/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/nigga.sh id: auto-8d45c2d88e43314318663052830d1fbbf5613da14315565aa124af8ded782884 status: experimental description: Detects traffic or activity related to http://87.121.112.123/nigga.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/nigga.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/bbc id: auto-80cf9a2599904e83561ea11db68f7dbbc00eb093a4589d77368cabe42f83a5a1 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/bbc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/bbc*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.193.111:51649/bin.sh id: auto-13da88d90d7338c9f989285352cc4448c44fe42d4423128dc01a15c3fa457ea8 status: experimental description: Detects traffic or activity related to http://219.155.193.111:51649/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.193.111:51649/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.58.152:39771/bin.sh id: auto-e7dc027911517bcffeafea81963000f93ea51da266109dce6977218eb450bc34 status: experimental description: Detects traffic or activity related to http://42.237.58.152:39771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.58.152:39771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.25.41:54373/i id: auto-16696e9925bc4100d07d9d749ea422c8a15d9b7ea1286626bf95f896748e49f0 status: experimental description: Detects traffic or activity related to http://125.43.25.41:54373/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.25.41:54373/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.9.113.60:34036/i id: auto-8f940c06aa88acb4cdceb408742f871638ba198c78c2d78cd75fdf81e69d7289 status: experimental description: Detects traffic or activity related to http://223.9.113.60:34036/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.9.113.60:34036/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.50.199:56001/bin.sh id: auto-95c169a090f90e43f7638507144dd447484c9841e7b3966f1da6618d5cad0e35 status: experimental description: Detects traffic or activity related to http://42.56.50.199:56001/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.50.199:56001/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.184.172:37633/i id: auto-db1503448b85780bd6689da5cfe5cd682a97f19299fa79191e209ad12dbd4e6b status: experimental description: Detects traffic or activity related to http://27.207.184.172:37633/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.184.172:37633/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentdips id: auto-e80f8b4e84dc6666991c8f96818ee65c124e555ebad5ba3a17e3cd88f7776978 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentdips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentdips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentdipsk id: auto-07ce49dc25508bc89a85c452d715a4b5945bc88b9a79148f2d1cc31552a94ed3 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentdipsk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentdipsk*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentdotsk id: auto-dc087561d3292a1f8e5774340623cb290ca66951b3d4df42302dcbb0375e5ee6 status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentdotsk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentdotsk*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.61.59:37270/i id: auto-c58ae494ab1a9d01014147f3f53ee86a705d9abf4ab0e3baf348294c1fa6da7f status: experimental description: Detects traffic or activity related to http://117.241.61.59:37270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.61.59:37270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7469098119/l4yt0RV.exe id: auto-2c547ae21328d4f47cb0321a0d02f8fe8a28df4993563e0306448defb2d5deb8 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7469098119/l4yt0RV.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7469098119/l4yt0RV.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.112.123/fentarm4k id: auto-1d216d2e1b6488402fd17e353397e64061ce18109ecf41d3ebf3973e0ce8fb8a status: experimental description: Detects traffic or activity related to http://87.121.112.123/fentarm4k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.112.123/fentarm4k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.230.131:52966/i id: auto-b842790e2908d65e5886120773f88ee86d3c112f1db9a75748f87996f3ae4864 status: experimental description: Detects traffic or activity related to http://42.53.230.131:52966/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.230.131:52966/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.61.59:37270/bin.sh id: auto-971d9de93f2882199ce2dee1b4a68d33ba9210fd3f8d4d8c72fb8c5d391822ae status: experimental description: Detects traffic or activity related to http://117.241.61.59:37270/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.61.59:37270/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.11.46:54466/i id: auto-d7fc7d815acdc1cca1a10864fd11efa699ffa864a1e5dd4f638419815ca4b16f status: experimental description: Detects traffic or activity related to http://123.11.11.46:54466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.11.46:54466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.241.159:55599/i id: auto-f5d319fc998c3991ac90b9ab6c48691d43e8b5c43c71e6d60c40971b3fcef065 status: experimental description: Detects traffic or activity related to http://123.9.241.159:55599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.241.159:55599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.255.244:50754/bin.sh id: auto-6bb499383f3a87d23be8f452095a1015f1877618ed66e6ef0f098ab68377c8bb status: experimental description: Detects traffic or activity related to http://185.221.255.244:50754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.255.244:50754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.230.131:52966/bin.sh id: auto-50a4eda7da55665a2aeff102cca2dc8011b942a185f70011d696bd19135e106e status: experimental description: Detects traffic or activity related to http://42.53.230.131:52966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.230.131:52966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.239.87.50:8020/Big/IMG001.exe id: auto-a32417531c823984e0914ce9ca10ee57f8f7899a620c1738d0d83829c9c5767b status: experimental description: Detects traffic or activity related to http://222.239.87.50:8020/Big/IMG001.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.239.87.50:8020/Big/IMG001.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.77.117.172:54138/i id: auto-8abf5d87db5e5e9cecd6c6b976020c6772d21ea7dad7693b6ea5a7f8f52c5051 status: experimental description: Detects traffic or activity related to http://39.77.117.172:54138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.77.117.172:54138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.33.87:48604/bin.sh id: auto-62c4d1ff040757e57a7ca81f74b76ac662ed01ca720acf932fd86d35b0190699 status: experimental description: Detects traffic or activity related to http://42.230.33.87:48604/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.33.87:48604/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.210.93:52360/i id: auto-ef7a3185ecebea9f7db0c8db72f275ee2a3304d9ebf33263176c2ce65775cafa status: experimental description: Detects traffic or activity related to http://125.44.210.93:52360/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.210.93:52360/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.77.117.172:54138/bin.sh id: auto-9f49ab9be4c8ecabb7fdefe94ac78aa2d40e958728d75da965f4b143d81b1158 status: experimental description: Detects traffic or activity related to http://39.77.117.172:54138/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.77.117.172:54138/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.155.166:48625/i id: auto-320db7933af7f4434eb7f8064d0178dc49722e71e9a85000caa3ee1825e4be9b status: experimental description: Detects traffic or activity related to http://125.40.155.166:48625/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.155.166:48625/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.125.177:56070/i id: auto-0bb8096463cc4c5fe1d15f9b1d54b1c6db6f845a1a9542638fe54a7827ec79dc status: experimental description: Detects traffic or activity related to http://27.215.125.177:56070/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.125.177:56070/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/i486 id: auto-2888f88bd38d456db4a32c070ed0a909e5d050e859abb3cffac0f93073f81b89 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/spc id: auto-9c39d99e37a3c3112cc98616ce68d6b47e62bd4bf057c5a07b0792148f0957e7 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/w.sh id: auto-96ef600e4ee14e92027010bbb0161a8440b7de1a1115764d61d633bb866f549e status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/m68k id: auto-7661f5e30b47a0b371c186780b4a0ac21d54801fc488bef6018a8c041768f43a status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/x86_64 id: auto-11c156b4ce6365018c513f16c659819425b214d7e1ab49ee5e1f269fd7237d07 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/arm4 id: auto-5bfdeef2ce38d0584ad0b87755b795821235e1932cc0a53aad251b8b385957b7 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/wget.sh id: auto-ec36d160bf4bf61d750e09376fdf7d7eeb95ae5a4437ace73579f34bc794317d status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/c.sh id: auto-26ca2fe24928fc704cc3df0ab7d9db1a82e4822abc5041380ad372de7666e49c status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/arm6 id: auto-bc93b5594ba9bceb699f0fed9398e7786a30f787b9561b569378d4138c0ddd74 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/ppc id: auto-1a3a5eae182c70e95873737fc8278657039cf063014c2cabce6ddf4bc0d93edd status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/i686 id: auto-b40fcfc41b92983af925c66373cd1d14481dba24ce207beac68ec9397b7318a6 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/arc id: auto-2ff8bfa2af4f4cc58c3592e6c6becff691f7b23cf4e7e718507db61917eefb39 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/sh4 id: auto-ea37e71c67f1dadbc0fe2e866664c3611a7b31feed3533d74ef8b24bbddd9010 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/arm5 id: auto-b985832ca967d295c191cac2217dcd9cf58c23aea459427512b2c88cbcae0ec2 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/mpsl id: auto-1593f2759389e2119864b62367f9ea201891cbc28ac96eb6f160a7b674a54cec status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/arm7 id: auto-42c6a8003d8b6550c804ab188341487c95330aada7e3f0c587d384154e893645 status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/mips id: auto-95273a5c93f25d3d6f2518e93d52d075dba052731ef3f9bdbfd4104ad8a31c2d status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.10.252:45661/i id: auto-e6669e0698c5884ffff688ea8c0a51eff222fa20269981bbfafe979921e7ddf0 status: experimental description: Detects traffic or activity related to http://196.190.10.252:45661/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.10.252:45661/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.183.149:38954/i id: auto-faa4b67ede8d7c940377d0a8f4339a70b722492eeebd157bdd8c23b92a35fd77 status: experimental description: Detects traffic or activity related to http://115.57.183.149:38954/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.183.149:38954/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.210.93:52360/bin.sh id: auto-d4b1561e26f5776ec69e054432a6806a91fc743bda19874640f2e66072aebe3a status: experimental description: Detects traffic or activity related to http://125.44.210.93:52360/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.210.93:52360/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.10.252:45661/bin.sh id: auto-7a4b78d9d1671892351433496967d7c4c58e102841812eab7712991dab214848 status: experimental description: Detects traffic or activity related to http://196.190.10.252:45661/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.10.252:45661/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.157.36:39798/i id: auto-9b132901397b492d796e59ef4c2d5dee3e74ba7d6ea8d7281acb83adb4e07c6f status: experimental description: Detects traffic or activity related to http://222.140.157.36:39798/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.157.36:39798/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.125.177:56070/bin.sh id: auto-a310a2746dd85a7907ccaea6d26eb5d360b2bfbd7efba8a8675921bc14670f02 status: experimental description: Detects traffic or activity related to http://27.215.125.177:56070/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.125.177:56070/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7551344175/vOY2bkp.exe id: auto-905d16fe375a4da89575d1c4f912503629d68318227c765cd17d937035ed2d60 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7551344175/vOY2bkp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7551344175/vOY2bkp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.77.170:40479/i id: auto-4938f8020e363a3b3b61e86e0499c7fc2e80b824346ecf579cc490bbe4ff6e20 status: experimental description: Detects traffic or activity related to http://115.49.77.170:40479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.77.170:40479/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.157.36:39798/bin.sh id: auto-acf20b6be7198ec029c30b6bf89bf669904d13a2fba54bcda49c0e51e117dcdb status: experimental description: Detects traffic or activity related to http://222.140.157.36:39798/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.157.36:39798/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.193.139:52406/bin.sh id: auto-8f6af315b3611c9f84031f22223247531b1af50f8e76cebe9553413eaff237a4 status: experimental description: Detects traffic or activity related to http://182.123.193.139:52406/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.193.139:52406/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.199.169:42308/bin.sh id: auto-b4d10002c6d43a6908eeaed121fc907e6b4c8b19fad9878142712a2da19968a2 status: experimental description: Detects traffic or activity related to http://61.1.199.169:42308/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.199.169:42308/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.217.236:57364/bin.sh id: auto-b1b905918d49dc9f1fa49433232d0ab3bbea0b96f966d5100f0f8e32e674a090 status: experimental description: Detects traffic or activity related to http://123.9.217.236:57364/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.217.236:57364/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.137.11:34258/i id: auto-079ac3f277cbf820141654aed82aa901bb1cfc4848a65052abc2784f3804f57e status: experimental description: Detects traffic or activity related to http://42.87.137.11:34258/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.137.11:34258/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.152.76:47035/i id: auto-7ef88d82113977b552f21d477af31a1b98fff5050830cef7eb15f41c7b7abad6 status: experimental description: Detects traffic or activity related to http://59.88.152.76:47035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.152.76:47035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.89.17:36199/bin.sh id: auto-fa3ff0db2a7fecf7dd3a76af337955ce580c9cec914c491d41cdde7e74d23c52 status: experimental description: Detects traffic or activity related to http://115.51.89.17:36199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.89.17:36199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.250.67:51828/bin.sh id: auto-5592ffe0291dd4ab13b99512ce021324d7b80486555844f6aefd70befdcd5796 status: experimental description: Detects traffic or activity related to http://219.155.250.67:51828/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.250.67:51828/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.13.25:46653/i id: auto-0b797059ea785c9632181ef36df9360b96ee673314e352bb03380ffff6e1124a status: experimental description: Detects traffic or activity related to http://115.63.13.25:46653/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.13.25:46653/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.233.136:44958/i id: auto-40409428e0143fa60844bd30870742a92a0f35a488d218b9190a8b0687947d6b status: experimental description: Detects traffic or activity related to http://182.123.233.136:44958/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.233.136:44958/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.77.170:40479/bin.sh id: auto-92f4815fad8496ad78db9eb5c119195f45109d2295bde54b124cdc9509502545 status: experimental description: Detects traffic or activity related to http://115.49.77.170:40479/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.77.170:40479/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.70.128:48352/bin.sh id: auto-709e988fc2068455f559e1f776630a8b4e0117750ea765d2a197aedfb7e11a18 status: experimental description: Detects traffic or activity related to http://182.117.70.128:48352/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.70.128:48352/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.187.134:35330/i id: auto-1634ec5b9c0aedc94072da10172f35c890b0207f799e729323dd35b895be8528 status: experimental description: Detects traffic or activity related to http://61.52.187.134:35330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.187.134:35330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.65.146:59607/i id: auto-2aeb287d0f0c4d4ed1265e80144cc211db24cee82df745647368b75118bdbd63 status: experimental description: Detects traffic or activity related to http://113.230.65.146:59607/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.65.146:59607/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.70.128:48352/i id: auto-b1e2d6ebf1f22d0c2d24a88d08297f6b711cebc70c3d6f881f2f5c6dd0bcb393 status: experimental description: Detects traffic or activity related to http://182.117.70.128:48352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.70.128:48352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.191.160:59266/i id: auto-67d575423f607d81280c5a9be4e49d9c8cbe508d17c25333c18fef75d99b01fe status: experimental description: Detects traffic or activity related to http://42.239.191.160:59266/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.191.160:59266/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.19.204:39005/i id: auto-d787eaf428eef9db006573a902aed56029d7ee4361f242d0b0ecce84971b282b status: experimental description: Detects traffic or activity related to http://123.190.19.204:39005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.19.204:39005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.77.180.62:33521/i id: auto-fa689b4960f03989f11ca0b105a8a0676f18721eb37e9ca1287d6c9763b890b1 status: experimental description: Detects traffic or activity related to http://110.77.180.62:33521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.77.180.62:33521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.220.204:54855/i id: auto-3fa8e92ee788a3b0476110c4081029f42eb7999f0a2f5497621bb5e2de1a221c status: experimental description: Detects traffic or activity related to http://115.50.220.204:54855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.220.204:54855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.133.223.72:50411/i id: auto-c9931b74308f2a28245e3150b69808324d98de9c9c83621dfceb1bc0360a5cb4 status: experimental description: Detects traffic or activity related to http://123.133.223.72:50411/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.133.223.72:50411/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.188.64.41/Cameron/Skye/Manderfeld/x86 id: auto-a13fbc635808e420c58d599088f46bf0918349f39b6f3f2c479d6104b790426c status: experimental description: Detects traffic or activity related to http://64.188.64.41/Cameron/Skye/Manderfeld/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.188.64.41/Cameron/Skye/Manderfeld/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.mpsl id: auto-419d7a40be4c20b53027bf73a901544cadbb3eab357e1e73a60e1bdcf2cf6ccc status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.ppc id: auto-3a498529bdaff55c2ff7322f53bd1fd87f55a9019cb33f7c75495b2e5315e1a6 status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.m68k id: auto-779e394536025d124907e48b719cded33a61b7864a3723bbfbb66f68ac052cf7 status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.sh4 id: auto-d79b12c143352bf2d3235fdb1bb03a49173b799d4a5dcda4b5e4ab95ad940291 status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.x86 id: auto-61c7b4daf10fb85a3e83e65fbe01c1daa106e2106c66b96c663471503dd99007 status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.arm id: auto-2abf328477632e758934934f59d0b6a17cc35e35dbc08fdc6bbaaea7196784d9 status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.mips id: auto-e5c8634efdae9dd61acba43d23eba70f45fc86e011f37db9a723e909b4fe80e0 status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.197.134.210/bins/sora.spc id: auto-c2dc797494316b28feab668f4a6934e1d61ca8f6aae79d8e63131af6bcf713bb status: experimental description: Detects traffic or activity related to http://69.197.134.210/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.197.134.210/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.164.42.134:60295/bin.sh id: auto-aeb96214a195fc106b34e7a0163df0336a9476a4e7823374e476384a076a1b58 status: experimental description: Detects traffic or activity related to http://5.164.42.134:60295/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.164.42.134:60295/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.127.141:36751/i id: auto-70f919337ee71324f28e0208fa857ba70a0a177e92dbaba621dd7c92d1969ea0 status: experimental description: Detects traffic or activity related to http://182.126.127.141:36751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.127.141:36751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.242.156:38344/i id: auto-4695209bd6e0b5c5d39dd5695f5b87431c56c7652e43ac9504828e9e4d4f57f6 status: experimental description: Detects traffic or activity related to http://110.39.242.156:38344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.242.156:38344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.14.73:36916/i id: auto-ff1585057f5d8324ac62fa3f3c96bab7d9fddf39917600d4fa04162dd405d3ef status: experimental description: Detects traffic or activity related to http://110.37.14.73:36916/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.14.73:36916/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.155.114:53093/i id: auto-345cc44c240e28ab13cb0a24de17a8289bf87300d020a8e7e6f250f708525356 status: experimental description: Detects traffic or activity related to http://175.148.155.114:53093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.155.114:53093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.30:47969/bin.sh id: auto-97992581dab0c91eb6a8e222cc137993d7a046a1d7567bba304a8e1fb545ee07 status: experimental description: Detects traffic or activity related to http://42.235.91.30:47969/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.30:47969/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.108.183:54394/i id: auto-f7aaabfd4c5d5fb173c9cdb5123359336ed12a3fbf0a955f3fba988ecebfaeff status: experimental description: Detects traffic or activity related to http://112.248.108.183:54394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.108.183:54394/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.61.72:41936/bin.sh id: auto-b44449ad3a27e48127d42d794fdc6da122dffe817ddf3fd80c4aeb6d3adb081a status: experimental description: Detects traffic or activity related to http://219.157.61.72:41936/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.61.72:41936/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.134.181:40076/bin.sh id: auto-ca7f0f9db1590e3919336cf47176b3cd06cff0a33d74f849b762312942970f59 status: experimental description: Detects traffic or activity related to http://219.155.134.181:40076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.134.181:40076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.108.183:54394/bin.sh id: auto-ad0e1fe65a550b8a4456b37d6639899f96ae86a8e9791a784d71e78f276fe30f status: experimental description: Detects traffic or activity related to http://112.248.108.183:54394/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.108.183:54394/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.185.221.169:46862/i id: auto-833d6862b0598ed3eb94a043be66b19261eb9563e2d9f9e261c152e7aa73c7e2 status: experimental description: Detects traffic or activity related to http://39.185.221.169:46862/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.185.221.169:46862/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.95:46021/i id: auto-95fcd0cc6be63d8f8c587998ee0cbf94aadfbc2f58ce055834f71350a0969b48 status: experimental description: Detects traffic or activity related to http://175.165.84.95:46021/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.95:46021/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.14.73:36916/bin.sh id: auto-3c21b0c3f2b60d7adc85950f62667ae427b7a6ed28d50733bcf61c4467dea767 status: experimental description: Detects traffic or activity related to http://110.37.14.73:36916/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.14.73:36916/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.117.249:57899/bin.sh id: auto-7ffc26541798c8886a740d13ce83f3b3c7f3a7801b44e765a3a64c733a799e8e status: experimental description: Detects traffic or activity related to http://59.94.117.249:57899/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.117.249:57899/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.35.204:55553/i id: auto-75ce59cc0b356d5768ca45578777fdb99e45ba7f229dbd08cc80755655e9f562 status: experimental description: Detects traffic or activity related to http://182.117.35.204:55553/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.35.204:55553/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.208.134:47972/i id: auto-2eeb3df341fce88b7d1b1d0d1b49699e763a48571023e1c932a2987a76cb24d4 status: experimental description: Detects traffic or activity related to http://42.56.208.134:47972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.208.134:47972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.239.57:48219/i id: auto-8d787fce36f9ae36bfeaca00bcd6de57302437142c1ab6188af22f748a83caca status: experimental description: Detects traffic or activity related to http://42.59.239.57:48219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.239.57:48219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.95:46021/bin.sh id: auto-07f25dc0b37d7ae8e6f2327f53236224395f5bceb7c4350d2290818fc670197a status: experimental description: Detects traffic or activity related to http://175.165.84.95:46021/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.95:46021/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.208.134:47972/bin.sh id: auto-ba0d0909bb345e12acb8ada884a117033ad2cf46c5310430bc59600682aaed25 status: experimental description: Detects traffic or activity related to http://42.56.208.134:47972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.208.134:47972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.183.149:38954/bin.sh id: auto-3a55dea1e602d117f8750c483a514b49422b52baab236d569b29032f6fa8046c status: experimental description: Detects traffic or activity related to http://115.57.183.149:38954/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.183.149:38954/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.179.89:44239/i id: auto-7767d059e508f793d677befda247b8761cd78f3bed1cfc3cc2f56c0071d4bd26 status: experimental description: Detects traffic or activity related to http://42.227.179.89:44239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.179.89:44239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.239.57:48219/bin.sh id: auto-87e2555538e2d7cd32d3e4c26ebfa2db9fec371379235e45713f9791c154b3bf status: experimental description: Detects traffic or activity related to http://42.59.239.57:48219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.239.57:48219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.84.195:44974/i id: auto-523d066a98c56804ac0bc4ea804c6c1e8457b6a0ef4e8633bf9168fbbf191bf4 status: experimental description: Detects traffic or activity related to http://222.137.84.195:44974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.84.195:44974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.178.90:59321/bin.sh id: auto-458c7ca375a160d2e99682d4305ca8521f411ae8b7ac062c5164498901fbfc4b status: experimental description: Detects traffic or activity related to http://117.216.178.90:59321/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.178.90:59321/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.35.204:55553/bin.sh id: auto-1974f4224cb072b12b5da6e1ef171b016f4300ec861b6544c1d984a83671679f status: experimental description: Detects traffic or activity related to http://182.117.35.204:55553/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.35.204:55553/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.179.89:44239/bin.sh id: auto-b7863d1ccd071dea85a5206e1b166adb4de6bb21e3c00b4c48831c4048cbe041 status: experimental description: Detects traffic or activity related to http://42.227.179.89:44239/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.179.89:44239/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.120.195:38407/bin.sh id: auto-ceb4ab31c7d8060f15b682db6d30f35294ce1cb7e153fb254f0f446bd30fb100 status: experimental description: Detects traffic or activity related to http://182.127.120.195:38407/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.120.195:38407/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.91.70:38310/i id: auto-d5a434b2a7f5695f824a5b05955983156f5b3117c048821c7ea1e6d47d74960a status: experimental description: Detects traffic or activity related to http://115.58.91.70:38310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.91.70:38310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.241.207:39375/i id: auto-3e0c23383743b68da32c058d73e646a108a0305afad3f0f9533364afd1b206f9 status: experimental description: Detects traffic or activity related to http://116.139.241.207:39375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.241.207:39375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.186.153:59960/i id: auto-1903fdaeac30d4910513522e69b0e0fc8ce657cdeeb1f1703d762b0d0400e45a status: experimental description: Detects traffic or activity related to http://59.92.186.153:59960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.186.153:59960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/DlzYEla.exe id: auto-2b5920fd36d86f3e566e2094facc885e933a336100a2913e6cf00cb161e31bc2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/DlzYEla.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/DlzYEla.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.0:60745/bin.sh id: auto-f78bd4389fe82093e434d22398a4154d087cc49495ca4804ebbe0f01c6fb9e88 status: experimental description: Detects traffic or activity related to http://110.37.1.0:60745/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.0:60745/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.64:49412/i id: auto-803fa3bf263b7b6191cb753965562af2ea3df742b1b18259c480feb8dfa78986 status: experimental description: Detects traffic or activity related to http://117.209.17.64:49412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.64:49412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.166:46195/bin.sh id: auto-6bf6bb238626ad92f4f3a377b18f3a340176e7a0aaa20be908e688dd262e9858 status: experimental description: Detects traffic or activity related to http://59.96.143.166:46195/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.166:46195/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.92.9:44734/i id: auto-75445cb692e818ae06d72337f568d9dc1f723e625f0e36b9a3a1e339762df7bf status: experimental description: Detects traffic or activity related to http://125.47.92.9:44734/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.92.9:44734/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.91.70:38310/bin.sh id: auto-217c364b4baba719b74aa6a9feab4ff07bbbc13902739f16dbf6778d465ebb7f status: experimental description: Detects traffic or activity related to http://115.58.91.70:38310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.91.70:38310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.241.207:39375/bin.sh id: auto-c42eb2baf67cbae17abfdff9300358a7ce6b456399a7a01a4b1dfe6a04caf3c6 status: experimental description: Detects traffic or activity related to http://116.139.241.207:39375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.241.207:39375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.227.43:56140/i id: auto-f1bffe5486263e19a7c5d4299a3cee9a0c005be38ab237ecc996ae0d128ca18b status: experimental description: Detects traffic or activity related to http://221.1.227.43:56140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.227.43:56140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/xcxtV93.exe id: auto-c66a34dde66d4025fa195e4c0c9359845f3a6b10a65e49ff7717a66943190be2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/xcxtV93.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/xcxtV93.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.92.186.153:59960/bin.sh id: auto-9a8f247dd386526dd5799130449ade6a572b3d4ba63b14ffabfa7f233fcf6ffb status: experimental description: Detects traffic or activity related to http://59.92.186.153:59960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.92.186.153:59960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.64:49412/bin.sh id: auto-546364406fcb8a402856bfce0c95486b60f0e526211aec728f336bf891043baa status: experimental description: Detects traffic or activity related to http://117.209.17.64:49412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.64:49412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.84.195:44974/bin.sh id: auto-8e80c83ae02df04262db9d439322182724fb0353ac043c7193dbba881d9e6b1c status: experimental description: Detects traffic or activity related to http://222.137.84.195:44974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.84.195:44974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.92.9:44734/bin.sh id: auto-e9202b241fe298bee802b2a808eabaa3e63549f9ace7d170916377ee7550b212 status: experimental description: Detects traffic or activity related to http://125.47.92.9:44734/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.92.9:44734/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.172.135:54742/i id: auto-dfc6cfa2300d37890303b2ac71b2f9fedf4a0f86251baedee6cbc4e9ca7cca9c status: experimental description: Detects traffic or activity related to http://219.156.172.135:54742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.172.135:54742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.112.182:57702/bin.sh id: auto-e1e492d2ed93e531f9b2aa49550c2ae7359077c0f7dc45d4bb1bd4b7862b20e2 status: experimental description: Detects traffic or activity related to http://115.57.112.182:57702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.112.182:57702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.116.3:47826/i id: auto-1eaecc7c1a42aec45b14a59ba7edde6c8ed2f4703064aad2ba8d92ef41b4c35b status: experimental description: Detects traffic or activity related to http://59.94.116.3:47826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.116.3:47826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.120.231:37256/i id: auto-234cc26a13b36469257f3fcf8bc1eaf81b360c7c3e995ed701300092a3065f50 status: experimental description: Detects traffic or activity related to http://27.215.120.231:37256/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.120.231:37256/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.177.73:38155/i id: auto-96cf1bee095dec104605fb8ecdb0ac249724160cf37b6e12472539ea341a66a8 status: experimental description: Detects traffic or activity related to http://222.138.177.73:38155/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.177.73:38155/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.198.249:48315/bin.sh id: auto-a6a3bd5fdfbb16fa72e7f6a8d06083b772b93f3552f7658e983ea289e058c12e status: experimental description: Detects traffic or activity related to http://125.46.198.249:48315/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.198.249:48315/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.48.180:37198/i id: auto-22db5f22e4f55848cf84956c0ae34fddc104304b4be560c859b5ceb5f28e4edd status: experimental description: Detects traffic or activity related to http://115.50.48.180:37198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.48.180:37198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.139.140:55042/i id: auto-6f8389fd835efd49573bfca069b520cce47e7664dea71802628b458c04638f22 status: experimental description: Detects traffic or activity related to http://59.96.139.140:55042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.139.140:55042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.172.135:54742/bin.sh id: auto-0c030c3de30b93f0dcf5d7f707a6dad721f9317df9ba6fee2dc54e2faf4cac6a status: experimental description: Detects traffic or activity related to http://219.156.172.135:54742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.172.135:54742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.116.3:47826/bin.sh id: auto-4f01df412a72e1c9540ad2939eaa1da4b5ecb709bab9ecd7d974ae8da1844374 status: experimental description: Detects traffic or activity related to http://59.94.116.3:47826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.116.3:47826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.24.33:48449/bin.sh id: auto-9b363a01ad41704587ab04d8a711f46d3d9cf497fdd819243f1e78e79ba45038 status: experimental description: Detects traffic or activity related to http://42.231.24.33:48449/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.24.33:48449/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.120.231:37256/bin.sh id: auto-217431e9c0e00be2120393bbde1e13394ae66b566763761d1bcaca7de35eeb45 status: experimental description: Detects traffic or activity related to http://27.215.120.231:37256/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.120.231:37256/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.48.180:37198/bin.sh id: auto-373bf7eb281c204ad134ba43600ce3830ec33d1fd573c5187e4b81ca113bcecb status: experimental description: Detects traffic or activity related to http://115.50.48.180:37198/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.48.180:37198/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.4.151:33992/i id: auto-eb7da20e28af3b8d319fb18eb8058664619235ad0977a78e9001ddec8cd819b8 status: experimental description: Detects traffic or activity related to http://42.55.4.151:33992/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.4.151:33992/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.246.29:42932/bin.sh id: auto-48a108f55f24c9f10b5713178a8467234a3f72a6888317cf90a2152aac3f11f5 status: experimental description: Detects traffic or activity related to http://175.147.246.29:42932/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.246.29:42932/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.184.0.137:57674/i id: auto-ed87540c6769e588b0d2aa5b4d9cf32995bd8de1e76172aa8ffd641b0429e304 status: experimental description: Detects traffic or activity related to http://119.184.0.137:57674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.184.0.137:57674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.139.140:55042/bin.sh id: auto-de428c8cb999ebef075305df53a814f4fdca17a5f1e6fb67d2c7257cb78b2301 status: experimental description: Detects traffic or activity related to http://59.96.139.140:55042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.139.140:55042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.177.73:38155/bin.sh id: auto-d42e0db2c24b480c3de907aa58ca2cee29b9933da66796a0a41ed61ad42e4402 status: experimental description: Detects traffic or activity related to http://222.138.177.73:38155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.177.73:38155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.254.201:41426/bin.sh id: auto-c088e84612e6d2a310044f5a3ab2e2982975d618e42a0773a013952e680345cf status: experimental description: Detects traffic or activity related to http://112.248.254.201:41426/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.254.201:41426/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.192.211:41518/i id: auto-49d7d497170c161c1520b9bed8c69a31f42f241416f066ee76cdd3d83835c43c status: experimental description: Detects traffic or activity related to http://42.85.192.211:41518/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.192.211:41518/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.184.0.137:57674/bin.sh id: auto-9faae1bc4e891c6f6da621fa692c42c809fb049f21a09b124610da412c63573d status: experimental description: Detects traffic or activity related to http://119.184.0.137:57674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.184.0.137:57674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.250.67:51828/i id: auto-c46a2a03d9da544686dea939cff4f7203ec5d90307f2fa89d444d80fe57f1ba9 status: experimental description: Detects traffic or activity related to http://219.155.250.67:51828/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.250.67:51828/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.4.151:33992/bin.sh id: auto-e25088ff22b08d0f2619d80804b428586d729b9577fda9fa6fec97f5e9b150ba status: experimental description: Detects traffic or activity related to http://42.55.4.151:33992/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.4.151:33992/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.62.158:53783/i id: auto-c07457efc2bb9c863ab2f4b41166d767da56f9a482066dd3f5440f020dc61837 status: experimental description: Detects traffic or activity related to http://27.37.62.158:53783/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.62.158:53783/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.29.194:55718/i id: auto-490aa92615cef1ab373e66fab32a2ade2b406e93685b8a10c6098375a6f84f73 status: experimental description: Detects traffic or activity related to http://125.42.29.194:55718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.29.194:55718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.8.10:47441/i id: auto-8a8b0ae2646b5d681ae77d3319d536dc0f067bc5d81d682f1ce95d49ee205270 status: experimental description: Detects traffic or activity related to http://123.8.8.10:47441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.8.10:47441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.143.203.10/02.08.2022.exe id: auto-d3d859f639e6f3108bf8cb43b309034209ef915b4f0a07e31be9cb92eaa906ba status: experimental description: Detects traffic or activity related to http://45.143.203.10/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.143.203.10/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.141.113.248:5995/02.08.2022.exe id: auto-d7f1a3c6a619e7037bf253ff29f5661c63014cdb85643ff65b602504482d6e53 status: experimental description: Detects traffic or activity related to http://8.141.113.248:5995/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.141.113.248:5995/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://207.56.138.150:65534/02.08.2022.exe id: auto-0b30fc1bf21f5457cee0425432ee77739fbd0cab6228d8a6d488a77359d6146c status: experimental description: Detects traffic or activity related to http://207.56.138.150:65534/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://207.56.138.150:65534/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.181.144.47:8080/02.08.2022.exe id: auto-f25c928c0dff667f776d1ea465148ddc5e4b1c5b05732b16e74f7ff4b8baff80 status: experimental description: Detects traffic or activity related to http://38.181.144.47:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.181.144.47:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.107.242.130:52012/02.08.2022.exe id: auto-6e31b7b0e496aeb50314b35b56dc475701cb2b8cd870138b7a31a5b0ab52389f status: experimental description: Detects traffic or activity related to http://39.107.242.130:52012/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.107.242.130:52012/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://128.241.245.150:81/02.08.2022.exe id: auto-1fbf5b3dc062d4caebc33baa09e6c06428af91cd55436f3afd77f92bea2ec170 status: experimental description: Detects traffic or activity related to http://128.241.245.150:81/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://128.241.245.150:81/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.79.93.137/02.08.2022.exe id: auto-30cb8cbcb2c2275e76b6bc052ee036e37a5c36ba429c24c6429e1f417c3bab44 status: experimental description: Detects traffic or activity related to http://47.79.93.137/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.79.93.137/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.246.253.93:82/02.08.2022.exe id: auto-b42826f1081f65bb398e8318e8db83870ed4a7685036a048fbbfdead3573d790 status: experimental description: Detects traffic or activity related to http://38.246.253.93:82/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.246.253.93:82/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.134.7.96:8083/02.08.2022.exe id: auto-7d0fe22b9f22a106bc0d48d88edece2a4d11fd3624fa8e30bf4d3ece6fe4c50c status: experimental description: Detects traffic or activity related to http://43.134.7.96:8083/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.134.7.96:8083/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://90.174.92.184:13394/i id: auto-1f97d9b4e2cbb14f4e95a7e57e2e89015807917411531e0ff6dd4f5348cdfe90 status: experimental description: Detects traffic or activity related to http://90.174.92.184:13394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://90.174.92.184:13394/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.81.45.21:37720/i id: auto-04a00bdf94a6937c59f53b68f80d0873f7094b49c56a24aefa58e8f0c7fa7d0a status: experimental description: Detects traffic or activity related to http://112.81.45.21:37720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.81.45.21:37720/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.31.70.41:33333/i id: auto-7735434549c5209a5df9d6a3548b837b0a2b5eeb2b742fb58a3baf47ed20f89e status: experimental description: Detects traffic or activity related to http://181.31.70.41:33333/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.31.70.41:33333/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://71.104.46.31:43168/i id: auto-f5990b74220af1cd2d9e3ea119c4d7b8a0cc402c9f0fd6281857cd8a29d0b426 status: experimental description: Detects traffic or activity related to http://71.104.46.31:43168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://71.104.46.31:43168/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.157.147.16:58277/i id: auto-184a23866a83f0ae2b4f108d357e29fb0bacae59d157f29b3b92291714eed2cc status: experimental description: Detects traffic or activity related to http://69.157.147.16:58277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.157.147.16:58277/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.152.145.191:29996/i id: auto-aaa8c69dd4f028fa451acf4602f0ade06c6020d2ab1098089443c2fb578fb37f status: experimental description: Detects traffic or activity related to http://5.152.145.191:29996/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.152.145.191:29996/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.161.163.123:14361/i id: auto-812df3431441a98c1b59c1eefc5c7b27c72b13ff858b150412fce102725543e0 status: experimental description: Detects traffic or activity related to http://178.161.163.123:14361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.161.163.123:14361/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.22.183.40:8082/sshd id: auto-d7bb3597654ef3dfe513f52a32cec8efa28940fd96611b2fa956affd897c001d status: experimental description: Detects traffic or activity related to http://123.22.183.40:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.22.183.40:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.139.253:9303/sshd id: auto-baf09bf762976c7941f7166f62b0ba069d2cbfd6f88908c8d2a942f49d4cb85e status: experimental description: Detects traffic or activity related to http://178.50.139.253:9303/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.139.253:9303/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.139.253:9301/sshd id: auto-f6c07bd537b8544697a9c35d8e47e5e0852165675ff3ec76758dab32fb45eba3 status: experimental description: Detects traffic or activity related to http://178.50.139.253:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.139.253:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.245.82.47/sshd id: auto-db7457b2570091a6350b3b42d9b096bb57b9cdc17b776fb43e6f1ab146ac0350 status: experimental description: Detects traffic or activity related to http://14.245.82.47/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.245.82.47/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.200.7.169:8080/sshd id: auto-d15bef46973ac26677b5c6e73a150952e547c703a72a2fdbb1523a9691885d72 status: experimental description: Detects traffic or activity related to http://181.200.7.169:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.200.7.169:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.194.76:86/sshd id: auto-b61407e1f61a38547dbe2844a0fe9b1c5c6f3d576c5645923d9fa71006b7eddc status: experimental description: Detects traffic or activity related to http://123.209.194.76:86/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.194.76:86/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.31.212:2000/sshd id: auto-9674ff365c569736346f8a4e95aaa87c319fab5491ff7096f5eb89955175071e status: experimental description: Detects traffic or activity related to http://117.216.31.212:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.31.212:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.33.19:8084/sshd id: auto-8fee10ee91e443b848788e26569c7ce2799b0da6ac342ef9321738fef69f3c4e status: experimental description: Detects traffic or activity related to http://41.146.33.19:8084/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.33.19:8084/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.33.19:8082/sshd id: auto-0885f7ab8e26d0d29f79da8deaf4fe091739525cccc07b369359410a8927943f status: experimental description: Detects traffic or activity related to http://41.146.33.19:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.33.19:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.18.153.252:91/sshd id: auto-4e52426c86ff1de20fd1c99bcd0533790cf575d95342129454f4364c1aaf4c1b status: experimental description: Detects traffic or activity related to http://88.18.153.252:91/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.18.153.252:91/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.207.178:2000/sshd id: auto-a3c517859640e9176c113672b4207fa49703ab61dd30cabfe472504fe405d03b status: experimental description: Detects traffic or activity related to http://117.242.207.178:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.207.178:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.110.184.89/sshd id: auto-5fa5b4501ef0528d8c9486528530a333a69e25bbd40f78529d8abfaa01f4f6bc status: experimental description: Detects traffic or activity related to http://116.110.184.89/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.110.184.89/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.161.52/sshd id: auto-3006c2dc73f188f5f2266ec0c3b3a1c4c8d2bb5c34fc5b05231643342a33c5d8 status: experimental description: Detects traffic or activity related to http://91.80.161.52/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.161.52/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.165.156/sshd id: auto-e4a1880eb994a57c40450d9cf5b1c1837b351f5423c51b610c59464055c9f380 status: experimental description: Detects traffic or activity related to http://83.224.165.156/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.165.156/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6723359323/ZMz28h2.exe id: auto-0062824d066ddc01d46ee56041d84b710bda45e7ef664126e5b273e8d2d20d8c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6723359323/ZMz28h2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6723359323/ZMz28h2.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.215.208:39072/bin.sh id: auto-8d3ce668724183baabca5599b7cc220f3c48426873e4d959fbb050d0c4b0bb15 status: experimental description: Detects traffic or activity related to http://222.141.215.208:39072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.215.208:39072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.124.204:32883/bin.sh id: auto-e558c77a624c3358dcec9e844f3e7f1fddeaceed0383ea69ab97e205d022d112 status: experimental description: Detects traffic or activity related to http://59.96.124.204:32883/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.124.204:32883/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.5.247:46930/i id: auto-295a1d2b66dcff2a495ae711a02d87e5989b8daeb83e73e7e62e89fa554734e6 status: experimental description: Detects traffic or activity related to http://115.59.5.247:46930/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.5.247:46930/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.55.2:52585/bin.sh id: auto-745ef8ba72d3f66b8b994c5dd821b33992d28b3cd55324a3fae3e615eb94e70e status: experimental description: Detects traffic or activity related to http://115.55.55.2:52585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.55.2:52585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.8.10:47441/bin.sh id: auto-d8383efd531d1830717ea7082a209172e472faf3e5945035fab6ded1a27881d9 status: experimental description: Detects traffic or activity related to http://123.8.8.10:47441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.8.10:47441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/MVvd2DP.exe id: auto-1a1b422c7d57a85a6efde8075a6a4b0b839ed55e0266333f550fb79878e32609 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/MVvd2DP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/MVvd2DP.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:48731/bin.sh id: auto-b09f7fbec6f2dd6b645c43319a24a06c0a788447a128c9c9cc546b28da4bac2d status: experimental description: Detects traffic or activity related to http://110.37.42.225:48731/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:48731/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.30:47969/i id: auto-5bf9e7a5f882e4c7dbec52d3a575bf81f56cecdffb20749cb0013818cde99f82 status: experimental description: Detects traffic or activity related to http://42.235.91.30:47969/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.30:47969/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.5.247:46930/bin.sh id: auto-deca11a036f493433fb26924cd459e4f8d77d1262c67c96710238c6283daecfa status: experimental description: Detects traffic or activity related to http://115.59.5.247:46930/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.5.247:46930/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.145.230:54807/i id: auto-5a416bd10cc541e84b2351e5e22ad4440c568fcea65af0b05ddc475a8992b2ae status: experimental description: Detects traffic or activity related to http://222.137.145.230:54807/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.145.230:54807/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.120:45079/bin.sh id: auto-30d9a00f7a3ca0f5cc121b9caff09de23434ccc84eb48ddd7416f6d813d1784b status: experimental description: Detects traffic or activity related to http://59.96.137.120:45079/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.120:45079/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k id: auto-64fbb3b1037710d4a794d65418fac8719baf4414fa3dfd77525fe012aaf31010 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 id: auto-21c1a95c6d20c2cc47771d26ffccfe756454ba10fb0bc79994ad8646a59ee85b status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl id: auto-20839ad4484429fcad9209ffaf2bb503db15a63d9598d622c6d04b561d57d25f status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 id: auto-ee4c8ec5991eb84741bfec615ae545afd488b2745253e06da89b0cb7873d95af status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm id: auto-9bd55e770832eb60ef82065348824dac18390eb39f4e7fa48b298bb40e912ef0 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips id: auto-169715b02e4ddda64c61aaec5c6eee829c40f2182485ad529c36f6a62abcc1d5 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 id: auto-005525cd868937f926521f05cf7489a7cbf09b2071b81c1c78d906bd1e14f796 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc id: auto-d884beedb29b3de5f263ab33df3188b4df50201dce269d285f062f1f3435b926 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc id: auto-87eee92fe56acfa44408bd31bc7e8fd77c914618c4287bd1c4121cdac76397d2 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 id: auto-7fce6f99d877e4ce6c64b4423e7d764f53d9a0a55edae3da24404b9360a8bcc6 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc id: auto-58eb78cec30a5d8e84ec5dc191888913c89c9342ab54be14a0675377feda4cf6 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 id: auto-1bbccf6609ca4e3cd997a3effbc5009bbfb70513f775d213c0626e62f2e40b4f status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 id: auto-da4f2f05657c82292b0c6f47db0cb04c83ebb507f12f078882ef22f91df8ac5c status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/ohshit.sh id: auto-be2f9297afb65f7a8e699b9546f15a601c9698a08131cb24b7ec3e8347e36574 status: experimental description: Detects traffic or activity related to http://45.83.207.173/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.102.87.68:58721/bin.sh id: auto-2f5bb531f55ba8f33a40bc53ed00a240fef43047a30e8f6e31aff5763b7563af status: experimental description: Detects traffic or activity related to http://85.102.87.68:58721/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.102.87.68:58721/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.31.165.63/mips id: auto-b71d7bf8367fe880226e843117ddd116398bbb5645380caa4a63af9c06fa8dec status: experimental description: Detects traffic or activity related to http://144.31.165.63/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.31.165.63/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.204.204:36899/i id: auto-0bdcbb1c6fb49e1b36a468ffa1de0775ed0c3159972edfa946dac8d7cf9cd455 status: experimental description: Detects traffic or activity related to http://60.22.204.204:36899/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.204.204:36899/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.96.67:48034/i id: auto-e15a03214306a9c75e70227eaf2a8777ce01f372dadb32db4047e35ccc226aed status: experimental description: Detects traffic or activity related to http://175.169.96.67:48034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.96.67:48034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.218.138:52514/i id: auto-46c5b0b5566ba0daf97337da06813708bed2afbd93e67055667973405a27f0d9 status: experimental description: Detects traffic or activity related to http://123.9.218.138:52514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.218.138:52514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.187.134:35330/bin.sh id: auto-1f428832fedaad204302823b0beb79de508d63f9f6c7b7e3b2fd462e59579b27 status: experimental description: Detects traffic or activity related to http://61.52.187.134:35330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.187.134:35330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.31.165.63/mipsel id: auto-306c4fd512305954b067d11c47cab818b12b22803a7de4df5286781938b80a87 status: experimental description: Detects traffic or activity related to http://144.31.165.63/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.31.165.63/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.33.87:48604/i id: auto-81354e33bf812550e234ae2f2ac51e17d07186cb0bbc63803a19f4101bc160d7 status: experimental description: Detects traffic or activity related to http://42.230.33.87:48604/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.33.87:48604/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.31.165.63/sparc id: auto-6accc97e121edd151806af4ba99584df8c4fb8d33201da1db98b85ed1eca1e8e status: experimental description: Detects traffic or activity related to http://144.31.165.63/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.31.165.63/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mutlupanda.com/i id: auto-1b49746f17ebf05fb5ced9e5e4e19bb417ab3d532d2cbe408f2d152b25926e59 status: experimental description: Detects traffic or activity related to http://mutlupanda.com/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mutlupanda.com/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.61.105:45905/i id: auto-cce079ef66e2570120e6071246f5aab4136de020283f227a73b9f57ffdadb5b4 status: experimental description: Detects traffic or activity related to http://115.55.61.105:45905/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.61.105:45905/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.192.231:45249/i id: auto-51ad8cc5970594c579959528955abb4240437e38a12d2dd84dd94f037cc4085b status: experimental description: Detects traffic or activity related to http://123.12.192.231:45249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.192.231:45249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.252.217:36739/i id: auto-60d4d8c384c2c0a13669607e03c6b1cf92e96a52c520526708cdc2a1491aa1b6 status: experimental description: Detects traffic or activity related to http://123.9.252.217:36739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.252.217:36739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.60.64:42801/i id: auto-9d76b0da08c48d614bc199e8f8452006fa3b68ab209f473ffff2a2557b9f9113 status: experimental description: Detects traffic or activity related to http://42.52.60.64:42801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.60.64:42801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.194.135:59673/i id: auto-6b999e50f1f3cc162f294a8e22d4a61025a60cb96547d3cf6abf771bbc2a3ce0 status: experimental description: Detects traffic or activity related to http://182.113.194.135:59673/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.194.135:59673/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.145.230:54807/bin.sh id: auto-9cdfddc4e25bd7600182d6c28618e06facdc78dd0a049372c090253b657f4f54 status: experimental description: Detects traffic or activity related to http://222.137.145.230:54807/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.145.230:54807/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:48128/i id: auto-f02db776707e7f09b511a1b2022400692d6808ecd3fc7a24c73e7a65143233c0 status: experimental description: Detects traffic or activity related to http://110.36.15.184:48128/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:48128/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.29.241:45017/bin.sh id: auto-32e7e92a5ddd138a366b6cb671629e3760214c14d8d2440dcdfae308281e03ae status: experimental description: Detects traffic or activity related to http://115.50.29.241:45017/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.29.241:45017/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.254.251:46357/i id: auto-748afbaeb0c924da3301af034338787a488ecd48b5d8dcf28a30fb62c68191ca status: experimental description: Detects traffic or activity related to http://115.55.254.251:46357/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.254.251:46357/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1464888805/NYAgPlj.exe id: auto-afd31b062ca5e90af210b6ea738acc3671bfcc07dc5b8fa8f302da7eac666fe7 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1464888805/NYAgPlj.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1464888805/NYAgPlj.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.198.109:40044/i id: auto-41886ac19067359594583851053eae1d9940ec21ef7ab275da8bba7b977fcc0f status: experimental description: Detects traffic or activity related to http://27.204.198.109:40044/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.198.109:40044/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.247.239:44599/i id: auto-e91ef6e4eb1414103920118566d6f20d7b21e3a19920e5f007bc07576c677d66 status: experimental description: Detects traffic or activity related to http://42.57.247.239:44599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.247.239:44599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.254.251:46357/bin.sh id: auto-9465be2dc34bd69b28eff6cf4a15ad7c670722a71d7a76ceaf26cd6582e0cd49 status: experimental description: Detects traffic or activity related to http://115.55.254.251:46357/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.254.251:46357/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.188.76.254:40523/i id: auto-162e9f65bbf4ad76ead0cae2e3646395e4941a6557f90827683e50f8da2a22bc status: experimental description: Detects traffic or activity related to http://196.188.76.254:40523/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.188.76.254:40523/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.247.239:44599/bin.sh id: auto-7993b5a6c588b6d3dee9354ae7f93a937f1fd57815452e8c871460fc96a8a350 status: experimental description: Detects traffic or activity related to http://42.57.247.239:44599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.247.239:44599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.198.109:40044/bin.sh id: auto-74c25363402897f064313e4e3fdf6aa0cd772b6e0191d55a68fb600eb64c4469 status: experimental description: Detects traffic or activity related to http://27.204.198.109:40044/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.198.109:40044/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.73.79:44062/bin.sh id: auto-146471d4537c6b0f180b0fa241356cf9ba1b4918040a0ea4ed464af5a146b95c status: experimental description: Detects traffic or activity related to http://42.85.73.79:44062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.73.79:44062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.181.66:55905/i id: auto-a964802f4bb0efa4cfba51da84df34a3f353d039184432cf2a8a40d5632fc2ba status: experimental description: Detects traffic or activity related to http://115.63.181.66:55905/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.181.66:55905/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.168.0.46:48540/i id: auto-12934be4b77ae3f7e79b03e1006411d4c37f8595da437132209d3f0b1111b932 status: experimental description: Detects traffic or activity related to http://108.168.0.46:48540/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.168.0.46:48540/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.188.76.254:40523/bin.sh id: auto-1bbd30cfaedd013ca2ddd7088796356ca24a6b845c5bd65e552db81a9c75fc4c status: experimental description: Detects traffic or activity related to http://196.188.76.254:40523/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.188.76.254:40523/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.181.66:55905/bin.sh id: auto-52edbd6d507233fb35371a31d9ff41321bd4a7e174a1de151a6babc777892405 status: experimental description: Detects traffic or activity related to http://115.63.181.66:55905/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.181.66:55905/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-cfg-sys-x/dla id: auto-10c8785434d64bc294b2c59a2ab64cc5132cdbc6041df7dc13246305c32e51f1 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-cfg-sys-x/dla which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-cfg-sys-x/dla*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 id: auto-253e018e212a5345c87cf710af9b90844e15726646bb6a626be10c0cb188ff27 status: experimental description: Detects traffic or activity related to http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.83.207.173/HideChaotic/ub8ehJSePAfc9FYqZIT6.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6075866260/eHBuoD4.exe id: auto-3d6bcc73940892aaa2f8c61fd2343e46af2705daf4a7ef17546648b412771c6c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6075866260/eHBuoD4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6075866260/eHBuoD4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.30.62:47382/i id: auto-5d772d45a4e22dcfd332655a9948367d0bb07c795d4a3757d1bf13248cd6b346 status: experimental description: Detects traffic or activity related to http://182.113.30.62:47382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.30.62:47382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.182:37783/bin.sh id: auto-29428c1ce5c6981bd5eebbf30f81cae3a031c5abf542d3870408a0a55ef09cec status: experimental description: Detects traffic or activity related to http://115.63.51.182:37783/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.182:37783/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.49.199:55769/i id: auto-fe114518a0f4da2f689cf0be6eee3de3343fc8dd2a613f4cde18ad4da38a39ae status: experimental description: Detects traffic or activity related to http://182.121.49.199:55769/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.49.199:55769/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.49.199:55769/bin.sh id: auto-1d7d73f7c3833409589e3b2e42f33a072b39abd218044ac838974da393b7fbbf status: experimental description: Detects traffic or activity related to http://182.121.49.199:55769/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.49.199:55769/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.30.62:47382/bin.sh id: auto-f2c816514b5ba404fda972553fdf90789917b22618c2ecab5955c3e5eeadc7d8 status: experimental description: Detects traffic or activity related to http://182.113.30.62:47382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.30.62:47382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://posts-luxs.com/dropper.apk id: auto-4c8f994f3ba1dda4d455e939defa58ddef3e0aec7c716dd19e8b4d42ff2d9727 status: experimental description: Detects traffic or activity related to http://posts-luxs.com/dropper.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://posts-luxs.com/dropper.apk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.59.2.205:40332/bin.sh id: auto-10949ce1ca3c7d0d9a5cc081f3a6357ff79f700f938e1c2ebb4b50c4b3aa73db status: experimental description: Detects traffic or activity related to http://188.59.2.205:40332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.59.2.205:40332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.92.124.240:8000/agent%208.exe id: auto-0836f5959cdbb6b4aec684c147b182036c16cdb1472549b54d950dcb16941990 status: experimental description: Detects traffic or activity related to http://47.92.124.240:8000/agent%208.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.92.124.240:8000/agent%208.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.92.124.240:8000/1.chm id: auto-cefdde076aec9f722f98706f63d1297ef8d1fa108258bcbf281e0df315ff51a3 status: experimental description: Detects traffic or activity related to http://47.92.124.240:8000/1.chm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.92.124.240:8000/1.chm*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.19.47:57644/i id: auto-3efeeb32e8b5e4620b09dde8eab1d91e722d8de37f1f61e95e0cd6871507921d status: experimental description: Detects traffic or activity related to http://27.217.19.47:57644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.19.47:57644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.113.193:45127/bin.sh id: auto-bcf2a036b9785d5d50276d9ad825ae8375f5f1b7ae887e63fd9b7dee3e3af1cb status: experimental description: Detects traffic or activity related to http://27.220.113.193:45127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.113.193:45127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.178.166:52387/i id: auto-4a0252afa77000170b266c015d4383d7f4c69de8e0791f4500f91fd048fd587a status: experimental description: Detects traffic or activity related to http://27.215.178.166:52387/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.178.166:52387/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.231.145.15:53579/bin.sh id: auto-7c2412b226d6300b2ec7dc34326451cd2867b551e7b7591ccfcec3137c7c1732 status: experimental description: Detects traffic or activity related to http://45.231.145.15:53579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.231.145.15:53579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:48731/i id: auto-7b6e823e05f66e80eb1d1ac346a56132bee9f00c37dce5b2bf81276676caf841 status: experimental description: Detects traffic or activity related to http://110.37.42.225:48731/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:48731/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.19.47:57644/bin.sh id: auto-058c48311f84142f2322e2eba77d283a5665b1483b1db54c9ba02a2afbf33ff8 status: experimental description: Detects traffic or activity related to http://27.217.19.47:57644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.19.47:57644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.196:53886/i id: auto-c188f9d7372ce2bdc474014ec2f077d9cba6021630ce7581b4fec051a3236154 status: experimental description: Detects traffic or activity related to http://117.209.85.196:53886/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.196:53886/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.52.203:42639/i id: auto-63a46873706a995421eef939fb756dd568ed30461bc8aeb4d7f3ad34d6737907 status: experimental description: Detects traffic or activity related to http://61.168.52.203:42639/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.52.203:42639/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.52.203:42639/bin.sh id: auto-d632fd342c53762e9bc5d28957dcf7111bcbaad30970ca720d7b1b716b7aea1c status: experimental description: Detects traffic or activity related to http://61.168.52.203:42639/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.52.203:42639/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://delibindas.top/TheoreticalBoolean.exe id: auto-2159154d87c933b52557ab10fa56733aa9233e21a3d68d40792847b4e05d9be8 status: experimental description: Detects traffic or activity related to https://delibindas.top/TheoreticalBoolean.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://delibindas.top/TheoreticalBoolean.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.1.39:41386/bin.sh id: auto-4fbc657b85e86a6dd80c92d44cda4ba3eb6423748d08c4062fc37f00409fed60 status: experimental description: Detects traffic or activity related to http://196.190.1.39:41386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.1.39:41386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.165.60:41869/i id: auto-3d970c38649f4e8f917928d7d6d0585faaba2aff003cc051a39042551dd741f3 status: experimental description: Detects traffic or activity related to http://123.132.165.60:41869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.165.60:41869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.196:53886/bin.sh id: auto-cbb2a86c02bb3e05bbf2b25a77a694bfc7f17b30290f8c43365c0f013721da68 status: experimental description: Detects traffic or activity related to http://117.209.85.196:53886/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.196:53886/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.80.20:50815/bin.sh id: auto-2a857a8f01a46eaba02665718c1e012936989ca5f791ea2272e9b6272b8ad9b8 status: experimental description: Detects traffic or activity related to http://175.173.80.20:50815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.80.20:50815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/mn-authz-x7-cdn140-br/te-ba id: auto-5520b2f76fcd7b23d8be3c8632695a1c0521e51bbfc4c9ef4b6128722457b90d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/mn-authz-x7-cdn140-br/te-ba which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/mn-authz-x7-cdn140-br/te-ba*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.245.108.32:35616/bin.sh id: auto-9fd2e3c19ad5536cd9d903f6eea92145ed3c475741e818b51df8c2825aceaaad status: experimental description: Detects traffic or activity related to http://123.245.108.32:35616/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.245.108.32:35616/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.121.18:57967/i id: auto-6ace556d61f30ead35da733b0338e14cf73b6ba3ec0ddd62139b49a95a7e7f26 status: experimental description: Detects traffic or activity related to http://125.40.121.18:57967/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.121.18:57967/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.148.10:53384/i id: auto-38a747720742e91e238d4fad6290431aa51e0b7791664922647bc92f5adedd45 status: experimental description: Detects traffic or activity related to http://42.235.148.10:53384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.148.10:53384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.165.60:41869/bin.sh id: auto-9f287bd7c8a2294d93e23b2cda382e066830154daaa0d9f2c1e997ad787023d8 status: experimental description: Detects traffic or activity related to http://123.132.165.60:41869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.165.60:41869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.84.26:47618/i id: auto-459982b2f484462a854aa162f73617118b990076dd4811069bedb53cea3d548d status: experimental description: Detects traffic or activity related to http://61.52.84.26:47618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.84.26:47618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.191.161:53805/i id: auto-e8f24ba2d881437a697da84a21fc78ecdc90ee5a8203086fcb9895dce913926c status: experimental description: Detects traffic or activity related to http://115.62.191.161:53805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.191.161:53805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.49.121:42079/i id: auto-52222f99941f409f2adc6270a4c88e82903ec3aede07924b47462016feb4b56b status: experimental description: Detects traffic or activity related to http://125.45.49.121:42079/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.49.121:42079/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.238.229.25:8889/beacon.bin id: auto-6a15882fd4c3795d17823f4d30ffdd89d926285d02e517292b82544e1327ff93 status: experimental description: Detects traffic or activity related to http://156.238.229.25:8889/beacon.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.238.229.25:8889/beacon.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.238.229.25:8889/oci.dll id: auto-ff5cf988ae53937d6261a8dccc55a5f68ed9f536be4651aaa35aa0d9f7a6d6d3 status: experimental description: Detects traffic or activity related to http://156.238.229.25:8889/oci.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.238.229.25:8889/oci.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.238.229.25:8889/buildshellcode.exe id: auto-4c14e9a34e0998995e3a7d8e129248837d65b9c5824a1fb831d96dfd2af57fbe status: experimental description: Detects traffic or activity related to http://156.238.229.25:8889/buildshellcode.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.238.229.25:8889/buildshellcode.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.148.10:53384/bin.sh id: auto-4954dea0f9439503aa3baaf29b5e8417d6d91e710c69b91f029251b94f995ec3 status: experimental description: Detects traffic or activity related to http://42.235.148.10:53384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.148.10:53384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.193.144.157:55835/i id: auto-877563c46ccb84c85b31580f590073e618ec78c698ff857419b3e9cfeef977e3 status: experimental description: Detects traffic or activity related to http://122.193.144.157:55835/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.193.144.157:55835/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.84.26:47618/bin.sh id: auto-f295a0a693f9b5260b0821148190756aa19c9938627c5d4bd68667876b665a22 status: experimental description: Detects traffic or activity related to http://61.52.84.26:47618/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.84.26:47618/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.91.160.44:57860/bin.sh id: auto-9f03695ebe0af0a05f658d63120da10d48f9b42776fa878bade9fbcbda8c3cbe status: experimental description: Detects traffic or activity related to http://59.91.160.44:57860/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.91.160.44:57860/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.121.93.78:2323/kernel32.exe id: auto-a3e2df3db62fe847af3097b21957146d0a22a1af0d2d5a782f9700fefbb3fede status: experimental description: Detects traffic or activity related to http://103.121.93.78:2323/kernel32.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.121.93.78:2323/kernel32.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.121.93.78:2323/1.bin id: auto-162bf5fa153a958edb7e05ab59783722f0352421e20a56566e2b52753ea270c9 status: experimental description: Detects traffic or activity related to http://103.121.93.78:2323/1.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.121.93.78:2323/1.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/sliver.exe id: auto-2e11f55fdcf1838cc44f37c097fcb0430cdeb8865231d52a892b8cb8b3be84b3 status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/sliver.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/sliver.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/update.exe id: auto-44543b0fd9066206f044dddf0744b7e83c9b6460186310b8bebb25db558fc582 status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/update.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/update.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/update id: auto-d7cab8cd11a4563b3ca2b5036dcdf98a8d7ba6c751de2ff230660f9f1688d891 status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/update which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/update*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/beacon.bin id: auto-3ff91f9065034280c59f295a089fffd7f433f39175918579cca13de517c25100 status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/beacon.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/beacon.bin*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/beacon_check.xor id: auto-d4737d73435f287c38f2a8937c614e4222b6fc40daa3a4607409db05e08ce17a status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/beacon_check.xor which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/beacon_check.xor*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/beacon.xor id: auto-58bcd83ddc97818ac8a01b42286a0b834f3e0486c9dd0036475c4af9137ffa4b status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/beacon.xor which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/beacon.xor*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/beacon_decoded.bin id: auto-2f318f192c0a457374ed1bad588f55e45f4af742bcbc2492bd9186e3c25ad5de status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/beacon_decoded.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/beacon_decoded.bin*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/donut.exe id: auto-7cf908b5d6a68255bc19ed95b4d583c0bc9b00ae1406f613ddf4f36749b4e7fd status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/donut.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/donut.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8888/demon.exe id: auto-b2a19a5f0e626a19823205cca84d029ed225844fdc0e974a7c85f66311b92b6d status: experimental description: Detects traffic or activity related to http://20.81.164.199:8888/demon.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8888/demon.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.198.249:48315/i id: auto-c7f6873cc56f597460be25cbcec3da947db7dcc0b341455f75efec5682576e03 status: experimental description: Detects traffic or activity related to http://125.46.198.249:48315/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.198.249:48315/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.191.161:53805/bin.sh id: auto-f44362261cb708645063e2265360bc2b9c1947a0fa57d1a0797dea89eaf75c81 status: experimental description: Detects traffic or activity related to http://115.62.191.161:53805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.191.161:53805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.27.87:8443/sda1/Video.lnk id: auto-3cca7eff411e1ebc7bbc4ee797eab962732ea13f90c3d2098d0e68ad3bbccb03 status: experimental description: Detects traffic or activity related to https://151.16.27.87:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.27.87:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.27.87:8443/sda1/AV.scr id: auto-35acc11930913c367df4986842688126bc139cccb8a812b2eceac152aee01b02 status: experimental description: Detects traffic or activity related to https://151.16.27.87:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.27.87:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.27.87:8443/sda1/Video.scr id: auto-76f0f5f017de10534922367e5bb0834bba5f159cd0c7173bb38fb70ce03d356d status: experimental description: Detects traffic or activity related to https://151.16.27.87:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.27.87:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.27.87:8443/sda1/Photo.scr id: auto-4013433929371999ed2243af52f7315322ae36ba228812d2bbe9dcac5133346c status: experimental description: Detects traffic or activity related to https://151.16.27.87:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.27.87:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.27.87:8443/sda1/Photo.lnk id: auto-76cfe04992365a47aac21d98df7e7b3089b5a9a5af6859db0f6a6c0c8ccc0680 status: experimental description: Detects traffic or activity related to https://151.16.27.87:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.27.87:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.27.87:8443/sda1/AV.lnk id: auto-4cd99ad8667d4fce329637c1a65fe592489cb5a3916326c2136b9957f73ae922 status: experimental description: Detects traffic or activity related to https://151.16.27.87:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.27.87:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.129.148:8443/sda1/GOT/AV.lnk id: auto-7e5d5dc2e3bb854fe8b26acd45743204c3460428c59a7e20b341468f83d36b97 status: experimental description: Detects traffic or activity related to https://94.166.129.148:8443/sda1/GOT/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.129.148:8443/sda1/GOT/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.129.148:8443/sda1/GOT/AV.scr id: auto-9d5bb469349510de401f5fd0e6c0ab8e0c09e091e1c51f5eb2f51ecc0536130e status: experimental description: Detects traffic or activity related to https://94.166.129.148:8443/sda1/GOT/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.129.148:8443/sda1/GOT/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.129.148:8443/sda1/GOT/Photo.scr id: auto-d804ee1f162643de87faf3f9893c81e0700774dbaf12496c929278efb4fe710c status: experimental description: Detects traffic or activity related to https://94.166.129.148:8443/sda1/GOT/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.129.148:8443/sda1/GOT/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.129.148:8443/sda1/GOT/Video.scr id: auto-bcad7b7c8c674b9f3ec82874b734f23854d9123456d65f3daa3049364e267f94 status: experimental description: Detects traffic or activity related to https://94.166.129.148:8443/sda1/GOT/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.129.148:8443/sda1/GOT/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.129.148:8443/sda1/GOT/Photo.lnk id: auto-1130923072a8d693a24927960a7ae28c40a764ae91506ec0bf195f068c146c64 status: experimental description: Detects traffic or activity related to https://94.166.129.148:8443/sda1/GOT/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.129.148:8443/sda1/GOT/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.129.148:8443/sda1/GOT/Video.lnk id: auto-0dbf5a7f7c4cde70a44b983daa27cc86c3072ab8610967dbdc12784702d224ae status: experimental description: Detects traffic or activity related to https://94.166.129.148:8443/sda1/GOT/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.129.148:8443/sda1/GOT/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.43:56831/i id: auto-84b352202fc5cd06abc5c9a9e6f07c02e20053e7d3877eb812597923947903b4 status: experimental description: Detects traffic or activity related to http://200.59.83.43:56831/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.43:56831/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.34.192/win-addone/Addone_plugin_dc.exe id: auto-263b3458af2ec1e774ef0610e10771d5d04605199afa8b2128194b1a57850d3f status: experimental description: Detects traffic or activity related to http://45.150.34.192/win-addone/Addone_plugin_dc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.34.192/win-addone/Addone_plugin_dc.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.34.192/win-addone/Addone_asyc_pl.exe id: auto-662c80f2797433b21a9ccef42e8792fff3d03c75bce872833fb3a23f2728225f status: experimental description: Detects traffic or activity related to http://45.150.34.192/win-addone/Addone_asyc_pl.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.34.192/win-addone/Addone_asyc_pl.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.34.192/win-addone/Addone_qua.exe id: auto-4a6ac839a6da4027711789fcd3fc07661bb51d878374f9ef4ab4c6b9eec7b3f7 status: experimental description: Detects traffic or activity related to http://45.150.34.192/win-addone/Addone_qua.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.34.192/win-addone/Addone_qua.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.150.34.192/win-addone/Adone_xen_o.exe id: auto-b37e05cc0384ff24e0e175008bf48713c299bcaf4b417cfaa43557925d61ee77 status: experimental description: Detects traffic or activity related to http://45.150.34.192/win-addone/Adone_xen_o.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.150.34.192/win-addone/Adone_xen_o.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.72.185:48963/i id: auto-d7da8803b7b22f7de485b086e120c21262508775fe86e140d933c31fedbd7556 status: experimental description: Detects traffic or activity related to http://61.53.72.185:48963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.72.185:48963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.191.126:46088/bin.sh id: auto-9642be560491534796797697bb361f05cb7d59af69200abe4deaaa805070201f status: experimental description: Detects traffic or activity related to http://221.15.191.126:46088/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.191.126:46088/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.160.154.231:8443/sda1/IMG001.exe id: auto-63cfd869ee7cf81aebae2e1c1bae2678957abe1111fc630ebf82eead52c30429 status: experimental description: Detects traffic or activity related to https://94.160.154.231:8443/sda1/IMG001.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.160.154.231:8443/sda1/IMG001.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.181.175.155/bins.sh id: auto-031be00676477e23deb11e5f1168b4b3d783d938c074a5d833c0f984b3149fa5 status: experimental description: Detects traffic or activity related to http://95.181.175.155/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.181.175.155/bins.sh*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.109.176.127:45552/i id: auto-13ebe4b1b9256610a4f645a8655f652eccbeb206bf2bd0529c64f715f89fa8de status: experimental description: Detects traffic or activity related to http://119.109.176.127:45552/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.109.176.127:45552/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.178.166:52387/bin.sh id: auto-53086d3c39cce1ac13bf32f940f00ed8c078946682c2dd15357b1ebcd4c060f4 status: experimental description: Detects traffic or activity related to http://27.215.178.166:52387/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.178.166:52387/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.23.240:43290/i id: auto-6d30d17ad2a9de98b9a27effca0df5b2d63a60f3f078789b5985c4a36facf820 status: experimental description: Detects traffic or activity related to http://115.52.23.240:43290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.23.240:43290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://predovec.com/5h7g.js id: auto-9331479613de2545b93eb42df57775e71b9f1d63d8befa33d7b990bb3905bf65 status: experimental description: Detects traffic or activity related to https://predovec.com/5h7g.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://predovec.com/5h7g.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://predovec.com/js.php id: auto-3feb313198d492d9fbb28b22bd93bafe462016a13c2c03c4dbd5b0de7d14dae1 status: experimental description: Detects traffic or activity related to https://predovec.com/js.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://predovec.com/js.php*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.171.123:34712/i id: auto-3c2580cecb2db648b836fa36dfd0998644c84ed6fca07a1a9704cc45cda72706 status: experimental description: Detects traffic or activity related to http://182.122.171.123:34712/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.171.123:34712/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.4.241:41057/i id: auto-e8454469ae06acc78c7624b348717f6bf30159921eed09dc5de27e7415ebf89d status: experimental description: Detects traffic or activity related to http://124.95.4.241:41057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.4.241:41057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.245.109.111:35785/i id: auto-2f41dbb4e780ef177bec94bbff0f5d38d46c1e7858ba92775ca5ae27a08c1651 status: experimental description: Detects traffic or activity related to http://123.245.109.111:35785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.245.109.111:35785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.245.109.111:35785/bin.sh id: auto-42ecefe2bec30f10f48caa264498cc7a49a00bdc10dab577430171ff5c4e78d5 status: experimental description: Detects traffic or activity related to http://123.245.109.111:35785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.245.109.111:35785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.220.247:40819/i id: auto-0f79b4d69d741437b9893e0912650b9cad0039207893628827f07f308167ce13 status: experimental description: Detects traffic or activity related to http://115.53.220.247:40819/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.220.247:40819/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.223.148:57582/i id: auto-228141454e29ad324f2f8d7c2e4a6294d0d6f37f74032a6201a9cdeaf73f73c6 status: experimental description: Detects traffic or activity related to http://124.29.223.148:57582/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.223.148:57582/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.55.2:52585/i id: auto-15f5537365036e533575fa9acf298f62f2dd9d5917840a35f2960d8dc61e2879 status: experimental description: Detects traffic or activity related to http://115.55.55.2:52585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.55.2:52585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.128.122:38856/i id: auto-9052542a7f8288558c8556c53beb720a3985b305b8f37d2ecb893c2cb24b4d60 status: experimental description: Detects traffic or activity related to http://182.127.128.122:38856/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.128.122:38856/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.204.172:40289/i id: auto-4b477738d1a488dd70101f7865b15fac9384e57acf4bf3243f233fc1ec609bca status: experimental description: Detects traffic or activity related to http://42.52.204.172:40289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.204.172:40289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.103.45:58974/i id: auto-e472b3c6a3d086c37d04c06f9f4c46dd9fa058f50c21f389268499ea581c46d8 status: experimental description: Detects traffic or activity related to http://112.239.103.45:58974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.103.45:58974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.24.200:47720/i id: auto-ff45547b68397a6813d2b2c9a646591d00764f7d80189bd2e7f04504d69f396e status: experimental description: Detects traffic or activity related to http://42.230.24.200:47720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.24.200:47720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:56983/bin.sh id: auto-a1d017f5be56a17ac47061d16680a6f1d295ed2b3ab9e849ed7c12a8a7099ee3 status: experimental description: Detects traffic or activity related to http://188.38.158.163:56983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:56983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.102.87.68:58721/i id: auto-f84a615b0b69b553432706b0156f2d896ec919f195f7615ae7e77f13b60d3593 status: experimental description: Detects traffic or activity related to http://85.102.87.68:58721/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.102.87.68:58721/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.38.211.50:49692/Mozi.m id: auto-7c4533aaee47e9432770a6033598d2be21e44fa0a869a24b6f8cdc5ed676ce6e status: experimental description: Detects traffic or activity related to http://95.38.211.50:49692/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.38.211.50:49692/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://api.bitcoinusdtusdc.xyz/.sliver/builds/0ac8a1f9-92d8-4bc5-8a51-d95581526111 id: auto-c66c0b4cbe81818c79c3e4de5a5740a55930c3f77971e31eca9ad21392db8e69 status: experimental description: Detects traffic or activity related to http://api.bitcoinusdtusdc.xyz/.sliver/builds/0ac8a1f9-92d8-4bc5-8a51-d95581526111 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://api.bitcoinusdtusdc.xyz/.sliver/builds/0ac8a1f9-92d8-4bc5-8a51-d95581526111*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://api.bitcoinusdtusdc.xyz/.sliver/builds/e698b4af-d219-474b-ada8-57d89c9cf382 id: auto-3fe16b91c30e18a6c24cc2c38da85ca56bbf719ef12476aa453e67cee0f207a6 status: experimental description: Detects traffic or activity related to http://api.bitcoinusdtusdc.xyz/.sliver/builds/e698b4af-d219-474b-ada8-57d89c9cf382 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://api.bitcoinusdtusdc.xyz/.sliver/builds/e698b4af-d219-474b-ada8-57d89c9cf382*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://api.bitcoinusdtusdc.xyz/implant.bin id: auto-436fdae8f0762f8cd5bb953da30582db106958d65b5809fa7bec7a3668786819 status: experimental description: Detects traffic or activity related to http://api.bitcoinusdtusdc.xyz/implant.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://api.bitcoinusdtusdc.xyz/implant.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.43:56831/bin.sh id: auto-f83e5f778e953c8a7f3ab77cfe4e2026859664b1fb03e89b32fa91ee624bc349 status: experimental description: Detects traffic or activity related to http://200.59.83.43:56831/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.43:56831/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7149348537/G2sUM7l.exe id: auto-3ddf13cd7e1460aa4e7c7ed78492e18eaf451eb872230ba660f10f5e3d9468d4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7149348537/G2sUM7l.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7149348537/G2sUM7l.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://kmiecinski.pl/Skynet%20RAT%20Botnet%20By%20Ghost.zip id: auto-4f41584bef3da0e43e53d347fcad78b0c5e86dfe8f1f123483da50f625ee8ac5 status: experimental description: Detects traffic or activity related to https://kmiecinski.pl/Skynet%20RAT%20Botnet%20By%20Ghost.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://kmiecinski.pl/Skynet%20RAT%20Botnet%20By%20Ghost.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://kmiecinski.pl/VTEPEA.apk id: auto-35e932c5d9d6eb21a802b0cdbad7533758490ef761ab8925c7f2846fccbc7002 status: experimental description: Detects traffic or activity related to https://kmiecinski.pl/VTEPEA.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://kmiecinski.pl/VTEPEA.apk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://kmiecinski.pl/ready.apk id: auto-8c3affb7c70f355d88c181898b6796878105dafe4284ec06310f3f18cb9bae88 status: experimental description: Detects traffic or activity related to https://kmiecinski.pl/ready.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://kmiecinski.pl/ready.apk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Video.scr id: auto-24ece8f922b4578bd6eacb5dd07949dcdb830b366bb1ca6b210514303dda9df9 status: experimental description: Detects traffic or activity related to http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.109.176.127:45552/bin.sh id: auto-6da7106b4a59356e8f3305642309823f87c439e125cad1c01e404f22102438c7 status: experimental description: Detects traffic or activity related to http://119.109.176.127:45552/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.109.176.127:45552/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Photo.scr id: auto-f120f596fc2d79024b2c1c826a6d84d5ce3fadccf67a09acc35c9859271c69a0 status: experimental description: Detects traffic or activity related to http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/AV.scr id: auto-b8bf8a0b54f07abf6c8690869a45992d7278312d09306f447193db8c9172fc46 status: experimental description: Detects traffic or activity related to http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Photo.lnk id: auto-6f12d285b8f437bf76bb7b705f93335673ce830a72f6c91941d4fd03b1510da2 status: experimental description: Detects traffic or activity related to http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/AV.lnk id: auto-816f6e0e4860e80636c1a27462d03eb220c2e4926d29f38a0ccd684a0ccec4f0 status: experimental description: Detects traffic or activity related to http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Video.lnk id: auto-e42d44810b6caa45246439676bdfbd3bb4e473b843409f58545318a49b71b991 status: experimental description: Detects traffic or activity related to http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.114.172.154/%d0%9f%d0%b8%d0%bb%d0%be%d1%82/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.35.95:42314/i id: auto-cd5cf1fbdcd5e9c0d1f0eeb0abba93ab0659629911547d646bbcf234b3a97746 status: experimental description: Detects traffic or activity related to http://42.230.35.95:42314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.35.95:42314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.72.185:48963/bin.sh id: auto-d4529b90dea466ad5aa8232235ec3bfb90d5dd35bad250a4d3ed629448b10c3c status: experimental description: Detects traffic or activity related to http://61.53.72.185:48963/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.72.185:48963/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.23.240:43290/bin.sh id: auto-43b098ad909b95eab6bebd8eac07e4139a5fce0b25fd8ea809dc99605ee491ea status: experimental description: Detects traffic or activity related to http://115.52.23.240:43290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.23.240:43290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.167:56579/i id: auto-04b4c4d5933861bfb77ad9f709ee5f696bf212a40c9c47d7930fdbd9f843f652 status: experimental description: Detects traffic or activity related to http://119.179.252.167:56579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.167:56579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.12.112:33059/i id: auto-394592ac981809a4344e7f9bbde8882599e123882ba0a4f4847249efa0ffde4b status: experimental description: Detects traffic or activity related to http://113.238.12.112:33059/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.12.112:33059/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.200.186:47002/i id: auto-849787260b8a9472a20556e2aef3c8114ab11e0f5093c9d8ccaca6339d40ee8f status: experimental description: Detects traffic or activity related to http://42.231.200.186:47002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.200.186:47002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.1.39:41386/i id: auto-aca2d9af92988b26923c8b81271e5b9c71eb3fef32d641be1b47f1a02a012552 status: experimental description: Detects traffic or activity related to http://196.190.1.39:41386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.1.39:41386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.238.7.133:54144/i id: auto-de971343c796ff3e14aea811ded02b5ca43f4b48f6fe0bd668de7543809a48b2 status: experimental description: Detects traffic or activity related to http://112.238.7.133:54144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.238.7.133:54144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.35.95:42314/bin.sh id: auto-c520281b976572c7ee3a8ad9cf50c06f966a06fb196f8a2e4234fb9f034996c5 status: experimental description: Detects traffic or activity related to http://42.230.35.95:42314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.35.95:42314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.85.154:40994/i id: auto-e78d8670630de6ffc90e893293a5bd681653282bcca3a47c60fdf5d46ae46946 status: experimental description: Detects traffic or activity related to http://61.53.85.154:40994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.85.154:40994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.156.191:58160/bin.sh id: auto-f4f1bca3c9277c23abb8817a881c726d1ae1a8b10ce5fdd973721bca9b146602 status: experimental description: Detects traffic or activity related to http://113.236.156.191:58160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.156.191:58160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8572057608/bzBi8Xe.exe id: auto-8d1c3e1ac4472612b06af17f74c225305f2e136626357ca7063efcfead044c69 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8572057608/bzBi8Xe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8572057608/bzBi8Xe.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:54597/i id: auto-88996f97c8415fd374fd6b5d37e379cddaee3253d42e111d4588119613773b94 status: experimental description: Detects traffic or activity related to http://110.39.249.174:54597/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:54597/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.11.136:53058/i id: auto-d7cec9664c1cc5448e686bc7fd489d4dd2ca3fce3a59962cb3c13546ed859b53 status: experimental description: Detects traffic or activity related to http://123.10.11.136:53058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.11.136:53058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.200.186:47002/bin.sh id: auto-e8826776e6a80e5d350fa082752daede36904f1769ad3dd08985bda8ae2fd515 status: experimental description: Detects traffic or activity related to http://42.231.200.186:47002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.200.186:47002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.167:56579/bin.sh id: auto-a1dd44ac716283a3cc6bc9a794f58c1a42db35ef1aea3112a8e9996f328690bf status: experimental description: Detects traffic or activity related to http://119.179.252.167:56579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.167:56579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8220338123/FmC444J.exe id: auto-251fa743d1e86725c453e1ea7f79115d72be942c74434fdcdbd3bce2394d2c9b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8220338123/FmC444J.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8220338123/FmC444J.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5020310677/pTRaeQq.exe id: auto-87939d8e5b5ef3c52a1f7f4bcd880465a90f5ccfa1700bbedb91673557855847 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5020310677/pTRaeQq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5020310677/pTRaeQq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.87.29.154:33500/i id: auto-9ff9a06de41183e29f5d2d856b358a9b614a3c00567cddaf86e20556d20a6ad4 status: experimental description: Detects traffic or activity related to http://39.87.29.154:33500/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.87.29.154:33500/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.108.183.202:43383/bin.sh id: auto-ceba59bd0470c988c23ba439bd650c23e1bbadeddb34505f463c6f725a58bcb0 status: experimental description: Detects traffic or activity related to http://171.108.183.202:43383/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.108.183.202:43383/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.11.136:53058/bin.sh id: auto-dad2d875cb7bdeaf6eba5e5bb7a53c79ad5acea76194564ffb5d4a07b7591c9b status: experimental description: Detects traffic or activity related to http://123.10.11.136:53058/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.11.136:53058/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.233.102:40897/i id: auto-fb0cec766275d8759c4f10502e3f18fe3fd3f56c07b3c754b22f066aaa5c57d3 status: experimental description: Detects traffic or activity related to http://115.57.233.102:40897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.233.102:40897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.127.141:36751/bin.sh id: auto-d84e634a901a55d68e5aba5c48308342e865d1461d1e3f7911526970460c472c status: experimental description: Detects traffic or activity related to http://182.126.127.141:36751/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.127.141:36751/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.200.108:39492/i id: auto-83d3b86ee63d1711619a00127bdf085b4aca12b17ba1235e206d487eaca71c5d status: experimental description: Detects traffic or activity related to http://42.225.200.108:39492/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.200.108:39492/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.96.181:56897/bin.sh id: auto-71536dcd0dc0f163f645d9f5937794fd6f9ec94b0cfe866dea9c9441875f9300 status: experimental description: Detects traffic or activity related to http://123.10.96.181:56897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.96.181:56897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.161.121:44924/i id: auto-2c7dd3f1a20ce82e84fe120c5645f0d0c77600daaf61a7a6fa33ca7649f27090 status: experimental description: Detects traffic or activity related to http://222.140.161.121:44924/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.161.121:44924/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.229.179:38294/i id: auto-371952ee0650be0277bd67c2f307a033b1f40a82b56390a5296632bceea60fd4 status: experimental description: Detects traffic or activity related to http://125.43.229.179:38294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.229.179:38294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.193.111:51649/i id: auto-df8ec45d8f1f200b4ca8701433e196e1795e3b93e8f32793021c661413013028 status: experimental description: Detects traffic or activity related to http://219.155.193.111:51649/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.193.111:51649/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8220338123/dMtqsoT.exe id: auto-f02f0ac4d62080056a5f5cec031ce373a17e7942156183534af74e007a8a2c14 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8220338123/dMtqsoT.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8220338123/dMtqsoT.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.233.102:40897/bin.sh id: auto-ce78ab761d9032ee2d514d8bf1497d5746f4bb2fdebd8868c6ba1dd723282776 status: experimental description: Detects traffic or activity related to http://115.57.233.102:40897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.233.102:40897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.49.241:56441/i id: auto-ee6017a9b77d48a2db9f4af930f7ea8e7c4eb2cf84a7abf03455da78c7f13977 status: experimental description: Detects traffic or activity related to http://123.172.49.241:56441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.49.241:56441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.60.119:47339/i id: auto-f4a6f3ca173dec6b11006a88e4f211e6553b433fc7ada33debd1fbce316761f2 status: experimental description: Detects traffic or activity related to http://59.184.60.119:47339/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.60.119:47339/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.159:60012/bin.sh id: auto-8e89e7cc12fa062ae67d16775ab7c929bb69bb8465f4143ffd954710381b3822 status: experimental description: Detects traffic or activity related to http://60.23.239.159:60012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.159:60012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.161.121:44924/bin.sh id: auto-ffb5b2a6c01692c3f7dfe832159a9d90cb69af7bcf1f2af9c144e1a3b0e27e62 status: experimental description: Detects traffic or activity related to http://222.140.161.121:44924/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.161.121:44924/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.60.119:47339/bin.sh id: auto-ee03a170cd2b46b03420b9a5f7825185a59c7d18da96d39b5e187fc2815c818b status: experimental description: Detects traffic or activity related to http://59.184.60.119:47339/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.60.119:47339/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.12.112:33059/bin.sh id: auto-bb07fcff86adb173cdf0b66dbf6fa0d514f7523ad2bbe85e6616cc8eff807752 status: experimental description: Detects traffic or activity related to http://113.238.12.112:33059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.12.112:33059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.243.175.10:35409/i id: auto-062adb5ce6f0addee408d32f79b79216e673d919b9137fec7e039f64a6513cae status: experimental description: Detects traffic or activity related to http://117.243.175.10:35409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.243.175.10:35409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.10.255:56676/bin.sh id: auto-ed71245e46a279a07e492613982c6957bcf4c8065223796179830ba6e7bf10f9 status: experimental description: Detects traffic or activity related to http://222.141.10.255:56676/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.10.255:56676/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.195.144:53837/i id: auto-1a5a7fb637919612260c5db9604031b858007747d3c58ffeec35ebe0dc893c63 status: experimental description: Detects traffic or activity related to http://182.114.195.144:53837/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.195.144:53837/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.6.59:40111/i id: auto-0c253243e8ae41a2fa0fcea02c3a5a6ded98ca4394795c5bf9f889c5e8a0bb7d status: experimental description: Detects traffic or activity related to http://124.131.6.59:40111/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.6.59:40111/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.221.232:15628/bin.sh id: auto-09836f60f2b91f2481dcfe58db8db6c5f28fe0d3030a561b47635c8625f6c6bb status: experimental description: Detects traffic or activity related to http://221.13.221.232:15628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.221.232:15628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.176.229:58420/i id: auto-640ab5800948cc0878fa214f61113f7f41983d23ba2468b945825a3220dfff92 status: experimental description: Detects traffic or activity related to http://182.127.176.229:58420/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.176.229:58420/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.243.175.10:35409/bin.sh id: auto-659e142a828c021f77c4c6e6e733de4d41d15ba5f40dd4e43448afaa9aa683b4 status: experimental description: Detects traffic or activity related to http://117.243.175.10:35409/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.243.175.10:35409/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.238.229.25:8888/beacon.bin id: auto-2978c47242d7e76d2336eb7367fc268b6b847e0a77d66493286e031493c94cc0 status: experimental description: Detects traffic or activity related to http://156.238.229.25:8888/beacon.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.238.229.25:8888/beacon.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.238.229.25:8888/Encrypt.py id: auto-fa293f10bdaa99334b7086dc88e7f37a50daa1249abaac51bd6d06504bebc50e status: experimental description: Detects traffic or activity related to http://156.238.229.25:8888/Encrypt.py which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.238.229.25:8888/Encrypt.py*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.238.229.25:8888/passWunioncode.jsp id: auto-a748729e096515e151a9f087c8878d62468aba0fce64eea7a9f51596a55dd449 status: experimental description: Detects traffic or activity related to http://156.238.229.25:8888/passWunioncode.jsp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.238.229.25:8888/passWunioncode.jsp*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.60.64:42801/bin.sh id: auto-232ab060e924ad137ff3eb1f9a23ceca3e67218ee9e55a176c4173b4c334d3e4 status: experimental description: Detects traffic or activity related to http://42.52.60.64:42801/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.60.64:42801/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.139:34131/bin.sh id: auto-0470eae4b5695d485402485bf023b7eaea3138dacfa8d8abe4a18e18fb1c3bb4 status: experimental description: Detects traffic or activity related to http://175.165.84.139:34131/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.139:34131/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.152.48:47421/bin.sh id: auto-a8693d749a2b804fa161679dcdcb553d6e3d1365cb90d22c6508d9f3e75ccd9f status: experimental description: Detects traffic or activity related to http://42.179.152.48:47421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.152.48:47421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.151.137:42065/i id: auto-f291b15787b141111357d26ba4501b6f829e514dd6879e8bb09395b855baa42a status: experimental description: Detects traffic or activity related to http://113.236.151.137:42065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.151.137:42065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.29.194:55718/bin.sh id: auto-216d3876de88a23db99435653a0c6b4982e5a338da468be5283a24aae70a7a68 status: experimental description: Detects traffic or activity related to http://125.42.29.194:55718/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.29.194:55718/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.143.172.66:44726/bin.sh id: auto-1e081ba3b4d64e0df3c7d088a2967d9f96c998586213916aed1575d6f07a749d status: experimental description: Detects traffic or activity related to http://91.143.172.66:44726/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.143.172.66:44726/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7469098119/Ab4r7lP.exe id: auto-2d545103acaa6728b67a4fe87207c72eb45fcf67310b7adba56b473b7815ff1d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7469098119/Ab4r7lP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7469098119/Ab4r7lP.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.158.227:49399/i id: auto-0cb3faa4c458f17754417b45d77ee432124d98ca8bc1c4895a5ca9ae83cf71fb status: experimental description: Detects traffic or activity related to http://182.123.158.227:49399/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.158.227:49399/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.188.205:58644/bin.sh id: auto-45ce5c1f0d223e94b8befc2358dc525ea7eca45852ac04568ae8eb25c25b0276 status: experimental description: Detects traffic or activity related to http://113.229.188.205:58644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.188.205:58644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.118.116:47332/i id: auto-cf708476354fb28a5fcb60bf4f2f3c35d08fda0aef91152d017897aa0bbca8a6 status: experimental description: Detects traffic or activity related to http://222.138.118.116:47332/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.118.116:47332/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.81.234.130:8443/sda1/Video.lnk id: auto-0b4770b652abdeff908c3c957425334abc9be67f305d9fab32ecd18b19fa5378 status: experimental description: Detects traffic or activity related to https://151.81.234.130:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.81.234.130:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.174.75:47768/i id: auto-e741e698ca3d4453d04cf3cf20b8a1ce70763fc3d69167edf75dc4ab42e87cc3 status: experimental description: Detects traffic or activity related to http://117.254.174.75:47768/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.174.75:47768/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.81.234.130:8443/sda1/Video.scr id: auto-611894ccb02a0faa5f22a8513bb60c598b47a94a1e56792a7536b233effcf035 status: experimental description: Detects traffic or activity related to https://151.81.234.130:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.81.234.130:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.81.234.130:8443/sda1/AV.scr id: auto-f37845fd683a3afa93b2d98307ded672bd30d8d4d125b589dfc107c3af450445 status: experimental description: Detects traffic or activity related to https://151.81.234.130:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.81.234.130:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.81.234.130:8443/sda1/Photo.scr id: auto-457b8fa86a1b96a8649252ce630c74434be6349456c9d36e34c098326903710c status: experimental description: Detects traffic or activity related to https://151.81.234.130:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.81.234.130:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.81.234.130:8443/sda1/Photo.lnk id: auto-e0acb3af2a2a6eda27bb93517bd507c66c541749bd3282e8f32ed28fb8bb27c0 status: experimental description: Detects traffic or activity related to https://151.81.234.130:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.81.234.130:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.81.234.130:8443/sda1/AV.lnk id: auto-d98edc477d93efd86a985165039e5476881f96a9c3deb46939dd7bd83f550514 status: experimental description: Detects traffic or activity related to https://151.81.234.130:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.81.234.130:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.158.227:49399/bin.sh id: auto-23eb5fc60f7ce1702e8a2f449fa70ce6163e7e11227bd5ef646a40847fc57a3a status: experimental description: Detects traffic or activity related to http://182.123.158.227:49399/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.158.227:49399/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/pmpsl id: auto-dc8fe4d008ee0f3d3669c0053ceead012a02fee9929192ce00676f3e097e6a78 status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/pmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/pmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/pmips id: auto-1391c635ba1b8bab5452f4fc0e697f27268c8c0c66aec5821ae07a3b9f1e4ce9 status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.151.95.112/payload.exe id: auto-459d1004b55f6e81d62c4d11b3268d64aa84c7cd639712e6d87bba074c40e9c0 status: experimental description: Detects traffic or activity related to http://91.151.95.112/payload.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.151.95.112/payload.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.151.95.112/Client-built.exe id: auto-cd96aa1572c3be8924ec76d54ae41b072f4665c9dcfdf234246a5584817d0fa8 status: experimental description: Detects traffic or activity related to http://91.151.95.112/Client-built.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.151.95.112/Client-built.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.151.95.112/sys32.exe id: auto-335b2a557d28e2eef17e3bd81538aff874fa58a3cb9606a81655efbaffadeb2b status: experimental description: Detects traffic or activity related to http://91.151.95.112/sys32.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.151.95.112/sys32.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.118.116:47332/bin.sh id: auto-e5d6a3b66f5fd07250dc5fbbcb91f405e1ac406e944ba1d90c0463205865b3ed status: experimental description: Detects traffic or activity related to http://222.138.118.116:47332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.118.116:47332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.174.75:47768/bin.sh id: auto-4320114b79943543b4c3debc8e90fa6a6fa03b071f9763e6f44c6803861f4b28 status: experimental description: Detects traffic or activity related to http://117.254.174.75:47768/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.174.75:47768/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.87.39.3:59987/i id: auto-777e6d180712b6d92c6db505303f119725f893c1087798943904ec5848f663c6 status: experimental description: Detects traffic or activity related to http://39.87.39.3:59987/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.87.39.3:59987/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.document.levelupsky.org/downloads/Documentreview.exe id: auto-44f103bcb6a493221dc74eea38638b14cfed4d41daa0bca583e80807094669e7 status: experimental description: Detects traffic or activity related to https://www.document.levelupsky.org/downloads/Documentreview.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.document.levelupsky.org/downloads/Documentreview.exe*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youtubeslip.lol/YouTubeRU.apk id: auto-a500c6d345d9b5dd0a095afead2dee6f43514f47be3cb46c6bbf530989606dc5 status: experimental description: Detects traffic or activity related to https://youtubeslip.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youtubeslip.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1587.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1760829628/TvX7fMe.msi id: auto-75b0bfd8576522a66b0658304ac033220f43f7206217bf924428eee2961100f9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1760829628/TvX7fMe.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1760829628/TvX7fMe.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.127.27:40722/i id: auto-8c361f49b1b0bafa8fce72f2ceb3821e8a7337608f9d88baa8a4ce5ff62f1b38 status: experimental description: Detects traffic or activity related to http://61.53.127.27:40722/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.127.27:40722/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.114.67:38114/i id: auto-9d8d4abef1d1dfe1bf333c3f70ada2f72eecec8a73b2bd771de09877ef74e313 status: experimental description: Detects traffic or activity related to http://117.200.114.67:38114/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.114.67:38114/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.29.59.103:99/dbghelp.dll id: auto-474983214002ddc993977ec982f5064f21372b2203663ae7a7bd5706d028c24e status: experimental description: Detects traffic or activity related to http://119.29.59.103:99/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.29.59.103:99/dbghelp.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.24.135:40485/bin.sh id: auto-9c29e1fa3c081e7ef6686a95c29e4d447676f5863d4ec4be35d5a1040b0af01f status: experimental description: Detects traffic or activity related to http://182.117.24.135:40485/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.24.135:40485/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://14.19.157.98:888/acc1/rasadhlp.dll id: auto-b23928aa83b339e5dac0bb583783a37d084e416d4a278d36a5bc77865143178d status: experimental description: Detects traffic or activity related to https://14.19.157.98:888/acc1/rasadhlp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://14.19.157.98:888/acc1/rasadhlp.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.114.67:38114/bin.sh id: auto-cd6fb18e37e621d05a1503a2b8571a20e302493baea0dfcc543a0271bb0611bb status: experimental description: Detects traffic or activity related to http://117.200.114.67:38114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.114.67:38114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.189.89:48535/i id: auto-bf72649f3537a5e4f7e53884450d5a5b79440dc657b8cec9e115344c8a1b0d87 status: experimental description: Detects traffic or activity related to http://182.124.189.89:48535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.189.89:48535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:37476/i id: auto-f0ec2f260ba20a47b86910a2cf42fd8d1397c74f5e53de84869db1010342a308 status: experimental description: Detects traffic or activity related to http://110.36.0.116:37476/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:37476/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/IW1qQpJ.exe id: auto-5c8adde611f0a13dc5c5c5f31b18d5d457fff9d09d0cbb6c993679a33b360d9a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/IW1qQpJ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/IW1qQpJ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.69.46:53696/bin.sh id: auto-061786b37d7d40514b98f7f619b70fe8add2eb0aa57726eff523d0a5f200810b status: experimental description: Detects traffic or activity related to http://61.54.69.46:53696/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.69.46:53696/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.127.27:40722/bin.sh id: auto-26dfd64295899473da10597f97f96537f9d2c9bf7439ae84aefdabc5eb754476 status: experimental description: Detects traffic or activity related to http://61.53.127.27:40722/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.127.27:40722/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.151.137:42065/bin.sh id: auto-707d0cbc6de49a592226e3d5846f9ac816bf626c30657f867929c7fb22a9d27f status: experimental description: Detects traffic or activity related to http://113.236.151.137:42065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.151.137:42065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.189.89:48535/bin.sh id: auto-3c15d7b886178639c95fda022a1d726b96bf15790b34f4076436d5b2ecbc6aa7 status: experimental description: Detects traffic or activity related to http://182.124.189.89:48535/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.189.89:48535/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.229.179:38294/bin.sh id: auto-49a031a011a55df20a97175950cd5aa38d27778793a30a5c80111f43ddb5918b status: experimental description: Detects traffic or activity related to http://125.43.229.179:38294/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.229.179:38294/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.85.91:57531/i id: auto-4d7b864528d6038300743bd5a3e869d9ed16a2845fd9adfa8ee5457a1942428b status: experimental description: Detects traffic or activity related to http://221.15.85.91:57531/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.85.91:57531/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.188.124:57558/i id: auto-b6677fe869a92ae0aea453ec8e6d31f57800567e6fe42b26ed18d19d985d4d68 status: experimental description: Detects traffic or activity related to http://42.239.188.124:57558/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.188.124:57558/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:37476/bin.sh id: auto-c05a180aa7637c96c8133fbb61ceec04b1025d5db9fa73f73f2178dbc0755978 status: experimental description: Detects traffic or activity related to http://110.36.0.116:37476/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:37476/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.254.201:41426/i id: auto-a8e73dd47d71d02c5d12dd32e70afc6b38d3cc291c2e5bf4a7deedc1cd0a9777 status: experimental description: Detects traffic or activity related to http://112.248.254.201:41426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.254.201:41426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.2.34:46670/i id: auto-ce3427ac9061c2164cdbdf322129d70fd44338f92c8b8c11310e540d4677a0a8 status: experimental description: Detects traffic or activity related to http://42.55.2.34:46670/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.2.34:46670/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.144.152:58183/bin.sh id: auto-affb98d9624448b6e6ef3486a9dc7b9ef62c74d81bb6c6f0e73e68f4761e87ae status: experimental description: Detects traffic or activity related to http://222.137.144.152:58183/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.144.152:58183/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.85.91:57531/bin.sh id: auto-efb5fdc500032995957d5ba89ccfecfb4646c71da3ededca78f539a72cf028ca status: experimental description: Detects traffic or activity related to http://221.15.85.91:57531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.85.91:57531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.66.79:33305/bin.sh id: auto-307c81192f79abb42c9b947f7bd32958a1f05e19116d19293f51eab262edebaa status: experimental description: Detects traffic or activity related to http://219.157.66.79:33305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.66.79:33305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.37:35537/bin.sh id: auto-b6e98711f384f1e38092163993d6a8ab5255b00813dc34cb088248a7543cc418 status: experimental description: Detects traffic or activity related to http://110.37.0.37:35537/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.37:35537/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.59.160:33965/i id: auto-9d1b8eea5dd4931c9ceb286458c753e100c2fcc2b587bb251eda1a0ffd51a201 status: experimental description: Detects traffic or activity related to http://42.53.59.160:33965/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.59.160:33965/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.7.189:37277/i id: auto-3591327ad77346cba8d32111c68da87dc79216b4ee952a4987bc12793bf6fadd status: experimental description: Detects traffic or activity related to http://115.49.7.189:37277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.7.189:37277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.121.9:53012/i id: auto-f06db114827b523a1927cc172339df1a1055552338b689e4534f18775de4767c status: experimental description: Detects traffic or activity related to http://182.126.121.9:53012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.121.9:53012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.231.145.15:53579/i id: auto-e41780f619076dce8a156df7112e7392227bf96693ab3c635cfe72d932f16c89 status: experimental description: Detects traffic or activity related to http://45.231.145.15:53579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.231.145.15:53579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:51868/i id: auto-d0ed7e65a1906f4a1a224c1e7a99aea53658c2c46760832b2503692f08c7e27d status: experimental description: Detects traffic or activity related to http://110.36.0.104:51868/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:51868/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.147.41.88/Mozi.m id: auto-68d4bea7d8b7b6f469d2756d5a4747b6cd074c49329d4caa1b6052d5668e8b1b status: experimental description: Detects traffic or activity related to http://185.147.41.88/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.147.41.88/Mozi.m*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.108.183.202:43383/i id: auto-0803ca8cbbce44e3a7747d4648e63b63269316d25c5da1939482a77ee648ca3c status: experimental description: Detects traffic or activity related to http://171.108.183.202:43383/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.108.183.202:43383/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.64:34708/i id: auto-b8b79758b8584583a2319467d45d0671903fbf5271351a4e80cb1371bfd684cc status: experimental description: Detects traffic or activity related to http://200.59.83.64:34708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.64:34708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.76.127:49963/i id: auto-60dad862c9d58e1c4f642e36aee87fac88f626fc53ef8b5e94b4465bfea67f18 status: experimental description: Detects traffic or activity related to http://115.63.76.127:49963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.76.127:49963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.15.187:33352/i id: auto-ec44dc48e3d1de94f5e18715b4d0cdff04593c449f665968d3dd0569f2ea4f8a status: experimental description: Detects traffic or activity related to http://115.61.15.187:33352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.15.187:33352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.86.55:51432/bin.sh id: auto-e6a527d90da39f960fdaaf32a899572fc17ec73f827c628fe7e3f272bf38b6b0 status: experimental description: Detects traffic or activity related to http://125.40.86.55:51432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.86.55:51432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.86.55:51432/i id: auto-6823106e5569408e6db0317e421402a83993ca76a900a7e4f186dadd3f901c5a status: experimental description: Detects traffic or activity related to http://125.40.86.55:51432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.86.55:51432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.10.255:56676/i id: auto-4fb43fd7560cfab66390c35cf79951ed84e5d6f28c8ff6bf4ea92c0a4ead1520 status: experimental description: Detects traffic or activity related to http://222.141.10.255:56676/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.10.255:56676/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.36.133:55946/bin.sh id: auto-92740c9f9eb5aa3344b010a52b62edc50bdff2fd4171f9fe43106d8d57a06abb status: experimental description: Detects traffic or activity related to http://115.53.36.133:55946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.36.133:55946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.2.43:56454/i id: auto-4183531cea662e6c3616d5b400272e408979e9372086c73e6d33ac965e97d098 status: experimental description: Detects traffic or activity related to http://39.79.2.43:56454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.2.43:56454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.247.85.100:37424/i id: auto-002efc9c1da639a3beb4dbd245ea2e87af47e8f89f41529519f8092fb0914068 status: experimental description: Detects traffic or activity related to http://112.247.85.100:37424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.247.85.100:37424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.35.217:34455/bin.sh id: auto-cddbf37c97c081e79cdf64e3315a6a34d51d1c8248f84a31e9937de4da5c45b1 status: experimental description: Detects traffic or activity related to http://115.55.35.217:34455/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.35.217:34455/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.146.213:34450/i id: auto-ebcdfe560f277b09fa5577e3b718eb692aab2b751c217be80043bb345bc18a9c status: experimental description: Detects traffic or activity related to http://39.90.146.213:34450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.146.213:34450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:38435/i id: auto-39ba6c9fd3b44ed259b353c70b7c18e4bc7aa66e3c01c4da981a37b154b265b6 status: experimental description: Detects traffic or activity related to http://36.64.174.50:38435/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:38435/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.247.85.100:37424/bin.sh id: auto-f3bae0c01cacead37c4dc47bdb6834bd6abc724bb4eff2aa685bf4fd9e209d71 status: experimental description: Detects traffic or activity related to http://112.247.85.100:37424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.247.85.100:37424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.146.213:34450/bin.sh id: auto-5bdc67361998f9f349fe70605c5e7100426d7803649e7b54c16d523bb9286e0b status: experimental description: Detects traffic or activity related to http://39.90.146.213:34450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.146.213:34450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.1.200:40568/bin.sh id: auto-b358f4fcefbb50c5dc6d4b7d712d7ce6b8298ce970354b257284f46dc5529e66 status: experimental description: Detects traffic or activity related to http://42.224.1.200:40568/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.1.200:40568/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.106.42:40538/bin.sh id: auto-bc9bfeae25ba08c02ff386f5cf850c8f5a2dbd8d9e7bace55927292abcb36075 status: experimental description: Detects traffic or activity related to http://58.47.106.42:40538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.106.42:40538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:38435/bin.sh id: auto-97a9f1f736e592bbf8d50dbf48e3d2fb1b0d16c239a5e88fa431130b3ca2915d status: experimental description: Detects traffic or activity related to http://36.64.174.50:38435/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:38435/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.67.137:57701/i id: auto-0368608a8498a257cb84628fbecbdfb38339e5d9d58823ab579eb8e52ca7f34f status: experimental description: Detects traffic or activity related to http://42.226.67.137:57701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.67.137:57701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://hetenyikorhaz.hu/Adelsslae.sea id: auto-948c1a8ce1650e7a07c804947421383133ce6f1d94e5327786acead147ec187a status: experimental description: Detects traffic or activity related to http://hetenyikorhaz.hu/Adelsslae.sea which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://hetenyikorhaz.hu/Adelsslae.sea*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/tblk.txt id: auto-2f83434ba111e94f7490005794f693ae0ec24ca75fd0dec9aed5ad42c11dfc82 status: experimental description: Detects traffic or activity related to https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/tblk.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/tblk.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/3tb8ir.ps1 id: auto-64c365fbc5bf670337392b53c661c608e500b14e1a3fde54765bdc14fedf934c status: experimental description: Detects traffic or activity related to https://files.catbox.moe/3tb8ir.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/3tb8ir.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/i0579o.ps1 id: auto-6ac9aefe8a9a0dd4e5ee09049ddfcc00d9411a9bcc8c09a9ac4cc67b328d4202 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/i0579o.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/i0579o.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.56:51876/Mozi.a id: auto-0277d95c2881c32484f9874d1f36ae5aff1a4065fbe5b744eee7b7ef1ac1318e status: experimental description: Detects traffic or activity related to http://59.97.178.56:51876/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.56:51876/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.85.213:52096/bin.sh id: auto-f47cd43902da51975976cbe001aa8c8154a92d5055c50fc141a7ca01121d358a status: experimental description: Detects traffic or activity related to http://42.224.85.213:52096/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.85.213:52096/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.56:51876/Mozi.m id: auto-a4774f79564416cb241fb644b4d28361ac8abeda132a23ed84c9202081cf4dc6 status: experimental description: Detects traffic or activity related to http://59.97.178.56:51876/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.56:51876/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.56:51876/i id: auto-35a5a38d1438800f2eecd30da365c84dcd013ac5bb11ad8a14ad9647b07e04e2 status: experimental description: Detects traffic or activity related to http://59.97.178.56:51876/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.56:51876/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.56:51876/.i id: auto-3c82c045c605d3c79eeb4def2bb7f62f0ef4bf2f794d626ab571c1db5c8b7814 status: experimental description: Detects traffic or activity related to http://59.97.178.56:51876/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.56:51876/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8042875554/2LTfPVD.exe id: auto-cc9803547fe43e922922d327f99e2669027339ec4e63cad2337942f924254f0d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8042875554/2LTfPVD.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8042875554/2LTfPVD.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7972786482/0XXeeee.exe id: auto-96f76c35932a37deab2b1765b0165099093c67d61816f1a800319f1b20e5c52c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7972786482/0XXeeee.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7972786482/0XXeeee.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.102.171:49372/i id: auto-80906f5bb3f47e5e239e91d2cce3a9597fde3e908441cefbb8e35af11b154a68 status: experimental description: Detects traffic or activity related to http://113.230.102.171:49372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.102.171:49372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.2.43:56454/bin.sh id: auto-9ce655e2eda9a9bf4e463fc1b779ca21fe25638757edc4c6597c11c6498b97c4 status: experimental description: Detects traffic or activity related to http://39.79.2.43:56454/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.2.43:56454/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.112.182:57702/i id: auto-1821563d5228caca8ada77880f117efff2798535218201d34a4fab38f473bb0b status: experimental description: Detects traffic or activity related to http://115.57.112.182:57702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.112.182:57702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.67.137:57701/bin.sh id: auto-02fd14e69c9e577e71f3e5bdc179208875df7610d410f47b7daecc3d41c57289 status: experimental description: Detects traffic or activity related to http://42.226.67.137:57701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.67.137:57701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.203.156.251:38498/bin.sh id: auto-d4430a5d8eb677c3862ee6ad0fa34a5b3cf2f37c06b65334d3edc8f7a0aee541 status: experimental description: Detects traffic or activity related to http://117.203.156.251:38498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.203.156.251:38498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://210.18.181.184:35035/bin.sh id: auto-18c57cc15c23883fe1caca04e2569bba65552087a6d086e113a00e209c130cf4 status: experimental description: Detects traffic or activity related to http://210.18.181.184:35035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://210.18.181.184:35035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.154.241:47166/i id: auto-b940869f17452afab7d4d03fdd97e798e2a2ad512c877973c3af7047bca0fe4a status: experimental description: Detects traffic or activity related to http://112.248.154.241:47166/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.154.241:47166/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.135.114:39480/bin.sh id: auto-bf8031d0f906ec4979ca23915c6789e0df70c466cd254e19180876e7fabf3004 status: experimental description: Detects traffic or activity related to http://124.92.135.114:39480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.135.114:39480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:57106/i id: auto-626cc2718db8bb21dacdda92232ad0f9ad0ad7fe2fd217aca19f89f7404512dd status: experimental description: Detects traffic or activity related to http://110.37.101.252:57106/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:57106/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download-update.com/update/install/download.php?type=manual id: auto-92b39c1a87fe86857c214dec2c7df19dcf435ff2d24b189f37df4e499d864e95 status: experimental description: Detects traffic or activity related to https://download-update.com/update/install/download.php?type=manual which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download-update.com/update/install/download.php?type=manual*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.103.86:56402/i id: auto-f3a86b169b840b84ccc9cc438b64ccb78d4cc195edecf2f61c0d58ab52c64030 status: experimental description: Detects traffic or activity related to http://182.112.103.86:56402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.103.86:56402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.178:34361/.i id: auto-a0e2f881e6b61a5d5ceeb477ec919fcc535dd79b4571bc4aee89ec6c6c445176 status: experimental description: Detects traffic or activity related to http://59.97.254.178:34361/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.178:34361/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pixeldrain.com/api/file/kycxrkkF id: auto-a05509d69ea32fee054306a8009eb4d24e824b3aadb52b9b776fd45a54cf2fbc status: experimental description: Detects traffic or activity related to https://pixeldrain.com/api/file/kycxrkkF which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pixeldrain.com/api/file/kycxrkkF*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.202:34785/i id: auto-8f11577ac111d99392b548966d732b5619ac11807c126e16ad239684572ac6a1 status: experimental description: Detects traffic or activity related to http://59.97.183.202:34785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.202:34785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.247.179:49506/Mozi.a id: auto-0c3edf527e7bc27f3a740592507a5fda39f7aa3d8730c3a501efd4dee2a46819 status: experimental description: Detects traffic or activity related to http://59.97.247.179:49506/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.247.179:49506/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.119:59576/bin.sh id: auto-9f38b5c1a356bfd83561f1d0ca8b80eec154cb08a0f60084e3180bd05b7e80e3 status: experimental description: Detects traffic or activity related to http://59.97.182.119:59576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.119:59576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.136:49792/Mozi.a id: auto-60e4815c5fce4c71ada5f9eeb3f06a778eab492927f3bd7b90f41732daeb265e status: experimental description: Detects traffic or activity related to http://59.97.254.136:49792/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.136:49792/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.68:42703/i id: auto-5770e77a9e6f1052f4b94574714eb07729501ca8feda9de74fc8aed7ff09070e status: experimental description: Detects traffic or activity related to http://59.97.252.68:42703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.68:42703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.180.86:51954/Mozi.m id: auto-2829b16aed01d8904c75dac3566f70cda8e942cf1e66afec2378e4234e1d30df status: experimental description: Detects traffic or activity related to http://59.97.180.86:51954/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.180.86:51954/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.229:57060/Mozi.m id: auto-eab0e8e22efd36a0f721d8da0e2e957acf063f31f7f63c2946670dae1c39ea2c status: experimental description: Detects traffic or activity related to http://59.97.177.229:57060/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.229:57060/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.97:32785/i id: auto-cda420d32547556e250681e20f6131c83f6b738355394a24a476288618c33a65 status: experimental description: Detects traffic or activity related to http://59.97.251.97:32785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.97:32785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.30:57498/i id: auto-c19e79ac1ca309a37e94f5338981f517fe6c65b9b509365906d226847fcc1787 status: experimental description: Detects traffic or activity related to http://59.97.254.30:57498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.30:57498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.229:57060/Mozi.a id: auto-97912503d0460bbdd0462dedec17bf486246dc9aecf2f886a5dea3224e2f4a1c status: experimental description: Detects traffic or activity related to http://59.97.177.229:57060/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.229:57060/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.252:37832/i id: auto-ffc56d9c30befd127ea682e96418c9d1ca4c2a70f71d5c7dbd0de8e6a7d26fda status: experimental description: Detects traffic or activity related to http://59.97.250.252:37832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.252:37832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.97:32785/.i id: auto-3a3a3c516ec789655ccc83a81240536f094fe70e3a11e9d99dd5394d83d41d42 status: experimental description: Detects traffic or activity related to http://59.97.251.97:32785/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.97:32785/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.158:59276/.i id: auto-07c36cab7ee8e099da04ef811a1c26c24917015e0c7de563b8e95b399ead9c6f status: experimental description: Detects traffic or activity related to http://59.97.250.158:59276/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.158:59276/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.178:34361/bin.sh id: auto-8df3c6677d0e34f3c0675239f91550662b325f501be5b5ff3dd6f4f4b87f7a3d status: experimental description: Detects traffic or activity related to http://59.97.254.178:34361/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.178:34361/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.181.55:53043/Mozi.m id: auto-ce1c24d82f7cb001ff91253b1ddd2e4323416c53b3552517d1a89203cc673c50 status: experimental description: Detects traffic or activity related to http://59.97.181.55:53043/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.181.55:53043/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.192:45342/Mozi.m id: auto-beb17084aa617b80e48a0ffba32db36442204fa2eddc07fb6e5955f22c413e8c status: experimental description: Detects traffic or activity related to http://59.97.183.192:45342/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.192:45342/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.164:44277/.i id: auto-f6ec186a030e2c71243db197484a338677bf9d9ec452453eef714872b08c3ec4 status: experimental description: Detects traffic or activity related to http://59.97.177.164:44277/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.164:44277/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.148:39564/.i id: auto-2bc44eac1a746eb152c35acc4d4d0ab1045b86a34055f5b4d33e431e78e30927 status: experimental description: Detects traffic or activity related to http://59.97.178.148:39564/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.148:39564/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.0:58717/Mozi.m id: auto-b6ee6045963de58f53081a4b5999b7d9933e5b55bec07295e3e166cf4b6fdd12 status: experimental description: Detects traffic or activity related to http://59.97.250.0:58717/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.0:58717/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.122:59099/.i id: auto-55b805b2fb1b1fa6de9fb5cd6ac2dc460957806dd8b902d0adfbcfa6087ec997 status: experimental description: Detects traffic or activity related to http://59.97.178.122:59099/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.122:59099/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.119:59576/i id: auto-106d8366bfdbae5c9cd826a819c0778fb4701141b7b2e9b9ffcafc28f52e8c53 status: experimental description: Detects traffic or activity related to http://59.97.182.119:59576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.119:59576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.122:59099/Mozi.a id: auto-2a410d5eace2a023c157bf2f32988c3d22f107f0a4e8d94ebf4d6ac478294cb6 status: experimental description: Detects traffic or activity related to http://59.97.178.122:59099/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.122:59099/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.180.86:51954/bin.sh id: auto-7cbe7edcad532f388cb32d9d6576b31ba031da3a6fa97f11e461ef1b93e270c3 status: experimental description: Detects traffic or activity related to http://59.97.180.86:51954/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.180.86:51954/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.247.179:49506/Mozi.m id: auto-ac9c32954b4c31ee4d8b6f2a11fe8890aad53d1a024b239528773316d8049fde status: experimental description: Detects traffic or activity related to http://59.97.247.179:49506/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.247.179:49506/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.148:39564/bin.sh id: auto-031673ecdb3f062d777f4abe7907ebb2713d752f38da15d16130c4770fb6c764 status: experimental description: Detects traffic or activity related to http://59.97.178.148:39564/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.148:39564/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.164:44277/i id: auto-2f8afc128f1d9ec9deaa2c8063db141da9a02569b078b5a8759413501b8efbfb status: experimental description: Detects traffic or activity related to http://59.97.177.164:44277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.164:44277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.122:59099/Mozi.m id: auto-4b122872682c6e1ec3df3d92a0488d0dfa054d233b36f847c63b803bae69b0fc status: experimental description: Detects traffic or activity related to http://59.97.178.122:59099/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.122:59099/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.148:39564/i id: auto-9eaeb1e4c41766a95941552c05037c4158c3471c96907e773f2050ce6258fc86 status: experimental description: Detects traffic or activity related to http://59.97.178.148:39564/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.148:39564/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.164:44277/bin.sh id: auto-0f005df3a675bcef5bb9612241c6fc9376249356841d5c5abe0a8b0924107d0a status: experimental description: Detects traffic or activity related to http://59.97.177.164:44277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.164:44277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.247.179:49506/i id: auto-f5c969f20bb89caa802a900b01427122d2c771de4c3551ba4dca0c4821c09037 status: experimental description: Detects traffic or activity related to http://59.97.247.179:49506/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.247.179:49506/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.158:59276/i id: auto-435f99e082fdb82c09259075ccbc240f0295ee7cd52b6a405d53a1c67242561f status: experimental description: Detects traffic or activity related to http://59.97.250.158:59276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.158:59276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.97:32785/bin.sh id: auto-a4423b5dd800751985f27b9b0a87ee76869e2eaf577a7e540276b91561cb2133 status: experimental description: Detects traffic or activity related to http://59.97.251.97:32785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.97:32785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.252:37832/Mozi.a id: auto-6e330e23f33a147bce344cef7e9e02b2478fcf10f78496be2ce336fbcf16e48e status: experimental description: Detects traffic or activity related to http://59.97.250.252:37832/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.252:37832/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.52:55164/i id: auto-ff9c625017b0afffb67a3b03a8a6fc30bd8cdfc882897aeb421c225ffb317854 status: experimental description: Detects traffic or activity related to http://59.97.253.52:55164/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.52:55164/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.247.179:49506/bin.sh id: auto-0032d8bc0a95407f0e66a448e65b1fc9d8d92cc408664617def4926013924cd4 status: experimental description: Detects traffic or activity related to http://59.97.247.179:49506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.247.179:49506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.229:57060/.i id: auto-0b84fc00082caf6541dc7ec672a0dc3aaf4b07bb9286acc07a02de9b6312c401 status: experimental description: Detects traffic or activity related to http://59.97.177.229:57060/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.229:57060/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.68:42703/Mozi.a id: auto-9d54ae280b5e929d4ba39f042e23da1ee8ca5931b449f29ac72e2df07fd1ce15 status: experimental description: Detects traffic or activity related to http://59.97.252.68:42703/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.68:42703/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.249.181:51913/bin.sh id: auto-26fe9bb50134505e120aff9263f1110d04a6a306307ceee64f4a9f49ac80631f status: experimental description: Detects traffic or activity related to http://59.97.249.181:51913/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.249.181:51913/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.252:37832/.i id: auto-7db45923a6af4cfd821d142182460281ad781dd5f004fa514cb960a96f754dac status: experimental description: Detects traffic or activity related to http://59.97.250.252:37832/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.252:37832/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.68:42703/bin.sh id: auto-502e5270cfadd643a725ccf191417bd8fd1edde273c425b58bde1f79ce597ecb status: experimental description: Detects traffic or activity related to http://59.97.252.68:42703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.68:42703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.178:34361/Mozi.m id: auto-5a0a2d2c5fa6f77f1a85e57332d7ae860785eb0361264bee4e66b95d51e0c26f status: experimental description: Detects traffic or activity related to http://59.97.254.178:34361/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.178:34361/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.14:56323/bin.sh id: auto-1382718454771fee5c4d43c1693969b473ecb42086b6e62cfed875436a446d47 status: experimental description: Detects traffic or activity related to http://59.97.251.14:56323/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.14:56323/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.0:58717/.i id: auto-029c71267689914921cf8e232e3157b8f4cdb3bcca2658b96912ccaed7bed053 status: experimental description: Detects traffic or activity related to http://59.97.250.0:58717/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.0:58717/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.124:44739/Mozi.m id: auto-d6bd896c4656c6fd1c19d87f896e9790ff50637434655156ee011470c5fa6cc7 status: experimental description: Detects traffic or activity related to http://59.97.179.124:44739/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.124:44739/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.252:37832/Mozi.m id: auto-b868a435873b2b77d6ce67b7ccece984381d59a9331d65d99820df8f4b3f899e status: experimental description: Detects traffic or activity related to http://59.97.250.252:37832/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.252:37832/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.97:32785/Mozi.a id: auto-23decca3fd48efef64f242ee87c5f19ab17caa654800c058d00e00d89d5a46a3 status: experimental description: Detects traffic or activity related to http://59.97.251.97:32785/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.97:32785/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.30:57498/.i id: auto-1a9c209b907739e57166d00d9644b96221a761d6d9b51696f3d9d630eb3a231c status: experimental description: Detects traffic or activity related to http://59.97.254.30:57498/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.30:57498/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.30:57498/Mozi.m id: auto-1fe5c155731a0eb5a3f95ddc782052a3d40515a9579063cd7f5cca15dfc774dd status: experimental description: Detects traffic or activity related to http://59.97.254.30:57498/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.30:57498/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.66:44672/bin.sh id: auto-ba9ccb99ad5a49058637602f303fa23f07afc3177da9bcda9fcdda58290f836d status: experimental description: Detects traffic or activity related to http://59.97.252.66:44672/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.66:44672/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.53:43252/.i id: auto-0d90621bcdf936cf5ed3c546fabe78abfcca5cc1eb3b644b8ba8fd8c1c8177ac status: experimental description: Detects traffic or activity related to http://59.97.177.53:43252/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.53:43252/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.181.55:53043/bin.sh id: auto-2ff07254c0075b174c34fc8516bdba796e54801c16576636b1a821a45f019e05 status: experimental description: Detects traffic or activity related to http://59.97.181.55:53043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.181.55:53043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.0:58717/Mozi.a id: auto-f376c3f6680bce3acf1c671ccdd8a53ab0a0998cbda32396f1e32a83de255eb2 status: experimental description: Detects traffic or activity related to http://59.97.250.0:58717/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.0:58717/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.2:37696/.i id: auto-ffcac9c60858f8f0674c01e5f8dc720f25facbd9a9216cd130fc6e966b3b2261 status: experimental description: Detects traffic or activity related to http://59.97.176.2:37696/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.2:37696/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.122:59099/bin.sh id: auto-c05ed11ea0e2f183055e2e18fc8d8fdee807531c9b219e10795eb67d81195b53 status: experimental description: Detects traffic or activity related to http://59.97.178.122:59099/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.122:59099/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.148:39564/Mozi.m id: auto-a30e5ec280269fea9b2608db53cd16c104554ddb70611b5798c80c43c4097b58 status: experimental description: Detects traffic or activity related to http://59.97.178.148:39564/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.148:39564/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.229:57060/bin.sh id: auto-18f30d35bd351b41427e8e33f5c72e1f34c8c500d7194651f512404c09d860a1 status: experimental description: Detects traffic or activity related to http://59.97.177.229:57060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.229:57060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.158:59276/bin.sh id: auto-3225f83112aa46deaf0077f657c4acd5e1845e16003368c984632ffa4c4e4321 status: experimental description: Detects traffic or activity related to http://59.97.250.158:59276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.158:59276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.53:43252/i id: auto-c0cba6ff9d132316299a4eeab09771405900109dba69532520585c6269922e73 status: experimental description: Detects traffic or activity related to http://59.97.177.53:43252/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.53:43252/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.202:45489/Mozi.m id: auto-dc70d3ef70ef42f91901337f7ae31a44df4c6a85fcdcbe450a66efb949183252 status: experimental description: Detects traffic or activity related to http://59.97.176.202:45489/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.202:45489/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.181.55:53043/Mozi.a id: auto-0878d88f7b50c6512845c713039b47712c7df6beb2e4e322f919d12bf1dd9d51 status: experimental description: Detects traffic or activity related to http://59.97.181.55:53043/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.181.55:53043/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.2:37696/bin.sh id: auto-86d785d96d78fd8cedb85c99c06d911e9055c62ffe5a64950b1e073a557f64c5 status: experimental description: Detects traffic or activity related to http://59.97.176.2:37696/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.2:37696/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.164:44277/Mozi.m id: auto-72222dc16432e881c452b6b797cfbbbd28152258eaa72cf4f530b15ee82cc989 status: experimental description: Detects traffic or activity related to http://59.97.177.164:44277/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.164:44277/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.97:32785/Mozi.m id: auto-a3217c363045df67353b125dfc53ea99bf7245f365692a999a518ab9a82c3d4c status: experimental description: Detects traffic or activity related to http://59.97.251.97:32785/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.97:32785/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.229:57060/i id: auto-15a99f4ec1cd1702f37c12492ace86cb458f99c1924486edb663270d62b86af0 status: experimental description: Detects traffic or activity related to http://59.97.177.229:57060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.229:57060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.2.108:36497/bin.sh id: auto-08dac40afd1a3e9c18b917f0b8e4d0310bc8b0f81266f5433bb92511350f84d1 status: experimental description: Detects traffic or activity related to http://125.41.2.108:36497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.2.108:36497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.52:55164/.i id: auto-04db82a1a7018080a1885bf941425e9ce083166ecfc82e2afeb9536fe8ae0662 status: experimental description: Detects traffic or activity related to http://59.97.253.52:55164/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.52:55164/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.136:49792/.i id: auto-14ffc82f02ff700bfe752435e2560c7f23f216cdee5b6392db8e1cf156aacd96 status: experimental description: Detects traffic or activity related to http://59.97.254.136:49792/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.136:49792/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.66:44672/Mozi.m id: auto-62957b2649afeb1f46fc3e0ca90a2d2bcb145b173ca39bbd7c0b45fef609e3c5 status: experimental description: Detects traffic or activity related to http://59.97.252.66:44672/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.66:44672/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.119:59576/Mozi.a id: auto-98c591d73a85ea8d74d6b23481fa640db88720d913eaad56e1941139f6ea28c0 status: experimental description: Detects traffic or activity related to http://59.97.182.119:59576/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.119:59576/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.53:43252/Mozi.a id: auto-16910c7ad3ad584c0321bad797acb0d2ae3b40c75a9549eb5d6185a92a1f5947 status: experimental description: Detects traffic or activity related to http://59.97.177.53:43252/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.53:43252/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.222:40805/.i id: auto-d8d911e5d956e2c8cb77e44c54029244129520e12208245fe2042e5899d2fc5e status: experimental description: Detects traffic or activity related to http://59.97.179.222:40805/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.222:40805/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.222:40805/bin.sh id: auto-934fe90560b1668dc61c38c798c2ef51bdc0e55dc11353759473020128bd8e29 status: experimental description: Detects traffic or activity related to http://59.97.179.222:40805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.222:40805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.178:34361/i id: auto-5e450bf159cd8ec6c66c976bbbdf6edaf3dfa0fbd0ffda712f48bfe96e3cbf20 status: experimental description: Detects traffic or activity related to http://59.97.254.178:34361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.178:34361/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.222:40805/Mozi.m id: auto-af60040a4b01eb00fc82c276a5ddf1f8345cd644fb5f04cab3ea67343181d032 status: experimental description: Detects traffic or activity related to http://59.97.179.222:40805/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.222:40805/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.195:54400/.i id: auto-16f1607de2cbc48837201c5047b3b913a70972adbac481afa59a7636ce0c3cc7 status: experimental description: Detects traffic or activity related to http://59.97.251.195:54400/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.195:54400/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.53:43252/Mozi.m id: auto-c0c6a1423d888717d613e0d6985451f7481bb9af2f6043d67d3b853bad678037 status: experimental description: Detects traffic or activity related to http://59.97.177.53:43252/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.53:43252/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.249.181:51913/i id: auto-c1a609b48b7d949309ca3381eda96e42a1975347b7233ffba1994bc0bcf9da7b status: experimental description: Detects traffic or activity related to http://59.97.249.181:51913/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.249.181:51913/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.202:34785/bin.sh id: auto-d6d154778cdf8916e6d3953ff71a7e9f643822286ca5c85b55c8eda757f373a5 status: experimental description: Detects traffic or activity related to http://59.97.183.202:34785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.202:34785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.136:49792/Mozi.m id: auto-8ec5329320a4fc63d5cc3cc9f33adc91030d7f3372d7b8ae48e33ff11a44fbf9 status: experimental description: Detects traffic or activity related to http://59.97.254.136:49792/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.136:49792/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.2:37696/i id: auto-c798a42c3ce601eab714a25c4738a274e2e1e619953d40abd5fd3c88744b8796 status: experimental description: Detects traffic or activity related to http://59.97.176.2:37696/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.2:37696/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.195:54400/Mozi.m id: auto-4d50d347f6e0db7a0f54d63e3cb7e7b5ccc6819573d38e64ae794b871c7b9894 status: experimental description: Detects traffic or activity related to http://59.97.251.195:54400/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.195:54400/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.2:37696/Mozi.m id: auto-c44641f01d82fb5f686445d1df91d4eba3fa031bf0b2ef73814eb8a2537a1606 status: experimental description: Detects traffic or activity related to http://59.97.176.2:37696/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.2:37696/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.119:59576/.i id: auto-f993e5565f3b0df4b7cb5a07a4f02719074d9754b81a9c2240bdc499ace991bd status: experimental description: Detects traffic or activity related to http://59.97.182.119:59576/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.119:59576/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.2:37696/Mozi.a id: auto-2b9ca8f5f071ad5a86d02a13548e73f599507afcd4809526e250f894a217ae2c status: experimental description: Detects traffic or activity related to http://59.97.176.2:37696/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.2:37696/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.14:56323/.i id: auto-76a372d5cb9b79cea2bce56e84a55c9b19871ac77f0bab2f371043dac5ea8284 status: experimental description: Detects traffic or activity related to http://59.97.251.14:56323/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.14:56323/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.14:56323/Mozi.m id: auto-6effd6621f9ed898a94f791be1e7b6ef83c9d83b1c82f22b7e8cac08633a48a1 status: experimental description: Detects traffic or activity related to http://59.97.251.14:56323/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.14:56323/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.164:44277/Mozi.a id: auto-df1c22727c5e5e7d7dbf71ce94af9546f34889c39efaecc4394f57fbc23c8c78 status: experimental description: Detects traffic or activity related to http://59.97.177.164:44277/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.164:44277/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.119:59576/Mozi.m id: auto-9ba3ed459c1fec1a77128a43ea6bf113595479583981a5a12b5f907f79f434ce status: experimental description: Detects traffic or activity related to http://59.97.182.119:59576/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.119:59576/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.222:40805/Mozi.a id: auto-7a2e005090ec11da16c95e48267ff995791623561c2baa0d327d3f9fb7261c98 status: experimental description: Detects traffic or activity related to http://59.97.179.222:40805/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.222:40805/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.222:40805/i id: auto-2b660fc01ed31d7961369fa4b6ecde89ba9ee551b10048dbc80ae6dbef804437 status: experimental description: Detects traffic or activity related to http://59.97.179.222:40805/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.222:40805/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.124:44739/.i id: auto-a1a4885cc53be9848b303a339ae04f3557f09b54257c11d76a1cae2ceb045377 status: experimental description: Detects traffic or activity related to http://59.97.179.124:44739/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.124:44739/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.249.181:51913/Mozi.a id: auto-03c9ace5373f854f8d35d44e7a3d151671323d65f44cf4c753a914914062d9c1 status: experimental description: Detects traffic or activity related to http://59.97.249.181:51913/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.249.181:51913/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.136:49792/i id: auto-158642d12834a32f0ac0724b3da3f51e19f6836ca0cd89597e515659d3fd49f1 status: experimental description: Detects traffic or activity related to http://59.97.254.136:49792/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.136:49792/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.202:34785/.i id: auto-741c7f3137c2592131205d1db7f1575d4f0fbf8492249028b4b97dd98cae46d1 status: experimental description: Detects traffic or activity related to http://59.97.183.202:34785/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.202:34785/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.202:45489/bin.sh id: auto-946fefeced0161d2635fe7471cdbe3f01814fefe0fb1e84da7941f77aae1440d status: experimental description: Detects traffic or activity related to http://59.97.176.202:45489/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.202:45489/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.192:45342/Mozi.a id: auto-66442cd9368201996879c39bdbede6bd2ff226f784648ca834a367cb30b25bf0 status: experimental description: Detects traffic or activity related to http://59.97.183.192:45342/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.192:45342/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.180.86:51954/i id: auto-752b73a82c0e78fe68bbc98180b332ff12685fa63c4479e92baa557b64ed10e6 status: experimental description: Detects traffic or activity related to http://59.97.180.86:51954/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.180.86:51954/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.124:44739/Mozi.a id: auto-9dd35403e57298071c61ef6e7c3007c1255b8323e289f46cbd97c30371dad310 status: experimental description: Detects traffic or activity related to http://59.97.179.124:44739/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.124:44739/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.52:55164/Mozi.a id: auto-2961d691ba7f5951229d5533315a4b61877df443088518527f4a9a8d7d368ebd status: experimental description: Detects traffic or activity related to http://59.97.253.52:55164/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.52:55164/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.124:44739/bin.sh id: auto-d4542d06f55a20094712a29422639791be604f8a51a3ad5ece81177716cf19cd status: experimental description: Detects traffic or activity related to http://59.97.179.124:44739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.124:44739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.195:54400/bin.sh id: auto-7c2c3c2a430144305753dcc626d271fd9228ce4e2eb3f0b9083f5784866b91df status: experimental description: Detects traffic or activity related to http://59.97.251.195:54400/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.195:54400/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.52:55164/bin.sh id: auto-b4af0f9a9e1462f99d770a490b56fca1c99b45f8847220491a7fec1b35bd4716 status: experimental description: Detects traffic or activity related to http://59.97.253.52:55164/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.52:55164/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.30:57498/bin.sh id: auto-2257c818ac672a0272878a2f9e9503a1b5282e9e84b9a39fd96e013614f9219f status: experimental description: Detects traffic or activity related to http://59.97.254.30:57498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.30:57498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.30:57498/Mozi.a id: auto-e3b826bd8310f831e7cd14c78923a4c64c24a085e8bbc475d563e47fd891faf8 status: experimental description: Detects traffic or activity related to http://59.97.254.30:57498/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.30:57498/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.195:54400/Mozi.a id: auto-695714c89b422267388327f7b642d6dab5bef94516f9f5e1125690f25c67329a status: experimental description: Detects traffic or activity related to http://59.97.251.195:54400/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.195:54400/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.247.179:49506/.i id: auto-9b47f3ebe8d57dbe39e634265330ab26d2e6ab829ddf068fcfa119f7ab3cb3cd status: experimental description: Detects traffic or activity related to http://59.97.247.179:49506/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.247.179:49506/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.179.124:44739/i id: auto-2f7747fc0ca3978a545aef19fe449b9b5f7c812829112d20ddbc65a9b148c7c8 status: experimental description: Detects traffic or activity related to http://59.97.179.124:44739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.179.124:44739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.0:58717/i id: auto-9bb0de5b4a2142dd3d1c6980641e474eceb2d6a326d2775c58def635611486cc status: experimental description: Detects traffic or activity related to http://59.97.250.0:58717/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.0:58717/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.195:54400/i id: auto-36f6da9ade66c0c7fad87ca74306ec14691ddd262103c5b6d91c632836228c56 status: experimental description: Detects traffic or activity related to http://59.97.251.195:54400/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.195:54400/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.205:46764/i id: auto-de8600565b30750636c2bbe18f3ecb83741eb5bb06a643c5b07e5ae51727d49a status: experimental description: Detects traffic or activity related to http://59.97.177.205:46764/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.205:46764/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.68:42703/.i id: auto-8bb70531a6e78efbe54545828f462980327b89e824aa7d5a40f8fd1342b58147 status: experimental description: Detects traffic or activity related to http://59.97.252.68:42703/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.68:42703/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.66:44672/.i id: auto-a2935cca2abc19d433e40432733b08bf150d055cd6a9dc98e6f7761a1b546e36 status: experimental description: Detects traffic or activity related to http://59.97.252.66:44672/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.66:44672/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.181.55:53043/i id: auto-dc5e1534711c4f6f1e1dbdb65208b663c8f4cdd527e7b014e18a7d97e5d9140d status: experimental description: Detects traffic or activity related to http://59.97.181.55:53043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.181.55:53043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.66:44672/i id: auto-ddb3e9d4b00b8e40e109f631c583e821bea739c45bb67a4c430bcb32e16d69cc status: experimental description: Detects traffic or activity related to http://59.97.252.66:44672/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.66:44672/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.158:59276/Mozi.m id: auto-7732c7742801baa9d34c840e4498d12063aef6ad7efb14bc3874804ca9a0925e status: experimental description: Detects traffic or activity related to http://59.97.250.158:59276/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.158:59276/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.0:58717/bin.sh id: auto-77fcbb187f217d3301ac13a131b10d65288611d498d0dfc982f4c6b94bc8fb44 status: experimental description: Detects traffic or activity related to http://59.97.250.0:58717/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.0:58717/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.192:45342/i id: auto-acbbac8c29c38397b79b0c79dc2b76ca7acea9805707c44efbc7587d8fc0d630 status: experimental description: Detects traffic or activity related to http://59.97.183.192:45342/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.192:45342/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.192:45342/.i id: auto-158e5e5e3a792826e80baf17add9f59e9c49ac32092bc7277297b922e554c121 status: experimental description: Detects traffic or activity related to http://59.97.183.192:45342/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.192:45342/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.205:46764/Mozi.a id: auto-1858005b4caee02f162205f9e00089df379fc21d161d680edf6132bd48391a2b status: experimental description: Detects traffic or activity related to http://59.97.177.205:46764/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.205:46764/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.178:34361/Mozi.a id: auto-b5844b10fb47c3a3df9e6eb37ceb6000acd4c1f67b5ec57e025042de91e99e25 status: experimental description: Detects traffic or activity related to http://59.97.254.178:34361/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.178:34361/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.192:45342/bin.sh id: auto-9f72a2c8be3706408f352558193e61c246edf87867da835218454be3c6d53892 status: experimental description: Detects traffic or activity related to http://59.97.183.192:45342/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.192:45342/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.252:37832/bin.sh id: auto-0a9d56ae0434d41dd0efa4976fdf043cbd186adae1a3704491b92aa45bd1c5e1 status: experimental description: Detects traffic or activity related to http://59.97.250.252:37832/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.252:37832/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.158:59276/Mozi.a id: auto-9e16008474a69446cc433a560ccd05c89b6cc37327a719fe5ea42b0d7ea2c66e status: experimental description: Detects traffic or activity related to http://59.97.250.158:59276/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.158:59276/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.202:45489/i id: auto-efad40083ce4adc7abe98c14eee0e82dafb4c7f88ef26d6528cd1c276d576441 status: experimental description: Detects traffic or activity related to http://59.97.176.202:45489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.202:45489/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.202:34785/Mozi.a id: auto-c1363a769d1ac31d3e00daba1c7d8fbe1061b849167d1b3406433bfc99a40336 status: experimental description: Detects traffic or activity related to http://59.97.183.202:34785/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.202:34785/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.202:45489/.i id: auto-c707573f0e8d3b5ede84303f54afc3621e2a764d46452ab7cf7d873ff448c5a6 status: experimental description: Detects traffic or activity related to http://59.97.176.202:45489/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.202:45489/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.202:34785/Mozi.m id: auto-d3a868dfee20224a7fb8dc6a31071aa87c2404ed6286ff1801b19aeca3375f20 status: experimental description: Detects traffic or activity related to http://59.97.183.202:34785/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.202:34785/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.202:45489/Mozi.a id: auto-ace84c71a40bbd99b863f5c820cdea81a475295a0d2251f985909de4ce6a1aba status: experimental description: Detects traffic or activity related to http://59.97.176.202:45489/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.202:45489/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.122:59099/i id: auto-246806941a2ccdc3e9394bca2050e34e3d302d9c6f2035f845423d1d92bc1ecd status: experimental description: Detects traffic or activity related to http://59.97.178.122:59099/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.122:59099/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.148:39564/Mozi.a id: auto-a4ca6b3e2e9de0060ccb6932e5eba74cf878720aa1dbf9c1b2dd84586a1ff14e status: experimental description: Detects traffic or activity related to http://59.97.178.148:39564/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.148:39564/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.52:55164/Mozi.m id: auto-2a2d6936c90ebbfe7cc3193d4dfe69ae50c487641bd8b3d1e944aa1bd4c95aef status: experimental description: Detects traffic or activity related to http://59.97.253.52:55164/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.52:55164/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.53:43252/bin.sh id: auto-3485630ad15d66003bed9f43328a5a43c0eafded2e69e91c6be9b827befff82f status: experimental description: Detects traffic or activity related to http://59.97.177.53:43252/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.53:43252/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.14:56323/i id: auto-6598963a50cf6f897062b912924d9bda039c36a66ee0f18ec286160676b9195b status: experimental description: Detects traffic or activity related to http://59.97.251.14:56323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.14:56323/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.14:56323/Mozi.a id: auto-8b6bcaf2dd15402dc90fc5a135e46207bde540f6be1dcbcfbbbbcd7297a97069 status: experimental description: Detects traffic or activity related to http://59.97.251.14:56323/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.14:56323/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.181.55:53043/.i id: auto-b9709eeb3d72b28a50d8c952df993b61858712632f17f1df8ea378a6e2cb647e status: experimental description: Detects traffic or activity related to http://59.97.181.55:53043/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.181.55:53043/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.205:46764/bin.sh id: auto-1084da68e129dcede9e7f21402632975d20fd7307c93652067efa1114d79267e status: experimental description: Detects traffic or activity related to http://59.97.177.205:46764/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.205:46764/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.136:49792/bin.sh id: auto-f8721956f0f0bb15e73ed34a3148983433c5635265d191f990a73fbb2e7b51fc status: experimental description: Detects traffic or activity related to http://59.97.254.136:49792/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.136:49792/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.180.86:51954/.i id: auto-3ae516e399998f72e39d71145f5d18da87af79e639b8da30a3d26b9e8aa6b592 status: experimental description: Detects traffic or activity related to http://59.97.180.86:51954/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.180.86:51954/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.249.181:51913/Mozi.m id: auto-77baa8b954f562110f8e226258485443adba96b81a085d441740c02e96b3eaa2 status: experimental description: Detects traffic or activity related to http://59.97.249.181:51913/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.249.181:51913/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.249.181:51913/.i id: auto-f552ba8d86ea0ebbb1110368d2ed928d0ca753144223882646aca3b8994c4a29 status: experimental description: Detects traffic or activity related to http://59.97.249.181:51913/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.249.181:51913/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.205:46764/.i id: auto-2601275ef49df6187e0b2f9c4f2c76f32c1bf1cb6f84a0ffdf2b99209f034181 status: experimental description: Detects traffic or activity related to http://59.97.177.205:46764/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.205:46764/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.177.205:46764/Mozi.m id: auto-5023ed2f17ebe82b8c57284ef2e2381a28bec18fb7df95eef3c427c2215cae8a status: experimental description: Detects traffic or activity related to http://59.97.177.205:46764/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.177.205:46764/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.68:42703/Mozi.m id: auto-329963404821f0b8024c34ad4b9a5de71eb812e8fcf7ff4c83d6af066fd85972 status: experimental description: Detects traffic or activity related to http://59.97.252.68:42703/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.68:42703/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.180.86:51954/Mozi.a id: auto-85ac18c4c134179a7e64acc51c778bd5da1712dc0c7376101e55414bd4039feb status: experimental description: Detects traffic or activity related to http://59.97.180.86:51954/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.180.86:51954/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.66:44672/Mozi.a id: auto-b20c584f5e09430b80140ce62ed5ed9484892913b1a0e65852aed4bdc4a3c9cc status: experimental description: Detects traffic or activity related to http://59.97.252.66:44672/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.66:44672/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.154.241:47166/bin.sh id: auto-9233ff9123de5505069806ceaa3dc0c6a87dd1f9c5987c8c6e373fd2532f3993 status: experimental description: Detects traffic or activity related to http://112.248.154.241:47166/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.154.241:47166/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.194.254:50524/i id: auto-148183c2acf47dd876ecee757040c5dc30ef76fe05494154928e5e0911e9c255 status: experimental description: Detects traffic or activity related to http://221.15.194.254:50524/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.194.254:50524/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.224.91:55681/i id: auto-8335bc6fe57436c580731c7dbe62293fa819caead850f2942dbb9a52da76c021 status: experimental description: Detects traffic or activity related to http://222.138.224.91:55681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.224.91:55681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.156.183.72:50338/bin.sh id: auto-7ca29a25afd2841337d66bcbae371378af4bda16f34f7e9bc31aaadb4c798ed9 status: experimental description: Detects traffic or activity related to http://24.156.183.72:50338/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.156.183.72:50338/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.194.254:50524/bin.sh id: auto-0b36a0d5fd8aeeaedca48ced3eb2a2029d64f026004fa41152f49deb46ad25da status: experimental description: Detects traffic or activity related to http://221.15.194.254:50524/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.194.254:50524/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:57106/bin.sh id: auto-13c53153f109218036105e291c4d69c7d37c49cb6f07e43707e9dc653451f740 status: experimental description: Detects traffic or activity related to http://110.37.101.252:57106/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:57106/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.135.145:53293/bin.sh id: auto-a349266ca9804f3aabffc0704ae58a05e5d08b4c41b8d0754f26fbdd376b9989 status: experimental description: Detects traffic or activity related to http://115.62.135.145:53293/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.135.145:53293/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.56.224:43011/bin.sh id: auto-17e827287931dd41e3a07148c19e1ee04fb83afb347b6d06d8a5360b90f6dc8a status: experimental description: Detects traffic or activity related to http://182.119.56.224:43011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.56.224:43011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.103.86:56402/bin.sh id: auto-8c7f210ce4fc8e69168c78d31bbc1cf9b839fd73fb5e02d8ffed4d572775c5ed status: experimental description: Detects traffic or activity related to http://182.112.103.86:56402/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.103.86:56402/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.155:50333/Mozi.m id: auto-9b1ad26049b80d90f0a437c906f4f37d5c2cbf592845eb09ff0edd0223f2947b status: experimental description: Detects traffic or activity related to http://59.97.176.155:50333/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.155:50333/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.42:50922/Mozi.m id: auto-ccab6f1bb3d6ec0dedec2796b4b119e1a27745e6d4e42c6f6315b3add71a566c status: experimental description: Detects traffic or activity related to http://59.97.182.42:50922/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.42:50922/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.138:56937/.i id: auto-142d6b7c5ad9c214c0f16bbad6b7dd0898d2ebaec9a9e1f923267e7820f25308 status: experimental description: Detects traffic or activity related to http://59.97.178.138:56937/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.138:56937/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.22:45429/bin.sh id: auto-7b2ab48623948224745ec393e32240fc5fdbd3cc8c197a6648e5e83867e5c06f status: experimental description: Detects traffic or activity related to http://59.97.254.22:45429/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.22:45429/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.157:46012/Mozi.m id: auto-be481b7fd30dd4b1c2f9a27765661c8ee84e69632e6a361fea0ab164aa614f10 status: experimental description: Detects traffic or activity related to http://59.97.252.157:46012/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.157:46012/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.191:49917/bin.sh id: auto-e322c042fceab8a63afcb025f0e849847cdd97fec68d84b3e8ad2937fedbd40c status: experimental description: Detects traffic or activity related to http://59.97.251.191:49917/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.191:49917/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.157:46012/.i id: auto-523ddf4c15dec5b4f92167e553a267a697c3a92eb1574642d45f621383aa23c9 status: experimental description: Detects traffic or activity related to http://59.97.252.157:46012/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.157:46012/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.138:56937/bin.sh id: auto-52134872d6617a9fa542ba0699ebc81284b66d802bef1a22e6751ba705326f06 status: experimental description: Detects traffic or activity related to http://59.97.178.138:56937/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.138:56937/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.138:56937/i id: auto-9f04ed4fff2ca14cbb0330727fb6beffb5726ea9bef6a8c0ba3af56122027d90 status: experimental description: Detects traffic or activity related to http://59.97.178.138:56937/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.138:56937/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.85:49432/Mozi.a id: auto-f1547764ec168d4b6a2d1061c33620a3d6be92d14c276005bbce8830c79f71cb status: experimental description: Detects traffic or activity related to http://59.97.178.85:49432/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.85:49432/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.42:50922/.i id: auto-2a4240fe82b9d4fdb023bda2a910bf9785bc294aaa1677c9e5ef8ff702f1b964 status: experimental description: Detects traffic or activity related to http://59.97.182.42:50922/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.42:50922/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.155:50333/i id: auto-68a286f76b05c84686c04ba5c02806e7457dec949dc6a1cfdde1f646c822e4be status: experimental description: Detects traffic or activity related to http://59.97.176.155:50333/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.155:50333/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.50:48692/Mozi.m id: auto-13c360428d43174589afdc1f18be9a3e3ad79ea1cdd0d32926f7f9b930a48933 status: experimental description: Detects traffic or activity related to http://59.97.253.50:48692/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.50:48692/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.226:38108/Mozi.a id: auto-4d64db3aeb34590db1738e53e9586c55e8086136ca4b327bdd41e4fdb870f6dc status: experimental description: Detects traffic or activity related to http://59.97.254.226:38108/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.226:38108/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.22:45429/Mozi.a id: auto-49e0780ae5a8b63d6f4cd54eb6b4498d9036953da4e6f0688485219bf1254fbf status: experimental description: Detects traffic or activity related to http://59.97.254.22:45429/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.22:45429/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.4:57851/Mozi.m id: auto-e55ce5e1fb8be38d4a5bc852b6aace0e298c1914fa7bf06f58b529b3e4882e47 status: experimental description: Detects traffic or activity related to http://59.97.182.4:57851/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.4:57851/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.155:50333/Mozi.a id: auto-672b793532567adb7b0ecf3cd600663711522c98e9d4d65184ca9484ea06b197 status: experimental description: Detects traffic or activity related to http://59.97.176.155:50333/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.155:50333/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.184:43416/Mozi.a id: auto-f9c644279c6278c7965325a969a5bea0504a53bbfbba7c1a5940f383b95ebffc status: experimental description: Detects traffic or activity related to http://59.97.178.184:43416/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.184:43416/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.255:36979/bin.sh id: auto-aec344ecc3ed1f5b00f04a4699c90822501f08879d6160a0d1a0af93fec927e0 status: experimental description: Detects traffic or activity related to http://59.97.250.255:36979/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.255:36979/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.226:38108/.i id: auto-16cd44cbed193deee6a6b822f1756be0230a2270f13cd97a12959df3b79766af status: experimental description: Detects traffic or activity related to http://59.97.254.226:38108/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.226:38108/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.255:36979/Mozi.m id: auto-b49ddfcc955f9deba72fbddb04d7ecc608dfc36ca9437b4c444f3e3dbb0c1c07 status: experimental description: Detects traffic or activity related to http://59.97.250.255:36979/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.255:36979/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.155:50333/.i id: auto-a6bfefcf518502491e183d9cbcf25a27554a99cc2f79b5ec319ae9422981d7e0 status: experimental description: Detects traffic or activity related to http://59.97.176.155:50333/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.155:50333/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.191:49917/.i id: auto-9a2dee6443a28345c17dd35ea09609d8ce98ed68ae1d762f6a25d323b3111b1a status: experimental description: Detects traffic or activity related to http://59.97.251.191:49917/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.191:49917/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.235:35379/.i id: auto-f1c0024c06fa84b51b38d3656b7a8062e34b2159213bdd430f4e3ce2f8e302ee status: experimental description: Detects traffic or activity related to http://59.97.176.235:35379/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.235:35379/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.191:49917/Mozi.a id: auto-53e214c7129f822edfdf0583b91f8a7df7cb5ad4e32dc9da2a6c336478da86e1 status: experimental description: Detects traffic or activity related to http://59.97.251.191:49917/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.191:49917/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.85:49432/Mozi.m id: auto-dad88214c2e9e96229a3731db32ae72828e190d5bdb0bb1a54b38f8d542bb7bf status: experimental description: Detects traffic or activity related to http://59.97.178.85:49432/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.85:49432/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.42:50922/bin.sh id: auto-83a4990d0d29e8cbe74ad3b488bc868fa4e8eb04299d14f18b1228281dc31e95 status: experimental description: Detects traffic or activity related to http://59.97.182.42:50922/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.42:50922/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.138:56937/Mozi.m id: auto-887ce52ce61d8e6421dc8e2fde39b272d08cfe16e5518088bd29d9ce2405a05e status: experimental description: Detects traffic or activity related to http://59.97.178.138:56937/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.138:56937/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.42:50922/i id: auto-629bd0990010afa7a08d0e248166cb833e984e37b5fdbdb5a5d19a69df930110 status: experimental description: Detects traffic or activity related to http://59.97.182.42:50922/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.42:50922/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.184:43416/i id: auto-70e5a18f80427ba357437d9bb2664660413b77a0ca5f6f39cb40ebb6a9b480ba status: experimental description: Detects traffic or activity related to http://59.97.178.184:43416/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.184:43416/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.255:36979/i id: auto-d7b761b45c04ce74237f2ae012039dff7933d3d5d3e2839e953bbadb8121a095 status: experimental description: Detects traffic or activity related to http://59.97.250.255:36979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.255:36979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.50:48692/bin.sh id: auto-1c55278871f0db808d8bc3616c45346286cb97317ec74fcc8c8cecba4ad043dd status: experimental description: Detects traffic or activity related to http://59.97.253.50:48692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.50:48692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.255:36979/Mozi.a id: auto-744947aea7cceaba297baf7dabec50ee35f74626dd6c4399c873cc7d68564e5c status: experimental description: Detects traffic or activity related to http://59.97.250.255:36979/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.255:36979/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.184:43416/Mozi.m id: auto-dc9dae63b8f8ad15d7b6120e76448b1e6c89f518adc71635aa8e444b22cabe06 status: experimental description: Detects traffic or activity related to http://59.97.178.184:43416/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.184:43416/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.50:48692/.i id: auto-b55728dddeef39b4789b5a080614e7bf138a4caf9dcc6695726962baed0a2af9 status: experimental description: Detects traffic or activity related to http://59.97.253.50:48692/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.50:48692/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.226:38108/i id: auto-6cde1169854bba62403bc86f7c74486d30b3eefcdfac9f83df8cb595f0057547 status: experimental description: Detects traffic or activity related to http://59.97.254.226:38108/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.226:38108/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.85:49432/bin.sh id: auto-289c4834c23d393cd77018a45a8e4c36f25134e1c9be2708d385993ad24cfff8 status: experimental description: Detects traffic or activity related to http://59.97.178.85:49432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.85:49432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.85:49432/.i id: auto-737ed6f5890b87895cd4798739386edc17b847ac2fecd78abcf0095618908679 status: experimental description: Detects traffic or activity related to http://59.97.178.85:49432/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.85:49432/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.42:50922/Mozi.a id: auto-713af164eebffa03b5130cda591d05091ce62bc35cdd1303fffb828a739a803e status: experimental description: Detects traffic or activity related to http://59.97.182.42:50922/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.42:50922/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.226:38108/Mozi.m id: auto-b43efbed441089c39b26071848840d423f75c5f8327f497961beedae42576d67 status: experimental description: Detects traffic or activity related to http://59.97.254.226:38108/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.226:38108/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.235:35379/Mozi.m id: auto-3599fba5f1c0a8b044c9931dbd9bd7ed69279bbb3f911e19b0fcd68be97b318d status: experimental description: Detects traffic or activity related to http://59.97.176.235:35379/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.235:35379/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/munidowl727-jpg/aa/raw/refs/heads/main/Chrome.apk id: auto-832cbb7a8f6ea9ed116cb5797dae99544bfdd4e1870234addbcbe9e86be5e51c status: experimental description: Detects traffic or activity related to https://github.com/munidowl727-jpg/aa/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/munidowl727-jpg/aa/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.50:48692/Mozi.a id: auto-c1b028202303186ffbef7417a20a97f2b718d67bcb317f6037b5278f03998041 status: experimental description: Detects traffic or activity related to http://59.97.253.50:48692/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.50:48692/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.191:49917/i id: auto-2206f6dfc87b5cc1cc14347e6c2264eb1ede01ff101b8ff7c6deaaa406dbd0ac status: experimental description: Detects traffic or activity related to http://59.97.251.191:49917/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.191:49917/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.50:48692/i id: auto-0e9df871f5436bfc0a6b5ef42233e2334df99a1ee35f688b747d43d197ec15bd status: experimental description: Detects traffic or activity related to http://59.97.253.50:48692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.50:48692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.138:56937/Mozi.a id: auto-f25bacbd03f9bcf49391eaabafca72bc6a8b4619bc1d517573d2c32f1fe3dee8 status: experimental description: Detects traffic or activity related to http://59.97.178.138:56937/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.138:56937/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.85:49432/i id: auto-081e6184ccbebe4c97510fc80fdbe4060094ff48e56c28187da4637908956efd status: experimental description: Detects traffic or activity related to http://59.97.178.85:49432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.85:49432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.4:57851/Mozi.a id: auto-0ba0caf7ff1c5eda93ea089c0d2c76fb1f6e85ae6330d7761e54371ba1e5bd27 status: experimental description: Detects traffic or activity related to http://59.97.182.4:57851/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.4:57851/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.235:35379/Mozi.a id: auto-45ee6f95e2fb904f60d4150752d09d54dca61e5e77ca9fd7019ad888adfe19ff status: experimental description: Detects traffic or activity related to http://59.97.176.235:35379/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.235:35379/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.235:35379/i id: auto-49edbadb79495c34a5612c0c48f9542a5a129513ced38a6a32ce4452f77f33d6 status: experimental description: Detects traffic or activity related to http://59.97.176.235:35379/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.235:35379/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.184:43416/bin.sh id: auto-1a35593b8a6388a96ead1bc13d4d56f31b4af052b9f3a0dad92f228291515d90 status: experimental description: Detects traffic or activity related to http://59.97.178.184:43416/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.184:43416/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.4:57851/.i id: auto-fdcb1d115135eecfdf83bf9048bf4fa2ab19800c51a9339d6cb18ade007e37c2 status: experimental description: Detects traffic or activity related to http://59.97.182.4:57851/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.4:57851/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.184:43416/.i id: auto-b14b8816d29aae55e6fef1a7529a6e508631aa3a456ad5a041ce0a70f8c2e2f0 status: experimental description: Detects traffic or activity related to http://59.97.178.184:43416/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.184:43416/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.4:57851/bin.sh id: auto-ae33cd03f36ef196ebe2a7b43390d0f022b2fa5f671d99bb35b6ecf5ca1adb9d status: experimental description: Detects traffic or activity related to http://59.97.182.4:57851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.4:57851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.191:49917/Mozi.m id: auto-9db4c0b424f52ca9e54773d05bd1f9814023fb070c52c485a10b87aa573ffadf status: experimental description: Detects traffic or activity related to http://59.97.251.191:49917/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.191:49917/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.235:35379/bin.sh id: auto-94584f32638ae2cdd500478b256bb9ad17d77a406c73ebe4ef32a31aa8afcb41 status: experimental description: Detects traffic or activity related to http://59.97.176.235:35379/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.235:35379/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.255:36979/.i id: auto-2db18e7d4752231d4c91c76fc082bcd54e2a11bd497d912976d60553e961e359 status: experimental description: Detects traffic or activity related to http://59.97.250.255:36979/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.255:36979/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.4:57851/i id: auto-dc242f00a7328a23e5d1beb9cb4a93e1608399baa4aa4c5b5ec2a50ef16c3ad8 status: experimental description: Detects traffic or activity related to http://59.97.182.4:57851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.4:57851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.22:45429/.i id: auto-7ebb534b443e4d60a1ea8193204de8fc8e88f5f6fb9e5c77d78a232753b067cf status: experimental description: Detects traffic or activity related to http://59.97.254.22:45429/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.22:45429/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.22:45429/Mozi.m id: auto-370adb032dbebb305dd87de08272e92a4aae94589086966cc6f656b978677d42 status: experimental description: Detects traffic or activity related to http://59.97.254.22:45429/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.22:45429/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.157:46012/i id: auto-6d9792f4f579deefa5729f41d2d42892d287fa8201084cc138e9c3509057d33f status: experimental description: Detects traffic or activity related to http://59.97.252.157:46012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.157:46012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.22:45429/i id: auto-52e55d17db2d51f6004242362dc9b28c8efeb70c23c1145221178128b016c833 status: experimental description: Detects traffic or activity related to http://59.97.254.22:45429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.22:45429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.157:46012/Mozi.a id: auto-c4da36abbbf8dd75bfe58fddb8676c02ac4825e7eb7dd46ea17e12819b014e99 status: experimental description: Detects traffic or activity related to http://59.97.252.157:46012/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.157:46012/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/alikacar2026-afk/Google--Chrome/raw/refs/heads/main/Chrome.apk id: auto-fabacb8b9d41d47399c7dd96ee608b8db831701c1982c91faffba8ba87a4b526 status: experimental description: Detects traffic or activity related to https://github.com/alikacar2026-afk/Google--Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/alikacar2026-afk/Google--Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/asaaya712-lgtm/png/raw/refs/heads/main/Chrome.apk id: auto-511c11da80aec5693659120bc74efaa26380f69dd653995d5949003aeee4564c status: experimental description: Detects traffic or activity related to https://github.com/asaaya712-lgtm/png/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/asaaya712-lgtm/png/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.243.106:41063/bin.sh id: auto-5e9c20cccba09c728a80ceb8de29b2442b640824227fabdfab43105e092efd16 status: experimental description: Detects traffic or activity related to http://182.118.243.106:41063/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.243.106:41063/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.210.206:57812/i id: auto-fc7707ef6f6479d91219df9a956f816905fe5099648668a93bcc473b7d124020 status: experimental description: Detects traffic or activity related to http://222.137.210.206:57812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.210.206:57812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.62.136:48961/i id: auto-5716519bea19cb64fbd51d1635e76d24d373b41d90946524b649d9d271fea6b2 status: experimental description: Detects traffic or activity related to http://115.50.62.136:48961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.62.136:48961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.228.64:59529/i id: auto-99ca75921d26ff060071bccfbcbd98aaf4b23bac3343e21c786fe09ccffec053 status: experimental description: Detects traffic or activity related to http://61.1.228.64:59529/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.228.64:59529/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.224.91:55681/bin.sh id: auto-3181ccc8e6ddcf9e3a687ee725b4ba471e22fdd31224f245d778897c30a48233 status: experimental description: Detects traffic or activity related to http://222.138.224.91:55681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.224.91:55681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://upaste.me/r/2e0f59776ad8d22d3 id: auto-bc15d67b7905d3a7969a963c5dc3e90cbb93788760558baa32eb605114960913 status: experimental description: Detects traffic or activity related to https://upaste.me/r/2e0f59776ad8d22d3 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://upaste.me/r/2e0f59776ad8d22d3*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/mips id: auto-e246dff78f09ee58785afc46ba8ace96d0252b0b83725802a1a62760cd53f5f5 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/mipsel id: auto-c81c958014a7d46ab59dff18fefa61ac783c47818d79b1473a269774070d470f status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/parm7 id: auto-79d20618c1faf1047d99e65ab7f73d943148e7bdec01f12751e637ca94d402d8 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/powerpc id: auto-db23415bd10c82f338f236647b06d6005e6608c9d652168419ab52f3cbf0473d status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/mpsl id: auto-38e657e36cc2dc676175e35ace3a6844ed189dc5fab27c2029e8890edc2923b2 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/arm6 id: auto-a2d8bdc7fd582ba343e81b3b21df87da5f51fbec4e9a5ed074f59c0e2b53bde0 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/parm id: auto-fdb74a0572a00bdc973d2f7d899f3aba6d54e3dcbc7e8a4a15d193baf7ea1b55 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/arm5 id: auto-ec777e3ca6584991fea1791f31efdf21ffabeefb65af0acdecd78d0ce7696860 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.8:52278/i id: auto-3be50508473c8760d3361622841bdb7bb2a33d1a49f451c8ce6bfe104703546d status: experimental description: Detects traffic or activity related to http://117.209.85.8:52278/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.8:52278/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.93:44143/i id: auto-5d6e96586218eb9ab001a7fbd060adaa769235e46b85d44a242fb864f94e1a60 status: experimental description: Detects traffic or activity related to http://117.209.89.93:44143/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.93:44143/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.99:51175/bin.sh id: auto-4abc6f8ea916cb18a64bef820a15eb29deb15e65096fb202abb228bf220db475 status: experimental description: Detects traffic or activity related to http://117.209.29.99:51175/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.99:51175/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/arm id: auto-90665c0f8e32639ab0a91e7ba194c34e013e3bebad10d16cd1a1525a1ca425d2 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.39:58356/bin.sh id: auto-3b7955bbf38d652566b7ca6e1fb0d03d246d482c18595e289c8490bc1948426d status: experimental description: Detects traffic or activity related to http://117.209.94.39:58356/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.39:58356/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.177:50049/bin.sh id: auto-5ff5b66e69e875cfe55c37f6ae346a8a01f9fa9d04847a567d42063920d74822 status: experimental description: Detects traffic or activity related to http://59.96.143.177:50049/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.177:50049/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.173:59012/bin.sh id: auto-c102fcddf71393a72b40dea2b79f8961d2cb1262fde86f85c074d1dbc1d36b72 status: experimental description: Detects traffic or activity related to http://117.209.16.173:59012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.173:59012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.210:36673/i id: auto-9973888bc1981ade3381b5a4efd5f684db27294b83d79562c11aae07f28e3135 status: experimental description: Detects traffic or activity related to http://117.209.81.210:36673/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.210:36673/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/arm5 id: auto-d5fed35699547b87e77ff45f0e28dc0bdc077adda12d4f430ed0b7512bd2b876 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.199:49349/.i id: auto-7d27fb442fbb95c7499c0912c3b0eb04c890e0e245c25de30ac723e5386fecfc status: experimental description: Detects traffic or activity related to http://117.209.12.199:49349/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.199:49349/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.171:58110/bin.sh id: auto-2db2a0fabfaf945b858fb0fd283755a710a4122aaea4d9b4b9d73cf2bec45c06 status: experimental description: Detects traffic or activity related to http://117.209.86.171:58110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.171:58110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/arm6 id: auto-57119449686aaae50b9fca332ed28d23fda06510652141405efa193bb785cd29 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.55:54489/i id: auto-138615ca3d38277cd3a8579ce33b376fa272a327819c29d88106b57efead43ab status: experimental description: Detects traffic or activity related to http://117.209.20.55:54489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.55:54489/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.141:53571/bin.sh id: auto-e520f9dacd1202c0193bb591f3608db59185b258fed8d8f854b69f6662c9e146 status: experimental description: Detects traffic or activity related to http://117.209.18.141:53571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.141:53571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.167:47105/i id: auto-eaa8806545d950801563e0fd7f85aa15439caa56b9a0323ec6df1299146ca15e status: experimental description: Detects traffic or activity related to http://117.209.2.167:47105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.167:47105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.112.42:54912/bin.sh id: auto-16eee6726093c0b0083555e20ac0806f0fc2931d4496f891e8f5b895b44490d8 status: experimental description: Detects traffic or activity related to http://117.209.112.42:54912/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.112.42:54912/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/arc id: auto-5e14c3fcbb6df3998d8d95a154cfb3a165d440185988106e53053a2140b22a23 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.125.211:43792/mips id: auto-cc179ad8b8733177272a334461c266f06a5c31e1319e5e48d4d3ac5c576101d9 status: experimental description: Detects traffic or activity related to http://117.209.125.211:43792/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.125.211:43792/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/main_mips id: auto-a7116859f3bfb6b1975ff41daef18f5959970af209979d76fd1cf23cef7d4c06 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.162:55223/i id: auto-aea304af07c88f1eba1a7fde5f3a07baa3fcc8b9a5afe8d4b39ef3d88be20b6d status: experimental description: Detects traffic or activity related to http://117.209.6.162:55223/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.162:55223/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.234:43187/bin.sh id: auto-23fccf57603f95693ce8fc0d8d44d37f688c1944f7a7862b76325b265f2f1aa3 status: experimental description: Detects traffic or activity related to http://117.209.95.234:43187/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.234:43187/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.45:35812/i id: auto-accb3b4e5db5d645e865e231bdf1095d0bbf2662447cb98a9dc5c222acda7be3 status: experimental description: Detects traffic or activity related to http://117.209.92.45:35812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.45:35812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.69:46896/i id: auto-8e8887237563ca10d0419ae070a7e36c0a379ddd353d55f90f11310aad57f9c3 status: experimental description: Detects traffic or activity related to http://117.209.93.69:46896/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.69:46896/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.38:46687/i id: auto-3dcdbb516e9df935a9ada6b07d059711aff022d913ef526400e70e57d9cd9cf4 status: experimental description: Detects traffic or activity related to http://117.209.94.38:46687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.38:46687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.79:46938/.i id: auto-dcd88b28db0413b8618fcfd3f34ce77248d543eebf72717a01e99ab8be9e1167 status: experimental description: Detects traffic or activity related to http://117.209.14.79:46938/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.79:46938/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.56:51876/bin.sh id: auto-4c9a2b1730737bf4e5b1a486b5bf790b94baf4548b3e80887d02b3937d3f8fb3 status: experimental description: Detects traffic or activity related to http://59.97.178.56:51876/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.56:51876/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.5.14:59236/bin.sh id: auto-e57707214fa1665c266ca76d4f22ff39f897a22e938b24e9b7624ec00e49ad4e status: experimental description: Detects traffic or activity related to http://117.209.5.14:59236/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.5.14:59236/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.167:34640/i id: auto-aaea94b8d18ae2b9e2d34740d229a39d5f473add6343c8585d20bf708fc038cf status: experimental description: Detects traffic or activity related to http://117.209.86.167:34640/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.167:34640/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.226:44116/i id: auto-0a8f673edf0d2b0d8eca24028de8fa8f1bd6591e502138741c3de47f7ff15333 status: experimental description: Detects traffic or activity related to http://117.209.8.226:44116/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.226:44116/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.89:53526/bin.sh id: auto-7eb9cd3f179d70863dddbeac8b1dd6914be61a1f458bd42943a677f5b243e7e7 status: experimental description: Detects traffic or activity related to http://117.209.21.89:53526/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.89:53526/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/x86 id: auto-472ded267fa3b28a8ff7df3bd6bbb05f06f7fe3a2192dc99356f80758b24f3fc status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.201:51507/bin.sh id: auto-7488bff0d4e0f340b5d804a084138dfecad9ff0ee17631332ed9d51c7f930a5e status: experimental description: Detects traffic or activity related to http://117.209.12.201:51507/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.201:51507/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.170:58674/bin.sh id: auto-b23790cd2a650c6fda8e506c2632b27659eb4c09f01b4299b7c5f0790ed35e0d status: experimental description: Detects traffic or activity related to http://117.209.88.170:58674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.170:58674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.142:33389/i id: auto-99189c723cd314ab493af237133f80e93b25ae6cb59f7f44c8dc63067d8cd9d7 status: experimental description: Detects traffic or activity related to http://117.209.82.142:33389/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.142:33389/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/aarch64 id: auto-c53143f1cd20f67969ef91427b3107419da8562a18d1b9ada8f4db7ba697a356 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/shell.sh id: auto-9a34b6d153c86da11c3fa86f911579288b348b267ecf5a1302a57d01a2ff616c status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/shell.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/shell.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.79:46938/i id: auto-e13cb283e2d48c6556ed87f8d2d5a6bf16b96d7a7cfa8d9f9b8c87df39ef4837 status: experimental description: Detects traffic or activity related to http://117.209.14.79:46938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.79:46938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.62:41318/i id: auto-f1eb449dd9858a251654791ef7e0730d887d9b647bffcf5386355023f2e20f1c status: experimental description: Detects traffic or activity related to http://117.209.91.62:41318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.62:41318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/arm5 id: auto-4008b2c20e08acc601010e688f36818233ce109a3b599bdd590c6cbbd7c6f996 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.134:53865/bin.sh id: auto-0109dc053e99133b98e8fcc10d2819adb614e17d890aae999b8304396027f88b status: experimental description: Detects traffic or activity related to http://117.209.92.134:53865/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.134:53865/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.211:33561/bin.sh id: auto-69ff58cb224d9223cf2bfbd2f2739411b17ec55bb40b7614e7add5e0c3f38d74 status: experimental description: Detects traffic or activity related to http://117.209.12.211:33561/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.211:33561/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.199:46756/i id: auto-73d51246071cd2c47a14bfe01b1778ba68e5b5c9357f83a2929bf1b8939386af status: experimental description: Detects traffic or activity related to http://117.209.26.199:46756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.199:46756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/sh4 id: auto-56c7b7a814c6c93b51913b22d78238301f6e987587d46df8b6dd42882ad0617e status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.141:53571/i id: auto-78ce55f73acab19bd3d27a8c30c3dbbb7b110d6a2f7c23c9b303fbe36850292b status: experimental description: Detects traffic or activity related to http://117.209.18.141:53571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.141:53571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.58:34043/i id: auto-f796507c8671aac27454d53d02e3edfbcb4cb506731aea2440f52268159cdc8d status: experimental description: Detects traffic or activity related to http://117.209.95.58:34043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.58:34043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.177:53098/bin.sh id: auto-b490c37ff7bba5dfa0060430bad836b3c5ff9f358d10cf8877178c8daee36922 status: experimental description: Detects traffic or activity related to http://117.209.114.177:53098/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.177:53098/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/loader.sh id: auto-12e84f408642f7386222ab025aa61d77ea393534d0b4c736835079e82aa66d83 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/loader.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/loader.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/arm id: auto-778e608c4159d5881e126738a3b872c5607ad79565db1f47f5a2940d5875b737 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.90:46579/i id: auto-2e6ed310d1b068b24a222af8ffc505b5b559b257bb2604ca13dff3db7e2ec364 status: experimental description: Detects traffic or activity related to http://117.209.92.90:46579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.90:46579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/Mozi.a id: auto-a9c90d5d140f2a0bcd58e2ec728b6355ce9e3f3fe2d97107f8624980706547bc status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/wget.sh id: auto-73580fec18b6cec855217d3b4c3460da0115b4b99138ba1ac35a663689fbe031 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/ppc id: auto-915902eb2ffae25ee026e33174a24b28a014d8f979ca261a7c340d36d927ea12 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.171:44104/i id: auto-cdafd9dfd3cdb32ac313904c8ceebb2a6569c26c8991c51de3ecee9f990b7bdf status: experimental description: Detects traffic or activity related to http://117.209.81.171:44104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.171:44104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/armv7l id: auto-49c4914c64e0684aeb0332e3c7e691eb25981791162225b64f9a075a0f7d3259 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/spc id: auto-f60dc6d06c5ceee1b16b26d88b67b3cd717b6d03c4ee871c9ca7dd1cbb361482 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.205:53458/bin.sh id: auto-e6c7c6dd8ff19891df1a9bcdcb1d077e3d15960b53b59d66ca52c8a93c1e339f status: experimental description: Detects traffic or activity related to http://59.96.137.205:53458/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.205:53458/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.58:34043/bin.sh id: auto-87ddcf92ed345d682bc2c63fc410ca1389d5636da5f77257336d753145fe6022 status: experimental description: Detects traffic or activity related to http://117.209.95.58:34043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.58:34043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/mipsel id: auto-855cf6d7d73cc2416f639de4cc99eba540e33f7926aab881c77a43362a8866a2 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.199:49349/i id: auto-f78752ad2f59f2ad7e69c029ea5299ae3bc3a9bdffb74b059c038ad313114505 status: experimental description: Detects traffic or activity related to http://117.209.12.199:49349/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.199:49349/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.201:51507/i id: auto-0f8150778ae6f8b2138fba5a2f71cba61eaa5c37250b23b2341393bec529ee99 status: experimental description: Detects traffic or activity related to http://117.209.12.201:51507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.201:51507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/mipsel id: auto-7e81d14be33b0abc2a4811542a5bcecdd75aaa25433869b538dfca9844b7111c status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/pmips id: auto-706ef2395ac03aa8b5525d7ceb8551f62def9d50dda4815fa36dcd8f6129672b status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.111:43710/bin.sh id: auto-8af42b279d3ba13c165cd4e4d8d34f7cd0d9709cf64b0cc7233f85f0348737f0 status: experimental description: Detects traffic or activity related to http://117.209.21.111:43710/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.111:43710/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/psh4 id: auto-e65e6b3192cf32906b84857564d76b7001521b6406bb5f63cb5cabfa8187f874 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.170:58674/i id: auto-08f6d7456643e70f5fe128abe27ecb04a748c42a9c520bbe7640d5cc8bf17642 status: experimental description: Detects traffic or activity related to http://117.209.88.170:58674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.170:58674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.199:49349/bin.sh id: auto-b6651ddcbc0df566b7e33c88e3c7d9274d19b81e97c8ac3efdb6038e12ffe22c status: experimental description: Detects traffic or activity related to http://117.209.12.199:49349/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.199:49349/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/x86_64 id: auto-21545e00a395b744e2e9d97a2918d35232ab0b19d96ad1b82532fffb116dd8e8 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/arm7 id: auto-ec385b66e2f3dda13011bbcb2012ebd561c3e96f69b6407218d3fde893283763 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/Mozi.a id: auto-3ac98eb5d32d02c8472abb8e747e890ef736e6007b0d42c3674e8e6be1d36743 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/arm4 id: auto-5467a7ac91cabcf4cba525a50b64ffd3e053b3099d5f61c80881afd6060d86c3 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/w.sh id: auto-7efcd64339e3ee6ed7d81162a5573fe6f4a94968ed7efd7be7b1e3b49c48dd87 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.195:35387/i id: auto-e82b285fdc30b7576c1b847720afba2513e9532aa5f5a156b000c6a1bee30d46 status: experimental description: Detects traffic or activity related to http://117.209.20.195:35387/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.195:35387/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/i686 id: auto-bb0573fa457edfb39501fc45dafe8eb621c927b53ae863cc442a3aab064475e1 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/spc id: auto-0a6930c0ad5f9c13ba9882b90c45773e9ce589ab0f1ff5e074b0ff68af606fa4 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.244:54216/.i id: auto-265b51b9f75abd777bc7eb0ffb54c5025743e99b67fe2553c65acbf4ae1085d3 status: experimental description: Detects traffic or activity related to http://117.209.114.244:54216/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.244:54216/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.74:39849/i id: auto-cc9b4aaecf3a86ce634607c58fddb5de71cc827c80212fb89f20ab5eb6354743 status: experimental description: Detects traffic or activity related to http://117.209.91.74:39849/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.74:39849/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bot.mips id: auto-7c0e3f1d5973e47563f1627eca86313f97ceb181351dce2f88f3ec697f50f9e5 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/x86 id: auto-44febef7f007485a8d8fbbd761d8521ce7711d982b00c7f170886c0920867fba status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.148:54988/i id: auto-d1bf9ccff7ccef04dc2c9e4c40ffad72b6bddbdc70740dc553d2ba0a96840ce8 status: experimental description: Detects traffic or activity related to http://117.209.94.148:54988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.148:54988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.252:36623/i id: auto-fde661e2158b297122eba0e75559cd170d2cfc27561e85c5eb091d1aae2ecbb1 status: experimental description: Detects traffic or activity related to http://117.209.80.252:36623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.252:36623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/cat.sh id: auto-7e5a4f9361649e13c5fb295880840edc401d26284ac0315815ea1b946c102b15 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.205:51988/bin.sh id: auto-564c02429db129177dd5eae81a5f2a74691d51ce77c72bdc3484b622cdcc4f67 status: experimental description: Detects traffic or activity related to http://117.209.83.205:51988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.205:51988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/c.sh id: auto-3e2e97536bdfa98c4cab343bc7ed382ef7273c93e29aaa355dcc5451a592287d status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.69:46896/bin.sh id: auto-38d056bc690ba91b5d7f8e5c5b97204ad778e6a0ab71f3b2a9bb83439747e190 status: experimental description: Detects traffic or activity related to http://117.209.93.69:46896/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.69:46896/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/w.sh id: auto-23ecb607735d6cebd4a74170a7bf430089441417d227aa44d77720ea92a7f5c9 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.250:51714/i id: auto-6d5db0b955a980bbdcec9ffbe5128036f617674caaaff80553f08a96a29ba759 status: experimental description: Detects traffic or activity related to http://117.209.93.250:51714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.250:51714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/armv6l id: auto-522a9196c47ac19b6d4e316cd5dd68b33186a8b32a952625bd5b4277520f1927 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/mips id: auto-691645711e34921bcad3c0d8c469f4609250b88ecf1cbe7659e913e21463f2e7 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/main_mips id: auto-c128e912a5041a44b795f7879f4803a46fcafde71bdec30ed0cbdaf19982c51a status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.17:33145/i id: auto-3ab5366e728dd66cf586ca2bc39fa1ea732cf14fcec0e1ff19f3822558c018c5 status: experimental description: Detects traffic or activity related to http://117.209.91.17:33145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.17:33145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/pm68k id: auto-ff2116b632278b630d58c17510832144d86e3c9f18724f1489bbe14718a82076 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.141.245:40223/bin.sh id: auto-89cc7f3b85b055991a3075ac8771fc6f1f3acc89a706cdc6b731a61f7d7364a7 status: experimental description: Detects traffic or activity related to http://59.96.141.245:40223/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.141.245:40223/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.162:55223/bin.sh id: auto-12e448d660f0635fc938acfe40d5aecfb19f14267c991145b19d634ab726786a status: experimental description: Detects traffic or activity related to http://117.209.6.162:55223/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.162:55223/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/x86 id: auto-9b8ba545deac0f7b1ef980c7c3bfbc6a57e6679c2ea30af0e1ac59c23c180e78 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.216:55880/i id: auto-b18dce2685d7f2eda8076eb7f489f590313ac081e43a854c6cb23b1624f58efa status: experimental description: Detects traffic or activity related to http://117.209.85.216:55880/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.216:55880/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/ppc id: auto-05956a4912f3b1dc7c3d4a5cb60523b0c8467ce95ce681ab70de9c814eddd36e status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/arm6 id: auto-bce7a662cbbc4a3cce5626f6bac58f8d8eae796e1ac643ebae2bd34b5f29b5c8 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.140.216:53836/bin.sh id: auto-85482efde6f01dbfa349504e468cb4989bb2b5bf3adf4e42f36dcd0c14d34c61 status: experimental description: Detects traffic or activity related to http://59.96.140.216:53836/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.140.216:53836/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.8:52278/bin.sh id: auto-ccf029424bce4b8ebe370ba5299d789171d2f82870313f1c79358799eb3622a9 status: experimental description: Detects traffic or activity related to http://117.209.85.8:52278/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.8:52278/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.3:34501/.i id: auto-31ae1734ed7be93102ff4f768bcf209101de47e5d4ca355d15b9b6e2f5910350 status: experimental description: Detects traffic or activity related to http://117.209.13.3:34501/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.3:34501/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.45:35812/bin.sh id: auto-f8cc13f39052e45fb8dc26dc5d34d7a87935257839569b152b7da8caac83f307 status: experimental description: Detects traffic or activity related to http://117.209.92.45:35812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.45:35812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/sparc id: auto-27da55d9e00c0ed679029d360fdd0d46ac12b38d8831128a7af8b3badf4aae5b status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.215:40870/bin.sh id: auto-1477f3a65128309e805466ef14842b9b3bd4337ec20d04fd504dd1da339f4119 status: experimental description: Detects traffic or activity related to http://117.209.3.215:40870/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.215:40870/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.236:49803/bin.sh id: auto-a60e18d71775413aed493ad5bedff0ab21eb90d901d9eeadfa272868a8cbb769 status: experimental description: Detects traffic or activity related to http://117.209.83.236:49803/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.236:49803/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/px86 id: auto-96800501382140cdc6702670d4aaea21b27226284df1bfcef1a62bb541975184 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/psh4 id: auto-9636e664f1059e621a0b9cc664694f6819018ca8893a70948bcf84f59a1afdd1 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.218:40033/i id: auto-fb337e5c4fe8c064b50053c245a272d66d5ee8cbf9babdb42440fd39dc0474f6 status: experimental description: Detects traffic or activity related to http://117.209.3.218:40033/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.218:40033/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/wget.sh id: auto-94e42434ac6d6d23c286f244c4c51246661b6b09eb924e8e7b518c2c50414619 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.117.107:48371/Mozi.m id: auto-c81d618c554df8d9bc8723b55effec853c06c52024678ca04d7c282bb182478c status: experimental description: Detects traffic or activity related to http://117.209.117.107:48371/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.117.107:48371/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/sshd id: auto-0d14b6a9927aa66823b9e4152232c60ffb733ec382f24a8bc4a0375f9ee12220 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/sshd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.153:53811/i id: auto-6ca133c0958433494766ec020ca763d782e25b851a52d47a7ea3e02a8943797a status: experimental description: Detects traffic or activity related to http://117.209.86.153:53811/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.153:53811/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/powerpc id: auto-d669757363cb32d906278d80c85becd90c0880dc41d0bff42fd2b82c90b2f4f5 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.178.184:41398/bin.sh id: auto-dc53ca03e9e0752f5191e53941098713fca7653acd4d135afe2d64e5cbcec404 status: experimental description: Detects traffic or activity related to http://59.97.178.184:41398/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.178.184:41398/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.224:41765/bin.sh id: auto-fb9833189b9911421721351d9006b14a4cb872bdb18745e6e950dd06014cd640 status: experimental description: Detects traffic or activity related to http://117.209.3.224:41765/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.224:41765/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.37:33704/i id: auto-5f6e024b4cb79d5cd34793c728c6e4e99e2382b1dda27195aadbd03ea487ecaf status: experimental description: Detects traffic or activity related to http://117.209.28.37:33704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.37:33704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.60:44132/mips id: auto-f3e2430d9564246079e8e4da6958a23c7ac36d43c3b5007b024857cf692574f9 status: experimental description: Detects traffic or activity related to http://117.209.120.60:44132/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.60:44132/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/arc id: auto-da26b8e8b6e719090b9d5b214b790a23fb5b89733180f0e609b1d2f8227978c6 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.30:34042/.i id: auto-6316d2394a0b193b6f67165c5b8215ec1f6f872f9c556f35c253b437e7a641b4 status: experimental description: Detects traffic or activity related to http://117.209.115.30:34042/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.30:34042/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.137:59318/i id: auto-a8a2c2cf58cd774ac9fe012f283e52a8fc4ce6ff2e03684b4828b066d15ae61e status: experimental description: Detects traffic or activity related to http://117.209.86.137:59318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.137:59318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.173:59012/.i id: auto-9bcea2c14b5343e7af993bb1b0c812787144e847d8f0b76817c24bc25d25d08f status: experimental description: Detects traffic or activity related to http://117.209.16.173:59012/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.173:59012/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/i686 id: auto-9cd60d7d9df47e9f7d927090f78c0a8924c7635a11ceca7413406d41267a8366 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/main_x86 id: auto-08fafb220890f1d9fff27d1522b5e1e20108ad16e3ce912944a741b267d85317 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.245:47377/i id: auto-48c4854ea02ab0a7be3336049df9cdb42b5c9401b9d4cae2a3cd440cc3b5e72a status: experimental description: Detects traffic or activity related to http://117.209.21.245:47377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.245:47377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.16:41384/bin.sh id: auto-89d9aa546ff8b822924974f1403e4086e5a23ae7b5ad8b3b87f9abaf459af0bc status: experimental description: Detects traffic or activity related to http://117.209.93.16:41384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.16:41384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.146:47403/i id: auto-7b556344f331498c379df44f11eb74bf95208c097ff6e233f4ff3d11acb7cea2 status: experimental description: Detects traffic or activity related to http://117.209.19.146:47403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.146:47403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/main_arm id: auto-4a1cf3466169104fba4fd7c9a237ad5a115907af680c463f73c581b6f122368a status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/i686 id: auto-de6d4534d993c1b88c1b0c0970aec4ce8391bfde1ede50d72d4014a8e9ca5273 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.134:53865/i id: auto-75b1a0268e950ba5a1d36cc63e2cd88f3f50ae80cc40b5461f6d0bd175e4702c status: experimental description: Detects traffic or activity related to http://117.209.92.134:53865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.134:53865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/x86 id: auto-b9c18079565cca54b4198b3c33c0a72485296af480e8421fdedf0685fe054cd7 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.249:37966/bin.sh id: auto-01742491bf9e990a6d258bf17a95b539985101a8ac77cc329d0b36f103c77815 status: experimental description: Detects traffic or activity related to http://117.209.91.249:37966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.249:37966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.244:54216/i id: auto-29845d69a958450d8bfabd51810e24ba0bcbf6430b11f4822b31a7dca6438f59 status: experimental description: Detects traffic or activity related to http://117.209.114.244:54216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.244:54216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.81:42565/i id: auto-839031f26c71c19f442a157503bb2cb647f02d5b2972dd3a047a9d8375321ced status: experimental description: Detects traffic or activity related to http://117.209.89.81:42565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.81:42565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.244:54216/bin.sh id: auto-e0d4c3705b5b8447912cf66c99f7efdf57c35551dd982fabe7524b2a30805ab8 status: experimental description: Detects traffic or activity related to http://117.209.114.244:54216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.244:54216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/arm id: auto-2a66dcc54e4b245d51d9218fee69980fcc78b701fd7d5ffd5163f10edec6ad37 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/arm5 id: auto-8b3c01ada00e0548805511cbfd3c2d5651b024462db0fb93fe0b4d42e1f3f2de status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/x86_64 id: auto-5d39a83cd9b0f65f46fa0fda20540e5bd622477aa76f37c75db54bee43d14acd status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.101:39427/i id: auto-e40fee0cb06de4bf5677f80bea5f31b3679a996e11a382a9d2a0b1d6db463d89 status: experimental description: Detects traffic or activity related to http://117.209.90.101:39427/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.101:39427/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.237:37601/bin.sh id: auto-77e05af853f7753021441f3a56864377b88f9667c065dcc98ddd35d9718f34c0 status: experimental description: Detects traffic or activity related to http://117.209.18.237:37601/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.237:37601/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.155:50333/bin.sh id: auto-425771023315590fcc76afe2b1d5cda093cfcb68090268801fcb5090af6261f3 status: experimental description: Detects traffic or activity related to http://59.97.176.155:50333/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.155:50333/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.167:47105/bin.sh id: auto-824083b93774bc0a3274e2f1c08d4ad6c4c820a4181e3f3a80e33bc525b967f1 status: experimental description: Detects traffic or activity related to http://117.209.2.167:47105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.167:47105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.171:45595/bin.sh id: auto-4fb4ce644ed2417d2e83230015beba1655a968511fabcc5c0f42de0d68dc48e3 status: experimental description: Detects traffic or activity related to http://117.209.22.171:45595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.171:45595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/arc id: auto-81d488e8436cdcef2822911eab3955b120e594f9eee12c6e08d759f9e7407fa0 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.254.226:38108/bin.sh id: auto-8a1a9285de25d9144874664f3b055b351ca40c22ccb7efe592d2c8ce7f6b3551 status: experimental description: Detects traffic or activity related to http://59.97.254.226:38108/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.254.226:38108/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.156:52400/bin.sh id: auto-2051793ac8422d26f73a6151fb0b76493784d187e58e98b9612cd275c84cfc34 status: experimental description: Detects traffic or activity related to http://117.209.82.156:52400/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.156:52400/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.245:47377/bin.sh id: auto-d7cfd5dd43dff98c4e2776acbd540acb0cdbee6f9792ec674c645ba5cdc82585 status: experimental description: Detects traffic or activity related to http://117.209.21.245:47377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.245:47377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.81:41593/i id: auto-73eff09f3afd6400199b57c564ceac58ca418d2733787323cad97e4d279ad16b status: experimental description: Detects traffic or activity related to http://117.209.93.81:41593/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.81:41593/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.185:34679/i id: auto-cd604f606f933ad259a257e4061c0fcea1ee6410986960f3568bf8d3370875ed status: experimental description: Detects traffic or activity related to http://117.209.93.185:34679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.185:34679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.125.211:43792/i id: auto-7a713f653ba832c07ffbc4c58e46c06945ace5a54b26fa0d6751a506cc3cc877 status: experimental description: Detects traffic or activity related to http://117.209.125.211:43792/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.125.211:43792/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.252:36623/bin.sh id: auto-53e4990c87f7007a9d10fe8dfd95f776de591357e32b69f1378da17219bb229c status: experimental description: Detects traffic or activity related to http://117.209.80.252:36623/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.252:36623/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/mipsel id: auto-7425765ba6e52deb487084866f62a174800641f613641568e47a36b3bad3102f status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/mips id: auto-7b9bbe82d394346ae08e4054fb460c9e4486b8786af21e24197fe83eae1a169d status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/arm4 id: auto-c9d0787779a0bf3a10af1bcf1a91281e687220f83bd4cf6b505c9f1a6f836742 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/Mozi.a id: auto-6e4913c02a7cc11d90b9a7134c55121f17a855f2a7d42689123ebabe14da98dc status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bot.arm id: auto-10adcc3524c6a4b29d77a9d5ea0f91f6cf7ce6b001d691679543f5d079edd7a6 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.219:51244/i id: auto-909dd2e7e04ba0d9a73c157b76bc900fda1728b73e69aac6d4f9b4d60c2c9481 status: experimental description: Detects traffic or activity related to http://117.209.81.219:51244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.219:51244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/arm6 id: auto-7de27ad91713574391a46ffc1a4b6c10ecb2fbdb679847085e49a5dddb31debc status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.188:48568/i id: auto-4a754da8869d25274ff32d107924fa01ed44de9f1aa0bfe8eadc66536079bcd2 status: experimental description: Detects traffic or activity related to http://117.209.90.188:48568/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.188:48568/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.167:34640/bin.sh id: auto-b7b4444d9eb928de1fd627824c5df228c86bccdfe68c6e46519c44bc66ca1a5e status: experimental description: Detects traffic or activity related to http://117.209.86.167:34640/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.167:34640/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.93:44143/bin.sh id: auto-530edabf04c9a652ccbb12dcd03debeac414b4aad408da68ea60dcd914796211 status: experimental description: Detects traffic or activity related to http://117.209.89.93:44143/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.93:44143/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.34:56997/i id: auto-6d4fd0760ca4c83c1411aafcaa848894a839e20e54e78472328fccbd74cca98b status: experimental description: Detects traffic or activity related to http://117.209.87.34:56997/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.34:56997/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/scan id: auto-d0678de3a823957fb97100e7cbb9d072dd92467ffe220b4ccdba51aa869a6dd6 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/scan which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/scan*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.34:56997/bin.sh id: auto-75d976dbc2ec87e23755b91c367ce18de00941940329dd5a1dd664c01f78929e status: experimental description: Detects traffic or activity related to http://117.209.87.34:56997/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.34:56997/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.199:49349/mips id: auto-1c16182aeb0cd95b439c8857a314b8dad4ed273e8d22035ddb62e56212777250 status: experimental description: Detects traffic or activity related to http://117.209.12.199:49349/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.199:49349/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/arm7 id: auto-7d9b2711a151199fad00bea8d30fd50c9bb4795456019a44b3f10b337ca3b75b status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.84:54453/bin.sh id: auto-aa8727be9c9be769b51189a4b816d7b934a48f87929a71fd072f8a2e4babb9bf status: experimental description: Detects traffic or activity related to http://117.209.2.84:54453/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.84:54453/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bot.mips id: auto-312c922dbfcdac39bef432988156a76b93f23584b03bfd5c92eb9ff1b8f59f3f status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.157:46012/bin.sh id: auto-77cd22cac6e3541bd047329183c047e5a70cbbb125de164607898653a4d599f0 status: experimental description: Detects traffic or activity related to http://59.97.252.157:46012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.157:46012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/spc id: auto-329ebb8546d9ff3094c393b13e0624db44e98f5ed84a79287adef135abd8d301 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.30:34042/i id: auto-e0967dbe711b570fc00919a8fca50b4e1e5bcc0fddd2aaf45953c5cc41b9681a status: experimental description: Detects traffic or activity related to http://117.209.115.30:34042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.30:34042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.199:46756/bin.sh id: auto-9316ca965b32ef719152cafb36fd7d9d67d459dac0c6592e469d8c4cbb1cfaaa status: experimental description: Detects traffic or activity related to http://117.209.26.199:46756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.199:46756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.39:58356/i id: auto-e8730b2c772aae6ddbe9b274542d55442f3f5054ecbe0cb87ba090851989b4b7 status: experimental description: Detects traffic or activity related to http://117.209.94.39:58356/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.39:58356/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.90:46579/bin.sh id: auto-13ded94acd2ce01eec25b7ac9d586facf0fbdcd3cb18da9a1545ce0f4a3a64e0 status: experimental description: Detects traffic or activity related to http://117.209.92.90:46579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.90:46579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.3:34501/bin.sh id: auto-7f233103ddaf9decb0801a721a3b27ad1a0d2c87734cd22d164e1739d72a250b status: experimental description: Detects traffic or activity related to http://117.209.13.3:34501/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.3:34501/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.16:36629/i id: auto-c772d82860812e91bbaf998d83e3d4c82199ed92a84da722c27f8afda9f73b61 status: experimental description: Detects traffic or activity related to http://117.209.17.16:36629/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.16:36629/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.224:41765/i id: auto-2cd3198ef8373a25b8abad48f16922480ff09728e14b121518a91438ce1c1528 status: experimental description: Detects traffic or activity related to http://117.209.3.224:41765/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.224:41765/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/px86 id: auto-002872c96bf0ccd9204225116903ee489e35d2aa09b9c97b34936646e6147e04 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.177:53098/i id: auto-b3e93eb40f26e9eb5b6a399927aac6755ea363dde4b0d5832ba3181c839e6f3a status: experimental description: Detects traffic or activity related to http://117.209.114.177:53098/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.177:53098/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.16:36629/bin.sh id: auto-e5cea66e55752f0d602cb039481417fa113814c42ac4a7969ea356709a41d152 status: experimental description: Detects traffic or activity related to http://117.209.17.16:36629/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.16:36629/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/sh4 id: auto-9c427760e130c684ecb3698bd6cf12668ed2ffeca356743ea1ad1cbf54134e42 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/arm5 id: auto-46f19f0aea5be7a88b9180db08842a5c38abda45e362e5a37b7d628fa1886234 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.14:56713/i id: auto-054987062a907e3c1c53154bcb0728a43b3ddad448a8e3ccc635f3a71db1c830 status: experimental description: Detects traffic or activity related to http://117.209.21.14:56713/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.14:56713/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/c.sh id: auto-c05f20093712b90a3098ac6dafc9492b597c3bbe28586cebca0670e8bde7486e status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/parm7 id: auto-3599bc89b4a690448103be7bade125df57db7eb737c82c02057062302aa33457 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.216:55880/bin.sh id: auto-de8d5e8aeff2ab439645f5adb18821f2ab8aac695282770ebce279f21c3d3ab7 status: experimental description: Detects traffic or activity related to http://117.209.85.216:55880/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.216:55880/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.195:35387/bin.sh id: auto-3d87ccac43b4af5d181b159b8960a79ca5bfe4cf7ddf517d580ef96c0c65dd61 status: experimental description: Detects traffic or activity related to http://117.209.20.195:35387/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.195:35387/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.177:53098/Mozi.m id: auto-a29bf5108591c614018bf20528bcea7a6cda821715046e1c39ae3901865554eb status: experimental description: Detects traffic or activity related to http://117.209.114.177:53098/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.177:53098/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.59:50243/Mozi.m id: auto-5c122e7c326171c588f9ad0427eec2dc67d58d133fc7103e7abc2e8dd1332f12 status: experimental description: Detects traffic or activity related to http://117.209.16.59:50243/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.59:50243/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/m68k id: auto-6cc5fa798d3aa8c9bf9627135c0a94a9d648206c7f3c8a1350994b89a3309be0 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.89:45942/i id: auto-3b0e0bea4ee0d7597f0046af5e4f445d4d8b57f286bf6ec6259ba11ff410863a status: experimental description: Detects traffic or activity related to http://117.209.88.89:45942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.89:45942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.204:56047/bin.sh id: auto-106f7cb614c46f01321cd56108525a204a9a76ce305fe646f8e82384ece5398c status: experimental description: Detects traffic or activity related to http://117.209.25.204:56047/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.204:56047/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.189:38422/bin.sh id: auto-e6c16ca8cb3932311b897e86717c0586aee939f2c699ab1e9e79abf62a23916f status: experimental description: Detects traffic or activity related to http://117.209.21.189:38422/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.189:38422/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.95:56598/i id: auto-2980f407c42e9b90e85012e6156bc316e71da8961b4c83ddb7d5bc17e1079a7b status: experimental description: Detects traffic or activity related to http://117.209.25.95:56598/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.95:56598/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/w.sh id: auto-5193ce6c1b1880ee14362b756fe273c94bdc70f7203d49ae763496e489b76560 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.79:34515/i id: auto-ccb016697a1a85901069eb3c7f1f7e3b47fb46d1339d7c900af8c938baa21aed status: experimental description: Detects traffic or activity related to http://117.209.25.79:34515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.79:34515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.107:55622/bin.sh id: auto-5b5bb31539430bdcdd0b4b6e407b144501ebb3282225ab952ff93baaf63738b7 status: experimental description: Detects traffic or activity related to http://117.209.29.107:55622/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.107:55622/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.80:47906/bin.sh id: auto-ea88c94d67993179afb37ea01bc2257ea64a8dbbb9a4757e83adb533c7c9b3a9 status: experimental description: Detects traffic or activity related to http://117.209.2.80:47906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.80:47906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/arm id: auto-6b04ece94cc0524566a0282b7be75f35f3e010cd992bd895ccf11af893e25564 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.1:43756/bin.sh id: auto-547f35d935dce0e4918351efac6c52edec27011733c03250b11c4f0f65fdf6af status: experimental description: Detects traffic or activity related to http://117.209.81.1:43756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.1:43756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/.i id: auto-452dee8483454264aadc1af1e7754535ce4cde3e512d3999421b1809ee70c853 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/ppc id: auto-f2b28a9ab405269ddd2cb1643490e74b88c70749c61184c6f4fb5cf18ebdff9f status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/armv4l id: auto-9e3814d85dd38ba343fff7da9f8a6749162a25f60c33991510af7d7fdd25ba58 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/parm5 id: auto-683d8af84fe1ee379d00e2d5d941d263575dfba83bdc5a8cabfcb6c6b50ca120 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/arm7 id: auto-327a418242164a38641761b2b7bb87906b743b707c056e480c6ebe801e57e121 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.173:59012/i id: auto-e4dc793cc1801236a8b5b439caee31544067a18641ff609081e223ffb3d535f0 status: experimental description: Detects traffic or activity related to http://117.209.16.173:59012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.173:59012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.14:56713/bin.sh id: auto-146900830a6a97596f0cf54c77fd81a1ba368e673796e8818c8ec96116bbcf9c status: experimental description: Detects traffic or activity related to http://117.209.21.14:56713/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.14:56713/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.8:41629/bin.sh id: auto-71f30920a647d109fa6cc5a48d91c54a904f91ed0458388038c037131051908d status: experimental description: Detects traffic or activity related to http://117.209.90.8:41629/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.8:41629/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.211:43256/bin.sh id: auto-e3f7dd5258adca3f87f65c0772ace5d2e52f3cb52a2bdfb4af1ad86aa619add4 status: experimental description: Detects traffic or activity related to http://117.209.3.211:43256/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.211:43256/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.215:35883/i id: auto-33e35fc35c34b8a33df5336980475b557854640f1aacf4925353fd0a5089dff3 status: experimental description: Detects traffic or activity related to http://117.209.89.215:35883/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.215:35883/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/mips id: auto-7a2f7b3f3fa2704c0f27d5f802d8d42ef242fa8cd9e58facc5c44acf822a9570 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/m68k id: auto-457cb5ed39ec5941a4f885d7613bca7fcb5affe9d29ebd7286a22cee2b1653d6 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.249:37966/i id: auto-ca42cf3cc4842b519755fc0cd4f924416e0173cdfb72c9c929be6309a47abdb6 status: experimental description: Detects traffic or activity related to http://117.209.91.249:37966/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.249:37966/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.42:37447/bin.sh id: auto-f9f348bc38fde13037ccf006867a3e9311fab476ea22204434fce2ea09549c24 status: experimental description: Detects traffic or activity related to http://59.96.136.42:37447/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.42:37447/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/scan id: auto-b560d4276d81fb908901f7c8206511b4b970e430a0426d9afb28f9f863c15103 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/scan which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/scan*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.201:51507/Mozi.m id: auto-ae28b3b46cd6796e9d2b5f5ca36a414b4440704acc8db5438d3e30935bac0f3c status: experimental description: Detects traffic or activity related to http://117.209.12.201:51507/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.201:51507/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/i686 id: auto-4eda73e9f54600e8f5541e4a1ac1d456ae0f5bbb15bcb0655fc076e5061f82c1 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.138:42127/bin.sh id: auto-c2357633c7c288bf3a92ba2ec796008a2e357d96d7c536dedd8d5c2de5b3f27e status: experimental description: Detects traffic or activity related to http://117.209.30.138:42127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.138:42127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.138:42127/i id: auto-b95a342e7b3777ef692899ab13dc567e149ab8aa5899dbc1aea23eb96174e515 status: experimental description: Detects traffic or activity related to http://117.209.30.138:42127/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.138:42127/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/armv4l id: auto-09274acbc55f2e53c77739e73bc1e75c8096b3299f56cc6893afb0390e107dc5 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.25:50157/bin.sh id: auto-de61818c7949dce7529d4dd6cc68698f6118d14c4feb0d9d9b87318a15921927 status: experimental description: Detects traffic or activity related to http://59.96.136.25:50157/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.25:50157/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.137:59318/bin.sh id: auto-5437b921a653536a0cbb9e69e6a97d70c909229ae02dab9a0ee069386da10c25 status: experimental description: Detects traffic or activity related to http://117.209.86.137:59318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.137:59318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/shell.sh id: auto-cc87f1e6106012c7c320f9784f88c1953932c745cc018850077d77263a5b1e46 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/shell.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/shell.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.211:43256/i id: auto-eeaabbf0122038ca18798219ddabf79aa499f859160ca060285f11d328352ad8 status: experimental description: Detects traffic or activity related to http://117.209.3.211:43256/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.211:43256/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/arm6 id: auto-f6f4ae6666e73bfe05c5169eb6ead1a4767f0cbaf1bb72bc7aa069526f3a88b0 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.6:46246/i id: auto-42010acf2e4adafdc44f68e8a7b8f0d331c13c849ce49a6efccdf8cce9c273c7 status: experimental description: Detects traffic or activity related to http://117.209.28.6:46246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.6:46246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.6:46246/bin.sh id: auto-3944b177263bd0506ba986322c80fcf27fd1268400809ddcd95dcbcd6ca35cbf status: experimental description: Detects traffic or activity related to http://117.209.28.6:46246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.6:46246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/mipsel id: auto-5d96553db1883dc194c13206a5103b24550be419c1a9b04c98d2e18876486ef4 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bot id: auto-95b8af48830e0d997985e25a37858399d9296acda6db5b8b778e00e0e396529d status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.30:34042/mips id: auto-8326a7df8bbaddb31763656e01417fe0b20f04e9204be1223a8711653e588efe status: experimental description: Detects traffic or activity related to http://117.209.115.30:34042/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.30:34042/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/main_arm id: auto-3768da44734ccedd1228346e8917403cdeb6b2f7f870917fb6a336870fc6c193 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.1:43756/i id: auto-0f9e5153b6235638a96d542df8d4971fcf53bf7b12390e5a63428c2381263ec0 status: experimental description: Detects traffic or activity related to http://117.209.81.1:43756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.1:43756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/loader.sh id: auto-8e17d7ac472705ad3f4f978c9add5215d68f46bc7ae0b0a2991d7395ec7a524f status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/loader.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/loader.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/pmips id: auto-9c9aa4204f55a64989110babba6544e8fdafe4821212dd1ddd4ea15b2f51a63f status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/main_x86 id: auto-3a390a1431aff6e8a2c708c2d2da714c84da78fd5e2cd7ef07e1cc6e88d7d472 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/mpsl id: auto-218cf2051fb7600eeeae72e195bdd0f542e9f3b25ac010c587856fe873a570b9 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/wget.sh id: auto-8172719bf877a05b48431484d7f9868c089dab8f3cf6b57d0d329f631e0654fd status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.188:48568/bin.sh id: auto-c666e9cb3c52c7ee27fc6a0def971ed9fbc865873940b6a4f1b29f3f5d876bc4 status: experimental description: Detects traffic or activity related to http://117.209.90.188:48568/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.188:48568/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.107:55622/i id: auto-cfcd087c4fd3abb1bf8037e86aaebd5cd3d589de40bbef4ff80ff811761bb7da status: experimental description: Detects traffic or activity related to http://117.209.29.107:55622/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.107:55622/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.146:47403/bin.sh id: auto-2260babca77ab08aa82661e4c690e451a4674d8dece4c38c2396749faf537c25 status: experimental description: Detects traffic or activity related to http://117.209.19.146:47403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.146:47403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/main_x86 id: auto-0c03ee251b0ee472b1cff6b8a6e962c46c7a0a3c536d0e10e6ba7f1acd5ada5a status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bot.arm id: auto-e1471c828a990b18f861cb06e50ee9b2135ca929417a8bb4dd94786b986d2336 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/x86 id: auto-675576b763523084e507e48226edf73fd4f7fb6a882487adc0dc6eccb5e0cea0 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/armv5l id: auto-c09b8784fd3ad9216a74381f2b631b93fd4f1bd2ce395fe35935632710a8d957 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.57:43575/bin.sh id: auto-1564464c07a33c96e1a0e255f5a433df688ce5344efb13e79fb3590aae2ee8b9 status: experimental description: Detects traffic or activity related to http://117.209.22.57:43575/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.57:43575/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/cat.sh id: auto-f0ba29816bc57735463d6d145449f4eb46ed729fe21bd1498b839c38527145d4 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.30:34042/Mozi.m id: auto-1b965bf56c8d657792caa930972bb41aaf43d371d36a6f539c1f55748e4b3710 status: experimental description: Detects traffic or activity related to http://117.209.115.30:34042/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.30:34042/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.60:44132/.i id: auto-f82fff228c6565646a384f674618938665098bb32a9c2893e715e41e94c445d7 status: experimental description: Detects traffic or activity related to http://117.209.120.60:44132/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.60:44132/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bot id: auto-b3e2680065a8291108158f4b5e75eccec38646d4ba6ddde10635aede99a150b3 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/sh4 id: auto-f07f59c18d3e9221a1997210fc9211abab42f91990905e8bac4664795887c679 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.3:34501/i id: auto-c97eacc2915ccf823dfd5e373fe2469c3a0ef401a3c401e278000761e4c7e473 status: experimental description: Detects traffic or activity related to http://117.209.13.3:34501/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.3:34501/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/parm5 id: auto-183d0669f01c29822f8ddf8e4f392c8472ca86d08693a014d6d03f914380f68d status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.60:44132/Mozi.m id: auto-c53eb8e9b4e3e0cceff9e2ba75bdc7842e24ea3f4c8cc2cbb8b2d294495b931b status: experimental description: Detects traffic or activity related to http://117.209.120.60:44132/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.60:44132/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/aarch64 id: auto-d89bfe7308a8cdd779af5b81d3f72109a88a26975371529291102d278f0438d4 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/x86_64 id: auto-f90fb5eed1d3b2994f5c8eb19c7b61cc5866fce6e2f062f69bf07e470abeb977 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/spc id: auto-14cadc5d1421591832c6ed164171de6d090fd2a3e7c4d62b0ae53ec94983a387 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.219:51244/bin.sh id: auto-55662c41ee88ad0968534330a8c8d1b7fc3e50ce392a4881fdb9d34741ec4d25 status: experimental description: Detects traffic or activity related to http://117.209.81.219:51244/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.219:51244/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/mpsl id: auto-768f51c2e4cc857dc500a73a56224b538dc79f7ab4937a9be6bc4a0f491a13e7 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/mips id: auto-baa786db4dad733e79ea9a0916f8b00b7e10f55570cb84a558500844dfbf1960 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/arm7 id: auto-290999eab475e5e7faeae8a29ac16cc88f2a173bbd8205ef875a0c34e5080c22 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/.i id: auto-7e8b7d08aca88ee4fc3b16aea19f533eed2cc3ddf6e5b0181e06455ca69ec849 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.171:58110/i id: auto-64e29d3094a29afd5c9e5e33753ff8177007811283a9cfda7066b8356e2ee0ed status: experimental description: Detects traffic or activity related to http://117.209.86.171:58110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.171:58110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.117.107:48371/.i id: auto-39ce3346c4827fb2377b07edbbd4f864b7c751301c5f4237b11d7256888fcef1 status: experimental description: Detects traffic or activity related to http://117.209.117.107:48371/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.117.107:48371/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/spc id: auto-6639a2f7af0fe34d7d9c1691d57309c8ebdbac433a2784401fad7dee0f5d8776 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.120:41428/bin.sh id: auto-daa610e0be4a85a12b459ea090847f9477e253c1d67d15c71652d4d925a66ed7 status: experimental description: Detects traffic or activity related to http://117.209.85.120:41428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.120:41428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/arm7 id: auto-3cd3491cc058dcac5d45e48b733b07b4b97dae1069f6b269ba9efc847521be8f status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/sparc id: auto-afc2d657f0b3a936e68d5a312e03835243e5be77fc6e9736ac5f48d298e4a340 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/main_arm id: auto-01c2e9a5a81277997be4c4ef21902ed48cf3bb88df64c596f0846043dd86b813 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/x86 id: auto-61becc9dae51f3171df9a9fd9b369a7ac0b3865586d8b1c893a9c95abd633263 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/parm id: auto-4d48a074051a777006a51105e44d249000c4cea0bd6d3e635a39e5f6aef0fb11 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.218:40033/bin.sh id: auto-2abb9d9aabb4bc89642a4e867c8c322e3e231ddc66a1d7459e288a6f632458b9 status: experimental description: Detects traffic or activity related to http://117.209.3.218:40033/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.218:40033/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.223:36003/bin.sh id: auto-b86abca38d65e3a89ac38ecd6b0b45a4d34b039204cb0e20dcd50a3746b1c237 status: experimental description: Detects traffic or activity related to http://117.209.91.223:36003/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.223:36003/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.0:56359/i id: auto-0e3e3d0074b75c46fbe120282f4cf35a2a2938025e75e0d383d87bab3d9db065 status: experimental description: Detects traffic or activity related to http://117.209.89.0:56359/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.0:56359/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.199:49349/Mozi.m id: auto-179dd3e1eb7229c749eb49140ba337673db28e817162af932f2181ee140de6c4 status: experimental description: Detects traffic or activity related to http://117.209.12.199:49349/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.199:49349/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/.i id: auto-903348cc99eccdcc956873d65e79dd27b74e97dcbaf3a5aab9a8e4503a662e60 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/armv6l id: auto-b667c5bcb68a91db9c9767a7b7e4c0e6bb87666430bb3ebe2317765fd8b47093 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.125.211:43792/Mozi.m id: auto-a2d1e434b8335a1eda1c5129f33ff978141ccc5612c5bbe77d2b3a9f0c287cf5 status: experimental description: Detects traffic or activity related to http://117.209.125.211:43792/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.125.211:43792/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.215:59180/bin.sh id: auto-a0c893a69d9e53bd1625d3d9db4fad03be28e3d565ab0739d70ccd1246860480 status: experimental description: Detects traffic or activity related to http://117.209.91.215:59180/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.215:59180/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.26:37303/i id: auto-26cb30fa6cd977ea5c037e93c62bfa625f11f7969c77cc7eddff25f186f5d272 status: experimental description: Detects traffic or activity related to http://117.209.22.26:37303/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.26:37303/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bot.x86 id: auto-6bbf5cd4acaae98c678bff30cefc8a7ee46c130505bb28a97132661af5d3844f status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.62:45233/bin.sh id: auto-e72f798d25587f916e1b2ef3c102df05e71bc57b123693317f1f07ea0179d555 status: experimental description: Detects traffic or activity related to http://117.209.2.62:45233/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.62:45233/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/x86_64 id: auto-aa3f72759da42b9d27e3dda55ca782dd46ad8ac2567be64a05424104fbc72c16 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/arm id: auto-f827798ddb1a7f35e2fc7763a372a2ce54a34f17bf9d1a509d381f1cf6836536 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/mipsel id: auto-8b9137959dd8c719e70bd07f061acc36377994f80678d41e931d28541cfb7b22 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/arm6 id: auto-653a2cf1849818d66c760914dcf958bb53ecfbf0ddd4ef389c109a39c2198b66 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.156:52400/i id: auto-7b42f1a0259e2308f96c2ae2019894b5a38da796c87b38178e950e6fa171dc23 status: experimental description: Detects traffic or activity related to http://117.209.82.156:52400/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.156:52400/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.117.107:48371/i id: auto-c7bea5e04be8fb95329fb2d195e1e5214421f42ad574ab22f3dd2d7aa2274a96 status: experimental description: Detects traffic or activity related to http://117.209.117.107:48371/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.117.107:48371/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/parm5 id: auto-603680567c8127c5aa06dd3ccf44063bb033d64c99d9e6d0d469bbf0a0af757b status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bot.arm id: auto-ff33c89b894a3f410cdac76e2317c39da4b0e9607eaf239da05efc2231bfa4da status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/aarch64 id: auto-0f5f223d99f417d12eb41b9b8c1469b1e9c21479d252fa620061258e18bb19b4 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.127:38788/bin.sh id: auto-a1b6dc066440bc9fc73cc2c494b0548a3b81e5f69f17711397a9ddfcf4b1a24f status: experimental description: Detects traffic or activity related to http://117.209.81.127:38788/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.127:38788/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/x86_64 id: auto-337204d5457fc859694d30d0543b53a0c89ca8f6e9d3cf9adb4bc56b259f0fe9 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.116:39450/bin.sh id: auto-7c3f3adfd24889ad91a6236cd48b5e2414b6afbf86a52e8c26511a7fbb3ea951 status: experimental description: Detects traffic or activity related to http://59.96.137.116:39450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.116:39450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/armv7l id: auto-c5ed287a18197bc07005aebc2585aa86b9cc307f299b450b1b1e0c2ae092ea16 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/x86_64 id: auto-f498c7ec13bd83399dc69aeb7e6d0ea27bcae21d14035dbadaf393c372bb1e23 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bot.x86 id: auto-f3f88e7dd3bb39b36578b60b363ee724a1a90114c610a4d97907421c2d9b71c1 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.95:56598/bin.sh id: auto-be3d2a04512f8cc83c8f25655c27705148f93add1d8442b64ee5aeb5daad43b2 status: experimental description: Detects traffic or activity related to http://117.209.25.95:56598/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.95:56598/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.188:52976/bin.sh id: auto-a2965b7922974128847d36bfa56baa1ac9c83f6297d807e00c31741e473639fd status: experimental description: Detects traffic or activity related to http://59.96.137.188:52976/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.188:52976/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.57:43575/i id: auto-a60d06c9270100f5a9a59b6b0bae61e15dcff9b14a1ff4920e0eea07dec26858 status: experimental description: Detects traffic or activity related to http://117.209.22.57:43575/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.57:43575/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/arc id: auto-b551d950ec5baa01e0fe64ea7911f9bbf4726f2f45b27d411772bce9586207f6 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.112.42:54912/i id: auto-6163f8042df3ff3700db17a68b778824483c59f746b2d77836a8fcc21a4dcde3 status: experimental description: Detects traffic or activity related to http://117.209.112.42:54912/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.112.42:54912/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/parm7 id: auto-dc22c4e7472fe925165166be4325022f9bd07dfe14df3a99ea35d0db5fc71a40 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/sparc id: auto-1a6f8f042c42abf03cdb2b7a5c18ff36f158c17cc5e1f94ecc51f13fa9f4aa6b status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.226:44116/bin.sh id: auto-e0f00b0c68b22fc222caa30afc05d04f490288a7e972c2cca944ad627445b3fa status: experimental description: Detects traffic or activity related to http://117.209.8.226:44116/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.226:44116/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.62:41318/bin.sh id: auto-ba10981133fd9f439fbdea7742ee26d154c47932251704470718eec23aca1075 status: experimental description: Detects traffic or activity related to http://117.209.91.62:41318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.62:41318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/arm4 id: auto-e75230f6121066a514f0ccaf822733102475e12b29018a6f11bcfb7defc2e096 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/mpsl id: auto-c2f8df5d2b8a6de01834f21375b769b019894200eaa2e4b17f0675747f95667e status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.244:54216/Mozi.m id: auto-be2ccaa48341b8509671379d7e17e4d71654b42a3b3880a6d06b2d29d3b5bf80 status: experimental description: Detects traffic or activity related to http://117.209.114.244:54216/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.244:54216/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.104:51634/i id: auto-0a22c02ae44a7dba838cf1b866f40c3f05eab30e0807aaa2ad98757b54753084 status: experimental description: Detects traffic or activity related to http://117.209.2.104:51634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.104:51634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.235:52483/bin.sh id: auto-a9e986dde7377a1ecf0b1b21d9f4bee7d1e5f01f238ef4d729c2d82523a67a60 status: experimental description: Detects traffic or activity related to http://117.209.85.235:52483/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.235:52483/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/arc id: auto-a8b37fb65784af6b1c94f34a78b5d0fa39287a8ae060e66790cd389d299f50f0 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.17:33145/bin.sh id: auto-4391740e9cab69a281a6d903e8109211e462af37f1247a65ee31d6a1b4f8e01c status: experimental description: Detects traffic or activity related to http://117.209.91.17:33145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.17:33145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.39:55681/bin.sh id: auto-f8c6d0d342415bb300c8e0568a189b6fec56ba508f7526d1705035e2e09ea100 status: experimental description: Detects traffic or activity related to http://117.209.27.39:55681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.39:55681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.229:46502/bin.sh id: auto-bdb0e5dbd77f68ded9d8569f3627878584ebc1f21e27fae2b0e11f3f6f2f223e status: experimental description: Detects traffic or activity related to http://117.209.93.229:46502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.229:46502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/arm id: auto-a8cf9b4d28f2b97653bf1e7d824c2db60076a5e42df6025a9d4cbf883971c027 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.114.244:54216/mips id: auto-688bf345345a9273322dd4e5b31a74d622632a9abc9817b40e4a3e1cf2c88a35 status: experimental description: Detects traffic or activity related to http://117.209.114.244:54216/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.114.244:54216/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.24:55185/i id: auto-7a60668cd87fa2de052b66bb6bb379ae1ae93aaf62236df9c800e05d7cc1563b status: experimental description: Detects traffic or activity related to http://117.209.87.24:55185/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.24:55185/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.117.107:48371/mips id: auto-21ba1f05f1491c27df029ac7a96a6b3575e330f10cc0f1d0c0f0a7be8511d066 status: experimental description: Detects traffic or activity related to http://117.209.117.107:48371/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.117.107:48371/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.78:42634/bin.sh id: auto-5e8b57f391db980f83f91b377030b41506909cdc949a2ef187dc16a7481665ad status: experimental description: Detects traffic or activity related to http://117.209.24.78:42634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.78:42634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.117.107:48371/bin.sh id: auto-ba0aed52d2b1ae908029705fecb8df5c7e93d3f97ccec6c5b0696f7d8b68531c status: experimental description: Detects traffic or activity related to http://117.209.117.107:48371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.117.107:48371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.127:38788/i id: auto-d4d8f6f5cf758dc0e8a01905e9edbf6985af21cb3026fdd32eadd9eec279a4f9 status: experimental description: Detects traffic or activity related to http://117.209.81.127:38788/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.127:38788/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.125.211:43792/.i id: auto-2c7804b683ff0cb64fc8be6075e03e889bc9817e44a10231282969894cb56b2b status: experimental description: Detects traffic or activity related to http://117.209.125.211:43792/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.125.211:43792/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/ppc id: auto-5b0ef794a2da43f4490ec27bb936be26c76094974eb4e92d4dfdaea0c2d7e640 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/arc id: auto-e0a378f77b157e2ce424df44ef38376d7cd2d942d53d54ce8578bd8303a84f6f status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.211:51582/bin.sh id: auto-f587c8b1104c5a15a9e67f4e9f8f84b4390bf40bdd3e975d1ff810ed270cb527 status: experimental description: Detects traffic or activity related to http://117.209.95.211:51582/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.211:51582/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.37:33704/bin.sh id: auto-ca071a02be4869f1bde30a2c7de12d69f1317cc9ff7a35c924e9132dabd94c48 status: experimental description: Detects traffic or activity related to http://117.209.28.37:33704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.37:33704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/m68k id: auto-3fe0a01189b47101850cd24149c1e8dcea651c164bce9cbbd17ea431f6a6a054 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.236:49803/i id: auto-4415aba4d103ac8db2a4126d60d33a18519e5c93c890f1585f986577f91b51a4 status: experimental description: Detects traffic or activity related to http://117.209.83.236:49803/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.236:49803/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.211:51582/i id: auto-0c6360fee8610980ad22cc366a94967385498b79c08066e13b831eb0e1ab2a3e status: experimental description: Detects traffic or activity related to http://117.209.95.211:51582/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.211:51582/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.182:54670/i id: auto-906e164bcfe010bf9dfaaf2de6b069f94ab6366a6bcda4569eb9668bd15de409 status: experimental description: Detects traffic or activity related to http://117.209.6.182:54670/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.182:54670/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/armv5l id: auto-69ef1dfbfdbc7029b5eb53178e791e60618c459052529faa0fc11840fc64ec0e status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.104:51634/shell.sh id: auto-e683bda0d8c8a13426e1924cb97b3e70d63e65e7ac2616232cd53cc168746e89 status: experimental description: Detects traffic or activity related to http://117.209.2.104:51634/shell.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.104:51634/shell.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/c.sh id: auto-7356e614c94a8dc9f0e9647235a166f0775e459940efb0befc40ee1100d2b7ad status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.234:43187/i id: auto-facaa21c24e911d9c4b6c5cd01ddc44920dea99ebb620c50e847b735b42a4b07 status: experimental description: Detects traffic or activity related to http://117.209.95.234:43187/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.234:43187/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.5.14:59236/i id: auto-da57908719cafcc1602d914157aa8a8373f2aa883df00fff8e8d8c5bcdc95948 status: experimental description: Detects traffic or activity related to http://117.209.5.14:59236/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.5.14:59236/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/m68k id: auto-3245bef3130adb9faa333612f7dea5199bbe2d552db7b6100d9a76a1b5110cac status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.224:45386/i id: auto-76c3973de64c1497d6f20c2292e6abc0f358894f04a8b2c2ff3c0519ba6a17b0 status: experimental description: Detects traffic or activity related to http://117.209.27.224:45386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.224:45386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/shell.sh id: auto-25a712e5c11a311505d2354c34a5f6cb9560b307d6fae49e2bfbf87fa489c16a status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/shell.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/shell.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.182:54670/bin.sh id: auto-5a30d6d5c3734b49dbb99772386a03ecc0a7ce4c534d9945eeba7742a910b554 status: experimental description: Detects traffic or activity related to http://117.209.6.182:54670/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.182:54670/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.83:34261/i id: auto-c59c196631afce9ab3ce035ae70cd5e27a723665dae9e1334ab8af0db45e2269 status: experimental description: Detects traffic or activity related to http://117.209.90.83:34261/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.83:34261/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.3:34501/mips id: auto-a5032be796c87080ef92ccdec02cde923c305b496ffa5cd9e02d1c59552db664 status: experimental description: Detects traffic or activity related to http://117.209.13.3:34501/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.3:34501/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.153:53811/bin.sh id: auto-2ded73c85e03a6a03955e2e70fbd119d0d9cc21d6bfcc43c814c5907eeb1c886 status: experimental description: Detects traffic or activity related to http://117.209.86.153:53811/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.153:53811/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.55:54489/bin.sh id: auto-343ba3c8b33cd722afa7cfbb903713eb166632a86a3a8803b45a9c0a852cbd23 status: experimental description: Detects traffic or activity related to http://117.209.20.55:54489/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.55:54489/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.104:51634/bin.sh id: auto-6caa63e6efbd7ba4ba13848053eca9b25746e229a419c04587a28d5ae23436fc status: experimental description: Detects traffic or activity related to http://117.209.2.104:51634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.104:51634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.27:44464/bin.sh id: auto-b7a4c56b35fa58487c11924b26a2b0556fe31357612c4abd76b1fb21aa0e1d29 status: experimental description: Detects traffic or activity related to http://117.209.91.27:44464/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.27:44464/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/arm4 id: auto-0c5b92fedc2e036e3fed60e77145bf6a7665f71e3895e807407b41f83d19320c status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.171:44104/bin.sh id: auto-b203800d19fc268fa6428c85cc1371d6b50ecb42ee681ad5d7d1cf2663b5d4bc status: experimental description: Detects traffic or activity related to http://117.209.81.171:44104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.171:44104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.81:42565/bin.sh id: auto-bb56048565d124b90075ae77a97f46634056be91f659653c851d2f1578aa5fff status: experimental description: Detects traffic or activity related to http://117.209.89.81:42565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.81:42565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.99:51175/i id: auto-0e94812288dd5c9ca0ba800701e45d1afa890a5fd9def0a4696ab844a44c6c95 status: experimental description: Detects traffic or activity related to http://117.209.29.99:51175/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.99:51175/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.142:33389/bin.sh id: auto-2255337e2a221286fe046b35ed02c1be15e65c910d604ef9a3c7269f1692f70f status: experimental description: Detects traffic or activity related to http://117.209.82.142:33389/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.142:33389/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.45:45269/i id: auto-6f91b2da4c21d054d3eef4df20065414f7beb188ac80a75682bf4b88b72fcc3d status: experimental description: Detects traffic or activity related to http://117.209.16.45:45269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.45:45269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.111:43710/i id: auto-1b863631c3b45a837ee0fe88270a802ee0f500475845e2eb7a14f42fb8786a58 status: experimental description: Detects traffic or activity related to http://117.209.21.111:43710/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.111:43710/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/loader.sh id: auto-578e2aa31f8e8743d6c0d7fc212c859eda8bde0c3f0f9020808796e47ff29588 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/loader.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/loader.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/armv4l id: auto-b748b99b0b985f81879a08bf93c5c0d302d9c1c8f90823ce9738a81557de099d status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/sh4 id: auto-c0ae72ff60f4a5e5ee409085d0278aae4fcb5011e10e74c2cdf190ba5328f280 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.205:51988/i id: auto-1279573f4b91160949afbb01f9488053d8faf99efed334e6d301040088209c99 status: experimental description: Detects traffic or activity related to http://117.209.83.205:51988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.205:51988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.39:55681/i id: auto-defc7b2e0062ac26916a0f3afafa025fa14ab0f99c780baf49dd6493ec365f6b status: experimental description: Detects traffic or activity related to http://117.209.27.39:55681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.39:55681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/parm id: auto-12772269131328d26f9f2b1e98b562e728d9220612c506cf2cc051738271bf4e status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.189:38422/i id: auto-8068e81b80ec69786a9209152ed7f9a6be73bc41a421eeec2c24862b10f696ac status: experimental description: Detects traffic or activity related to http://117.209.21.189:38422/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.189:38422/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/scan id: auto-a7efe80b380356310f548e849f183a081deb5a01327ac7523b87711bbcc6766e status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/scan which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/scan*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/Mozi.m id: auto-3f242f31dadf35397f81e3b8e882df522ccdd51a8849965b84b692a1312af19f status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.215:59180/i id: auto-d49b4e072e673b03079ebccdc951cd0b6ef6be15708bd284217411ecb15a8971 status: experimental description: Detects traffic or activity related to http://117.209.91.215:59180/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.215:59180/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.79:34515/bin.sh id: auto-13112aee202df7f7a5d0455c0f069c2fd13adfe60729ad69492eb8e68e5d90a4 status: experimental description: Detects traffic or activity related to http://117.209.25.79:34515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.79:34515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.26:37303/bin.sh id: auto-e88d03f5e5d1852bb4f214d5bd530775c40018d008b253221e58c9324948cec9 status: experimental description: Detects traffic or activity related to http://117.209.22.26:37303/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.26:37303/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.113.167:56561/i id: auto-f1cea8066d6d6d0df03e0c25544ddabd9d82e8fcba2772131dde11577199cb44 status: experimental description: Detects traffic or activity related to http://117.209.113.167:56561/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.113.167:56561/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.87:36672/i id: auto-c2892b0aecb470ad201e1f13986e42b0fd892e6b67449142234a67688b8bd1d7 status: experimental description: Detects traffic or activity related to http://117.209.30.87:36672/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.87:36672/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.245.155:57050/bin.sh id: auto-749d69703ddf4b0df73af3c885f8acdc6b9ae63244e52f96865154638f12cb63 status: experimental description: Detects traffic or activity related to http://59.97.245.155:57050/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.245.155:57050/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/pmips id: auto-2ebc1765e9f1756312f927c5987fef8f9685409ff73e90b83e26c445a58ac37d status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.3:34501/Mozi.m id: auto-6bd4e69824a73ad9bc4a24557ddc159c87943722011dd001cd16b135c3dd3920 status: experimental description: Detects traffic or activity related to http://117.209.13.3:34501/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.3:34501/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.210:36673/bin.sh id: auto-72f3d703ff613612efc0245d626fbad9a93068f2ad596b212e917175406a2305 status: experimental description: Detects traffic or activity related to http://117.209.81.210:36673/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.210:36673/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.74:39849/bin.sh id: auto-b3e391960850445ee64088fc56b412a10e6ec791ee6e5fa5c4291b25d7a9c790 status: experimental description: Detects traffic or activity related to http://117.209.91.74:39849/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.74:39849/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.215:40870/i id: auto-64aa225ce32405bbfa151cab90b71e82e53c5772c62ac8e8f0dca2ee89aa57e9 status: experimental description: Detects traffic or activity related to http://117.209.3.215:40870/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.215:40870/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.125.211:43792/bin.sh id: auto-b5efe53b50b056d5e349b3c7dfbd7728ae9103969ac37a92f35e41cddd1cb462 status: experimental description: Detects traffic or activity related to http://117.209.125.211:43792/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.125.211:43792/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.16:33627/bin.sh id: auto-05ea260ab5f99debf92b33dc087a48c841b900ca7211442e5c802be415e83188 status: experimental description: Detects traffic or activity related to http://59.96.143.16:33627/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.16:33627/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/px86 id: auto-56669c074292d9e4f2b49497cda177f79bf24c1e6ffe244780c1deb325610d38 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/spc id: auto-113293f28a473d6f669a3725f410c3a0493427be14b88a7a90e0dd2e7d27e0bc status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.237:37601/i id: auto-4544b19fad43c45a72488c2f6b87194fc649c5039c2225423d29aa4e64694c00 status: experimental description: Detects traffic or activity related to http://117.209.18.237:37601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.237:37601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/main_mips id: auto-64d4a29322aefced92faf0ea9586f2e73865647193448863ea02167f32536aac status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.99:41397/bin.sh id: auto-ebb2c9245c24496c806c580eb78de8a5c4e0ceacfd2b27de630a554f8087cafb status: experimental description: Detects traffic or activity related to http://59.96.136.99:41397/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.99:41397/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/i686 id: auto-4f0c79928146067dae6a83df973a15d781d9e704c96e4fea402cf40c9636d027 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.83:34261/bin.sh id: auto-f58853f3178232e7b55904c8e3715346205b69fedefd58cde4334f647ae2c277 status: experimental description: Detects traffic or activity related to http://117.209.90.83:34261/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.83:34261/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.49:44314/bin.sh id: auto-d59c5179bee6ed25d872b1e927d3a0341f4458e6c5a4957d82e7599e63160f0e status: experimental description: Detects traffic or activity related to http://117.209.23.49:44314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.49:44314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.84:54453/wget.sh id: auto-d64f653e0f1583b469af455fa0f800b624f0ca9bdce7f697d5a309b1131f4148 status: experimental description: Detects traffic or activity related to http://117.209.2.84:54453/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.84:54453/wget.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.60:44132/i id: auto-77daaa8143f95b307de3d90d2332d0cbaaddf399cbaadc52e11b1148fef00143 status: experimental description: Detects traffic or activity related to http://117.209.120.60:44132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.60:44132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.204:56047/i id: auto-2811e2d3c5a951e4168cb7e20d8827560b15d665e12c5dd042dc4d9b8e1005ba status: experimental description: Detects traffic or activity related to http://117.209.25.204:56047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.204:56047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.70:41424/i id: auto-e75676a2efb5a14e02b8e6bc5cbf89fdc74a59747e737f9d25bf7d3062098792 status: experimental description: Detects traffic or activity related to http://117.209.91.70:41424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.70:41424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.79:46938/mips id: auto-b42b81cc9d18c92ad7d4296ad67000065a83eb5a5cbc8c0d51f3f3452f9a65fb status: experimental description: Detects traffic or activity related to http://117.209.14.79:46938/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.79:46938/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/pm68k id: auto-21fd05b02ff4a31e864a77cd5f1ca2245a930ca4d5560c625187426a48f0309f status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.113.167:56561/bin.sh id: auto-c69fe359bcd8c52236fca0d5a0aa758789214ef66de17ae751b74b654b0bf10c status: experimental description: Detects traffic or activity related to http://117.209.113.167:56561/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.113.167:56561/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/psh4 id: auto-62ba6e5129a59879a04d07f96321acf2e708ff8e78c28bcd99b59bec0a050cce status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.38:46687/bin.sh id: auto-6c783384e5a0f8cf641fb2eb3a932d9e027e2aabdeb46c02c8424a368835b0bf status: experimental description: Detects traffic or activity related to http://117.209.94.38:46687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.38:46687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.60:44132/bin.sh id: auto-5c84a0632eda44061b6c6974b9ad23898626167b1a206ce2b44a6119692e9282 status: experimental description: Detects traffic or activity related to http://117.209.120.60:44132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.60:44132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.101:39427/bin.sh id: auto-ed0421d2652ba42cb792c6e20c0d7bf3d101de67cd2049231b5e2fcb1c2b31fa status: experimental description: Detects traffic or activity related to http://117.209.90.101:39427/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.101:39427/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.84:54453/i id: auto-6cc00bce240c8acbe21b0137c7c27ac86d7c982c286691ce9bdb7c8124d74d90 status: experimental description: Detects traffic or activity related to http://117.209.2.84:54453/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.84:54453/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.30:34042/bin.sh id: auto-e60c38223a253af7551657ef391cba1f910179586f44194c660ecca97a22b5b7 status: experimental description: Detects traffic or activity related to http://117.209.115.30:34042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.30:34042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.224:45386/bin.sh id: auto-d1d34ec0d1153428637462ae6ad667bd7cc6b1d9f765eecdcac527f14fbb5558 status: experimental description: Detects traffic or activity related to http://117.209.27.224:45386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.224:45386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.70:41424/bin.sh id: auto-0c8208831a74eaea3b2006871be9eba0c5eacd58766c96c379c7af12cdc08540 status: experimental description: Detects traffic or activity related to http://117.209.91.70:41424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.70:41424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.0:56359/bin.sh id: auto-67d518b7e8e6fefac67d7e2995f27c14b99d4ac05d996840414c1191a984516e status: experimental description: Detects traffic or activity related to http://117.209.89.0:56359/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.0:56359/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/ppc id: auto-00283ea658161650679ff3c8cb6fc0402365ceacfcd335be9eb28b462bf5570b status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.59:50243/mips id: auto-e26479797efa2fc02761f3b1e23e5311b2441e54ddcf316f433ba5f573779e8e status: experimental description: Detects traffic or activity related to http://117.209.16.59:50243/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.59:50243/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.49:44314/i id: auto-c9aace64a1775d60a3118126912d14e6d368581806fc94939e97b5f0b1448fd4 status: experimental description: Detects traffic or activity related to http://117.209.23.49:44314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.49:44314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.250:51714/bin.sh id: auto-d960423982f0afe731d28e6120870e2074933eeca28e3dd43f11ea6fbdb5704e status: experimental description: Detects traffic or activity related to http://117.209.93.250:51714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.250:51714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.148:54988/bin.sh id: auto-8fed0e11b2f66f6440c56f97935cc1a710261f0560b690293bba5591ddd4eae3 status: experimental description: Detects traffic or activity related to http://117.209.94.148:54988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.148:54988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.120:41428/i id: auto-3e086afe6bd5e090b9c5257002826229946762d81c30408703839ea23e42ee54 status: experimental description: Detects traffic or activity related to http://117.209.85.120:41428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.120:41428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/armv6l id: auto-030860014b4f6d227b099ba73aa036e13b5aa2dbe2f4e2f960f5ec025d9ad5f2 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/mpsl id: auto-cda2941a1623f55f4302532e596e11147f62f2148132fc78af1371ebaf1ad9c3 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/ppc id: auto-721cbdf9693e8094b4b629880d5d6f0d3c4b9fbf7a560d3422abdae568fc54a1 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.89:45942/bin.sh id: auto-a98bfc7ae5a54de560f4611eaa87f512f0bb1116db705f07cc7331b78dc422c3 status: experimental description: Detects traffic or activity related to http://117.209.88.89:45942/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.89:45942/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.89:53526/i id: auto-d57f216ad778f3f7b2ecb029fb3305327471ad40e1e0de1c4bf81689a35fc18d status: experimental description: Detects traffic or activity related to http://117.209.21.89:53526/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.89:53526/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.87:36672/bin.sh id: auto-6c2b57ee295ccff0c21f604866fcf60d52328574b4beac6a1bfc3563fb4e957c status: experimental description: Detects traffic or activity related to http://117.209.30.87:36672/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.87:36672/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/arm5 id: auto-3ffdf74376b8c0b0ec0c8600014af904f7b4e1c240df4110a0d5cd1c3d7b6637 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.45:45269/bin.sh id: auto-87adf45a0ab040cecbd3790d71bc385bda8b014e469c36ac46d5f8d93863d7c4 status: experimental description: Detects traffic or activity related to http://117.209.16.45:45269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.45:45269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.80:47906/i id: auto-c55a1625a898295f0e236786c1cd773893a78e1339c14b588095f5cac09268ba status: experimental description: Detects traffic or activity related to http://117.209.2.80:47906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.80:47906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.78:42634/i id: auto-b3b892bc77f78087356d295a3ff43f45e041fd0884fd96ec47e3deb3ffbd01e4 status: experimental description: Detects traffic or activity related to http://117.209.24.78:42634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.78:42634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.190:40150/bin.sh id: auto-4ef7bdb6da9347c51938195559fa70a225cea60af3924bf3542d75f42dceff38 status: experimental description: Detects traffic or activity related to http://117.209.2.190:40150/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.190:40150/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/armv5l id: auto-b237f03a0c043a9e58efd93107d72b2ceb62e5111efa131a08fc5e3248c47d71 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.125.192:55685/bin.sh id: auto-14fed48b05b1a090bcdf4f19364df9b107be342dd975256c9483623aaf452a47 status: experimental description: Detects traffic or activity related to http://59.96.125.192:55685/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.125.192:55685/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.16:41384/i id: auto-393b6878da4a0ed42bd01be13a58f70f3f3444a2e48d834ce9bf13c14e37188f status: experimental description: Detects traffic or activity related to http://117.209.93.16:41384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.16:41384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/mpsl id: auto-778adf75d14c6e876b6a05e7f0f137e46052cbf413124360f9b29da0ae4e106e status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/pm68k id: auto-86d8c511b97d2586147041d7035bfc1b8a9bd3689734260936faa08c7afa9a69 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/cat.sh id: auto-289fbfaf1291ddf8c65a651df2332e7f02cb31bf1a4ca141780dc82e75afd4a6 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.24:55185/bin.sh id: auto-45bc9928ba669f1f375335a7e70dab26496fac2ca2f43266846edf19b06e1c49 status: experimental description: Detects traffic or activity related to http://117.209.87.24:55185/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.24:55185/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/sshd id: auto-f99065dec0b5b116cefc22a48c1e1bae18dd83f50499fec458763bc395dd17de status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/sshd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.8:41629/i id: auto-a60b73126f885f69dc660f3cdcc34c96fb53e265570e479b1545241eee12a427 status: experimental description: Detects traffic or activity related to http://117.209.90.8:41629/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.8:41629/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.81:41593/bin.sh id: auto-da34d9d161bbe7b1255acd64af8db4e8085f6d65c1b89997ff099c37c1e65fdb status: experimental description: Detects traffic or activity related to http://117.209.93.81:41593/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.81:41593/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/sh4 id: auto-6ad5dad7d73678283fb6a135a2885acb97f34c84854657924e8a599f5ba90878 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/parm6 id: auto-dae6b9b9decb8425b05d3c39d3002b60a60a81b47dc36b968e75099a0405edb7 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/arm7 id: auto-72d294648d0988cda7de218e73fa15dfe61f5ea684b7de3d94778e0fb8112476 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bins/arm4 id: auto-258e69050c0094fb4b796a9e88083c8f50f9df5897d57b668e97014a72e2897e status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/arm4 id: auto-5dec4b5a229ec124d946b6ad4c5b9a1720af920c17513aa7991f5b7d75974262 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.215:37367/bin.sh id: auto-510d44875cd8d8e468ce72b319250b75e02b9ea81ee533941aadb1bc34ffc787 status: experimental description: Detects traffic or activity related to http://59.96.143.215:37367/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.215:37367/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.141.154:43081/bin.sh id: auto-01d00a0afcaeb3c416d1771c352ff195850ef2f20e029d4eef0ee64a78b0b3ce status: experimental description: Detects traffic or activity related to http://59.96.141.154:43081/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.141.154:43081/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.215:35883/bin.sh id: auto-03a841cb275ddcef11cc5ccaaa2d2f7032440e4b8d4bd0569f92995879efb27a status: experimental description: Detects traffic or activity related to http://117.209.89.215:35883/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.215:35883/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bot id: auto-b5b350a1b43f4cbfe26eeffbbf894d760edb4769284d63e1d4cc4cc861a695ab status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bot*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/sshd id: auto-87413d2e422394fbb834c83101099dc41822700c24c916ae16962351e411f6aa status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/sshd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.185:34679/bin.sh id: auto-5e6eda3a8127af632db900ccdb46d87f9e81d10b208a9cf4ce99d6b5395793e0 status: experimental description: Detects traffic or activity related to http://117.209.93.185:34679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.185:34679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/powerpc id: auto-083b75b421f9413a4563d496120e5f0fa77b025d93408515c08e47bae0895d86 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.229:46502/i id: auto-8d5f439b949934ae7f3ee923b6f1acb2b7818bfadc65cad6b94628dc45fa6bb0 status: experimental description: Detects traffic or activity related to http://117.209.93.229:46502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.229:46502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/mips id: auto-8daad26ae943a18cd2eb7908dc5e5e6c078de617d55cf034a5f1d6179a867416 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/m68k id: auto-66e149b53a88e193b5085b75e49113dd47d45366bc28223e1745b5611b2b1b64 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.201:51507/mips id: auto-a122465c17c7323f28648636ffcc63374d0a9cec2366b0ea39b2c4cb4bd5f292 status: experimental description: Detects traffic or activity related to http://117.209.12.201:51507/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.201:51507/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/Mozi.m id: auto-f76d3e560d00826bec327aa5f167c7d91bd2ccc0108e4817f22939495989cd74 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bins/i686 id: auto-114c3049ac248016e717cc5017bd47fb01c68b35dcdfe3b896642c5db24f9e39 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bot.x86 id: auto-8a29e16a9b01d8a6f525ea4102d6358c94184611e8ac7715700faf64be031bcb status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bot.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bot.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.125.73:53798/bin.sh id: auto-2337c6ba90349ae8d1cb5e91b66b90b647430c8074aebcb794119c2293f912f7 status: experimental description: Detects traffic or activity related to http://59.96.125.73:53798/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.125.73:53798/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/armv7l id: auto-79013cd79c025fe36e3c5eaaec87ac482f3017056d8ef018e1fb4623e12ece79 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bot.mips id: auto-64eb02cfcf768b5428ebd41eca6baffdcb788fe5396a91faff9b4308ef7d1d3a status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bot.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bot.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.27:44464/i id: auto-592396df76c88d0740771361b9eeea49927748d17ca14c9942ee2804624d4d4b status: experimental description: Detects traffic or activity related to http://117.209.91.27:44464/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.27:44464/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bins/sh4 id: auto-0fdd7d4dfb0d68cd539653c76c5033ef44c1cd9f74215e66020819a85694a087 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.235:52483/i id: auto-5885e30ad669d43746fe7eef448fa00314cc6ea32c33cb70f09dee14d3281020 status: experimental description: Detects traffic or activity related to http://117.209.85.235:52483/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.235:52483/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.59:50243/.i id: auto-64d74621dc238fb574b01292bef196e6909e2a511936ba3a365d8f0d30c5bf42 status: experimental description: Detects traffic or activity related to http://117.209.16.59:50243/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.59:50243/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/m68k id: auto-f2f5b05ba55d35ec8c94c31f5769fe7eb1f46546e3b83e4998257a64a1e0db5c status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/Mozi.m id: auto-4cea01cc014260094de5651da89e4878d738883bdb3491c1e6feb20c7cea2cb7 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.18:42041/bin.sh id: auto-95dedfd79401732b52025024fb2c0968e5559d9ea32c01aa36b8922d2c72e262 status: experimental description: Detects traffic or activity related to http://59.96.143.18:42041/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.18:42041/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.20.215:53213/i id: auto-82b79e587518900ada0b0f4cf4abcdedc1099a8efbc624f990d6c1b8f9fb1bb1 status: experimental description: Detects traffic or activity related to http://42.178.20.215:53213/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.20.215:53213/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.211.64:55038/i id: auto-7d3d50fa60b1e1153386c96162e1f9547ec36a23aeedef7eb2a2db8026323cfc status: experimental description: Detects traffic or activity related to http://27.215.211.64:55038/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.211.64:55038/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.208.45:33124/i id: auto-0d54a7cff81b0a329a6c11808bf201b5c000b497fb6e6518c42f130ed96b0e07 status: experimental description: Detects traffic or activity related to http://182.123.208.45:33124/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.208.45:33124/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.210.206:57812/bin.sh id: auto-eb7966bb3f49d28a82e611efdd99b7123cc9093fb1c6c77101a9b336155c9f92 status: experimental description: Detects traffic or activity related to http://222.137.210.206:57812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.210.206:57812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.228.64:59529/bin.sh id: auto-95bfbbcfbf7ae7ab9b2cb9658a7f4fdc3b28f1565f933e9e0f078ff329ba1211 status: experimental description: Detects traffic or activity related to http://61.1.228.64:59529/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.228.64:59529/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.194.54:56085/i id: auto-20c06221e993bc53bf249ebb25e667fc5b52717477452ae320b22f55d44a4187 status: experimental description: Detects traffic or activity related to http://175.165.194.54:56085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.194.54:56085/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.140.3:3781/i id: auto-03d7ce7b95632dc8513ffefd9b5821213a28fe1caf65ef8ac5fd6ec293d5bcd3 status: experimental description: Detects traffic or activity related to http://178.141.140.3:3781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.140.3:3781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.62.136:48961/bin.sh id: auto-c4e78307887414516fe585d97b1b036e5dbde4de0e65470b10e0a959a7712ef3 status: experimental description: Detects traffic or activity related to http://115.50.62.136:48961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.62.136:48961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.20.215:53213/bin.sh id: auto-f14fc65f91fe197ad46f62617ab7b146bd6ae5c1a7de66aa4107412b611d4fe4 status: experimental description: Detects traffic or activity related to http://42.178.20.215:53213/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.20.215:53213/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.113.204:48601/i id: auto-fba412e2cd19b9f1b73d2cbf6ad0cf18dc9963fccaa8086c9a1486926b232a62 status: experimental description: Detects traffic or activity related to http://42.58.113.204:48601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.113.204:48601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.98.177:49456/i id: auto-5e01d90a830b8325299d4290204c535d502524c69e8373211ebd49cbf69c9c07 status: experimental description: Detects traffic or activity related to http://112.237.98.177:49456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.98.177:49456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.63.179:56520/bin.sh id: auto-a51bae33b36ab310361ee860cffb4387a5913b827391fc9fad8495505a55e8d5 status: experimental description: Detects traffic or activity related to http://115.50.63.179:56520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.63.179:56520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.107.95:49630/bin.sh id: auto-4bb9cf0f284eea8db02634097defa44d4d108e15675864efb2b4c756789a1086 status: experimental description: Detects traffic or activity related to http://61.53.107.95:49630/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.107.95:49630/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.81.73:37418/i id: auto-4a941ff7c09250fae69ebaf327ba79a0570dbf085e2a7eb67cccd61e66e8d333 status: experimental description: Detects traffic or activity related to http://112.248.81.73:37418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.81.73:37418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.140.3:3781/bin.sh id: auto-d5a979d7bb451766ff261c26300313255a3250e2442b18782caaeac9942c362b status: experimental description: Detects traffic or activity related to http://178.141.140.3:3781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.140.3:3781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.211.64:55038/bin.sh id: auto-12eb5948c44f8b58f0e8f788eec8630a14b99121640f4ef8b5341a4cc0ec4f96 status: experimental description: Detects traffic or activity related to http://27.215.211.64:55038/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.211.64:55038/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.49.50:36544/i id: auto-e1751549ad6870057ce4adf5c64f0f25d3d365787ad7fd78a558f38e5f0f3c03 status: experimental description: Detects traffic or activity related to http://125.44.49.50:36544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.49.50:36544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.98.177:49456/bin.sh id: auto-98785d1bfc858f43ca388c77787b84ab39e0907f3cac2e989b25b619dd2f5f0a status: experimental description: Detects traffic or activity related to http://112.237.98.177:49456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.98.177:49456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.225.238:47005/i id: auto-913adabbcadfd8311a06c7efc605d33737f4f5c68a3d5a39d8f21f9c2813a473 status: experimental description: Detects traffic or activity related to http://27.37.225.238:47005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.225.238:47005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.148.167:34094/i id: auto-a08c08c9e6fbc664a51d0da99e5bdda16dda6c920493c3270e14eb3af3631ffa status: experimental description: Detects traffic or activity related to http://123.189.148.167:34094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.148.167:34094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.91.222:53307/bin.sh id: auto-036de7b0459cda2616f25901326907038c2edffc8b991716acb976ce70f43c78 status: experimental description: Detects traffic or activity related to http://117.205.91.222:53307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.91.222:53307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.129.188:56244/i id: auto-47a43b4746c1fa0ecbee8421cdfea6526bd28a58ade9fb94f106143780bd86be status: experimental description: Detects traffic or activity related to http://59.95.129.188:56244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.129.188:56244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7895228771/pBO9miD.exe id: auto-d25ab3f8419441ffc9cc915058f842d0ec630b42e78f7622b85d4a0d5e026c3d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7895228771/pBO9miD.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7895228771/pBO9miD.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.189.148.167:34094/bin.sh id: auto-401f873df80dad2f193b797b57f5e70646f75fe1fe5e6971d57ff0e419b7b3fb status: experimental description: Detects traffic or activity related to http://123.189.148.167:34094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.189.148.167:34094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.213.74:43395/i id: auto-6665185e838865b70081e0bf4acd8a56b644eb3822c3887da1779051b07fe0aa status: experimental description: Detects traffic or activity related to http://42.231.213.74:43395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.213.74:43395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.225.238:47005/bin.sh id: auto-7fee491e8760df92973da1fb0675ac46a785b666e2d4f637facdca3c9713c6db status: experimental description: Detects traffic or activity related to http://27.37.225.238:47005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.225.238:47005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.2.37:51132/i id: auto-aaac4fabfe516698e202145b20a74795771e18983de99a99516b00fd06d388e7 status: experimental description: Detects traffic or activity related to http://123.13.2.37:51132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.2.37:51132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.160.233.162:38918/.i id: auto-102f399cf6c97b9d51f204e56798f5c9bed37ae92184fa717cae0f7354d4a04b status: experimental description: Detects traffic or activity related to http://2.160.233.162:38918/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.160.233.162:38918/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.33.36:41339/i id: auto-ba5a1f6dd50b70ecf20028ed9a4951b08213afc1083a2d15fbac60acf875988b status: experimental description: Detects traffic or activity related to http://113.229.33.36:41339/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.33.36:41339/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.2.37:51132/bin.sh id: auto-74eec571b0ebcb5c2c109130b2637daf1d50c0de1bcb78d4eb873e94a2523a12 status: experimental description: Detects traffic or activity related to http://123.13.2.37:51132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.2.37:51132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.183.181:48097/bin.sh id: auto-654a3658d8f3930fd6c64f8e1f607965934277934fb2e77f329deb2a19e7f49f status: experimental description: Detects traffic or activity related to http://218.60.183.181:48097/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.183.181:48097/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.105.169:34439/i id: auto-7352b671c63f88a2e3c725aec1b8f4901bbceab8fed41be4b6f000da0b9c3e1f status: experimental description: Detects traffic or activity related to http://42.233.105.169:34439/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.105.169:34439/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.213.255:53441/bin.sh id: auto-405284feeea23e03192014bb914efe1f5f2f12d96461568b571e178c26d40c37 status: experimental description: Detects traffic or activity related to http://175.168.213.255:53441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.213.255:53441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.129.188:56244/bin.sh id: auto-5f3e3cb5627486edd61fffcf3f83d350cf51316f3b94c005d3a1938556369d64 status: experimental description: Detects traffic or activity related to http://59.95.129.188:56244/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.129.188:56244/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.200.132:37045/i id: auto-5dc039a30cd0c42138950324979b24602ebc7898b4d5a66d35332c1dddc48762 status: experimental description: Detects traffic or activity related to http://115.63.200.132:37045/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.200.132:37045/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.33.36:41339/bin.sh id: auto-4b80add15d6269a9ca93edb288eef0857ac9992b3b983bf9bf693471c4669c72 status: experimental description: Detects traffic or activity related to http://113.229.33.36:41339/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.33.36:41339/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.2.124:33567/i id: auto-d7ccb3b13533b5c894b481c9e82ed1490dd6f97804a77eadd8bebd976b9daf63 status: experimental description: Detects traffic or activity related to http://125.41.2.124:33567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.2.124:33567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.178.156.92:38230/i id: auto-7063c4e67de4e4e48d121cce5bb5f2a407302db910b22d5afbd085de414855d4 status: experimental description: Detects traffic or activity related to http://59.178.156.92:38230/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.178.156.92:38230/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.211.109:38246/i id: auto-4b29de3d417c675cb49c48cafb0a3299d5b0591e99e4fef55b6f21d347aa4a23 status: experimental description: Detects traffic or activity related to http://110.38.211.109:38246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.211.109:38246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.10.102:48530/bin.sh id: auto-2dafe34bf8617024745f95513079cab6d63c0441c38f2cdfbb06b7965de9cb09 status: experimental description: Detects traffic or activity related to http://42.5.10.102:48530/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.10.102:48530/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.185:60272/i id: auto-db4bc1389dbe9e7aee6c29181004f6a330c58d4a97d3515ecf4f23fb2f5447e2 status: experimental description: Detects traffic or activity related to http://115.63.51.185:60272/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.185:60272/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.105.169:34439/bin.sh id: auto-0e1dbc553f358258fd68069b31019f8078f496c97f894467fad7fec548348af1 status: experimental description: Detects traffic or activity related to http://42.233.105.169:34439/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.105.169:34439/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.158.1:56899/i id: auto-d14a5ddccbf4a82172c46454f1ddbef25dc253f9aee6ff53890dae4c72951d89 status: experimental description: Detects traffic or activity related to http://222.136.158.1:56899/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.158.1:56899/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.176.233:54816/i id: auto-57b69b6f8030008bc5eabc48d6a0347d26bba1b4a878c0248e9861342e068122 status: experimental description: Detects traffic or activity related to http://117.254.176.233:54816/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.176.233:54816/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7992210799/4BaqHbB.exe id: auto-be90c6f3719970fc1d8fc630da0fb414ffd1f3f0793d2b8bd9ea5e176ba01bc2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7992210799/4BaqHbB.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7992210799/4BaqHbB.exe*' condition: selection level: high tags: - attack.t1003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.178.156.92:38230/bin.sh id: auto-d9f1feaa064aaeaa76da8ae89f41aadb890c93a5a978b2b1283f903afd7b7c96 status: experimental description: Detects traffic or activity related to http://59.178.156.92:38230/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.178.156.92:38230/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.18.49:56269/i id: auto-0bf5db6eeb5a31b189ca26f7068e35b1e477b17ea9597c455d2f1412dbe55952 status: experimental description: Detects traffic or activity related to http://42.5.18.49:56269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.18.49:56269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.200.132:37045/bin.sh id: auto-e54f2507bf461c92350c85966881f178aa573c72ee93593cb3fe2258aa8f12b7 status: experimental description: Detects traffic or activity related to http://115.63.200.132:37045/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.200.132:37045/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.154.220:47773/i id: auto-3677c8db991508639eedd6dac5e2a29122e7f0dbfea71330e357539b5790de5e status: experimental description: Detects traffic or activity related to http://219.157.154.220:47773/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.154.220:47773/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.59:50243/i id: auto-eeab4e7e77b2b3c053e0101bb5c41efe0cb17af1be01b261383b5083fff21425 status: experimental description: Detects traffic or activity related to http://117.209.16.59:50243/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.59:50243/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.79:46938/bin.sh id: auto-93c90951d618304b73f58adfb381d9dbeade0565eda8656999a84e745b389e84 status: experimental description: Detects traffic or activity related to http://117.209.14.79:46938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.79:46938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.176.233:54816/bin.sh id: auto-ec143d19daf14ea35949e3920d90f8c0b6ae30ab433dafaaf709eba1a815c9ff status: experimental description: Detects traffic or activity related to http://117.254.176.233:54816/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.176.233:54816/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.205.197:58556/i id: auto-1d6ff85f9b410222b8584ec805a9d3af38117c89951c01f4906c76f0e996993a status: experimental description: Detects traffic or activity related to http://117.241.205.197:58556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.205.197:58556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.55.236:56817/i id: auto-acfa08bd05d8f611dce54720ba9889c8c3c8744e07d1f9c38a8651cdabe035bc status: experimental description: Detects traffic or activity related to http://117.215.55.236:56817/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.55.236:56817/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.18.49:56269/bin.sh id: auto-60968e7ee52c8ea671792481156da5180c187854983bae8d75b5ba33cd577571 status: experimental description: Detects traffic or activity related to http://42.5.18.49:56269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.18.49:56269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.154.220:47773/bin.sh id: auto-2e883be273733fcbb6db792d2191e11fa871bd17686507010c649caa9057cf47 status: experimental description: Detects traffic or activity related to http://219.157.154.220:47773/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.154.220:47773/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.59:50243/bin.sh id: auto-dd267d21ed92e24ed75ef7d17a2d79d541ea9b19f932c1ee1cfbf1d6fdf5bc67 status: experimental description: Detects traffic or activity related to http://117.209.16.59:50243/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.59:50243/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/px86 id: auto-2e99414e89094d103224c05cd2fbff8cc77303d54dced304c8dec3839dbda14a status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/pm68k id: auto-f10ef16eeba655dd25817beb0335f2de03040c36ca2a4cb1d582d1593ef4fb91 status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/psh4 id: auto-5d6b78a99db00d2af4b3f91b6e7a5d8ecbc46249442fc6df91ed964f7342e11d status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.158.1:56899/bin.sh id: auto-aee858a97ae821ef8f1a5473006479e82ad57284084174b98b7a4627fc46c6d9 status: experimental description: Detects traffic or activity related to http://222.136.158.1:56899/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.158.1:56899/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.235.252.195:24183/i id: auto-e26f1e60e6ae9c300e3f6877c1cc509890c1d326f2024dbc67494b7233bde00f status: experimental description: Detects traffic or activity related to http://5.235.252.195:24183/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.235.252.195:24183/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.228.84:57207/i id: auto-00459829821a129f9bbc3c38d9b2695d7d7fc8ca823187f96b3898638e095a24 status: experimental description: Detects traffic or activity related to http://219.155.228.84:57207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.228.84:57207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.24.135:40485/i id: auto-71546fda66aaa5e1ece1fe08488850b79aaf6c3e041a94fdcdf9e2af9f2fa41b status: experimental description: Detects traffic or activity related to http://182.117.24.135:40485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.24.135:40485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.234.39:46999/i id: auto-abf88381bea3ceea8bb05134b1a14e73ddb117e37a9d523003652fc6240cac2d status: experimental description: Detects traffic or activity related to http://60.23.234.39:46999/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.234.39:46999/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.168.182:49494/i id: auto-73f847741430604b183c4b139bd9d31cacdbf5d07a84bf8d9f529ae993296305 status: experimental description: Detects traffic or activity related to http://42.178.168.182:49494/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.168.182:49494/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.249.142.93:44646/i id: auto-745e04a7d8d1e1ad98e6db411540f8d2459a922954a9cf84b6cde2461ffc1ab3 status: experimental description: Detects traffic or activity related to http://2.249.142.93:44646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.249.142.93:44646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.204.206:57121/i id: auto-a25ed1916b69d753e394f6d19439fdef579e6c336bd9ad4f3e4fdfc9df9f605d status: experimental description: Detects traffic or activity related to http://85.12.204.206:57121/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.204.206:57121/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.201.212:36235/i id: auto-616a68eaaa7c3419fadd2ba1d7d67bb578beb85326ed32c8b28238adaf545e1d status: experimental description: Detects traffic or activity related to http://42.227.201.212:36235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.201.212:36235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.201.212:36235/bin.sh id: auto-dfd867b13335cd91b275735f7584aa1dc94fb2a516389d21b256ab6394b67a41 status: experimental description: Detects traffic or activity related to http://42.227.201.212:36235/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.201.212:36235/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.29.241:45017/i id: auto-f75e4dcb9405acc2ba4a027b4ee66c9f106e1062d16db771e405509c25853d63 status: experimental description: Detects traffic or activity related to http://115.50.29.241:45017/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.29.241:45017/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.185.82:34876/i id: auto-51e7bf5461cfa6d19f332de224e81ed6f5b9af4543b44c48295486fddf9aec41 status: experimental description: Detects traffic or activity related to http://117.196.185.82:34876/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.185.82:34876/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:54597/bin.sh id: auto-9811bf6e21514854a65cc4038a587b4c73464bd87e5eb2d61cf265ade5311007 status: experimental description: Detects traffic or activity related to http://110.39.249.174:54597/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:54597/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.205.197:58556/bin.sh id: auto-f80ec7439cef2c36f1c8826df724121c0bd7da6258d3509f8f4ac86629ea404d status: experimental description: Detects traffic or activity related to http://117.241.205.197:58556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.205.197:58556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.146.16.20:3560/i id: auto-831548001fed9dc6a15dbb7a2e3871ba7574851750fea4d07ce8ed78f40e7175 status: experimental description: Detects traffic or activity related to http://46.146.16.20:3560/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.146.16.20:3560/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.255.234:58150/bin.sh id: auto-9c7cce78666497bdd037337504fba4afbda14f3d2b15019af9162e181d56c44d status: experimental description: Detects traffic or activity related to http://117.208.255.234:58150/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.255.234:58150/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.131.59:54330/i id: auto-03859489031f7944c5eb02751ea5df894089ab084a24274be63fb245c4a04447 status: experimental description: Detects traffic or activity related to http://182.112.131.59:54330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.131.59:54330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.2.34:46670/bin.sh id: auto-389db044814466c1a40876e800f6ee7cd851bf58c98bf2102deef026771fdf74 status: experimental description: Detects traffic or activity related to http://42.55.2.34:46670/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.2.34:46670/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.146:47957/bin.sh id: auto-21e89d3d17dacfe3d6b476feb092c7230cebaf872771efd78db001375dfe147a status: experimental description: Detects traffic or activity related to http://117.209.16.146:47957/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.146:47957/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8394616075/xQDonpA.exe id: auto-71cc84e700ce2405f3003d41bd66d3353f8f0a7a6323a678e4570d6442c13c0f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8394616075/xQDonpA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8394616075/xQDonpA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.37.234:50350/bin.sh id: auto-37a828813b40f4429cae4cf5ee399fadefa9f37a54309363c0ddfa8389e1b8b3 status: experimental description: Detects traffic or activity related to http://42.52.37.234:50350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.37.234:50350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.51.236:48645/i id: auto-7fd4c7879ec182879b2cf764be12f42c8b0e9307226b5523628801cdaffac973 status: experimental description: Detects traffic or activity related to http://60.22.51.236:48645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.51.236:48645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.71.101.47:35361/i id: auto-c679b26223ee6f3c2a7b17a9cea99ddde31aa665dac42e48828015865bde4a3c status: experimental description: Detects traffic or activity related to http://39.71.101.47:35361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.71.101.47:35361/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.15.88:54526/bin.sh id: auto-f37dfc82485cad29b557ed079083f0a1135582a1e6c050f39dbabaa297e860a8 status: experimental description: Detects traffic or activity related to http://175.175.15.88:54526/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.15.88:54526/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.169.234.18:60089/i id: auto-27703f92a093c049629b98e2225976daa68d558b9a46562da7465b01e53626db status: experimental description: Detects traffic or activity related to http://202.169.234.18:60089/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.169.234.18:60089/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.146.16.20:3560/bin.sh id: auto-c7d34f40d0e1896a6e04c08fb7b4ac7e0ddc0f59fd0bdfd19fb652e87d05c91e status: experimental description: Detects traffic or activity related to http://46.146.16.20:3560/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.146.16.20:3560/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.51.236:48645/bin.sh id: auto-c902c57756169ee3753e82b256a70b095fa156c63fff6ac3627e8be1fbb2f373 status: experimental description: Detects traffic or activity related to http://60.22.51.236:48645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.51.236:48645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.80.247:48772/i id: auto-1cc28020a7ba9a3aaa2744f48c664fcd150e03c0fb81cc0616cbf8d354011a0e status: experimental description: Detects traffic or activity related to http://182.112.80.247:48772/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.80.247:48772/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.2.150.28:59945/bin.sh id: auto-17a7433db85baf51f3b9888c2720bd9eab1e3f6fd41719aca7ac9705210a613c status: experimental description: Detects traffic or activity related to http://61.2.150.28:59945/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.2.150.28:59945/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.15.1:55390/bin.sh id: auto-fe1babb874c406fcadfce778b81ed7278ba31dffc7d8086a8a43b6e5c2b3bfe2 status: experimental description: Detects traffic or activity related to http://39.79.15.1:55390/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.15.1:55390/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.131.59:54330/bin.sh id: auto-6e95123407ffeaaaac6273bafdf98cac6dddfc78d3935374e553d3b31fe626a2 status: experimental description: Detects traffic or activity related to http://182.112.131.59:54330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.131.59:54330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.189.181:33802/i id: auto-2d4ffb9ff0ef477f0c5cf295a8817a1f19d7f91da110d97ccd62219f1113efa2 status: experimental description: Detects traffic or activity related to http://115.62.189.181:33802/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.189.181:33802/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.71.101.47:35361/bin.sh id: auto-84360557aad80b4e22f96a72081342dc3b4d62513689c1ccae335b97b8508bb9 status: experimental description: Detects traffic or activity related to http://39.71.101.47:35361/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.71.101.47:35361/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.175.236:40074/i id: auto-0a94441646d23f745ba953cdf27aecbc879851e19230ebd6f30085e2f7d06a94 status: experimental description: Detects traffic or activity related to http://42.238.175.236:40074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.175.236:40074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.188.137:50005/i id: auto-66624df58d6673bf30941904f3eaf7adb82b8ea17c2a738e8c868ed61dc88e82 status: experimental description: Detects traffic or activity related to http://222.142.188.137:50005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.188.137:50005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.198.154:51636/i id: auto-3e030541513d226e36fc56801d53a43b5118b65682c1888db11bca5df68adf0a status: experimental description: Detects traffic or activity related to http://59.98.198.154:51636/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.198.154:51636/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.189.181:33802/bin.sh id: auto-823b1739bae7516715116e450047366de5292f0254a4904798ce86743dbe08f5 status: experimental description: Detects traffic or activity related to http://115.62.189.181:33802/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.189.181:33802/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.129.95:48994/i id: auto-264a89c0b79072acd33762b6c8497c6c196e0812eab7ad0c005bb206e67ca9e0 status: experimental description: Detects traffic or activity related to http://222.140.129.95:48994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.129.95:48994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.47.239:42142/bin.sh id: auto-179a7bfa2fd6323a1d42a3e20a9b5a66a48a38022935d5568303060fc009a0cb status: experimental description: Detects traffic or activity related to http://117.217.47.239:42142/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.47.239:42142/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.14.181:51003/i id: auto-887eed27f9f8d8ae22fada50ea9b985926eee2742b1f51a57a92d862ec360314 status: experimental description: Detects traffic or activity related to http://120.61.14.181:51003/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.14.181:51003/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.80.247:48772/bin.sh id: auto-49fc99a4de57b246bf9d5ffc3cc5f2ebc51f2dc797167ecde2ce9cb8d01c951a status: experimental description: Detects traffic or activity related to http://182.112.80.247:48772/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.80.247:48772/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.141.68:56173/i id: auto-f34498bfbb3ad495dce4c75a1053a157cacc2e925e0845edeb02816ba4db76d5 status: experimental description: Detects traffic or activity related to http://61.3.141.68:56173/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.141.68:56173/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.83.200:55216/bin.sh id: auto-5d31d8ac285e5bd575b141882a897ee8f659675a4f74eb94c7bb6c0eb8d46dc6 status: experimental description: Detects traffic or activity related to http://113.230.83.200:55216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.83.200:55216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.169.234.18:60089/bin.sh id: auto-1f2ba570700ab09e131d05551b7314659740181f1ed13fb72da6fb62ee3226e2 status: experimental description: Detects traffic or activity related to http://202.169.234.18:60089/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.169.234.18:60089/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.198.154:51636/bin.sh id: auto-7bef91a4162c2ba92de0caf7a40a93826eb557a23cfe40e37f4fdbcba651c013 status: experimental description: Detects traffic or activity related to http://59.98.198.154:51636/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.198.154:51636/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.175.236:40074/bin.sh id: auto-ea42c5afde067402bb7bdc39994021d041320c382cb15244e058a4eddc9cbec7 status: experimental description: Detects traffic or activity related to http://42.238.175.236:40074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.175.236:40074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.14.181:51003/bin.sh id: auto-485657ce2fc9bbe57e62d9734f61db875af639ec51dabd69368352aca7e85890 status: experimental description: Detects traffic or activity related to http://120.61.14.181:51003/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.14.181:51003/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.129.95:48994/bin.sh id: auto-c134e1aee350b6e79daafa578d43e916672bf05fe0cb206d9bd586ec707199ca status: experimental description: Detects traffic or activity related to http://222.140.129.95:48994/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.129.95:48994/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.8.130:60497/i id: auto-6c08a30fc94cd16c0d1b16701de6eab63546445eb88b2aa773d7b600a7190cb7 status: experimental description: Detects traffic or activity related to http://117.198.8.130:60497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.8.130:60497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.188.137:50005/bin.sh id: auto-434eaeedabb5e9249c9cd8a3cc53dffa78356b73b507ba690a3b6f1d76af9c44 status: experimental description: Detects traffic or activity related to http://222.142.188.137:50005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.188.137:50005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.107.95:49630/i id: auto-4226f761414f60890eab104cf58a440e8ccf0667619dafa769077ab5ad4b70e3 status: experimental description: Detects traffic or activity related to http://61.53.107.95:49630/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.107.95:49630/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.242:32864/i id: auto-60c035c1171983f7ece6cecfa4798276ddcc25b4a55b5a955eaa77e8b0493f26 status: experimental description: Detects traffic or activity related to http://110.39.226.242:32864/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.242:32864/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.8.130:60497/bin.sh id: auto-fb576b6915afe6681e7686f41144b462218ce164b2ce05fc213166fe962bed67 status: experimental description: Detects traffic or activity related to http://117.198.8.130:60497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.8.130:60497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.180.92:38687/i id: auto-d795636b1a1a1f1a3bb343069fcfe7f396cafa1701c6724d0ac2801adba516d5 status: experimental description: Detects traffic or activity related to http://59.93.180.92:38687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.180.92:38687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.22.251:38790/i id: auto-c27317617f47968779d026f26863eb052fe5fea7ad39e7f4c141a67d4cad7200 status: experimental description: Detects traffic or activity related to http://117.223.22.251:38790/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.22.251:38790/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.157.78:48699/bin.sh id: auto-cad9b7d80d75d5b2f72eb5b2f091e176adb8537a289047ea4cf6c407f2eb06d3 status: experimental description: Detects traffic or activity related to http://61.52.157.78:48699/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.157.78:48699/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.114.245:53505/i id: auto-29aee55dd21760c8b312bf35f2b97dc981ce8d25c3b9b4c7ccd295765637aa8d status: experimental description: Detects traffic or activity related to http://42.4.114.245:53505/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.114.245:53505/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.168.124:47632/i id: auto-91f1db18051dc9d56bfe1f2b86650478cbb188314c25fb244101473733c01f26 status: experimental description: Detects traffic or activity related to http://115.54.168.124:47632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.168.124:47632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.180.92:38687/bin.sh id: auto-88017d94a2bbf9a0fe5d1c389ff857ee7ee1fd4508672124e7a4a342a8730041 status: experimental description: Detects traffic or activity related to http://59.93.180.92:38687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.180.92:38687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.22.251:38790/bin.sh id: auto-177f5bb4852548047ff938b214eeb9c59088ab39c04da02d70a7f2790c85a464 status: experimental description: Detects traffic or activity related to http://117.223.22.251:38790/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.22.251:38790/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.21.173.174:50695/bin.sh id: auto-4f8ed21e8fd2bcd67c1de58d609f49324f75359b679d6d1906bfc6af6b332ca5 status: experimental description: Detects traffic or activity related to http://60.21.173.174:50695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.21.173.174:50695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.242:32864/bin.sh id: auto-21954bc15a0b8a3d33c498dfe3d6b84833e6a08b793d16abe8ebdb1203ea6182 status: experimental description: Detects traffic or activity related to http://110.39.226.242:32864/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.242:32864/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.62.141:53994/i id: auto-94cf367feee54bcc2aca5c6694516c58520ef36f1f6aee0681bd2c9d519e65a4 status: experimental description: Detects traffic or activity related to http://115.57.62.141:53994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.62.141:53994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.168.124:47632/bin.sh id: auto-533332cc6d497a5302cd84235a61d38f0a21a1b17ab623885705200f40dc2839 status: experimental description: Detects traffic or activity related to http://115.54.168.124:47632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.168.124:47632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.238.155:53754/i id: auto-fa0724ae08563c37a9ddb5ba5e9f2c256787c2f35bafd41aa03057e268f7fda7 status: experimental description: Detects traffic or activity related to http://27.207.238.155:53754/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.238.155:53754/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.79.114:33642/bin.sh id: auto-3a6f766a85d861ea0813e28230f093c80747878c1b5c53941e2e5dfb7f8a5dae status: experimental description: Detects traffic or activity related to http://123.172.79.114:33642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.79.114:33642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.34.97:60702/i id: auto-a2c805f5e4b5624f81461cadc17c41fe33757b0e87f1d4e0061c5cac26a4a962 status: experimental description: Detects traffic or activity related to http://115.63.34.97:60702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.34.97:60702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.62.141:53994/bin.sh id: auto-fb2b935734a3076ae2abbec81f0441cb41279e2f53b3fb336becf93a583f8c0d status: experimental description: Detects traffic or activity related to http://115.57.62.141:53994/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.62.141:53994/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.238.155:53754/bin.sh id: auto-6f89f44e897fc09411069213c10d5601e5698ea897943e02a12794866dfc0198 status: experimental description: Detects traffic or activity related to http://27.207.238.155:53754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.238.155:53754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.34.97:60702/bin.sh id: auto-0879560085456ff40261a1cc1732d05c0f184c1b37b5cfe7f7ca1d2e921c8cb7 status: experimental description: Detects traffic or activity related to http://115.63.34.97:60702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.34.97:60702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.227.1.27:40257/i id: auto-6160bcaf5518dccc3bc38dfe749dd6d2a3c502c4ecf636d6fe63a8818b6f6e79 status: experimental description: Detects traffic or activity related to http://112.227.1.27:40257/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.227.1.27:40257/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.175.222:47729/i id: auto-680ecf3bccf330a371f3ee56752fd234978e5247d32eb3ac8411d46a7045ff0d status: experimental description: Detects traffic or activity related to http://117.212.175.222:47729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.175.222:47729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.7.249:55592/i id: auto-8783de91e9c52401585905d2a690f1acd510c4934ad891cb4868a3212bf5b651 status: experimental description: Detects traffic or activity related to http://39.79.7.249:55592/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.7.249:55592/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.184.31.163:35958/i id: auto-db78516a67804f118adddeab62653088da7384b6a4a55ce5d5babaf79fdebaeb status: experimental description: Detects traffic or activity related to http://119.184.31.163:35958/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.184.31.163:35958/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5773082822/WZLgwPY.exe id: auto-d6dd5c6f5d8ce42f6f938c6dea63f6ae4473ad5605ac42f6bc22cc504a5818bd status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5773082822/WZLgwPY.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5773082822/WZLgwPY.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/mn-authz-x7/s5-r9 id: auto-766dcca30cfc6fe8a8937e2c0ed85d25a2854ca2db6e991150126645b2718b7c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/mn-authz-x7/s5-r9 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/mn-authz-x7/s5-r9*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.49.128:42531/i id: auto-840865e4209368f378615ffd4862d3e084cca6a8fcbe99c768a1798cc76f3226 status: experimental description: Detects traffic or activity related to http://123.11.49.128:42531/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.49.128:42531/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-notify-queue-svc/at-fr-m id: auto-5c95354ef1a4f536285451ffa660d8c0ec9716f7c8ba7b2bed1d5477ccd97b80 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-notify-queue-svc/at-fr-m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-notify-queue-svc/at-fr-m*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.7.123:49656/i id: auto-4e5134502b8d3121620f8352456e0047a3b1dac5d6735f6521dbed70a547c336 status: experimental description: Detects traffic or activity related to http://182.117.7.123:49656/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.7.123:49656/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.175.222:47729/bin.sh id: auto-18796c6644e61e0232d8057ff09f787404f2a9b191ab492d7211e383bfd89f4e status: experimental description: Detects traffic or activity related to http://117.212.175.222:47729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.175.222:47729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.155.65:44403/i id: auto-f83ea9d479d4e6a00aec45144e70208c6263e1ba50bf34a8e8dc2d956179a5d2 status: experimental description: Detects traffic or activity related to http://123.5.155.65:44403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.155.65:44403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.184.31.163:35958/bin.sh id: auto-b6cc7f40f35f94646a5e801048e666f658f2c46effdbea2790859a130a87de08 status: experimental description: Detects traffic or activity related to http://119.184.31.163:35958/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.184.31.163:35958/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-core-sync-mn/set-fp id: auto-491bdbf8cdfb1574dbe74b3f3fe1a4b8f431709d0f7bba57c63ee74246de6010 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-core-sync-mn/set-fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/api-core-sync-mn/set-fp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.49.128:42531/bin.sh id: auto-8fd9bddbacef05594e57cc9b34b69d9aeac257adefd6c416e9196c33689c6645 status: experimental description: Detects traffic or activity related to http://123.11.49.128:42531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.49.128:42531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.52.217:57907/i id: auto-f3f0b3d59003c55fef4d4572d57d84d85f079d50b19abd6fb74422a2b0b31f72 status: experimental description: Detects traffic or activity related to http://113.237.52.217:57907/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.52.217:57907/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.7.123:49656/bin.sh id: auto-3da6df89f001b327d7aebc322ca2a9a6e8ed839aca1cd9d8d3af5f18884e185b status: experimental description: Detects traffic or activity related to http://182.117.7.123:49656/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.7.123:49656/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.58:56928/bin.sh id: auto-3bbbb764b5b19160380a1b24715138b7a6b43669b5d937747df010c7624f1c49 status: experimental description: Detects traffic or activity related to http://115.55.50.58:56928/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.58:56928/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.116.188:34514/i id: auto-9dca778411306116fa08fd2b6a9705cc3fa99d34ac802019b2103cfdf8870a82 status: experimental description: Detects traffic or activity related to http://182.121.116.188:34514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.116.188:34514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.140.49:56519/bin.sh id: auto-898a5ac5572ddbc71a5b25bfb2fa804e99807974df2972383527b2849715fc93 status: experimental description: Detects traffic or activity related to http://221.15.140.49:56519/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.140.49:56519/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.190.205:51293/Mozi.m id: auto-5d2e9342cecffe18a6ae04b1cd07d4b983d66876f919ab1024ec4445949fd506 status: experimental description: Detects traffic or activity related to http://182.118.190.205:51293/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.190.205:51293/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.52.217:57907/bin.sh id: auto-8f95cf322c8ea18826513def9e5e99f33874a7fcc26dab40defe85d66fad5f3e status: experimental description: Detects traffic or activity related to http://113.237.52.217:57907/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.52.217:57907/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.158.192:51649/bin.sh id: auto-6e99bd13750519e4baa8055f4e16097b840b94ac268dc2b1fe2e220d724e5624 status: experimental description: Detects traffic or activity related to http://222.140.158.192:51649/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.158.192:51649/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.226.52:58632/bin.sh id: auto-613adeba395de4ed0193106b94ff2a1b77ce790fdeaa3064da0dd40db9343243 status: experimental description: Detects traffic or activity related to http://115.55.226.52:58632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.226.52:58632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.116.188:34514/bin.sh id: auto-0ba992ef95787748c5a137a2e824f16638c71bdef942031a5048a21e9d25cfcb status: experimental description: Detects traffic or activity related to http://182.121.116.188:34514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.116.188:34514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.53.82:50093/bin.sh id: auto-e7999e6c9813fb35b0385b10f830ec92a9d195acc66865262377972bb02bb557 status: experimental description: Detects traffic or activity related to http://219.156.53.82:50093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.53.82:50093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.34.99:42344/i id: auto-cb293740c59dbb95341e47ec15c4beb272b52809669bcac6cd0a131343bda50b status: experimental description: Detects traffic or activity related to http://117.217.34.99:42344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.34.99:42344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.38.93:51682/i id: auto-316d4447b76209ea8236628040cf41e9d636895a5fb921e0333cef14b90b3887 status: experimental description: Detects traffic or activity related to http://115.55.38.93:51682/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.38.93:51682/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/654 id: auto-3164ca54476398f14cb53e994b96c66d2f68bb046112ff7c830423cdc359f6ef status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/654 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/654*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.214.56:60337/i id: auto-b748f11726270780baa5db5d4de825198543f8d28d5f2aa5b39ab15de3b888fc status: experimental description: Detects traffic or activity related to http://182.115.214.56:60337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.214.56:60337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/c12 id: auto-560b247550f5d453e9826c63ce23f78683235e5024c36489593816b5d711db34 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/c12 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/c12*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/sdfhsdf id: auto-6e1dd24d4b79175084915e475db5fe07244990be254c82a8b271ca967ff45a79 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/sdfhsdf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn-r-fty56-w795/sdfhsdf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.183.133.95:58409/i id: auto-ca36c113c183f199be8871e1ad37dc3f824f6dad2479f486bdc9e9d49fd05a7a status: experimental description: Detects traffic or activity related to http://59.183.133.95:58409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.183.133.95:58409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.34.99:42344/bin.sh id: auto-546469115586251a6067165c2d090331f00042e85a9bbb1487ad3c2423aa4ea5 status: experimental description: Detects traffic or activity related to http://117.217.34.99:42344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.34.99:42344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.38.93:51682/bin.sh id: auto-6424807bb29d29a8474825175a25c99a7159a7469323aa487e1c740ec3b1a94e status: experimental description: Detects traffic or activity related to http://115.55.38.93:51682/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.38.93:51682/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cd90-r78-h56-z80/qyetu id: auto-85c4a10d7dad6830df1a85e6d0b709942928b864011bcd2e6a43a277271375d9 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cd90-r78-h56-z80/qyetu which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cd90-r78-h56-z80/qyetu*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.67.63:50094/i id: auto-ef4ab2d439ae0b2c24ba936758dd648f607c7d2eedd68c6e326f395b8479d2a4 status: experimental description: Detects traffic or activity related to http://42.235.67.63:50094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.67.63:50094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.26.250:49752/i id: auto-1c7cacd1f21a0bbe580381296c3349bb96bace650c9f0df8d7d19f94726936b1 status: experimental description: Detects traffic or activity related to http://115.49.26.250:49752/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.26.250:49752/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.223.23.26:38898/i id: auto-c4209463f16fc40c3db7bbb3cc7b6c42aecb510de4ba567772cd06fe80b0768e status: experimental description: Detects traffic or activity related to http://117.223.23.26:38898/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.223.23.26:38898/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.51.182:37783/i id: auto-76e50cb537499d67f1236292b2bcb7dfe4a7fe9a0613cb3262a7e94edf847229 status: experimental description: Detects traffic or activity related to http://115.63.51.182:37783/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.51.182:37783/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.44.114:57218/i id: auto-92e0f6c71b94bee7c58df7698c856580dd13e0b33b818f7ae08374d2a4fcc027 status: experimental description: Detects traffic or activity related to http://27.207.44.114:57218/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.44.114:57218/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.69.46:53696/i id: auto-33a7484354401a8b81756605b1875a41be2e0fdcb63103977d2547422cfb0c80 status: experimental description: Detects traffic or activity related to http://61.54.69.46:53696/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.69.46:53696/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.37:35537/i id: auto-5150d10259507f8eb4aad14f4ef76a69facebd1870c237661a3b0945f7f3eeae status: experimental description: Detects traffic or activity related to http://110.37.0.37:35537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.37:35537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://powerjolytia.com/dashboard/redirect-state.js id: auto-b3944a1fb992ace2f6f0b9be92e316105160b6f492a721541a6687277abc8aed status: experimental description: Detects traffic or activity related to https://powerjolytia.com/dashboard/redirect-state.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://powerjolytia.com/dashboard/redirect-state.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://powerjolytia.com/dashboard/profile-asset.js id: auto-33675ff854c544dd48b9c7f1758985c9b82bd3946bdc50e164cc69619b8fede9 status: experimental description: Detects traffic or activity related to https://powerjolytia.com/dashboard/profile-asset.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://powerjolytia.com/dashboard/profile-asset.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.141.172.170/profile id: auto-7b60b8612a15b58563e86db6d53af789c84d2395336d6647b24a603da6ec0154 status: experimental description: Detects traffic or activity related to http://79.141.172.170/profile which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.141.172.170/profile*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.36.133:55946/i id: auto-421ff6d5a660fc9234bc4ed1548afbb0a7aed26a7841f9f08cac44488b58516e status: experimental description: Detects traffic or activity related to http://115.53.36.133:55946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.36.133:55946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.57.71:48010/bin.sh id: auto-d9dd44ff34bfb1f7c55c9de560829549321e68b70ed3b76fd35b9a61b4d61871 status: experimental description: Detects traffic or activity related to http://110.37.57.71:48010/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.57.71:48010/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.179.235:41344/i id: auto-170b0a1849e56154a01cf5e232cbf1eafd670c684f3f3ed1a2ed114ffa12ae80 status: experimental description: Detects traffic or activity related to http://119.185.179.235:41344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.179.235:41344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.193.139:52406/i id: auto-40b4792d48e4e37945c7b14cb7ebcef13a878c868333594fa92cf1a723f99b5e status: experimental description: Detects traffic or activity related to http://182.123.193.139:52406/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.193.139:52406/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.216.192.119:47959/i id: auto-386f06417ca14c7ba6b0dc274bc15e07f8fd95094c39ccc24265ccc19c294ff2 status: experimental description: Detects traffic or activity related to http://185.216.192.119:47959/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.216.192.119:47959/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.179.235:41344/bin.sh id: auto-ec6e570277568f37eb12d002c13f2424b35da3ff94b6c06adc7163ec6dd101b8 status: experimental description: Detects traffic or activity related to http://119.185.179.235:41344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.179.235:41344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.143.75:51490/bin.sh id: auto-520df6e0119062c8d7d4f688432d1afa164dde1416055ea3b4526586dda47b4f status: experimental description: Detects traffic or activity related to http://42.6.143.75:51490/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.143.75:51490/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.125.39:52348/i id: auto-51c5a4f54d0dd9692f897126d38da0d1376cc3bb125bb503d38212a5b83eea29 status: experimental description: Detects traffic or activity related to http://123.5.125.39:52348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.125.39:52348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.59.100.71:59498/i id: auto-c5be3824fb6bdb70b76eaf9b567b77a42bee6fef2042144f36d04e2d6dc81239 status: experimental description: Detects traffic or activity related to http://106.59.100.71:59498/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.59.100.71:59498/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.67.63:50094/bin.sh id: auto-332cd24953164bef99329395527b6cd5fae2b30739608ae5322189c46d38ed8b status: experimental description: Detects traffic or activity related to http://42.235.67.63:50094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.67.63:50094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.125.39:52348/bin.sh id: auto-be777152daa1478d5b7216eaa93e94a6a04437863041feebdcd409ecaa87d3a4 status: experimental description: Detects traffic or activity related to http://123.5.125.39:52348/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.125.39:52348/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.115.242.166:52720/i id: auto-c3e1bfd7cc9ff45cfc70f0aa75749349c63e9f997dc2f4c245e8db8c16c6af95 status: experimental description: Detects traffic or activity related to http://109.115.242.166:52720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.115.242.166:52720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.125.71:37538/i id: auto-8f4c20ce198d9b0e017dc52d0283ff32292ddb755fd2ab7fae0fef047e4d027e status: experimental description: Detects traffic or activity related to http://124.95.125.71:37538/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.125.71:37538/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695//cat.sh id: auto-d0ddfa7a7d166ffcc81f1c610df534dd2d7a484271c569f22c02b4032f39737f status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695//cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695//cat.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.17.240:43244/i id: auto-e57a99a2a111f70ced3fe38cb59b277e569b3df24a3087c2e99e7e9e83ce15b4 status: experimental description: Detects traffic or activity related to http://60.18.17.240:43244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.17.240:43244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdnd4510-712-s4-500/wefr id: auto-7d852168ec5f440d074b8a946763cb3b45caf7158a0044817f0ba5ee6c130c95 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdnd4510-712-s4-500/wefr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdnd4510-712-s4-500/wefr*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.228.84:57207/bin.sh id: auto-971f5afde8f6358170eeaca47e8f7829dffbf2bbe34a12c3f9d09ca1f587e9db status: experimental description: Detects traffic or activity related to http://219.155.228.84:57207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.228.84:57207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.37.72:48347/i id: auto-3b02d05b60bdd66b3f626d0452bf21ece6ecd941a927659af499f589735c711f status: experimental description: Detects traffic or activity related to http://60.18.37.72:48347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.37.72:48347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.240.240:46618/i id: auto-8ffe0136b65a1ebb5dec08264d540c1ae45bd3f1dd565ccc6f1b114f8b6afa45 status: experimental description: Detects traffic or activity related to http://115.57.240.240:46618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.240.240:46618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.125.217:44585/i id: auto-7808125cbe85e8c27577d87763a4771eed788a2dada5b5fe1d32bf4303190ef9 status: experimental description: Detects traffic or activity related to http://117.221.125.217:44585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.125.217:44585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.59.100.71:59498/bin.sh id: auto-8afac6265c51a4a1c08a5ccaa916d232d5a6a394494e079e720335caef4e1873 status: experimental description: Detects traffic or activity related to http://106.59.100.71:59498/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.59.100.71:59498/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.125.71:37538/bin.sh id: auto-127277fab86c6bfdc4555a1e7e35c8d7a639afcb762f881bad4364809d2b46a0 status: experimental description: Detects traffic or activity related to http://124.95.125.71:37538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.125.71:37538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.224.198:47369/bin.sh id: auto-d65350ab6877be81a12124c577f901b592ff20864d10491b768c93cfef158146 status: experimental description: Detects traffic or activity related to http://125.41.224.198:47369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.224.198:47369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.182.237:46276/i id: auto-b5aaf4de4d69166106b05964b818c3699db5433de90220d5416b1c875d41a592 status: experimental description: Detects traffic or activity related to http://115.54.182.237:46276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.182.237:46276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.240.240:46618/bin.sh id: auto-d3bcc2a5c7f5ca6f320a54edd330d4bdab4df52c6fb397367f878fb2eb9e9732 status: experimental description: Detects traffic or activity related to http://115.57.240.240:46618/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.240.240:46618/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.191.89:44262/bin.sh id: auto-507807013d9a84558386fa8b08f07aec8d8e348dde742ad0b5cc114a407b0893 status: experimental description: Detects traffic or activity related to http://42.235.191.89:44262/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.191.89:44262/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.125.217:44585/bin.sh id: auto-44a1d872485eb7b4bc7d3e191f106e02a3597138da52a780de05916518f5bd63 status: experimental description: Detects traffic or activity related to http://117.221.125.217:44585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.125.217:44585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.46.92:42819/i id: auto-788bfacae384d2aac11a1d6ca7d9306319b6ebf1da010e50e0953653121315d3 status: experimental description: Detects traffic or activity related to http://123.9.46.92:42819/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.46.92:42819/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.174.18:38876/bin.sh id: auto-d473b6651a9b734d819e6dfb34bf2e1a17b00a926d626e382a52e3b12fb6622e status: experimental description: Detects traffic or activity related to http://221.14.174.18:38876/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.174.18:38876/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.182.237:46276/bin.sh id: auto-6e430ccd7a87ce3f2018205a1bcd595db7f8d7d1e67adffe4d7704d62ff96f59 status: experimental description: Detects traffic or activity related to http://115.54.182.237:46276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.182.237:46276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/dat18-serv140-tg-se-mo/der id: auto-0b36faee33660a86d412cc898cc092569418ced3550eb286c4db4e9fbf253fd1 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/dat18-serv140-tg-se-mo/der which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/cdn-gstatic-6457/dat18-serv140-tg-se-mo/der*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.68.59:40042/bin.sh id: auto-d215baee97ec3b6c1734d4352a65d27dc2db4aa2ba0ee44a12cc5547b7006d3a status: experimental description: Detects traffic or activity related to http://115.57.68.59:40042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.68.59:40042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.46.92:42819/bin.sh id: auto-0ffbc9a2c15380378f5ccb924082402449baa393882fc23099c2069171191ff9 status: experimental description: Detects traffic or activity related to http://123.9.46.92:42819/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.46.92:42819/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.221.165:57949/i id: auto-4b97f6f79ecbd0502c0188691f3895447ad8e4392a2a4020af2ece8fb0569cb3 status: experimental description: Detects traffic or activity related to http://42.236.221.165:57949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.221.165:57949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_arm5 id: auto-10c2f674e45272fd3ecf0088a5d3e3e4933291356404baa4c02e7e51efc57260 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_spc id: auto-f667b25f439b4154498974a0cdd702579961c5066ec900ec115e827ef257e8ca status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_ppc id: auto-ff72561a4a7d6432eb18d6288c6ed08add0682f6533b89edccefe18a3a35f18b status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_arm6 id: auto-90ae79716e8a0e3bb3bd23fe766d713d22c382a604bd251260ae5d52b166c556 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_x86_64 id: auto-34ec69e4f9bf8e649ba452ddb05eea7f60d907d06c2796a3b53443ad2a0a5fc0 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_m68k id: auto-af54b6ffe7fe99e6cd212413cab15fc75c64616f7e52660ba2631dcba03e611e status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_mpsl id: auto-c965f076fdfff2a7e92a26cc907efee5a916c00a8b0b996a6c10dcc60ca7bd17 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_arm id: auto-93b461ae7ed8f80a4a2e9b75de9aa9883f4f0cf102fc4d87eb28d6cdf52f5998 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_mips id: auto-6af8bf304278d3657bd074da2fd6c58449053c949176c2bc61b5094527c91165 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_x86 id: auto-aa097ab2ac2fb6c68e1f2c86892a13356432dd4eaff45c4f7afb83e1a3530278 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/csk_arm7 id: auto-dd600996061b91893b8ec7d77b9c285026e7896b90321e50335d041981760b11 status: experimental description: Detects traffic or activity related to http://103.82.37.232/csk_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/csk_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.82.37.232/debug.dbg id: auto-870bd032fd9f6a1af654d6429c80ae22022b69defa94775edec1d6ba97b10a85 status: experimental description: Detects traffic or activity related to http://103.82.37.232/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.82.37.232/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.91.201:60432/i id: auto-33ce5bd75c23e8e584a33402f1d3469c34fa9a57c1f7fc8ab3d19a9632c49d17 status: experimental description: Detects traffic or activity related to http://123.185.91.201:60432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.91.201:60432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.7.63:35234/bin.sh id: auto-5ca78a769977c1d89ab03589c12ee8bbaa57972281e252ed6246eb8a4d950b6c status: experimental description: Detects traffic or activity related to http://182.117.7.63:35234/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.7.63:35234/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.189/arm7 id: auto-f738cf7dab0cac5c4b9aaec310959a87a117dc3f9f8aeda9f4f2204bbd3926db status: experimental description: Detects traffic or activity related to http://158.94.210.189/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.189/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.179/arm7 id: auto-b3b01975f59bd0dc3e3bcbe0f2456597fcce327a9d78da97196bb1ade5207f76 status: experimental description: Detects traffic or activity related to http://158.94.210.179/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.179/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.189/tarm7 id: auto-6365e1a9218a973c7fd5e6669b01e3414b2f1226575ae0c60582cb8e549affa9 status: experimental description: Detects traffic or activity related to http://158.94.210.189/tarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.189/tarm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.255.120.22/tarm7 id: auto-726a9d8d8d0fc59ef4b5c0e624a2d3482ec9626f9f9ec39d8c2ad1a7a560b712 status: experimental description: Detects traffic or activity related to http://5.255.120.22/tarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.255.120.22/tarm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.255.120.22/arm7 id: auto-6e1a74cbec6e6fe1a915542ef3c796b1413c759bf168c1b0a50ba58965f5620f status: experimental description: Detects traffic or activity related to http://5.255.120.22/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.255.120.22/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.179/tarm7 id: auto-0e5d34f379f2ae711ae8737c90227b3ee2af78ff301d29c4097efe84ff463b76 status: experimental description: Detects traffic or activity related to http://158.94.210.179/tarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.179/tarm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/debug.dbg id: auto-41cea4b385c7666a10d373690f4a18ad7fbc09691696dc8e8dbea9f68006522c status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_arm id: auto-9d180e6c9d0a8ba321e66013445ece936eb25c6aab55a12e354560f5b0730ff3 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://slowdomen.ru/authorize.txt id: auto-ca89613ca86e875313fa342657de56cb069e398083c1cf433f457dce2e5febea status: experimental description: Detects traffic or activity related to https://slowdomen.ru/authorize.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://slowdomen.ru/authorize.txt*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://authorizegoogle.com/ id: auto-2fb1d3e8f7113bb9afe6dd6511a9687479ad8c4eb0c210d47de663259259257e status: experimental description: Detects traffic or activity related to https://authorizegoogle.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://authorizegoogle.com/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://slowdomen.ru/ id: auto-087635ae242f6735bb47293720ee96a6852ab5b31fc7413b7a58fccbbd13099a status: experimental description: Detects traffic or activity related to https://slowdomen.ru/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://slowdomen.ru/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://authorizegoogle.com/ id: auto-78a9ad21eab0677e475482aea751eb52abc3cef1404cb54de1ec678e265dc1eb status: experimental description: Detects traffic or activity related to http://authorizegoogle.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://authorizegoogle.com/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://meetvideogoogle.com/ id: auto-f3f6ae3aeb8f820d0a330408cb600bf815c91ad655c84148f8a056dcbc52658c status: experimental description: Detects traffic or activity related to http://meetvideogoogle.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://meetvideogoogle.com/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://194.67.127.229/ id: auto-901f978edd93aa8dd2ed4c10d7f4303e14b1b4f3f7c5d81fce5a610268343c9d status: experimental description: Detects traffic or activity related to https://194.67.127.229/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://194.67.127.229/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://meetvideogoogle.com/ id: auto-d059c360167c887b0988e04ee2780d9ab426ecfa46068e539f7f8687e1c4f776 status: experimental description: Detects traffic or activity related to https://meetvideogoogle.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://meetvideogoogle.com/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://videomeetgoogle.com/ id: auto-dc1fb4b74d227251b4e296574d5f93bd3bf729d8c71324ce1e90bc0eb77fb134 status: experimental description: Detects traffic or activity related to https://videomeetgoogle.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://videomeetgoogle.com/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://videomeetgoogle.com/ id: auto-4d7c420d088ad9f309a7dfcdf65e5ec8784325bea8f3b82d29ee8e73462d7c8e status: experimental description: Detects traffic or activity related to http://videomeetgoogle.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://videomeetgoogle.com/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.67.127.229/ id: auto-ed0ac5b080af523e1c1ff6dc44454e267747fb25534eb97ad34f15084254dcb0 status: experimental description: Detects traffic or activity related to http://194.67.127.229/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.67.127.229/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.8.93.168/ id: auto-49e44b0ae3aa2e8b644912e5408a3716d9d47d042604eed92f6853a205075d44 status: experimental description: Detects traffic or activity related to https://45.8.93.168/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.8.93.168/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.8.93.168/authorize.txt id: auto-0510ec87c6284cf056e418987f0cacfe0ba8ebf2e289e48e0f427ee2ce80bf4b status: experimental description: Detects traffic or activity related to https://45.8.93.168/authorize.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.8.93.168/authorize.txt*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_arm5 id: auto-db930f72b03836dca46fd88ceab13d8216030e4f347c96866907da7502a98e4c status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_m68k id: auto-b031511c7a21b10f08e6c97386bb3192135caeb2c5a957df758ad1d78dad0809 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_arm7 id: auto-d2ea55fd4b89db5a5cecd2deb903329f964d8a5444829b4c58d99dc58f1967a0 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_spc id: auto-b76c4133cfe335bd9e6c67beb4f41a5e8820be4efd90cb2d66f47850678b8f2d status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_x86 id: auto-1e7b6d39cdb411331cc181aab1ea8c0143cb164275663e5c1ae78d813ba66290 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_x86_64 id: auto-1ba6ae0f597cb17410b161a548bb548bb6e4700f3323b14e55a2931c241aaa23 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_arm6 id: auto-789056ccb171b29017ed42c8812ce9af3471a953907627537d3c32de32ca56a3 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_ppc id: auto-2a1496514b12b0e165cd07db74903a47b9d1d403303bfc17a7bfc656d31c90ac status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_mips id: auto-b2aea080a4f3674b47975d54313f6776c190c958f06c54a72cb24b2ad7355490 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xoclo.fordvungtau.com.vn/csk_mpsl id: auto-1fb91601356c8db6209eaa1fa8449555d9cb0865ea348a01ab1c036079f86878 status: experimental description: Detects traffic or activity related to http://xoclo.fordvungtau.com.vn/csk_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xoclo.fordvungtau.com.vn/csk_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.236.221.165:57949/bin.sh id: auto-e00a2a2717015ed1158be6c1c1d266d45032babe97be9cc91ea17c49b6ed167f status: experimental description: Detects traffic or activity related to http://42.236.221.165:57949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.236.221.165:57949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.170.223:54855/i id: auto-2d49ba417fde142d86cef5b4b20a93c48219bda7f81c394e592f7e16c1e21b31 status: experimental description: Detects traffic or activity related to http://123.5.170.223:54855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.170.223:54855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.44.164:40275/i id: auto-e2b7dc87f5b475553e1170180db7fbb018c51504befad351c05cb3b3c04bf6a8 status: experimental description: Detects traffic or activity related to http://116.138.44.164:40275/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.44.164:40275/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.201.140.48:45744 id: auto-dc6a8594e14e0c571fd37548c64f625283a91418e3722f53891eefbdd018d7d7 status: experimental description: Detects traffic or activity related to http://27.201.140.48:45744 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.201.140.48:45744*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.69.216:33516 id: auto-36449a4d3ddf241232b506aba61ec09c3c74dbbb9c7b1ccd2f9366297cacb2ea status: experimental description: Detects traffic or activity related to http://115.59.69.216:33516 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.69.216:33516*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.130.112:56568 id: auto-be199c869f779dcd6793d11db4a49d6c0066a7fbe05520b222bd7c83a07c163c status: experimental description: Detects traffic or activity related to http://112.198.130.112:56568 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.130.112:56568*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.228:8030/reload.sh id: auto-4376f5d4b6f68fd36156ade084b2e97bc650a909d6c3d4c34fcea784323876e8 status: experimental description: Detects traffic or activity related to http://45.156.87.228:8030/reload.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.228:8030/reload.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.91.201:60432/bin.sh id: auto-9976b23529d0c790c19116a05216369c8ab57720bc6bdc8886836de73747bcc0 status: experimental description: Detects traffic or activity related to http://123.185.91.201:60432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.91.201:60432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.45.74.171:11855/.i id: auto-193d9be682f67f408e150e01a6435cc08124e40a8684f6c544408a216c4843bb status: experimental description: Detects traffic or activity related to http://14.45.74.171:11855/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.45.74.171:11855/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://90.174.92.184:13394 id: auto-7ece799cc317ff3877627aa90cb8b890ea0b879fc01b6c0e80fa2002c176f57b status: experimental description: Detects traffic or activity related to http://90.174.92.184:13394 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://90.174.92.184:13394*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.45.74.171:11855 id: auto-3c76cfaefa6ec8e0eb6842711ba4b642aee2e545f21a0488c8d7df44cdbbd93c status: experimental description: Detects traffic or activity related to http://14.45.74.171:11855 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.45.74.171:11855*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.227.173:34556/i id: auto-29b548c5f9cc23d9b37ca145cb1cdd28cb94d1ad304ff989bbb0da20c2833f34 status: experimental description: Detects traffic or activity related to http://42.59.227.173:34556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.227.173:34556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.241.186:49506/bin.sh id: auto-e1c462948f48961ac6115209df886d0b05cbafa61e4635bb91e403bd98616c94 status: experimental description: Detects traffic or activity related to http://59.97.241.186:49506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.241.186:49506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.228:8030/persistence.sh id: auto-1c60efcae0e8b7c20dbfebd642e1481f9807b84a48f0cf52a2f38c832e233dfb status: experimental description: Detects traffic or activity related to http://45.156.87.228:8030/persistence.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.228:8030/persistence.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.228:8030/bot.sh id: auto-a54d89555f615b86c036e15d636411a2acf02ac304fa5422a894f9685997dc31 status: experimental description: Detects traffic or activity related to http://45.156.87.228:8030/bot.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.228:8030/bot.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.228:8030/legacy_loader.sh id: auto-35f2e7955c865cc40ba0aaa898003ed5193ce217372e52f27c543fbc1658b8c3 status: experimental description: Detects traffic or activity related to http://45.156.87.228:8030/legacy_loader.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.228:8030/legacy_loader.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.59.36.18:2339/i id: auto-47644387521ddb6c3e606bed996b590971d00f5acdee654a91cd8ca8efe2e12b status: experimental description: Detects traffic or activity related to http://45.59.36.18:2339/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.59.36.18:2339/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.59.36.18:2339/bin.sh id: auto-c5cc6727c221a605f02721606097eccaa6d32d22063bb225999372dab7dffde8 status: experimental description: Detects traffic or activity related to http://45.59.36.18:2339/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.59.36.18:2339/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.227.173:34556/bin.sh id: auto-66fbabbe0becbe8f98e2c5c5e1dcdc51658315c5810b13b5c80381fb37f9fec0 status: experimental description: Detects traffic or activity related to http://42.59.227.173:34556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.227.173:34556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.121.250:51012/i id: auto-5e1cde1463ae8a821f718e9ad0e7204dbd07c83897f0afdf970bf09ea281271e status: experimental description: Detects traffic or activity related to http://123.9.121.250:51012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.121.250:51012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/parm6 id: auto-167f4627f65c17b9814449f6c9266a06b1443c699435cf01928610dae160239a status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/parm5 id: auto-1ad63089ee84ad3cc686ae11611475225c90d2aade70d5d9437f5179f8407073 status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/parm id: auto-95135ce6b0f3970de0a4430349a8da64b26a3000bf03ab8644089f60b723da54 status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.194.92.30/bins/parm7 id: auto-a4e07e3b754d9926c965134390943406c62a7ead7a6f376301992397d7401a7a status: experimental description: Detects traffic or activity related to http://45.194.92.30/bins/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.194.92.30/bins/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.212.86:43016/bin.sh id: auto-729ad0b5ea85e8f321fd1cd9bf9b0ea0666c18eb9ecd655490c501af381f8cb2 status: experimental description: Detects traffic or activity related to http://27.215.212.86:43016/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.212.86:43016/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.121.250:51012/bin.sh id: auto-90852e44ea9c78ef3244b2c3808097ec9e5cf8cf3d245853d89c2536187d53b4 status: experimental description: Detects traffic or activity related to http://123.9.121.250:51012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.121.250:51012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.45.210.43:8080/02.08.2022.exe id: auto-0b74335ac1d052d3ea85196376ff57f1b9b7f4407d6c645119a6c34d209683fb status: experimental description: Detects traffic or activity related to http://147.45.210.43:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.45.210.43:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.96.73.64:8088/02.08.2022.exe id: auto-c905d721b6a66890a460b1f4ee7277af34c97848dd9e9e15860a7b2ecfaa0b23 status: experimental description: Detects traffic or activity related to http://103.96.73.64:8088/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.96.73.64:8088/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.167.55.218:28394/i id: auto-d4d351f9dd21f7a88311e1f6755c3a887c73a8920358aa045bc0c2043ea45dd0 status: experimental description: Detects traffic or activity related to http://178.167.55.218:28394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.167.55.218:28394/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.10.212.116:9000/sshd id: auto-9c3282d9fe17d24e4e66f88f8f4042fa6be3b322bbe36b45c3db290141f6e60f status: experimental description: Detects traffic or activity related to http://37.10.212.116:9000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.10.212.116:9000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.1.13.248:57507/i id: auto-61bd495426255c17891fb151a41435fc9f2763701ea318e48687c46f8ad9a065 status: experimental description: Detects traffic or activity related to http://181.1.13.248:57507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.1.13.248:57507/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.19.47.234:56447/i id: auto-a28e6ce5e23636707e5cbec1d27e55cba120f45a1df314d256af746cb50f1c1b status: experimental description: Detects traffic or activity related to http://178.19.47.234:56447/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.19.47.234:56447/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.124.21.40:8085/i id: auto-718a94e616dd4f2c71f224abc4fc519c110e9ef27a3c3528057cdc6c30d54138 status: experimental description: Detects traffic or activity related to http://221.124.21.40:8085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.124.21.40:8085/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.187.37.200:27042/i id: auto-eba2bae54bee7afd43654fd0ea2b8593588d301c6c2419191ff4384c8cda41f9 status: experimental description: Detects traffic or activity related to http://113.187.37.200:27042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.187.37.200:27042/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.47.208.198:7046/i id: auto-610ccaf1db6c5fa0d275471b08849bff2cfd75663c391a590e38ffad7767bb26 status: experimental description: Detects traffic or activity related to http://186.47.208.198:7046/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.47.208.198:7046/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.183.123.251:51479/i id: auto-10ba2903993bc6c460a5a6d53e9644e2b34f5d67944a6cac4c35a0edbd19a3f5 status: experimental description: Detects traffic or activity related to http://2.183.123.251:51479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.183.123.251:51479/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.245.112.248/sshd id: auto-a612d403d2c997c4c892fc24f40a09e74fd6bdb5f8f5a833cfb9777b6ab5b030 status: experimental description: Detects traffic or activity related to http://14.245.112.248/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.245.112.248/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.45.149.45:25868/i id: auto-34cc9ebd4b935e19429782eb93652ffcb9b162cc6a758147fae4dc83b7f83595 status: experimental description: Detects traffic or activity related to http://31.45.149.45:25868/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.45.149.45:25868/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.225.203.24:40864/i id: auto-bff87ff54a88dda9d5d9281841439d804077475785faa002a35d87f0764b7269 status: experimental description: Detects traffic or activity related to http://212.225.203.24:40864/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.225.203.24:40864/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.255.210.242:45640/i id: auto-cecfcec5b71979b25ca2074809a831de5410accfffa4368449f9edebd9e0e34d status: experimental description: Detects traffic or activity related to http://37.255.210.242:45640/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.255.210.242:45640/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.109.174.102:22455/i id: auto-2b27d2369059e2c84cff3c86cd0b20ff27ed83475e682493050c1129e9ff42de status: experimental description: Detects traffic or activity related to http://116.109.174.102:22455/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.109.174.102:22455/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.116.246.97:8000/sshd id: auto-c3fbc053b953c5d0dace475fda28b121d4baaf2c836332c1f0d2bec75e21b45c status: experimental description: Detects traffic or activity related to http://171.116.246.97:8000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.116.246.97:8000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.42.229.80:15195/i id: auto-c022dd963d4cb32969b1ae6cbd8d9afc87f3b0af9035bb3eb3b1eecfaf6295bf status: experimental description: Detects traffic or activity related to http://118.42.229.80:15195/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.42.229.80:15195/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.166.63/sshd id: auto-e8aa36994f32d474683b952dfb0f9fa747d810ed2185dc9cf50924488d85ac3f status: experimental description: Detects traffic or activity related to http://83.224.166.63/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.166.63/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.61.12:39997/bin.sh id: auto-a4da0b0d25872276870def7b9a3f051830075cf86071d20d8b9ca31f1fcf8eb6 status: experimental description: Detects traffic or activity related to http://42.178.61.12:39997/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.61.12:39997/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://iaonocvn.atendimentozm.com/ id: auto-719dec3aaba5d354bd55a212c056a44d242cbd7ca4c1ff2a50c85626fa317d95 status: experimental description: Detects traffic or activity related to https://iaonocvn.atendimentozm.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://iaonocvn.atendimentozm.com/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://apiqqmug.atendimentozm.com/ id: auto-f3b646000fefac426cf6eecaef6175d089772ea3f379f4c433236a7fded19d9a status: experimental description: Detects traffic or activity related to https://apiqqmug.atendimentozm.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://apiqqmug.atendimentozm.com/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.1.220:52979/i id: auto-d95fd337c6ce6d30d53dfa3b9c7d61114d9e31319c1c84d4429ebce957497811 status: experimental description: Detects traffic or activity related to http://115.50.1.220:52979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.1.220:52979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.148.84:58313/i id: auto-7a3361ee3d98416cea945eda86a9706c042320ac7ae01f6a055a286037ca8e53 status: experimental description: Detects traffic or activity related to http://115.48.148.84:58313/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.148.84:58313/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://shztibgb.atendimentozm.com/ id: auto-91930145185432b45939ca9836ee268b1f93892841b64052f837eb20e6fb52c1 status: experimental description: Detects traffic or activity related to https://shztibgb.atendimentozm.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://shztibgb.atendimentozm.com/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bjtvyfqp.acouguegbcompras.com/api/ id: auto-9f9d998e7471380ec8a55657d0be7667f678dfed16be709c4e335ae4dab5ca69 status: experimental description: Detects traffic or activity related to https://bjtvyfqp.acouguegbcompras.com/api/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bjtvyfqp.acouguegbcompras.com/api/*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://nnpnkqfu.znsuportech.com/ id: auto-4f5969c164dc048c4a6851b034b8bb70fc89327a92a33e63761c0eaddcc44918 status: experimental description: Detects traffic or activity related to https://nnpnkqfu.znsuportech.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://nnpnkqfu.znsuportech.com/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.106.147:45330/i id: auto-cf2003d0627e0d8a7d470e710a0ae480d1a22647fe540c71980cf2efea423913 status: experimental description: Detects traffic or activity related to http://42.233.106.147:45330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.106.147:45330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sancaktepekombiservis.com/js/voice3567800122006222039012.msi id: auto-40b30fdd34b5ca93244bb530382167d70925f683e453fed0c88d9acd4d1e9d02 status: experimental description: Detects traffic or activity related to https://sancaktepekombiservis.com/js/voice3567800122006222039012.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sancaktepekombiservis.com/js/voice3567800122006222039012.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.252.63:46206/bin.sh id: auto-46a4043778ce890c24627999a4e88ac003a7e60471609c05aecd2ae6c7254f04 status: experimental description: Detects traffic or activity related to http://222.142.252.63:46206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.252.63:46206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pixeldrain.com/api/file/Kv7Xig8o id: auto-5289dfc6793126881782ac44681731455cc3f06f06c8f7923ce6b77d662cbb06 status: experimental description: Detects traffic or activity related to https://pixeldrain.com/api/file/Kv7Xig8o which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pixeldrain.com/api/file/Kv7Xig8o*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/aibpcqx.exe id: auto-2e1c31c0514fb69eaf010cfc2022567ee27766b68034823d2af9d2dcdac59d86 status: experimental description: Detects traffic or activity related to http://62.60.226.159/aibpcqx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/aibpcqx.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/84.exe id: auto-716780ffd405e7a2f30f38a23c01034a2891e8b0620397442db0beaa6486b658 status: experimental description: Detects traffic or activity related to http://62.60.226.159/84.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/84.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://yourutube.lol/YouTubeRU.apk id: auto-ee7b6ac69a817bda894d7605cc26e4dc82e744b08a5ea3e390f3f4caaf41ee8b status: experimental description: Detects traffic or activity related to https://yourutube.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://yourutube.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://helpdps.tech/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-6015a76c53817459a4a19a464445bb8fc9b7cdb44a6302c1a3708a97d15054eb status: experimental description: Detects traffic or activity related to https://helpdps.tech/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://helpdps.tech/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://rus-youtube.lol/YouTubeRU.apk id: auto-0a26ef3a2ab0771757703942a2689c19fd3666cefd2e0c6499c8ece4889d81cc status: experimental description: Detects traffic or activity related to https://rus-youtube.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://rus-youtube.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_arm5 id: auto-acc0e56bf69830608b46e2af72ecb0480bd7bf90d1e164dd2bf16f039ab11902 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_arm6 id: auto-11b46cb000611493ea134529af25e5c0ba9b5cf45ce16d337de8a27dac695407 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_mpsl id: auto-809ee64ed0fc9354038265eba08bb09b775315a3c91bd41200204fbdbd8c8954 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_arm id: auto-7b02ad6a34b7133fbf53f18e7a75bcbc5f8fcdfe171e3a7ab03c805962410f38 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_x86_64 id: auto-e01af1657ce5011e053ab715e55d0b2a54f6b27b86599989e82dbc63abf27e70 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_ppc id: auto-11a3f7b5da8f004b87aea5c06bf4af6e561265cafde1fb39aa24b7bcbb527af6 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_m68k id: auto-45163c76e1b8ff6b840da12d7b24d1b9ae4a06cc2df29638c129aef53350db05 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_x86 id: auto-710684c099fef96a64c4137c5375f67ab5c5e879a48ffb4010ffadd1e96f4ef0 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_spc id: auto-415141cd1846a1222adb973be28d72b57d2d6cd395263e0931d087b332e37907 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_arm7 id: auto-cccfcb49bb5d562f52ab5ea3a09b395b39b035a3f042b8f3337a9eebda465435 status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.225.20.10/csk_mips id: auto-c9aa391250e3014bf74d36e956b790b0de880403f11f1242d9f5e36414e23dea status: experimental description: Detects traffic or activity related to http://14.225.20.10/csk_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.225.20.10/csk_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.122.206:42940/i id: auto-2be303b1eb991d8387c9ccc7a4a86dc744a0630d7306a63a64d183d7510b8569 status: experimental description: Detects traffic or activity related to http://123.9.122.206:42940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.122.206:42940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.122.206:42940/bin.sh id: auto-1ba5bc5db9d7e071e725cf07ffc4ef61e2d29ab42a408b18949705bde6aa2685 status: experimental description: Detects traffic or activity related to http://123.9.122.206:42940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.122.206:42940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.1.220:52979/bin.sh id: auto-0ebcf47a334c70d4fddec146dcf8cb036c45efeec5f1f34369091c538818df3e status: experimental description: Detects traffic or activity related to http://115.50.1.220:52979/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.1.220:52979/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.2.35:45249/bin.sh id: auto-ba1020fec09a10e2c56067e048d1cf99e0c3ae74ef83c0ec7d010830072a9dd7 status: experimental description: Detects traffic or activity related to http://115.61.2.35:45249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.2.35:45249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.148.84:58313/bin.sh id: auto-1138a27dbb86f4afa91adc509353cef08c6d79285e54117d9bfd09fc7b9b056b status: experimental description: Detects traffic or activity related to http://115.48.148.84:58313/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.148.84:58313/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn10-712-s4-500/87 id: auto-6f0f78376a86ad6ca169e242cb404c41ef62fdbaf6c96639f52bfebdc5b7281c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn10-712-s4-500/87 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn10-712-s4-500/87*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn10-712-s4-500/12jh id: auto-d41560ee13191c8e4608c2d956936d9f41937c652f033a15ce76e47489a40e99 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn10-712-s4-500/12jh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/Fabriziovigna11/cdn10-712-s4-500/12jh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.63.132.77:49315/bin.sh id: auto-c91fa93b88f4cbe608a930dde860eddccce0d3a44cc20ef8a7b996a1edf2bf22 status: experimental description: Detects traffic or activity related to http://117.63.132.77:49315/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.63.132.77:49315/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://nets.b-cdn.net/KrofInstaller.exe id: auto-fd05a8018f31f3ecdc8d321e7ad9319e089e77645672c988624e8d062ec2c0f0 status: experimental description: Detects traffic or activity related to https://nets.b-cdn.net/KrofInstaller.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://nets.b-cdn.net/KrofInstaller.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.239.193:43744/i id: auto-f9bcda1f9762d416315d9fbcf851a7ffe1405f1b7aa6b1e7beb50ea328ee013c status: experimental description: Detects traffic or activity related to http://115.48.239.193:43744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.239.193:43744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.mips id: auto-dc2c6442db22e8bdb4203544ae8495aa6205ead020b363aa9685be3623ca7a4b status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.arm7 id: auto-d38dcda55f2f0f737a1dd76b69cc9b70668d4dac8023743cc503b8f61e2c0068 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.mpsl id: auto-ea0dc999de3193b262ed932b3346df5f0f4da1f2d9c16337b885cd9296ad4b2a status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.i586 id: auto-72522e39b5ea21b193be26f3f19fa4067f4719823baa2d69660668afe81c8ab4 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.sparc id: auto-5494f96e3f268557aa16e95b980a3caf1d3fde860a5660c83ca7cc4fa26efec1 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.arm5 id: auto-db6f191dbf92d235725c29562dc349aaddd13bdf1855d19bb26f893bee41b28c status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.arm6 id: auto-b54c10198e550e436206bf0b1e6f4b319ebc728b9f64dcf2feb56c81f1162602 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.ppc440fp id: auto-5142c1bcce7f6efd2fe8de5f7b55b2e8030d260279471b3c8d452d4114555be2 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.ppc440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.arm4 id: auto-0ccc969fd0a2c1bfe1255a7f5f2f12871bd1149598ac8d0668f68946183ee55e status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.x86 id: auto-2e6020ef3d5f9477211e8d5d6f71fce0f83c777b79ae7236a52ec6a03c3cee94 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.ppc id: auto-e89ee761f503a705eefb48ceb79f941e24381eb2db4234fdaf3a1031920f7421 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.i686 id: auto-6178a69071637ed264c4d7174bc8ac613692b9c88ffe437a0216d8c32ab7d52c status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.sh4 id: auto-eff4c6a401278129dbe9fc4b08dd38e6516ed65445e7f99eb7f28544e261e6b6 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/Demon.m68k id: auto-e49ca84822168ad739fb39b484aafd2799c7f937926a836b2c8e0032146027d4 status: experimental description: Detects traffic or activity related to http://185.208.156.212/Demon.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/Demon.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.arm6 id: auto-4302901bf0dfd24be395109ad730f173e50e2953e9e2b27836abfc2b78c37fff status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.arm7 id: auto-7176f75b051abc220ee6b6c708c868bc03db3e4dbe70f53b323ce1aa7052c1c9 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.mpsl id: auto-06132520b23e675e749cd15a79bf8b6bdafb1bd872bcfe30d029e57474c395f0 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.spc id: auto-d8b59f68053693b4ed1c8e4d500b8e82e832742cdd46ad962ff513d024c0362d status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.m68k id: auto-be5cff0332b708e298a7a024d7d93484aaf9792b6eed5cba538d14393fe43efe status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.arm5 id: auto-a40de51fcbaa3f4d0fcf41dd26ff012e05d9552cd95c0ad709abafb803276253 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.arm id: auto-9b5c1e36bcbce4942c986d97e1eb3512abffee6c25ba68781c2239e7c62e1619 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.ppc id: auto-eb88e85e3652843b9dc64d478c1a3f928e7c7aaf75f48a6cacd20c322219fac4 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.sh4 id: auto-16d57fe7ca8a32d9f63d39088779b3ed055c81d0d525ac9fe174b5da2141c2aa status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.i468 id: auto-090103516221441f45ab5e31b325ad18ca5e11fc5c3d17df23a002715990c046 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.arc id: auto-63b6e35d9c6d8d0b0937eaaaa987f3bd53908a83e2361d66742cb038386e3f1d status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.x86 id: auto-895574431e20ab0d32bb45652b49198413ac006f964bef1c9aaee8187ba08914 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.x86_64 id: auto-4ef3500d0e31a751c73c6262aefaeeb240c2c1fae6a11eed3c431244eac1093a status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.i686 id: auto-8dbd848d978ff9c0d15b8410787d335f51fecc55c9343f0e8b7b4a36dc71ad87 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.189.159.56/johenlastgen/johen.mips id: auto-113494e876a4dcf5a5e6a9d2ac7a082416b23fc3350159b09a2511c8442700e4 status: experimental description: Detects traffic or activity related to http://206.189.159.56/johenlastgen/johen.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.189.159.56/johenlastgen/johen.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.138.106:52514/bin.sh id: auto-e423bd1e335695445dca68f0fb33786e646ab0bc7130e65d12c4fd0b8f1970ec status: experimental description: Detects traffic or activity related to http://182.121.138.106:52514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.138.106:52514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.239.193:43744/bin.sh id: auto-349ce3c5c8932c1dcadfb973070b0af1e0b9395a29fd7a63e8928716d16f9597 status: experimental description: Detects traffic or activity related to http://115.48.239.193:43744/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.239.193:43744/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.140.49:56519/i id: auto-5517c80c30d065bdc01056c763d8acc62f4b1ab118a7e648fa4d4a2ffc582480 status: experimental description: Detects traffic or activity related to http://221.15.140.49:56519/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.140.49:56519/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.111.243:35384/i id: auto-486b1c5b50556a01d03a61cfe62eb58e56c9db0bed0f83d6b86275e8b0b789c7 status: experimental description: Detects traffic or activity related to http://182.121.111.243:35384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.111.243:35384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.211.94:35474/i id: auto-8e1d89d9f7aad340bede50ec7614e7e2adcad45cb938d4b3f2723dca84735053 status: experimental description: Detects traffic or activity related to http://176.226.211.94:35474/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.211.94:35474/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.69.14:48372/i id: auto-646682c8db0fb2aac0a42d9a4d9a3132b9138c642568305214dbc8d7e96b4e05 status: experimental description: Detects traffic or activity related to http://42.226.69.14:48372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.69.14:48372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.83.93:57700/i id: auto-722150cfd1c4797e1c80f17f2146f4ff8b0632e2957169066905005693cc9c5f status: experimental description: Detects traffic or activity related to http://219.155.83.93:57700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.83.93:57700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.203.113:47479/i id: auto-3bc1f331728ccb39572813d8d43b7a593e49843a8e602b2e917316d555bbe52d status: experimental description: Detects traffic or activity related to http://182.124.203.113:47479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.203.113:47479/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.144.152:58183/i id: auto-4ead1499ec69e545ed75cb530a584e19097816be41d95f118dc652bb677b3514 status: experimental description: Detects traffic or activity related to http://222.137.144.152:58183/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.144.152:58183/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.247.7:55373/i id: auto-320912b9f9849c6c337c61c5afdd3a0afcf7786b16ecbb16da5a4f569cacd69f status: experimental description: Detects traffic or activity related to http://125.41.247.7:55373/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.247.7:55373/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.96.57:44938/bin.sh id: auto-ca817e5a357bdadf8d1692152e282ccb17e175e633d1f2ba33999520f3c656b9 status: experimental description: Detects traffic or activity related to http://112.239.96.57:44938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.96.57:44938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.143.75:51490/i id: auto-28182b006492b12bddca8a91c8cf757bfd33010f0c450c90a45e2695562a5cdf status: experimental description: Detects traffic or activity related to http://42.6.143.75:51490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.143.75:51490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.213.74:43395/bin.sh id: auto-d300bb119991d28946c0ffc61e7455c439404a034725d0a291c1ee3bccbf8fe4 status: experimental description: Detects traffic or activity related to http://42.231.213.74:43395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.213.74:43395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.238.116.41:55076/i id: auto-643935e8bc5f2292b55952a6573d75362aae7bc3aad6d25a97e1207cf2331cb9 status: experimental description: Detects traffic or activity related to http://124.238.116.41:55076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.238.116.41:55076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.2.221:53360/i id: auto-e959f754bc1cb4f74e54337a0c12f85148ca9340f10c366face667a95e091d69 status: experimental description: Detects traffic or activity related to http://125.40.2.221:53360/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.2.221:53360/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.235.119:39117/i id: auto-71e2766700a459c8aff8dd2082c9bc5f92868761ff8c18c9574764bce592ed15 status: experimental description: Detects traffic or activity related to http://182.121.235.119:39117/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.235.119:39117/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.211.17.98:57227/i id: auto-8cb60bf3dd2c91786ecced3fff1f6694b5f523adece72a165fa379576a2fa463 status: experimental description: Detects traffic or activity related to http://60.211.17.98:57227/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.211.17.98:57227/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.100.42:42728/i id: auto-c81d5491732d19a3af087203f7e95d171492ca28117df569f1059e1f1eac9e7c status: experimental description: Detects traffic or activity related to http://42.228.100.42:42728/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.100.42:42728/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.186.212:60392/i id: auto-9e0f7f3c9c7ce2d34fcef95d7f28ae721f7bbed97e801257acd60d5bbe84c1ad status: experimental description: Detects traffic or activity related to http://222.140.186.212:60392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.186.212:60392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.120.101:43322/i id: auto-5591a263bf5969eb0d51b571b00e0fde17d8edb3488754ccbafc5356a1374eea status: experimental description: Detects traffic or activity related to http://182.116.120.101:43322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.120.101:43322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.255.113:48268/bin.sh id: auto-74b480b231ee28f8820d29991fb92209dc091b9c185c95c8f5d9bc6e7abf05ea status: experimental description: Detects traffic or activity related to http://115.50.255.113:48268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.255.113:48268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.36.61.196:39171/i id: auto-5e4950de3cd1884e9e163a32400ae20d4a7fc9814d4cc94459e8382745daffa5 status: experimental description: Detects traffic or activity related to http://177.36.61.196:39171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.36.61.196:39171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.120.101:43322/bin.sh id: auto-767544ada6a469c53e46d03b0379d98148b00479c5399437e1cb18611f313eac status: experimental description: Detects traffic or activity related to http://182.116.120.101:43322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.120.101:43322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.36.61.196:39171/bin.sh id: auto-a2855b3c07969307f21c5d4c52ac5d6e7b83a2d161d6643a8ce9161a7a43d471 status: experimental description: Detects traffic or activity related to http://177.36.61.196:39171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.36.61.196:39171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8465439155/5gxAKyF.exe id: auto-efe1b34bcc4601973a4020d305471dd13e0e85ea12d32c140b13bb5b384e1d3e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8465439155/5gxAKyF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8465439155/5gxAKyF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.28.86:38867/bin.sh id: auto-a62003f7e3a5d3d446cd2559f69de1032272d3ef4ad85678ddb48accd6ea9dc9 status: experimental description: Detects traffic or activity related to http://182.112.28.86:38867/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.28.86:38867/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.36.164:59889/bin.sh id: auto-b4c9007fa990e63bd1242c8b7556bce55b71fd6096cade93d39c51e7acf19572 status: experimental description: Detects traffic or activity related to http://182.116.36.164:59889/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.36.164:59889/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-wkvHMgY4/cdn-318-s46-412-fd/sh100 id: auto-053fa2a04c3038c15316217866536f14e31224cf7db50c68c973ae919aa9f0fc status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-wkvHMgY4/cdn-318-s46-412-fd/sh100 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-wkvHMgY4/cdn-318-s46-412-fd/sh100*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.196.120:33809/i id: auto-1e914a2898bbc60a25af0c02f9cccaa19252215de4108e6c872f6b4ef678f001 status: experimental description: Detects traffic or activity related to http://125.46.196.120:33809/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.196.120:33809/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.98.236:50756/i id: auto-e74e1c00d5054da9ab78daac2bb60dd07562ad8a72759671b76e9a2547a07656 status: experimental description: Detects traffic or activity related to http://202.107.98.236:50756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.98.236:50756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.127.47:60960/bin.sh id: auto-0ec6442792254be5645f7e688bcb6d5388c137cbc6b157d714015ec6ed8e3b59 status: experimental description: Detects traffic or activity related to http://123.14.127.47:60960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.127.47:60960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.146.33:47628/i id: auto-d6f85f3650d853f5629f4030204dc43535aac3e40ecf089229003c0be8ae4853 status: experimental description: Detects traffic or activity related to http://115.48.146.33:47628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.146.33:47628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.237/viewer/Tgsetwpbuhlemyv.exe id: auto-6c5dfed013169d3ab4ec46db32082793397912580ce32c2338302382e1d9509c status: experimental description: Detects traffic or activity related to http://91.92.241.237/viewer/Tgsetwpbuhlemyv.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.237/viewer/Tgsetwpbuhlemyv.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-210-sa-api-key/ps1 id: auto-11e36e8044ac8083eb07dfb9ee6bebfd4b13c5ac98b6518d7d83816ed1de8782 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-210-sa-api-key/ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-210-sa-api-key/ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.237/viewer/Frqjoqszrskvncv.exe id: auto-d3545234b31548a49a45e4b399a35b04af98a9b9018c10a04a06ab4dc0993e2d status: experimental description: Detects traffic or activity related to http://91.92.241.237/viewer/Frqjoqszrskvncv.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.237/viewer/Frqjoqszrskvncv.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.196.120:33809/bin.sh id: auto-3fb38f7fd9f986e989e1587bab0ca40847d4cd21a2dea826c32fc23fe1408ecd status: experimental description: Detects traffic or activity related to http://125.46.196.120:33809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.196.120:33809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pw91.xyz/api/pw id: auto-d17fc263a54f726e03867f14c0a41446f15f2303cc9c65b607815c47c78d8916 status: experimental description: Detects traffic or activity related to https://pw91.xyz/api/pw which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pw91.xyz/api/pw*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.192.249:47644/i id: auto-708010196ab79bb5cb354fca5522d6066d6b9b59e2e616c8bf6300479dde672c status: experimental description: Detects traffic or activity related to http://85.12.192.249:47644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.192.249:47644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.146.33:47628/bin.sh id: auto-75249686c0b7446ebdda4c0ba9a24123f2056695583acfa2a41811c20588c701 status: experimental description: Detects traffic or activity related to http://115.48.146.33:47628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.146.33:47628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/bins.sh id: auto-c0d0c6c756ff6266ba4fe685bf21d08bdf3d811478c74dff8b83d0152df8628e status: experimental description: Detects traffic or activity related to http://185.208.156.212/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/bins.sh*' condition: selection level: high tags: - attack.t1059 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.210.139:35362/i id: auto-ec6cf9060cc084472c44674b9dd73acb5509d8c52ef4727c031dd4446978d5fa status: experimental description: Detects traffic or activity related to http://219.157.210.139:35362/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.210.139:35362/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.108.34:57746/i id: auto-1fd7204b967875e31615df662216fba12e08553bf570b91dee412e1c37d99f77 status: experimental description: Detects traffic or activity related to http://125.47.108.34:57746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.108.34:57746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.5.9:55083/i id: auto-cb7aafb63ccf764954dade0585d109c583a08790bfef3e2312adb2d07ff54007 status: experimental description: Detects traffic or activity related to http://42.227.5.9:55083/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.5.9:55083/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.120.186.104/files/loader/OnoMiner_obfus.exe id: auto-6f8fac442baa8b3416e8491a68076c29df45e822b28831319352fb18fb724a6b status: experimental description: Detects traffic or activity related to http://87.120.186.104/files/loader/OnoMiner_obfus.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.120.186.104/files/loader/OnoMiner_obfus.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.120.186.104/files/loader/SteamSetup.exe id: auto-9348ad6520a754a4ed6b07c4888c4c249c6fba46d4376484d4c10ddda8f351a5 status: experimental description: Detects traffic or activity related to http://87.120.186.104/files/loader/SteamSetup.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.120.186.104/files/loader/SteamSetup.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.109.140:44753/i id: auto-1dfa016c7ba7da909199faa1fccd62a8ccacea314bdec516f437d4e84de728ba status: experimental description: Detects traffic or activity related to http://182.127.109.140:44753/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.109.140:44753/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.210.139:35362/bin.sh id: auto-680ce9414959838e55955c39d39b3c9f1cb89fe054c9271e012ee4e3302087d2 status: experimental description: Detects traffic or activity related to http://219.157.210.139:35362/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.210.139:35362/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.108.34:57746/bin.sh id: auto-a7f8c2adae07a6bdc32d4d32840739bacafac7394096f08832a49de52abad005 status: experimental description: Detects traffic or activity related to http://125.47.108.34:57746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.108.34:57746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.176.76:49511/i id: auto-d472e770658b0a43f14a401347a4fa7ae4d9d6b4461816951befaa85abd43d57 status: experimental description: Detects traffic or activity related to http://123.8.176.76:49511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.176.76:49511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.192.249:47644/bin.sh id: auto-9bde737609a5d74fba26b1c7753fa944f429437cd867a6b3eac74d50176eb6ed status: experimental description: Detects traffic or activity related to http://85.12.192.249:47644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.192.249:47644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.109.140:44753/bin.sh id: auto-1fe91ef6395d551607824dc2024c53a6b23341f9795bb7fbbf68e8482752d853 status: experimental description: Detects traffic or activity related to http://182.127.109.140:44753/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.109.140:44753/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.93.121:36027/i id: auto-9ab3ea3f9bafb53f9a230a5d73e2c03bc8df9243590169a02fa468ce5b89b5d7 status: experimental description: Detects traffic or activity related to http://182.119.93.121:36027/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.93.121:36027/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.131.60:57861/i id: auto-feaa932e4c3b9ff2019c95245d8606e84727beab69bd5228a9667db96e68f8a9 status: experimental description: Detects traffic or activity related to http://119.117.131.60:57861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.131.60:57861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.96.25:33172/i id: auto-a3af736437f3a217c52afc361444d40c960835b0b6a0ff0816394de44109471d status: experimental description: Detects traffic or activity related to http://116.138.96.25:33172/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.96.25:33172/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.66.128:51752/i id: auto-c8c961f7a3191b7183ee1f886119f98047115c149173f815ed1c86686be7b780 status: experimental description: Detects traffic or activity related to http://58.47.66.128:51752/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.66.128:51752/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.60.118:53384/i id: auto-d45eaa267527ec4e64c0d98753f6f290072d40d00da5cab91608405bb52de84e status: experimental description: Detects traffic or activity related to http://60.19.60.118:53384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.60.118:53384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.93.121:36027/bin.sh id: auto-0dbe3a04888a594ac415dd0e1e4651e5ef0030dfec9fe9020c50669dcdbbeb92 status: experimental description: Detects traffic or activity related to http://182.119.93.121:36027/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.93.121:36027/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.63.132.77:49315/i id: auto-d778650ddcc70729cb214fc154feaa66bc962248f4b7ddd6bc92c34c4f283bc1 status: experimental description: Detects traffic or activity related to http://117.63.132.77:49315/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.63.132.77:49315/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.131.60:57861/bin.sh id: auto-a0e11b7aa79783f0b4424f3c167ef4de738a0a283a099c50e3b799b41ddd7a9c status: experimental description: Detects traffic or activity related to http://119.117.131.60:57861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.131.60:57861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.53.82:50093/i id: auto-014b91807b6cc52b311a3b806ba0a6e585f8eb7337ce539cf943989cd2a7b1bf status: experimental description: Detects traffic or activity related to http://219.156.53.82:50093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.53.82:50093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.140:51840/i id: auto-cdf1ca1eced76f264c31cc9696791466f50c53915e94da0b29d56bb4405f9235 status: experimental description: Detects traffic or activity related to http://219.156.62.140:51840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.140:51840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.53:54486/i id: auto-b7478f85e9792c9e25d66d48c39353e27994be34e43ab5dbfa199f4427fc653e status: experimental description: Detects traffic or activity related to http://117.209.19.53:54486/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.53:54486/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.213:43796/i id: auto-dd8f577535eabc7e18540ef0eab961b6bdaa9e6b09f7c7cf5fc2c8bcc0d9bab6 status: experimental description: Detects traffic or activity related to http://117.209.120.213:43796/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.213:43796/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.183.82:57740/i id: auto-8f3c2707b64c6ac9d957895b0be4910f7bbbc4a53e79e36b773d6d1aaf521e21 status: experimental description: Detects traffic or activity related to http://115.57.183.82:57740/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.183.82:57740/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.67:39086/i id: auto-09b9a78172a7d5d5dccd7fa27b7cb7bef6d65af7467cb385e91a0fc543c402f8 status: experimental description: Detects traffic or activity related to http://117.209.22.67:39086/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.67:39086/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.172:53462/i id: auto-2f011f168fdc98e354c8676604f67ce014bff9fc8a963aabc814e1afced8a406 status: experimental description: Detects traffic or activity related to http://117.209.85.172:53462/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.172:53462/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.147:46700/bin.sh id: auto-5c3e767546353e56eaab200fed0d0aefa5fbca48929725a733fc8f289cd44d19 status: experimental description: Detects traffic or activity related to http://117.209.94.147:46700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.147:46700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.109:55296/bin.sh id: auto-7971b5fb1a0b024103ee6c8e7d788b020012e8b278714302307f9216a06cece6 status: experimental description: Detects traffic or activity related to http://117.209.86.109:55296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.109:55296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.150:33133/i id: auto-e988a8541b51e117d0cecd30913920d2def98670c8cc3b93a311969c129d0f67 status: experimental description: Detects traffic or activity related to http://117.209.28.150:33133/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.150:33133/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.9.196:51114/i id: auto-12a9d75812fc4a6af89ed72b119135ddaa74f32a50dfa3dd209b76678bb37d82 status: experimental description: Detects traffic or activity related to http://117.209.9.196:51114/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.9.196:51114/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.102:38950/bin.sh id: auto-2b377392b68d76b4065e16f6200d96694752dc988231f3c1a48c074f4684c8de status: experimental description: Detects traffic or activity related to http://117.209.91.102:38950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.102:38950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.70:40955/i id: auto-779780d85f8dfddc3271cde818cec8f0fc5026079d64faaf80b3a75afc0322fe status: experimental description: Detects traffic or activity related to http://117.209.22.70:40955/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.70:40955/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.90:45410/bin.sh id: auto-092358aa8f85bf630454a49c6c3acaa5454068a05b8336447017962287793fa9 status: experimental description: Detects traffic or activity related to http://117.209.95.90:45410/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.90:45410/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.138:54442/i id: auto-415adc9bce41eea0475d832de8002d9493f95b77372bb14fbe87ec9938e985ad status: experimental description: Detects traffic or activity related to http://117.209.83.138:54442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.138:54442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.90:57511/bin.sh id: auto-444a5b49a43ddaee310454166623cbc9ca355f55ffcc7fa9aeee4fdc950df27e status: experimental description: Detects traffic or activity related to http://117.209.89.90:57511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.90:57511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.242:54219/i id: auto-4ed59322a2f762a3774143bb715f38ed9b4e8b08627ceeea178da2bea2241fd3 status: experimental description: Detects traffic or activity related to http://117.209.16.242:54219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.242:54219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.90:45410/i id: auto-75631b93a3065f00e1f5b68689e4016bcc94e282573ea192f5de6ee360701adf status: experimental description: Detects traffic or activity related to http://117.209.95.90:45410/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.90:45410/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.182:56055/bin.sh id: auto-ee624e7f808d03791bf32c03f72cc6d21e646756600a745db5ffa8d9724dd5c5 status: experimental description: Detects traffic or activity related to http://117.209.17.182:56055/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.182:56055/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.206:38192/i id: auto-900339c250540911bd49c1c211c4769a6f6fb3b60f609c0810f6e249027457fb status: experimental description: Detects traffic or activity related to http://117.209.92.206:38192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.206:38192/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.226:47873/i id: auto-0e62ffed0d639fd2084767afafcc2046db125bf98c244a106291540b70ce507e status: experimental description: Detects traffic or activity related to http://117.209.88.226:47873/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.226:47873/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.137:53698/i id: auto-6fccbcd1f9a088ddcabd43b9faac312eaee2f98cb347d26195ba68724baeb3fa status: experimental description: Detects traffic or activity related to http://117.209.8.137:53698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.137:53698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.225:50269/i id: auto-79ea76ec39911f66f763d93b2faa9176fcb4cd3067a289e9634522f65776e296 status: experimental description: Detects traffic or activity related to http://117.209.90.225:50269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.225:50269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.28:55897/i id: auto-e1f81968e9fd90fddfb31d322029cab5fa4962ee713ae00f3fc538bf95040303 status: experimental description: Detects traffic or activity related to http://117.209.28.28:55897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.28:55897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/i id: auto-7c732dda8320350b16933786acb77a627353219589500226e23cefe8eb3b690d status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.112:59811/i id: auto-8159f07e33e190b59c46e7bddf967009c1bb63873e2d32ccac73634931ed874d status: experimental description: Detects traffic or activity related to http://117.209.85.112:59811/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.112:59811/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.238:59548/bin.sh id: auto-7728b2b5d07b68ad7373635e55480462ff9436bb8581c0c4acc3196913a0acb9 status: experimental description: Detects traffic or activity related to http://117.209.26.238:59548/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.238:59548/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.237:48701/i id: auto-6ccbfd3e86470b7ea99e940f292f1d1d4f66b4f7abfe2524d4e1048b7c4dfe31 status: experimental description: Detects traffic or activity related to http://117.209.91.237:48701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.237:48701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.69:33911/bin.sh id: auto-6f247d0e430478347b0d7dd69a278a8cb6a8e823a5639b7d3898feedd3f5310b status: experimental description: Detects traffic or activity related to http://117.209.20.69:33911/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.69:33911/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.240:59318/bin.sh id: auto-4b03988bf4275bab4f35e26a892e10e0a41210da9c8edcc3d5b401373e36c6c7 status: experimental description: Detects traffic or activity related to http://117.209.82.240:59318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.240:59318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.143:39157/i id: auto-ed7fac047d048ef532fc876610ab93e8f5836ffec4d2c9aa79a64201ff6baf2e status: experimental description: Detects traffic or activity related to http://117.209.115.143:39157/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.143:39157/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.108:54988/bin.sh id: auto-692b117c13faa2d614639178995486381223e0d127deed93a8aa807e2a0966b9 status: experimental description: Detects traffic or activity related to http://117.209.91.108:54988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.108:54988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.4.204:36448/i id: auto-e4512739d6c09995d253a211e7c24307bf8c7b1f86dd9d84c1bc5aea55494d02 status: experimental description: Detects traffic or activity related to http://117.209.4.204:36448/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.4.204:36448/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.4.204:36448/bin.sh id: auto-332332142d9a8605854afa8d1835a98fd7c5c32b6e147806baebc1de332fcd98 status: experimental description: Detects traffic or activity related to http://117.209.4.204:36448/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.4.204:36448/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.0.155:40669/i id: auto-9064d150347b1e96941c44764e34af95592ca9c88fa37e35d7f16189d421e524 status: experimental description: Detects traffic or activity related to http://117.209.0.155:40669/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.0.155:40669/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.17.182:56055/i id: auto-a645653042716e477fa175a8f4adc787e2470caf3cbcac56fcf445dc8a3b523b status: experimental description: Detects traffic or activity related to http://117.209.17.182:56055/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.17.182:56055/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.85:36944/bin.sh id: auto-080a03f254e4218290df535283625d8f711d554c4eca6dd51cab61969bbce4dd status: experimental description: Detects traffic or activity related to http://117.209.89.85:36944/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.85:36944/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.48:35883/i id: auto-5a6ead058cf01a5fe4ae390819f5dc59bc09d28654c7acf4751e3b2909f3129a status: experimental description: Detects traffic or activity related to http://117.209.84.48:35883/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.48:35883/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.234:46938/bin.sh id: auto-da1243cdf3f485b9f3e2b610624d5ba9090508d0a5798877c9c7b139062f985c status: experimental description: Detects traffic or activity related to http://117.209.3.234:46938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.234:46938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.102:57421/bin.sh id: auto-f00ef456a759c8f944792593f41caff7ab923818c35c962b10ad38da1c10381e status: experimental description: Detects traffic or activity related to http://117.209.21.102:57421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.102:57421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.158:54489/i id: auto-8385ffee0daa440f98fb75bcc17bc295b3c7b33c92f990c4d3c717198b75459f status: experimental description: Detects traffic or activity related to http://117.209.27.158:54489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.158:54489/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.111:45213/i id: auto-142da7aa601892fb97be8e29ec847beb0869fa7b6cbe1b8b5a68696ea5906492 status: experimental description: Detects traffic or activity related to http://117.209.81.111:45213/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.111:45213/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.53:52898/bin.sh id: auto-081fb9130c0db0ca4a8cf7520055842fa2fc8c2c0b3f5587b37626ae8b33cbdb status: experimental description: Detects traffic or activity related to http://117.209.93.53:52898/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.53:52898/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/i id: auto-22206b240277e884f768ae806c02aba9eee1b32072416451cf232860d7aefc67 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.228:47426/bin.sh id: auto-adf0b26792316e9d6caa5045864079a37262522b29913c0ebba84d848e7fb2c2 status: experimental description: Detects traffic or activity related to http://117.209.82.228:47426/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.228:47426/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.247:42471/i id: auto-5eb93972ee4f4df2105e64349a722625061d8dc16eab6f9a18cfe2d1a5a68d12 status: experimental description: Detects traffic or activity related to http://117.209.24.247:42471/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.247:42471/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.4.211:41022/bin.sh id: auto-022dae48cf706b6497a86d4e195ce25e25bebebb0d8f04405c86a073fb2d7d45 status: experimental description: Detects traffic or activity related to http://117.209.4.211:41022/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.4.211:41022/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.188:46026/bin.sh id: auto-9f764044e498374157db6f0dc6bc8ed3f5f0181b836419f81a5bfdc58b602c8a status: experimental description: Detects traffic or activity related to http://117.209.91.188:46026/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.188:46026/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.75:41428/bin.sh id: auto-148a715bb8da01925806502566ac7913002f03f80b7861d943f715890d97916d status: experimental description: Detects traffic or activity related to http://117.209.81.75:41428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.75:41428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.86:51507/i id: auto-86ee68c0c548a851a990973c6626f92fb6000cb130898b9aa2683a8411ca3ce3 status: experimental description: Detects traffic or activity related to http://117.209.26.86:51507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.86:51507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.137:41300/bin.sh id: auto-121997286034b73afd6ecd17ce432caf60d09f92543c8dd6aec6f71342ad788f status: experimental description: Detects traffic or activity related to http://117.209.90.137:41300/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.137:41300/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.67:39086/bin.sh id: auto-56cf76d64b6c7f34a255bba07dd3f576284930c22bc90b33aa3564b86e285960 status: experimental description: Detects traffic or activity related to http://117.209.22.67:39086/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.67:39086/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.142:37367/i id: auto-755dd5777e26af404f81ca6f12fbd30fdc2cf3096be606c84b8521f856d60d42 status: experimental description: Detects traffic or activity related to http://117.209.21.142:37367/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.142:37367/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.27:45942/i id: auto-9a43b864e4b932674be1ebf47b93b8ffb61bcb0465c266f67b3cefca51fc1397 status: experimental description: Detects traffic or activity related to http://117.209.86.27:45942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.27:45942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.142:37367/bin.sh id: auto-752246d1e4cb181e245dbe32f4b1831cd86c50aaaee72cc3e98bb860b9c3cebf status: experimental description: Detects traffic or activity related to http://117.209.21.142:37367/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.142:37367/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.99:33454/i id: auto-657cae65503881424bc04c362e19fcbdbeb0a2d5727f8a1f39a31c1665c323f6 status: experimental description: Detects traffic or activity related to http://117.209.6.99:33454/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.99:33454/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.242:54219/bin.sh id: auto-b40e8d02cf650c4bf00bbe6e243110dce5f3d4d36af36651011f0acb6664ad7d status: experimental description: Detects traffic or activity related to http://117.209.16.242:54219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.242:54219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.93:37937/bin.sh id: auto-6c238086d4058942bee659c2e970bb32881a69ebd44fe15825a54270b725984c status: experimental description: Detects traffic or activity related to http://117.209.82.93:37937/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.93:37937/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.247:42471/bin.sh id: auto-a777e2e68268a2034813e288fa3ad836322dbfdfbd184b3ab6f88adda2eb4f4e status: experimental description: Detects traffic or activity related to http://117.209.24.247:42471/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.247:42471/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.15:46999/i id: auto-a96f4a4ba0690fb172f6940a536ddd8c0933f2293305c4451456df00826503ac status: experimental description: Detects traffic or activity related to http://117.209.118.15:46999/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.15:46999/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.18:41637/i id: auto-6d112368511ef77f4109fd6d26eba681fe21fc5842fafeb96b1417c803460e73 status: experimental description: Detects traffic or activity related to http://117.209.24.18:41637/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.18:41637/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.4.211:41022/i id: auto-1ba181c7978c9c7931282011d3c699b5c9cd8b322aafeca0debb476b2ff2d9c7 status: experimental description: Detects traffic or activity related to http://117.209.4.211:41022/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.4.211:41022/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.110:42792/bin.sh id: auto-eb89494af34cf663337b0083d9253002576adf7236ee1183cb12341e3becd079 status: experimental description: Detects traffic or activity related to http://117.209.26.110:42792/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.110:42792/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.0.157:35614/i id: auto-8cc11740239559413c9249cb985128ffc9494e84403d16da9dde3296d51b48d5 status: experimental description: Detects traffic or activity related to http://117.209.0.157:35614/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.0.157:35614/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.31:55185/i id: auto-b009a51ce22065e63d69879889668935a6bc6e16c064bd7eb9b45c75031c2ede status: experimental description: Detects traffic or activity related to http://117.209.95.31:55185/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.31:55185/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/i id: auto-f4908f16da26f52eabebe942a3383a724d804cb844ff259d1608305d5d22dca3 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.54:45555/bin.sh id: auto-b1ef445c78c024ccde162ae5430cdad9d8f4775edda240048108ec45c7c0d659 status: experimental description: Detects traffic or activity related to http://117.209.94.54:45555/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.54:45555/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.132:49349/i id: auto-6b2f801ff2ae56bca89629220811701bfcc3150a505e3a66dbf1328e93a5e711 status: experimental description: Detects traffic or activity related to http://117.209.2.132:49349/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.132:49349/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.186:49473/bin.sh id: auto-876bfd317d2ef49d8cf3bb062bce71cc9acdf482473e802a991b7c0f115179b5 status: experimental description: Detects traffic or activity related to http://117.209.80.186:49473/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.186:49473/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.154:43438/i id: auto-93e6880a354d20f96d4093a1c93decab3cef96a06151f524b1f16f8b028544c2 status: experimental description: Detects traffic or activity related to http://117.209.18.154:43438/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.154:43438/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.108:54988/i id: auto-e562fa445a3e97088148019e031e99f3562232a7ef32ab8909a845c7862d65b0 status: experimental description: Detects traffic or activity related to http://117.209.91.108:54988/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.108:54988/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.118.15:46999/bin.sh id: auto-dd7443782e23a191b98d637480fcc3b55b270b15c3a96cc66387eb42aaec04c7 status: experimental description: Detects traffic or activity related to http://117.209.118.15:46999/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.118.15:46999/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.154:41071/bin.sh id: auto-d489ce9649c883f5f2db1a5bde68b168468a4d97df6e76c1ba6fa1db2931d350 status: experimental description: Detects traffic or activity related to http://117.209.85.154:41071/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.154:41071/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.233:52620/bin.sh id: auto-b1c1463170649f3de18e920653e6b6aa35ec3d71d277d9a53a577b2b52f778fa status: experimental description: Detects traffic or activity related to http://117.209.83.233:52620/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.233:52620/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.110:48770/i id: auto-b4fa858726653b87f44a84140eee13c58078cbec267fd170a938a9207cc380d4 status: experimental description: Detects traffic or activity related to http://117.209.87.110:48770/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.110:48770/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.83:50356/i id: auto-d2ca43ac79c78a10d19326d92cb6e19b3d028f2c2f6ab168adb3c9dd908ac25f status: experimental description: Detects traffic or activity related to http://117.209.2.83:50356/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.83:50356/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.175:54944/bin.sh id: auto-6a1384736af03bb191e527a45bffed7391eb25c9390942dd0e1ba73a217cb5e8 status: experimental description: Detects traffic or activity related to http://117.209.23.175:54944/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.175:54944/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.212:44104/i id: auto-de172ff1080ff88bd5718e500fb0186b213897c2140c587429ff5c40bcbabb8b status: experimental description: Detects traffic or activity related to http://117.209.84.212:44104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.212:44104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.24:41576/bin.sh id: auto-9ad823b2553de4d170cdf168f73ac6e61f1465579336ba237a424db7c1f7b589 status: experimental description: Detects traffic or activity related to http://117.209.88.24:41576/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.24:41576/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.90:57511/i id: auto-5cb33e051497ce1aa7a398f02a39e1392a2049195a319c430a73c35a27d0ea1b status: experimental description: Detects traffic or activity related to http://117.209.89.90:57511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.90:57511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.151:57137/bin.sh id: auto-36a539d7236a8b81ae668fe5f95aa233af6237ebdb3b9398917b1b2ff6c81868 status: experimental description: Detects traffic or activity related to http://117.209.87.151:57137/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.151:57137/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.112:59811/bin.sh id: auto-f61a494c1ae7bdf186686d0bafc99976f53bb2e1edc4713f868585bab8aecc79 status: experimental description: Detects traffic or activity related to http://117.209.85.112:59811/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.112:59811/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.151:57137/i id: auto-07bcefddfc43eb4db143e485912bdfda3b232c18a966002434419f8348fc9928 status: experimental description: Detects traffic or activity related to http://117.209.87.151:57137/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.151:57137/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.111:45213/bin.sh id: auto-7c9eb60ce2c9dfd927153aac3dd175c49df430dd40cc0ee64c422ee8cd6e0e0d status: experimental description: Detects traffic or activity related to http://117.209.81.111:45213/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.111:45213/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.197:57369/i id: auto-89aedcf5867675832e3f49457b04f341fc63310dfedab9e0ed09a4627a7f09c0 status: experimental description: Detects traffic or activity related to http://117.209.2.197:57369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.197:57369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.40:37966/i id: auto-b8ade2a1225008c55b22bfaa02978c3e6c830d03e789752958d80f1a2fcce737 status: experimental description: Detects traffic or activity related to http://117.209.83.40:37966/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.40:37966/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.193:51348/i id: auto-0625588339f695ca29f22d8aa6dad3dd220028c10743dd021cd4a79a023297c3 status: experimental description: Detects traffic or activity related to http://117.209.15.193:51348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.193:51348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.157:53761/i id: auto-c8a2108e2de8a42b5f5be78334ea2d356b02bee68a36cdbc9af5bf7166b4c4f0 status: experimental description: Detects traffic or activity related to http://117.209.88.157:53761/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.157:53761/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.116.108:54912/bin.sh id: auto-f584f6d30bbc8574adabb844d91943592345a93d4047a20f19750809231d9091 status: experimental description: Detects traffic or activity related to http://117.209.116.108:54912/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.116.108:54912/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.154:41071/i id: auto-c55f535ee8500fc608c132d6e505fbc265883098f5c6fb4e15010f68774fe35d status: experimental description: Detects traffic or activity related to http://117.209.85.154:41071/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.154:41071/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.10:40702/i id: auto-8d3397628f016b0e1e9e33044f0773c04b82c5246827cc4e7fb85c39b832c33d status: experimental description: Detects traffic or activity related to http://117.209.30.10:40702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.10:40702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.238:59548/i id: auto-7ccdacfeb5f6a5aecc22997ed7d2d74f4a299c95cc5093649eba778dbe523f5a status: experimental description: Detects traffic or activity related to http://117.209.26.238:59548/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.238:59548/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.21:52829/i id: auto-063e7d6effcc4562a35a7b4019e43795c9b24bcd8a8c5d02cae7069d0f6b0a95 status: experimental description: Detects traffic or activity related to http://117.209.13.21:52829/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.21:52829/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.30.10:40702/bin.sh id: auto-b49e4f3faf99710502c73230d495e56b6b2a6b70b887e4d25f3fcad311c23ce6 status: experimental description: Detects traffic or activity related to http://117.209.30.10:40702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.30.10:40702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.186:49473/i id: auto-a729bc3ca810f3fe1395a1ffb6de78361f840d282093375f6e5e9f1726692cfa status: experimental description: Detects traffic or activity related to http://117.209.80.186:49473/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.186:49473/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.237:48701/bin.sh id: auto-d27dd7fd49c161bb71475e79c03901fc534429975f1760a8a079c52cfb06d433 status: experimental description: Detects traffic or activity related to http://117.209.91.237:48701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.237:48701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.13.21:52829/bin.sh id: auto-20855dd89a7720940672494975aa9be0fecab30e75586e7c6a30364d2f1fa3af status: experimental description: Detects traffic or activity related to http://117.209.13.21:52829/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.13.21:52829/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.244:37575/bin.sh id: auto-e52c3bae5e85dc9d8f6679386668fd391c692a950625fa05cfba4231902b5db5 status: experimental description: Detects traffic or activity related to http://117.209.24.244:37575/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.244:37575/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.87:45386/bin.sh id: auto-e47c2661f327b80ed8c84316e96d6159209e995019f73d189ea922917526d70c status: experimental description: Detects traffic or activity related to http://117.209.18.87:45386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.87:45386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.185:58708/bin.sh id: auto-20b82beb24f2eb4dbf272511c59111ecd8640e69976859081f4a659e137f38aa status: experimental description: Detects traffic or activity related to http://117.209.95.185:58708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.185:58708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.147:46700/i id: auto-fbbc066734cd33b5e4bb40924929518e3bcce05e4a38590b7019bf0b0723fbd9 status: experimental description: Detects traffic or activity related to http://117.209.94.147:46700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.147:46700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.55:55628/bin.sh id: auto-3eba0499c7cbb9e15aa8a44c5a59cec3ca3ad13a3fe3acebbbc2033b0ba14aff status: experimental description: Detects traffic or activity related to http://117.209.2.55:55628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.55:55628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.44:47629/i id: auto-49908a3b08f888af275c5152b0faf473ec4375dfae15eae06332b98cb531f1b7 status: experimental description: Detects traffic or activity related to http://117.209.2.44:47629/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.44:47629/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.179:34663/bin.sh id: auto-24519d88ce19588285e2ed1d622277b3d493fbaa567e7ef93efb3fa396ef191a status: experimental description: Detects traffic or activity related to http://117.209.84.179:34663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.179:34663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.19.53:54486/bin.sh id: auto-78e93d94eed952d30f3bafcf9f6da0fd47d207060df707194ac9e99db548df67 status: experimental description: Detects traffic or activity related to http://117.209.19.53:54486/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.19.53:54486/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.123:54400/bin.sh id: auto-f06a0167a3e6023f71e1d808861f220c7a6053ad1fcb2ed52df88e0c4df70bd1 status: experimental description: Detects traffic or activity related to http://117.209.85.123:54400/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.123:54400/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.216:44464/i id: auto-332c3f38647ba4f5e2bb36fe066ab91200b207aa773d38eb000e1fc3fd6940c7 status: experimental description: Detects traffic or activity related to http://117.209.88.216:44464/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.216:44464/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.0.103:56415/bin.sh id: auto-be1243f96a688958f4518b82cdbe20a06ed3e9723c84964a151ba43d64c85bb1 status: experimental description: Detects traffic or activity related to http://117.209.0.103:56415/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.0.103:56415/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.117:41616/bin.sh id: auto-62ff18ad456a12df085cbea93623a3ce41ce4ebd19569cf6d9f21be7ee9c804c status: experimental description: Detects traffic or activity related to http://117.209.8.117:41616/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.117:41616/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.117:41616/i id: auto-be74d6122616df96df5a7dd7c4f341420eab7f81fda48b266f0d78dec13b5599 status: experimental description: Detects traffic or activity related to http://117.209.8.117:41616/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.117:41616/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.169:50897/bin.sh id: auto-6050ce4da68491983c1d7b4c4092f9cc1bccdc21d6c7f4fc462150582b52072d status: experimental description: Detects traffic or activity related to http://117.209.82.169:50897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.169:50897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.137:41300/i id: auto-1d5cd86823722e5b12987df219ccbf9ba8543b1ecc958ed7f270f67bed2a6881 status: experimental description: Detects traffic or activity related to http://117.209.90.137:41300/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.137:41300/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.69:33911/i id: auto-f98c331137409d367d7c24cf939406f13f6b0fb72db1e3414d1021f6dddc8b98 status: experimental description: Detects traffic or activity related to http://117.209.20.69:33911/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.69:33911/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.44:56375/bin.sh id: auto-348d95e8bde0de54e3eeb58f172acefae235476f1497135314bf722d5c325177 status: experimental description: Detects traffic or activity related to http://117.209.91.44:56375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.44:56375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.45:59420/bin.sh id: auto-c07c9b6997760bb952451e550907743e678ef4c0c313f50cd7493b19f08fe5a8 status: experimental description: Detects traffic or activity related to http://59.96.137.45:59420/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.45:59420/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.199:51714/bin.sh id: auto-0a05ba77d39a8d61f0278a10b2ce54fe8d8ab2a1b85e06d48933809ab4124f9f status: experimental description: Detects traffic or activity related to http://117.209.85.199:51714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.199:51714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.177:42703/i id: auto-56a8cb4dfed93a777aa9ff97c7e9c784d595d62991773a303e0554855e38efd9 status: experimental description: Detects traffic or activity related to http://59.96.137.177:42703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.177:42703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.239:53159/i id: auto-ce9126f1f38df08ede5bdaf372860517bca7757d14c73a24ae200fe256886266 status: experimental description: Detects traffic or activity related to http://117.209.14.239:53159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.239:53159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.97:57412/bin.sh id: auto-7561582334e5e342d4cfbb8e39a88c13fb253655f4c07dab51933b52cfb39b5d status: experimental description: Detects traffic or activity related to http://117.209.2.97:57412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.97:57412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.185:58708/i id: auto-bd1932f2eb323e18497d03c7a0ac0a2f65dfe3e069983a9e4671e6121cbd46f3 status: experimental description: Detects traffic or activity related to http://117.209.95.185:58708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.185:58708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.244:37575/i id: auto-fc9c5980a0ba83d4c52afa4bb92c566f9429698919728bc3fbd1e8a4b47ef517 status: experimental description: Detects traffic or activity related to http://117.209.24.244:37575/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.244:37575/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.68:42565/i id: auto-df0bfb678973f8df29cbdadcc753cd20ca4719e46eea28bcfe1d8383f440fd04 status: experimental description: Detects traffic or activity related to http://117.209.95.68:42565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.68:42565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.212:44104/bin.sh id: auto-2e4fd8b90da4479980abc4cdd52dc1253bb2490c4373fba58453f2f7f80b7520 status: experimental description: Detects traffic or activity related to http://117.209.84.212:44104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.212:44104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.200:43122/bin.sh id: auto-e6726d1d1b16669bc8ec8dc58b490ad3f2311cc8ea415e948dea6cb9bdf82649 status: experimental description: Detects traffic or activity related to http://117.209.87.200:43122/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.200:43122/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.123.220:47644/bin.sh id: auto-7696c566d6b6ea2a1874bc875b97aa83fb26bbb13bba57213044326bb4b1eba8 status: experimental description: Detects traffic or activity related to http://117.209.123.220:47644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.123.220:47644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.137:53698/bin.sh id: auto-1c0265ea8c7222a81c46026e25d7925a65e50eafd4cf774788163421adaf34aa status: experimental description: Detects traffic or activity related to http://117.209.8.137:53698/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.137:53698/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.66:38287/bin.sh id: auto-9dae1024e89dccd3ad89416ca2e811ef4fc754257df2dc597bd2f52448b6728a status: experimental description: Detects traffic or activity related to http://117.209.6.66:38287/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.66:38287/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.177:48285/bin.sh id: auto-32222690c12db9bdca5c652d6989423899cb4ba5ab9a901e23a38a6a28d2c6cf status: experimental description: Detects traffic or activity related to http://117.209.2.177:48285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.177:48285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.79:52294/bin.sh id: auto-bc64279b6ed0b37d2983ce44085f345356f499018dcef5fd991f082e1e3d0a22 status: experimental description: Detects traffic or activity related to http://117.209.92.79:52294/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.79:52294/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.236:37199/i id: auto-751cde52af5ed0e055062b942463cb79e22bad950a337a8133f7b2ad89a9b050 status: experimental description: Detects traffic or activity related to http://117.209.87.236:37199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.236:37199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.14:55866/i id: auto-35b4552b34c293e8671de0804ae8d34bf1449d208b93d1cc3665e04077a2fa5e status: experimental description: Detects traffic or activity related to http://117.209.95.14:55866/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.14:55866/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.62:37655/i id: auto-21c798682df31fdbfd3b8b2803f7afc08d6a07fa4f3f6fc67ef583fa3c67e6c8 status: experimental description: Detects traffic or activity related to http://117.209.29.62:37655/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.62:37655/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.21.102:57421/i id: auto-271a5d9c13d38cacd22cade822095d6a7a34e0fc9e5d48fbf4ea2a5bec474560 status: experimental description: Detects traffic or activity related to http://117.209.21.102:57421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.21.102:57421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.170:33934/bin.sh id: auto-2fb2531a15b9ba69670ba093fbca7b388e9177d3cd7a9ea3859079bd12027c83 status: experimental description: Detects traffic or activity related to http://117.209.83.170:33934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.170:33934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.30:41738/bin.sh id: auto-bb6ec5c8983b6764eba4a4bd0871405247a8d4c0ff52096b841a193f07b77b26 status: experimental description: Detects traffic or activity related to http://117.209.90.30:41738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.30:41738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.4:34697/bin.sh id: auto-42f35c0fb1b4e63520f6ccd1903b6a5389997f07553d1ffafe427d38f4383d1b status: experimental description: Detects traffic or activity related to http://117.209.86.4:34697/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.4:34697/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.59:57473/bin.sh id: auto-aa4fbaaecf57ab7e7e0c1bc4971b91c39b7b9153054cfcc93bc0f0f750759c1e status: experimental description: Detects traffic or activity related to http://117.209.93.59:57473/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.59:57473/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.241:46502/bin.sh id: auto-02aa5b95a7416e29ac183a5949d34f797b42fa133be9437fbfa6baec332586b6 status: experimental description: Detects traffic or activity related to http://117.209.80.241:46502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.241:46502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.178:54470/bin.sh id: auto-9259ad960b2888512c68e5694b5c11cab8df201061cb1a6c5361d84b36c1bc51 status: experimental description: Detects traffic or activity related to http://117.209.82.178:54470/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.178:54470/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.0.155:40669/bin.sh id: auto-8ac769e2beb27bb01610f7e965d53be10e75ec2a00eeab0e9393ac1be4aa196f status: experimental description: Detects traffic or activity related to http://117.209.0.155:40669/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.0.155:40669/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.177:42703/bin.sh id: auto-a07b72e05564ac35a9e3dad10f209065425f2dc0330b1cc5be091893b53438f4 status: experimental description: Detects traffic or activity related to http://59.96.137.177:42703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.177:42703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.56:45212/i id: auto-c74009afdd37e65a67b5d00df64665f9d4393631614c7e016b5f55068e200baf status: experimental description: Detects traffic or activity related to http://117.209.93.56:45212/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.56:45212/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.97:57412/i id: auto-53bcbe82c080598f819d5f3b784748267f04fdaa52d1fc815e1f8115d772324b status: experimental description: Detects traffic or activity related to http://117.209.2.97:57412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.97:57412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.120.213:43796/bin.sh id: auto-ce1f2fcc2d14139109fd7ea0afcfbd7c60548d839339d3ef24b5e89f65aa9aca status: experimental description: Detects traffic or activity related to http://117.209.120.213:43796/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.120.213:43796/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.56:45212/bin.sh id: auto-eb23d55b317a9c4bc25b2c480964e99ff7d137d25a1bc771b978dbf8861d5f54 status: experimental description: Detects traffic or activity related to http://117.209.93.56:45212/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.56:45212/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.116.108:54912/i id: auto-97685f929cb4747c7bb305a8bc5b412df4bedce13fc318d09469fe36953029b4 status: experimental description: Detects traffic or activity related to http://117.209.116.108:54912/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.116.108:54912/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.79:52294/i id: auto-67677c7108e8c29dca9ae11946fa5ec19b6c496a561ea01778da0681b2a3e190 status: experimental description: Detects traffic or activity related to http://117.209.92.79:52294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.79:52294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.4:34697/i id: auto-2df24f293beda2bad4f8f4a987fa8258706a53b38c8bacee53328a4a71b1323e status: experimental description: Detects traffic or activity related to http://117.209.86.4:34697/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.4:34697/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.75:41428/i id: auto-7dc1d6b7ed79e5f5d32d050d9ca034b2457d40f12dfa248ba969e939273a2c93 status: experimental description: Detects traffic or activity related to http://117.209.81.75:41428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.75:41428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.44:47629/bin.sh id: auto-232562a48164c818fa95026b04912ae02f2047dc4515e0c98b495133bb0deaaa status: experimental description: Detects traffic or activity related to http://117.209.2.44:47629/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.44:47629/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.139:51266/bin.sh id: auto-402711427942058573b01a06db1dbd28c8cd311ebab70618704493c57a19941c status: experimental description: Detects traffic or activity related to http://117.209.93.139:51266/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.139:51266/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.206:53740/i id: auto-61c6a33d8a253b2098411d96caa840a6d1186c14aeb606812cc0d962d408309c status: experimental description: Detects traffic or activity related to http://117.209.85.206:53740/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.206:53740/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.198:38008/bin.sh id: auto-839613b0d1949bccc61c5145fb1968b84a4f3d83b0e658abbceb6f9343a36d8d status: experimental description: Detects traffic or activity related to http://117.209.81.198:38008/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.198:38008/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.106:47853/bin.sh id: auto-79036616a2465175f4e111b6850633b05cbdf93b45bab287e6aa8ad49fde4dd4 status: experimental description: Detects traffic or activity related to http://117.209.2.106:47853/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.106:47853/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.30:41738/i id: auto-4863e527b8c47449a610491e5aa6b1fefafd0991c7d993b962927246ea0f93eb status: experimental description: Detects traffic or activity related to http://117.209.90.30:41738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.30:41738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.27:45942/bin.sh id: auto-7bac1f9d26a940c84cdba742869f4db4955ff7c787ff668ee13f2e024407f7dd status: experimental description: Detects traffic or activity related to http://117.209.86.27:45942/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.27:45942/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.66:51799/bin.sh id: auto-5961ec1723609bcba2cf7f3ad0ded69c205bee1fc360d6ac85de75eaf9a55306 status: experimental description: Detects traffic or activity related to http://117.209.26.66:51799/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.66:51799/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.9.196:51114/bin.sh id: auto-55ccbcaf9afe3468c4189fe541313b6807982b1d508d859b24e8d4fab40c7dc9 status: experimental description: Detects traffic or activity related to http://117.209.9.196:51114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.9.196:51114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.94:58533/bin.sh id: auto-5263c317446bd9f78a4996e0836b11dbf9b519eb54d8c3f985bcb9acf0e3636b status: experimental description: Detects traffic or activity related to http://117.209.87.94:58533/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.94:58533/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.216:58892/bin.sh id: auto-a369260199ef5c04afb98df21d624416fb3c3b565cf50a06a3b6d84b55000a20 status: experimental description: Detects traffic or activity related to http://117.209.12.216:58892/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.216:58892/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.55:55622/i id: auto-218d2efc81953d1749609dabdb6a3d5583081219403bfa888c35ec497291a19e status: experimental description: Detects traffic or activity related to http://117.209.3.55:55622/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.55:55622/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.206:49356/bin.sh id: auto-f27790e3df7cd6881a4591ab29d35a018e4aceeb40544cf527689a9dc7cf02e6 status: experimental description: Detects traffic or activity related to http://117.209.16.206:49356/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.206:49356/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.118:41230/bin.sh id: auto-57d721c4ad58b42c1b4a64e8d0d3878c94bbfc24bb7127c23ac98a2b37980cb6 status: experimental description: Detects traffic or activity related to http://117.209.88.118:41230/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.118:41230/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.86:47291/i id: auto-0e4d83a74efd9ed76104243fed7dbce8f0282b64f259a0d75646ab7a25ee15f5 status: experimental description: Detects traffic or activity related to http://117.209.27.86:47291/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.86:47291/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.90:52875/i id: auto-efe15ab6252151eee9f369c66c846297f5a1cfa5588fa7bab4fb65dc3fe7def2 status: experimental description: Detects traffic or activity related to http://117.209.90.90:52875/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.90:52875/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.150:33133/bin.sh id: auto-8f46669124219873f31060ff195331e8626e691dbb735d8c6668fdb367b8a5ec status: experimental description: Detects traffic or activity related to http://117.209.28.150:33133/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.150:33133/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.121.74:49102/bin.sh id: auto-2fa2ba71c1dc38bddfa521b10048964ef6c11a7ded5b66092d282bc4889d5d30 status: experimental description: Detects traffic or activity related to http://117.209.121.74:49102/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.121.74:49102/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.53:52898/i id: auto-94b25d6f229ffff582b0cffea15f7df2e25e5920f88e7abed82a92def31c1b08 status: experimental description: Detects traffic or activity related to http://117.209.93.53:52898/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.53:52898/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.45:59420/i id: auto-c8a21cb443a74c1d41112850e35047c4043489c84baef061ce650d35995bf2cd status: experimental description: Detects traffic or activity related to http://59.96.137.45:59420/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.45:59420/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.99:33454/bin.sh id: auto-6828f2613bfa3d38c402e44344d67b2ea58ddf93e73479cf430cf84da0da7a01 status: experimental description: Detects traffic or activity related to http://117.209.6.99:33454/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.99:33454/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.126:37371/bin.sh id: auto-5465aa9b59b6d9b4575e86abd5e48721a82c8c1be2e25648236423f0f5298348 status: experimental description: Detects traffic or activity related to http://117.209.90.126:37371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.126:37371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.138:54442/bin.sh id: auto-64632cca00a5e911e96dc47c6cd8fa8704d10f3c9b372dcea80f440e18026805 status: experimental description: Detects traffic or activity related to http://117.209.83.138:54442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.138:54442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.20:39667/i id: auto-a286924fdf38ea616c233eab6441f8d8bfdb6b155f6541f132240ff770556ae4 status: experimental description: Detects traffic or activity related to http://117.209.84.20:39667/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.20:39667/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.245.32:44132/bin.sh id: auto-25fabf8ec2a7d6afd963f59fcd2b6d6b7cd033d8c78eb8676f78db152c4366f6 status: experimental description: Detects traffic or activity related to http://117.209.245.32:44132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.245.32:44132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.123:54400/i id: auto-deb36f244a37c26dec943a993ccca3b248be44fd12ba3d35449e505a2c1d2c62 status: experimental description: Detects traffic or activity related to http://117.209.85.123:54400/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.123:54400/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.28:55897/bin.sh id: auto-f931d4a302748fe1776d7c0da13b3692fa4723bcad233cfdd5f2cd0ce8ee7a69 status: experimental description: Detects traffic or activity related to http://117.209.28.28:55897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.28:55897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.110:48770/bin.sh id: auto-f008133c00c31247ada0a17a37039d7d6a974d2f47e23d1ef23881c275a2e513 status: experimental description: Detects traffic or activity related to http://117.209.87.110:48770/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.110:48770/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.115.143:39157/bin.sh id: auto-28e68ed5c9698044b9e01a20946dbf18af07c41f349144b2794b86df052fe52b status: experimental description: Detects traffic or activity related to http://117.209.115.143:39157/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.115.143:39157/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.241:46502/i id: auto-a054906d4988adabf0b775a79193eec1642328e3902219e6e97beb4b01d1019e status: experimental description: Detects traffic or activity related to http://117.209.80.241:46502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.241:46502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.234:46938/i id: auto-1c998e32285252bfc3b13eab53e6230c542c049b128f8453f07b49c1dfb16834 status: experimental description: Detects traffic or activity related to http://117.209.3.234:46938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.234:46938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.83:50356/bin.sh id: auto-df37b9c7a613be9912f7dbcb4ea789113f46894a9bc01de4b501cd076fdaf897 status: experimental description: Detects traffic or activity related to http://117.209.2.83:50356/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.83:50356/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.200:43122/i id: auto-7aed60e8deb8ebb7d095770d636b9e7fd04de0b7fda16f1fd796e9e96f07d6c9 status: experimental description: Detects traffic or activity related to http://117.209.87.200:43122/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.200:43122/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.163:55312/i id: auto-92cf9d3c0b9d9e88a31c5f971e39cfe9cfb0a2bf69fc70a850685c9256a28560 status: experimental description: Detects traffic or activity related to http://117.209.85.163:55312/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.163:55312/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.96:57343/i id: auto-ed7c85b63fa94faa1f5472bcca82ab79090e6ae4c8e1194e516f93b91f4183d9 status: experimental description: Detects traffic or activity related to http://117.209.27.96:57343/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.96:57343/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.10.233:36187/i id: auto-e55b79312d8e5909e2671639e1c48beb138500b892aad3a1ab0b7b1739ec6ec5 status: experimental description: Detects traffic or activity related to http://117.209.10.233:36187/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.10.233:36187/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.206:38192/bin.sh id: auto-0ff135f70109d557a23882a3b8a7da28d0774381751f21cb8f1655e35fa9102d status: experimental description: Detects traffic or activity related to http://117.209.92.206:38192/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.206:38192/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.48:35883/bin.sh id: auto-bba18ff211f20388c184c768b452ae1612b9d29561bd1372b4655a1afa735f5b status: experimental description: Detects traffic or activity related to http://117.209.84.48:35883/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.48:35883/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.98:46588/i id: auto-b527486b09d62e2657fb753a51ebbc6a3191fcb5a11f8567c727f869a98f646b status: experimental description: Detects traffic or activity related to http://117.209.16.98:46588/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.98:46588/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.86:51507/bin.sh id: auto-45cd704bf5f561e7aa827d5857d86e3245216c57fc58543b8b67fc97223b5eef status: experimental description: Detects traffic or activity related to http://117.209.26.86:51507/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.86:51507/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.163:55312/bin.sh id: auto-30324cfa7035acb9b4b5b4efdb2950057549e092723310c2aa2a60632c931abb status: experimental description: Detects traffic or activity related to http://117.209.85.163:55312/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.163:55312/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.46:44143/i id: auto-14f4f23115f7ae25d90c36370498211c326f16252e419389cd32db8bf7f7e79a status: experimental description: Detects traffic or activity related to http://117.209.95.46:44143/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.46:44143/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.126:51210/i id: auto-d19f054ff5040ddcbf7bb1d38fc1c2f1d17b901040f640568a40b7676a2b0391 status: experimental description: Detects traffic or activity related to http://117.209.18.126:51210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.126:51210/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.53:40047/bin.sh id: auto-66aefb2a1fc88f9bb140cd87f2f625ecc136948c74f537931f4b0dfac12de7d7 status: experimental description: Detects traffic or activity related to http://117.209.28.53:40047/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.53:40047/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.118:41230/i id: auto-aebdab00e005e2303a6aa8b409731c1451050276b1f54129e09cf1e36f160210 status: experimental description: Detects traffic or activity related to http://117.209.88.118:41230/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.118:41230/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.115:40720/i id: auto-c025ce31328b3b3b27c3ff177d478e74bc8c4762031534bacf52f098c67fc285 status: experimental description: Detects traffic or activity related to http://117.209.80.115:40720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.115:40720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.94:58533/i id: auto-60abef4a20d1d8173a9d2d5aa44c5b8d821e17f5f46a0f90735edde86d0d3404 status: experimental description: Detects traffic or activity related to http://117.209.87.94:58533/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.94:58533/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.107:33368/bin.sh id: auto-14be51061a8c1490de694d7a19a1f85cdaa5d0ab80481505333c77791b9af4f9 status: experimental description: Detects traffic or activity related to http://117.209.87.107:33368/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.107:33368/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.77:52920/bin.sh id: auto-24e575762b1ad81cdf4cf38d6a61c6eef8efa64f1ca58f4f74af8e23808461b5 status: experimental description: Detects traffic or activity related to http://117.209.29.77:52920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.77:52920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.234:50121/bin.sh id: auto-0576fd1b43f8f50f1555b28180192ab1603806bcf8ea7085f20e0d8994ad1c16 status: experimental description: Detects traffic or activity related to http://117.209.23.234:50121/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.234:50121/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.56:37112/i id: auto-73805cd1f32a47a51ca1f5688d7a80eec5780b44098fc788ed7452a91a66af3b status: experimental description: Detects traffic or activity related to http://117.209.2.56:37112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.56:37112/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.48:43254/i id: auto-1d1510e9e9a0fa3b53d18c6c4de438e9f468789bc5cd11e30d9ab7c13667aca0 status: experimental description: Detects traffic or activity related to http://117.209.16.48:43254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.48:43254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.48:43254/bin.sh id: auto-293448851d36f2c617f4ff774ed022dc7d1b5a54d3fb66bd258e0117f210e818 status: experimental description: Detects traffic or activity related to http://117.209.16.48:43254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.48:43254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.56:37112/bin.sh id: auto-2959563536358b734ff47074f721208375698840769cf8e0481282a4b87bd540 status: experimental description: Detects traffic or activity related to http://117.209.2.56:37112/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.56:37112/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.14:37372/i id: auto-502c4aa645f2ea797d743a702deb97dec77a1815a6df544f64abb0dfd7035d59 status: experimental description: Detects traffic or activity related to http://117.209.18.14:37372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.14:37372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.3.55:55622/bin.sh id: auto-fd915d12d283e1e9e8d5a2e7e930b6fe830266f6fe54c3650a30d890af23ad0d status: experimental description: Detects traffic or activity related to http://117.209.3.55:55622/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.3.55:55622/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.0.103:56415/i id: auto-a594d07d28e5b124bf2a8e7bf30c3d90c556e8dd5f0de84da9062dd47e8c379b status: experimental description: Detects traffic or activity related to http://117.209.0.103:56415/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.0.103:56415/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.41:32955/i id: auto-9ed381a3fb44be286e66e37946ebc0fe942d52f6dd8bfd06ca8ca7d20f8bdf70 status: experimental description: Detects traffic or activity related to http://117.209.14.41:32955/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.41:32955/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.121.74:49102/i id: auto-c9abbae26fe84c1ac81877b38effdc6727e0447960767e1903a086c5b3d3b6c7 status: experimental description: Detects traffic or activity related to http://117.209.121.74:49102/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.121.74:49102/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.157:53761/bin.sh id: auto-97ac88d099eea9b131830b2c068fee01c5ccd5b7fa3da0d9ec2136afa998dc55 status: experimental description: Detects traffic or activity related to http://117.209.88.157:53761/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.157:53761/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.179:34663/i id: auto-23ebc0a44ae7fe9317ddbe06cdacd3b532e936d81e8ad82da1c8b809564526d3 status: experimental description: Detects traffic or activity related to http://117.209.84.179:34663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.179:34663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.28.53:40047/i id: auto-f5fdba8dd519986e95312d517cc52b8a5f7b907c196edac11e38baae960fa870 status: experimental description: Detects traffic or activity related to http://117.209.28.53:40047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.28.53:40047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.14:37372/bin.sh id: auto-e8104f495fffb35de197f4e3de534a9c14ad27ef0c0584ea44141c0905a10c4a status: experimental description: Detects traffic or activity related to http://117.209.18.14:37372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.14:37372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.41:32955/bin.sh id: auto-224a198e7fbebf629afd7667b7328548f7ee3f6e621dc64b6e11d5f8e9b44dc7 status: experimental description: Detects traffic or activity related to http://117.209.14.41:32955/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.41:32955/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.55:55628/i id: auto-f0d49d4de92ec45fc426819df0fd8074cc3d016f4c460de9544ef571e878b833 status: experimental description: Detects traffic or activity related to http://117.209.2.55:55628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.55:55628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.68:42565/bin.sh id: auto-611435f421476247909f243344979d7501c1383d166b140c28675d08c8c8b1c0 status: experimental description: Detects traffic or activity related to http://117.209.95.68:42565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.68:42565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.86:47291/bin.sh id: auto-22566aa0bdb5102536d44642b2db2180c19350d2a98a6ff24163641d6c34985c status: experimental description: Detects traffic or activity related to http://117.209.27.86:47291/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.86:47291/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.123.220:47644/i id: auto-b44b194f81b656ee10a7deb6d95750d44dcac3aa81b495ac56c7d993ef6f39e5 status: experimental description: Detects traffic or activity related to http://117.209.123.220:47644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.123.220:47644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.77:52920/i id: auto-7ffcbdb744382363e3e5e8ab265a0429092c9c15c4fc8146fa4d377360cd6eb4 status: experimental description: Detects traffic or activity related to http://117.209.29.77:52920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.77:52920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.170:33934/i id: auto-5c57a7c46ac20bd8b43b5db3db7189173f9f61bb1c0d78da7b423185eda7f865 status: experimental description: Detects traffic or activity related to http://117.209.83.170:33934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.170:33934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.245.32:44132/i id: auto-ab6c846e55ecc94cc5ff689eb7e72cd1f908a9945c1bb2cfc9fc2218c85f4cf5 status: experimental description: Detects traffic or activity related to http://117.209.245.32:44132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.245.32:44132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.171:34920/bin.sh id: auto-20b9c02f634434d474c56abbbadbc60964219640e03f6846bfa9d7a2be2408a9 status: experimental description: Detects traffic or activity related to http://117.209.93.171:34920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.171:34920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.204:45344/bin.sh id: auto-42e3a2dc6d0a958cd199265c3d12be23485bb92dce3e7564b44acca0ab00baaf status: experimental description: Detects traffic or activity related to http://117.209.25.204:45344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.204:45344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.98:46588/bin.sh id: auto-50d6d66d19ad03c119065b0f3390c3e72cd91379aeb439ae0fac4a4db392e03e status: experimental description: Detects traffic or activity related to http://117.209.16.98:46588/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.98:46588/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.164:46370/i id: auto-03dcfa7eb7234b626ef45fda8e7875c08fe7041855814a777ff9f1a87f1ed175 status: experimental description: Detects traffic or activity related to http://117.209.81.164:46370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.164:46370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.78:46992/i id: auto-0ec94f108688d3cdded5411ee27becce8e80d91fb92a34fe119b7b3acbd1bdeb status: experimental description: Detects traffic or activity related to http://117.209.27.78:46992/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.78:46992/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.240:59318/i id: auto-9ce1368c33324d8a11f0fe5586066dcb1c83e0b160bca4b8dd5e88df0ffb9bee status: experimental description: Detects traffic or activity related to http://117.209.82.240:59318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.240:59318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.40:37966/bin.sh id: auto-e20b6222cff76604748dd07ec2b03cca4d35b79b53f2446594740e22f57cbdd7 status: experimental description: Detects traffic or activity related to http://117.209.83.40:37966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.40:37966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.139:51266/i id: auto-f1bbfeefe340b3b51dde89156eb8618fc52df4be834cc5f62c128fb1c52721e5 status: experimental description: Detects traffic or activity related to http://117.209.93.139:51266/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.139:51266/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.56:58696/bin.sh id: auto-1f89065ceeb114a38d34cb52c807ae0fd7dbd290e320390b20f8f6277b4d6ac3 status: experimental description: Detects traffic or activity related to http://117.209.8.56:58696/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.56:58696/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.44:56375/i id: auto-111c719482435d2577b407f3f0051addab29369afd9a9dba46e7b92616aa6f63 status: experimental description: Detects traffic or activity related to http://117.209.91.44:56375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.44:56375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.169:50897/i id: auto-1ed2d2553284bfcc93abd3dfd9b3db01bdf89a3891bed1dafc4debda63d536c8 status: experimental description: Detects traffic or activity related to http://117.209.82.169:50897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.169:50897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.243:58961/bin.sh id: auto-0c310b50052e58bf303157278f04da617dc39d78779c9d3673011e54bbf06681 status: experimental description: Detects traffic or activity related to http://117.209.12.243:58961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.243:58961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.31:55185/bin.sh id: auto-a503cad63861e62c00e61baba93c9f2f601bbf52747e82296457208fccc77d5a status: experimental description: Detects traffic or activity related to http://117.209.95.31:55185/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.31:55185/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.190:46103/bin.sh id: auto-156a426ee2f5faf77dc78dfcfb178bf0aae60020cf844feeb1e5bc88f8b06561 status: experimental description: Detects traffic or activity related to http://117.209.81.190:46103/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.190:46103/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.190:46103/i id: auto-395feb3c8a92d970dbb5a99ceebc6666600c391ffd9b30c5941cf1e0d977e804 status: experimental description: Detects traffic or activity related to http://117.209.81.190:46103/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.190:46103/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.78:46992/bin.sh id: auto-96c1c07340534bdce50e31f7c8c52112e963c978ad138c327557482500d0d5ae status: experimental description: Detects traffic or activity related to http://117.209.27.78:46992/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.78:46992/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.56:58696/i id: auto-99be11b41f13cc9579c7f3fd42e2f912f494300113f46f35f2ea2a1b7ab000a3 status: experimental description: Detects traffic or activity related to http://117.209.8.56:58696/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.56:58696/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.14:55866/bin.sh id: auto-945256efe6b64c0e6cbd2d88cb255dfa5ae42f8229a5ed068cb40524ffc3f99d status: experimental description: Detects traffic or activity related to http://117.209.95.14:55866/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.14:55866/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.62:37655/bin.sh id: auto-5cc1cd1fdc8bdf8206258e4b6df2693ca89574433db334f8a0dfc091eabbc282 status: experimental description: Detects traffic or activity related to http://117.209.29.62:37655/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.62:37655/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.254:59754/i id: auto-1066d5761ab8ab0513a1d5011b84d89cd28e45c6bd3385a26c80d9d772ad1c92 status: experimental description: Detects traffic or activity related to http://117.209.26.254:59754/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.254:59754/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.126:37371/i id: auto-721cb9baf0b212f70dcaf42b1f4a22eefaa005118813c7bf522d9ee78dba8ca2 status: experimental description: Detects traffic or activity related to http://117.209.90.126:37371/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.126:37371/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.116.238:45602/bin.sh id: auto-e3c82f85ad5e83be2379d097735a8e744eb10890d36aee71ecdd14b44f0f7fdd status: experimental description: Detects traffic or activity related to http://117.209.116.238:45602/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.116.238:45602/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.188:42634/i id: auto-95964cbccacf8888f1e4aa53aff7b54ba04a94328e379e00e541409f5b14658c status: experimental description: Detects traffic or activity related to http://117.209.25.188:42634/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.188:42634/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.198:38008/i id: auto-4c7abc7e1a8126fe73de1c612792c504f9033be644290b8ca3415c9b14774018 status: experimental description: Detects traffic or activity related to http://117.209.81.198:38008/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.198:38008/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.175:54944/i id: auto-c9362328204e572e88fd6ecddf8f13c53db479b8f8e5cd3fa5dcbb9a9cc51e5f status: experimental description: Detects traffic or activity related to http://117.209.23.175:54944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.175:54944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.178:54470/i id: auto-66c8435f03489c7c9406aed82b5d67fc8997b5e2b8d656396e3aac76410556d1 status: experimental description: Detects traffic or activity related to http://117.209.82.178:54470/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.178:54470/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.96:57343/bin.sh id: auto-a20a71f47c0b5092ebfd386f40a800c4d3705f909f41127e225067f157393e5b status: experimental description: Detects traffic or activity related to http://117.209.27.96:57343/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.96:57343/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.247:53811/bin.sh id: auto-b588cacf61073332a0c21b7770d0d35f9a49b9854b489c5f93a5d1db7c9e7306 status: experimental description: Detects traffic or activity related to http://117.209.82.247:53811/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.247:53811/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.111:39978/bin.sh id: auto-90e68ae23b317e93ee688051674256ebfdbceeaa4e1f883b7f0187372e73bd5a status: experimental description: Detects traffic or activity related to http://117.209.16.111:39978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.111:39978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.132:49349/bin.sh id: auto-d424ace800edc0bd7bcc138d58319ed0fdd2d550f18b6273c8c3720a8c122d3d status: experimental description: Detects traffic or activity related to http://117.209.2.132:49349/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.132:49349/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.123.246:45403/bin.sh id: auto-fbe2a389342357f8abf5a0c562bff6af41e6b82791182b34244b0a71b9bf5911 status: experimental description: Detects traffic or activity related to http://117.209.123.246:45403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.123.246:45403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.177:48285/i id: auto-ca6ef23043095af112e5c2a257281d20cc6d0a1f20f0203805df4c4e6263418a status: experimental description: Detects traffic or activity related to http://117.209.2.177:48285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.177:48285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.199:51714/i id: auto-c4584f33e7dccf43488f126bc11c927c87106cf7fe6fe9fff543c59a60af86c8 status: experimental description: Detects traffic or activity related to http://117.209.85.199:51714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.199:51714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.111:39978/i id: auto-b1b5e50194ea921051bff95c49d1355ca03a0f159c1ad264a0b60bd128372929 status: experimental description: Detects traffic or activity related to http://117.209.16.111:39978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.111:39978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.188:42634/bin.sh id: auto-5799946cbe0d487f7cab8ef4a4f11beb91d8926fdd78d4916266dce50c0a861b status: experimental description: Detects traffic or activity related to http://117.209.25.188:42634/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.188:42634/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.123.246:45403/i id: auto-3457e868f0a127aa3406d6119d2fbbc65f17d4a6720312b6c6c8c5381081ff7d status: experimental description: Detects traffic or activity related to http://117.209.123.246:45403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.123.246:45403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.16.206:49356/i id: auto-e8d60dcf2723b97c1eaa8cc976bb4e62a97baea35f444435681c998462adb778 status: experimental description: Detects traffic or activity related to http://117.209.16.206:49356/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.16.206:49356/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.106:47853/i id: auto-7dc37b1fb9b7ad238a89a61ccf6123698669555dc999a618782447c59dc6883c status: experimental description: Detects traffic or activity related to http://117.209.2.106:47853/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.106:47853/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.25.204:45344/i id: auto-b6de394a3dd8ba4796ae3ad5aa9746949423de4d6bdec6350d4442321f96b1fc status: experimental description: Detects traffic or activity related to http://117.209.25.204:45344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.25.204:45344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.197:57369/bin.sh id: auto-3b9d9075c932c901c4c3c0d2c6b8dc39f23a243ff96c69dbeea3dbed1d9bf088 status: experimental description: Detects traffic or activity related to http://117.209.2.197:57369/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.197:57369/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.234:50121/i id: auto-930f984010f6eaaaf721273cbcbda2a19faae4b91c2b4488b85a46500628c0ba status: experimental description: Detects traffic or activity related to http://117.209.23.234:50121/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.234:50121/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.127:55156/i id: auto-60aa886bb531a6cb8a430d10dadedf259388f9fb5720e3eddd2e3c155348568f status: experimental description: Detects traffic or activity related to http://117.209.8.127:55156/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.127:55156/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.102:38950/i id: auto-4aa3bb6a26d9970a6ebbf4973541028bb0223a524ea43a5af10052b407c92b58 status: experimental description: Detects traffic or activity related to http://117.209.91.102:38950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.102:38950/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.162:45833/i id: auto-852f9f8b1e5707c023485efa8194669bb2f30e75d929cb4ed623d31d995cd157 status: experimental description: Detects traffic or activity related to http://117.209.92.162:45833/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.162:45833/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.59:57473/i id: auto-6e89bfec6c18cfbe19c7101254f0895074abe4b125068d07fb7b3b463d489485 status: experimental description: Detects traffic or activity related to http://117.209.93.59:57473/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.59:57473/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.216:44464/bin.sh id: auto-794cd49ebdcfadabe078884a7cdb208e781a38af95f56cbf213730839cca7c0b status: experimental description: Detects traffic or activity related to http://117.209.88.216:44464/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.216:44464/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.254:59754/bin.sh id: auto-b0a38dc64ebcbb73648c78fc4b1150ed3fa5c9fce2658caa88ea6cc6e7037e33 status: experimental description: Detects traffic or activity related to http://117.209.26.254:59754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.254:59754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.8.127:55156/bin.sh id: auto-03daf9811106fccbfb847d08b58aa8caed3967990cea6c83d1958493693e5e28 status: experimental description: Detects traffic or activity related to http://117.209.8.127:55156/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.8.127:55156/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.12.243:58961/i id: auto-b414954a5a0453918955d58fcc91488c8d5d187e610d60641652708b871a9c6e status: experimental description: Detects traffic or activity related to http://117.209.12.243:58961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.12.243:58961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.70:40955/bin.sh id: auto-9ba53db7a3fc9e21a9566c3691598fc719be3bcf532e6aa10b173adec2473781 status: experimental description: Detects traffic or activity related to http://117.209.22.70:40955/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.70:40955/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.24.18:41637/bin.sh id: auto-7b0c9c4b75b519414d7de56424de16af61f7926c506b562c87cfa644f8322151 status: experimental description: Detects traffic or activity related to http://117.209.24.18:41637/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.24.18:41637/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.14.239:53159/bin.sh id: auto-39227849c0ddcfc3d28748bc9522f0744c2f05305cc7c70ddfa11366c74b0690 status: experimental description: Detects traffic or activity related to http://117.209.14.239:53159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.14.239:53159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.85:36944/i id: auto-7af995d8f854949501beec266292f424d8e4c687c4196b54bd39c20f5574e9f6 status: experimental description: Detects traffic or activity related to http://117.209.89.85:36944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.85:36944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.89:48771/i id: auto-68410f36c8d61cdd867dd8e8a6fdadc261eafee498ce379e20b258c04d2a92ef status: experimental description: Detects traffic or activity related to http://117.209.95.89:48771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.89:48771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.87:45386/i id: auto-8f2a9ce7c594c8fa99028716fd72bc10584325248d6da66f2ea92a4cc8ea78a0 status: experimental description: Detects traffic or activity related to http://117.209.18.87:45386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.87:45386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.233:52620/i id: auto-46a8f6589e8e9bad93b6ed32ae9d24725bf38a95ff7e634a175b68e35ac0c8d9 status: experimental description: Detects traffic or activity related to http://117.209.83.233:52620/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.233:52620/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.107:33368/i id: auto-c00f8c4f660635d895e1cf7219c386e6aa75d61c475dfd10a52a54701418c665 status: experimental description: Detects traffic or activity related to http://117.209.87.107:33368/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.107:33368/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.24:41576/i id: auto-c456a458e380c9639e8902df620ded65f643c1b51bac068c5d2d7d4fd659c0c6 status: experimental description: Detects traffic or activity related to http://117.209.88.24:41576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.24:41576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.0.157:35614/bin.sh id: auto-707504330e87c9c84b6eefa8f7b5e2a54483f99a8f012366b932014b1466152c status: experimental description: Detects traffic or activity related to http://117.209.0.157:35614/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.0.157:35614/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.183:36129/bin.sh id: auto-e53343f1e0db3e21be37fe23743e3deab8bfcdd4e999d1a896269066633a0dfb status: experimental description: Detects traffic or activity related to http://117.209.80.183:36129/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.183:36129/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.228:47426/i id: auto-024118d0a8c3d6fb62f0e8e22ab482a07d6daf40fc75cf199f0d4ef291d2daac status: experimental description: Detects traffic or activity related to http://117.209.82.228:47426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.228:47426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.110:42792/i id: auto-c962ba663f17ca06feef7fd7e6b5ec2c6dc6fb58ca1af04fd5688b66f1c8f08c status: experimental description: Detects traffic or activity related to http://117.209.26.110:42792/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.110:42792/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.116.238:45602/i id: auto-13d9f0fd66e61d516116ddf80821c79f10f2f064e70a3083bfce661770f78e12 status: experimental description: Detects traffic or activity related to http://117.209.116.238:45602/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.116.238:45602/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.126:51210/bin.sh id: auto-949ccda14498ef6d1c657f3f5ca106decfdf7fe64b76ddd47668b415975267e2 status: experimental description: Detects traffic or activity related to http://117.209.18.126:51210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.126:51210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.206:53740/bin.sh id: auto-8ee2765b51142c3596157d26f50d84b01813b7790461e0b3ce72635f72c427c5 status: experimental description: Detects traffic or activity related to http://117.209.85.206:53740/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.206:53740/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.171:34920/i id: auto-7a1450413809ef2fa43df0654541182113e11f40dc9190fe70099b522d0a7342 status: experimental description: Detects traffic or activity related to http://117.209.93.171:34920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.171:34920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.10.233:36187/bin.sh id: auto-8a5a7b06c08b2d6a7e78a8d2064b52429c4cc0b91aff6042975e0bd43daa6b3a status: experimental description: Detects traffic or activity related to http://117.209.10.233:36187/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.10.233:36187/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.87.236:37199/bin.sh id: auto-f76328d05ac97af9b91b80c9acc5d527c343398aed95da9b6fe8a8c0dfb64461 status: experimental description: Detects traffic or activity related to http://117.209.87.236:37199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.87.236:37199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.6.66:38287/i id: auto-e6838209c207fdbd6f952d5a09298fa332508b4313ee39fa46d73fb4acc765ac status: experimental description: Detects traffic or activity related to http://117.209.6.66:38287/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.6.66:38287/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.90:52875/bin.sh id: auto-c2d86e23a4ae1289361ea8c7cd340e121aa5eb961b86f9ad0e761a76ccd9f9d4 status: experimental description: Detects traffic or activity related to http://117.209.90.90:52875/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.90:52875/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.20:39667/bin.sh id: auto-584d646ea0db01b3d08f66518de653e5addf7cddf0f1cd383c83d684595e9055 status: experimental description: Detects traffic or activity related to http://117.209.84.20:39667/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.20:39667/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.89:48771/bin.sh id: auto-0dc49883662c3a6bae4bd943193d9a3f1c00c2c0c575c3c7ae3f8ee59096e440 status: experimental description: Detects traffic or activity related to http://117.209.95.89:48771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.89:48771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.18.154:43438/bin.sh id: auto-4050aaed7be835c4b4f4e34a771bf5b81a440a570af92004e84172575e3d09f9 status: experimental description: Detects traffic or activity related to http://117.209.18.154:43438/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.18.154:43438/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.109:55296/i id: auto-ba15b5060c20414f8077b94f6b17b6dd5fffb8d983ca83013b6a5097539d99dd status: experimental description: Detects traffic or activity related to http://117.209.86.109:55296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.109:55296/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.15.193:51348/bin.sh id: auto-6a571afd83327aac00636c473f1cc76fd7819f55248e5c0eeabb1744acf75ebf status: experimental description: Detects traffic or activity related to http://117.209.15.193:51348/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.15.193:51348/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.162:45833/bin.sh id: auto-a3766b611575767e23f36ed2f820e03aead91db14a31e7f01d520df3887400f9 status: experimental description: Detects traffic or activity related to http://117.209.92.162:45833/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.162:45833/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.183:36129/i id: auto-e0219a22a8c8b35f5b40b8e979420c90c084dd3290c2d540f8da2831f4a17360 status: experimental description: Detects traffic or activity related to http://117.209.80.183:36129/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.183:36129/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.172:53462/bin.sh id: auto-385ebf342f9a568f024c6342c6c44870b0fdbcecca3b3e7bb201185a89fcc04e status: experimental description: Detects traffic or activity related to http://117.209.85.172:53462/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.172:53462/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.46:44143/bin.sh id: auto-7395334ec126ad934bbc2230cfd3085fd8a88e07469cdb367112ba593308c39a status: experimental description: Detects traffic or activity related to http://117.209.95.46:44143/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.46:44143/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.80.115:40720/bin.sh id: auto-fa720e8b7592056ecee29dfee644fe604703dd0da51988d4243e487b423d3b4a status: experimental description: Detects traffic or activity related to http://117.209.80.115:40720/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.80.115:40720/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.88.226:47873/bin.sh id: auto-0e6e0ec03d1f027220fdaee772950086277092b452b0cf85aca809d019fb8070 status: experimental description: Detects traffic or activity related to http://117.209.88.226:47873/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.88.226:47873/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.164:46370/bin.sh id: auto-626f3949fb78de1ba18b55a21e1256150208feeff7e02e6b85bbeca37d7dad9e status: experimental description: Detects traffic or activity related to http://117.209.81.164:46370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.164:46370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.247:53811/i id: auto-44a24d600a07f6530473ed9a59d47f328091cd95485e8f7d672b52274e151360 status: experimental description: Detects traffic or activity related to http://117.209.82.247:53811/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.247:53811/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.27.158:54489/bin.sh id: auto-307b1bf8b4456d3d7b10f48a0142a9b045d43f84de4a2ee4a0e8f4fb78f593d7 status: experimental description: Detects traffic or activity related to http://117.209.27.158:54489/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.27.158:54489/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.90.225:50269/bin.sh id: auto-8f542efc24c6ee448c1fe4933854fd2f25373a44b8155e32fdbf00b67b04fd8d status: experimental description: Detects traffic or activity related to http://117.209.90.225:50269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.90.225:50269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.188:46026/i id: auto-bccf4e38b1980f952e8e0ecf04a59a2bfe3abcee0cf9ca5cd0c67ae7923e24f3 status: experimental description: Detects traffic or activity related to http://117.209.91.188:46026/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.188:46026/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.93:37937/i id: auto-8f6363ab6179363366ad00344d261a961bebfd77066e636f8e254dc878a8e2d9 status: experimental description: Detects traffic or activity related to http://117.209.82.93:37937/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.93:37937/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.60.118:53384/bin.sh id: auto-049c4108ee78fd29c45714f902dabea1bb1dbd817fea3c4ad92b4d9840150259 status: experimental description: Detects traffic or activity related to http://60.19.60.118:53384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.60.118:53384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.66.128:51752/bin.sh id: auto-6bfc7b5ee6439fb932fa42e696fbdeffb86838cfaa17e2e9b051f5fd84b77366 status: experimental description: Detects traffic or activity related to http://58.47.66.128:51752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.66.128:51752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://macqore.com/app2 id: auto-78b03446517369a533f01ad071edff551d8773c7f4f2f8c54ca428298691923d status: experimental description: Detects traffic or activity related to https://macqore.com/app2 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://macqore.com/app2*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://claus4doom.co.za/curl/17046f29e45193c4a6a20b87eb1cb0a08ef3805eb69deeca5e77e6346a089239 id: auto-ebd493b2f9ebb878e9ac517c681131f46310cc49dd8547901f52169a686d33ba status: experimental description: Detects traffic or activity related to http://claus4doom.co.za/curl/17046f29e45193c4a6a20b87eb1cb0a08ef3805eb69deeca5e77e6346a089239 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://claus4doom.co.za/curl/17046f29e45193c4a6a20b87eb1cb0a08ef3805eb69deeca5e77e6346a089239*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.95.95:58826/i id: auto-1d5a8164ac8d00a009549562a513fc31584e74340244e31271a51f6ca970676d status: experimental description: Detects traffic or activity related to http://123.9.95.95:58826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.95.95:58826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.176.76:49511/bin.sh id: auto-49d6137ad4612aa6417330547d5ed87ec0818ec7fe41586f52eb73b7fb792bfb status: experimental description: Detects traffic or activity related to http://123.8.176.76:49511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.176.76:49511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.89.86:52612/i id: auto-93e754995840a8751d2f6d02863609c461e9ff10481457372b12ff5dcdd27489 status: experimental description: Detects traffic or activity related to http://182.126.89.86:52612/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.89.86:52612/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.58:56928/i id: auto-4fe12b753e17e553e793d0c6e7785c565be42f0ac914a171cc6a99a0d6d26cff status: experimental description: Detects traffic or activity related to http://115.55.50.58:56928/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.58:56928/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.140:51840/bin.sh id: auto-fa505ab75e3379e525d2a9145cb860200ca9c9cc8180ca0cd9e1ca77314aeb8d status: experimental description: Detects traffic or activity related to http://219.156.62.140:51840/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.140:51840/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.252:47969/i id: auto-e3422ea9eed5299b3e9cd13b096576d6adff5e6e1642ada854e196862fb693da status: experimental description: Detects traffic or activity related to http://42.235.91.252:47969/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.252:47969/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7992210799/1XUmqDV.exe id: auto-81aae3038fdc52184657012c4ad22c80655773c05580c295c3aaac87653369ac status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7992210799/1XUmqDV.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7992210799/1XUmqDV.exe*' condition: selection level: high tags: - attack.t1003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/8pSIlDA.exe id: auto-b942d93801d28eaf31ff2fb295e7e6cff6bf5e33c6225f6998653a05f8205c3c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/8pSIlDA.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/8pSIlDA.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.73.79:44062/i id: auto-74d7651d0b4ff09607615bde0814bcdfc2de086777507517bf553c4169407b84 status: experimental description: Detects traffic or activity related to http://42.85.73.79:44062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.73.79:44062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.160.28:54052/i id: auto-a30c36da99689b94aabeb7822f2db8837aae2d7c36c278fc74885c641fb6863b status: experimental description: Detects traffic or activity related to http://182.127.160.28:54052/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.160.28:54052/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.95.95:58826/bin.sh id: auto-07375491c5101c89d78ccfa56ab4c99c69cea552fa95f0eb58ccf01371ecbd8a status: experimental description: Detects traffic or activity related to http://123.9.95.95:58826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.95.95:58826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.31.177:59642/i id: auto-b0218e6b51425ed0d5c200d7c0d77815803891768df20a075cf459253ee0d10f status: experimental description: Detects traffic or activity related to http://117.198.31.177:59642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.31.177:59642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.134.57.125:38018/bin.sh id: auto-9a2469b79bda4d0d4c0d8733d8007e8df8ce2f62dc8236127219e2d1848891ed status: experimental description: Detects traffic or activity related to http://123.134.57.125:38018/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.134.57.125:38018/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.253.73:48829/bin.sh id: auto-1b25a5edef05dc16b7474ced9a0b2dcb8692fb3b693c61ec96c59bcd6979764f status: experimental description: Detects traffic or activity related to http://125.44.253.73:48829/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.253.73:48829/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.66.79:33305/i id: auto-e51a5adbc5920b58c95d6342847d8c21c47da456d6ae49c8970b005e83be1d89 status: experimental description: Detects traffic or activity related to http://219.157.66.79:33305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.66.79:33305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.89.86:52612/bin.sh id: auto-13e5d1b17609efe462f7cc5d3f7b21642384f537c18b9cf3acbd0ddd3fdc4307 status: experimental description: Detects traffic or activity related to http://182.126.89.86:52612/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.89.86:52612/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.55.125:53605/i id: auto-f53e858f5031b0bde7cb61009260953cead8a0ace53828c4e2b4ba4951fcd382 status: experimental description: Detects traffic or activity related to http://117.215.55.125:53605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.55.125:53605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.135.148:47043/i id: auto-2559b4f3835fa91c58674fad21d3a2f6de70aef846f283ac6e766ff535cb952c status: experimental description: Detects traffic or activity related to http://115.63.135.148:47043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.135.148:47043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.91.252:47969/bin.sh id: auto-80e919332317ef5f0a6676b95641fd7770590248c84a51dddb8d9de5b0a3964f status: experimental description: Detects traffic or activity related to http://42.235.91.252:47969/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.91.252:47969/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.234.153:56363/i id: auto-2a0e04116d64d3775d2165890a3038387c12181c809a3f1558a411dcc99ee45d status: experimental description: Detects traffic or activity related to http://117.199.234.153:56363/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.234.153:56363/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.170.223:54855/bin.sh id: auto-d20ad0785bec54d88c746032dce1d5034960387bd61936395b52a6c5baa277bb status: experimental description: Detects traffic or activity related to http://123.5.170.223:54855/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.170.223:54855/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.80.113:37313/bin.sh id: auto-434b208e11bf750ab5d085cc26b46048394f7f7123b55bf64f0f058480efb751 status: experimental description: Detects traffic or activity related to http://182.126.80.113:37313/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.80.113:37313/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.31.177:59642/bin.sh id: auto-6b2156c38efbfde598e29b8df0c920e00f393b48f0fa1e44c8a5f8f224b85beb status: experimental description: Detects traffic or activity related to http://117.198.31.177:59642/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.31.177:59642/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.160.28:54052/bin.sh id: auto-80526a20b934f41e6355d2c52e2f2097c9496b0a6a13cb9c29a2baedb9be44b3 status: experimental description: Detects traffic or activity related to http://182.127.160.28:54052/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.160.28:54052/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.127.47:60960/i id: auto-d359235e13e69ce62589e68b7ca7297f590b6b5fecf4ab2aa74bc36f4765c32a status: experimental description: Detects traffic or activity related to http://123.14.127.47:60960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.127.47:60960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.211.109:38246/bin.sh id: auto-fb0996d0fb828b698f1a3ead5341ec3a25af8cc5957a3057ecfd4d7c53bf70c0 status: experimental description: Detects traffic or activity related to http://110.38.211.109:38246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.211.109:38246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.168.0.46:48540/bin.sh id: auto-c174e2360ebc69fc2b311d5f96fd09da2eade8e022c64fe99bf52fb6a1e6fe1e status: experimental description: Detects traffic or activity related to http://108.168.0.46:48540/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.168.0.46:48540/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.128.97:39072/i id: auto-ccd262790d12f734817b6c2e9ec8bbe375987732a28cfe5325622a671b63cfce status: experimental description: Detects traffic or activity related to http://123.4.128.97:39072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.128.97:39072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.55.125:53605/bin.sh id: auto-ad43ded73470b321d75b1a50be347f9a54243fd8605342a9402ce5ab21a6b8b9 status: experimental description: Detects traffic or activity related to http://117.215.55.125:53605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.55.125:53605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.214.47.119:33051/bin.sh id: auto-12caf0b2ea297f3a1e326e62f9a19dd46ed4b27190f17a980337c5c781f9114f status: experimental description: Detects traffic or activity related to http://176.214.47.119:33051/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.214.47.119:33051/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.199.234.153:56363/bin.sh id: auto-3cd0b93f1f01b5841fbad4d4f5c16f84644750d6382989ffa9ca7df87cda2f91 status: experimental description: Detects traffic or activity related to http://117.199.234.153:56363/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.199.234.153:56363/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.120.195:38407/i id: auto-92e480ea2da40aca86c3b41a42afbf79567de9f9db7f903765b8be0214bd637b status: experimental description: Detects traffic or activity related to http://182.127.120.195:38407/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.120.195:38407/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.228.227:41496/bin.sh id: auto-4237cb8923c9b386aa3202d30fd7ba7f6b2472b19c3356d62448829d40dd087a status: experimental description: Detects traffic or activity related to http://123.12.228.227:41496/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.228.227:41496/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.34.129:53277/i id: auto-4a43f3d611fdeb947ac4356e3844ec862c69196d5f09e36b4930b4d80a2d9295 status: experimental description: Detects traffic or activity related to http://123.14.34.129:53277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.34.129:53277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:37770/i id: auto-fcc0e88644a7027e831d2e86952dc05f77bab54b2c462f7f195736aeb3adda45 status: experimental description: Detects traffic or activity related to http://110.37.76.189:37770/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:37770/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.52:47769/i id: auto-8a77b7e03d46d1191af0c2d35fcc9447bb8c19eec53294e1d8b81b74769fb620 status: experimental description: Detects traffic or activity related to http://60.23.236.52:47769/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.52:47769/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.186:38680/i id: auto-10800d0132f3b4529829817b3ae9b7d0ee65a273a73e043fb31215e4fece0434 status: experimental description: Detects traffic or activity related to http://123.5.159.186:38680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.186:38680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.135.148:47043/bin.sh id: auto-26852e9f3f97b8b13f56fc7c97d7c72d84a92589cf96e8056ab021f1cfb1379a status: experimental description: Detects traffic or activity related to http://115.63.135.148:47043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.135.148:47043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.157.147.16:58277/.i id: auto-019a1291f3353a0f38b1a11def89332efe82766674223f1720602501e0e12777 status: experimental description: Detects traffic or activity related to http://69.157.147.16:58277/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.157.147.16:58277/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.62.158:53783/bin.sh id: auto-ecf75c79b8668712b163078d2b3ffb0aea1801849869c89e465ea4d2c62b77d0 status: experimental description: Detects traffic or activity related to http://27.37.62.158:53783/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.62.158:53783/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.126.147:57713/i id: auto-bc4609bf903c9361b37ea0fe100c47ca1fd9882ce9a09eb3fe0886c307cae3c9 status: experimental description: Detects traffic or activity related to http://110.37.126.147:57713/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.126.147:57713/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.34.129:53277/bin.sh id: auto-e639e6b3432c17bc1f81fd1485d71d6f4ce74c47defc4d93181cc421d1eabec5 status: experimental description: Detects traffic or activity related to http://123.14.34.129:53277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.34.129:53277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.128.97:39072/bin.sh id: auto-00406e4ea7faf06a107e87b18dfd520288b3a290ab76a8b2d305411012847107 status: experimental description: Detects traffic or activity related to http://123.4.128.97:39072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.128.97:39072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.245:44115/i id: auto-126b7b64bba6b1e0b773e4cecf0d85286babfcf6afd89ad5fc0aa8fb4de2c52b status: experimental description: Detects traffic or activity related to http://61.53.89.245:44115/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.245:44115/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.104.254:38457/i id: auto-3e833caa363f96cb997c4fe85637f2809fe2a6dd60ac7669669195a354edfe10 status: experimental description: Detects traffic or activity related to http://61.53.104.254:38457/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.104.254:38457/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.229.54:50029/i id: auto-7a1ed43cc71cbbd429cfbebfc1ec780aff9626ec174ba6214d05b156fa83f56d status: experimental description: Detects traffic or activity related to http://85.12.229.54:50029/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.229.54:50029/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.186:38680/bin.sh id: auto-61368be2051dc6a84a88eca63c85ae0283ab90cb05926056d69c1ce0a3146a04 status: experimental description: Detects traffic or activity related to http://123.5.159.186:38680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.186:38680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:37770/bin.sh id: auto-669d02f4c9d27fa60fcd21da3f64e5639fc1e5dbae41370b18452b0180e6067a status: experimental description: Detects traffic or activity related to http://110.37.76.189:37770/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:37770/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.52:47769/bin.sh id: auto-b79aef8592a73fe553180bbb10b4791d64e920e5bf3f3e67f981814525e519c6 status: experimental description: Detects traffic or activity related to http://60.23.236.52:47769/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.52:47769/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.91.87/download/alfa.exe id: auto-e3b54cbd3ed3e7c090e477bb4d216cf76c8b59105db4741258ceb625c4869ac6 status: experimental description: Detects traffic or activity related to http://144.172.91.87/download/alfa.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.91.87/download/alfa.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/951845004/0HDpmWb.exe id: auto-f76e85028a06a8d398841b902e81b9e791071bb47358b578e2663d8ad11193fa status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/951845004/0HDpmWb.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/951845004/0HDpmWb.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.126.147:57713/bin.sh id: auto-2c59e44dfa29c1041f4bfabeb94c28d52b43248d9cd88d9d4dfe4885d7a1c615 status: experimental description: Detects traffic or activity related to http://110.37.126.147:57713/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.126.147:57713/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:57021/i id: auto-7e787721223ccaa46e95704c6bc90e8028fdfb1310a937195871be4c4019e983 status: experimental description: Detects traffic or activity related to http://173.28.101.7:57021/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:57021/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.106.42:40538/i id: auto-908cd45577f57418cd7de38406c92a1b1f5bf49f0677a36a680501f048d21540 status: experimental description: Detects traffic or activity related to http://58.47.106.42:40538/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.106.42:40538/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.194.135:59673/bin.sh id: auto-7132867b5967be4830f10cd2305fcdb19c7cfc48b0f05af4d661b37202757f5f status: experimental description: Detects traffic or activity related to http://182.113.194.135:59673/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.194.135:59673/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.113.48:46698/bin.sh id: auto-975a50f1f36ec2325ec7c7c0bcd8e44829a47a527ef8f7fa10e5f2e637eeb6a2 status: experimental description: Detects traffic or activity related to http://175.165.113.48:46698/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.113.48:46698/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.104.254:38457/bin.sh id: auto-90393f5de7135814b0732a94afb3f18c603cd43f26e52527b6e82e3d992b89b6 status: experimental description: Detects traffic or activity related to http://61.53.104.254:38457/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.104.254:38457/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.1.129:59209/i id: auto-21a150b8405d22cf6310a8c02369cfea3f3604d3f648a37e86659edc00c2c699 status: experimental description: Detects traffic or activity related to http://115.51.1.129:59209/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.1.129:59209/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.18.31:38409/i id: auto-0849cd8ddabf8b2432d5aa99506da8ce2e0a24de0a3bf1ece386621f6806f7eb status: experimental description: Detects traffic or activity related to http://42.235.18.31:38409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.18.31:38409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.199.134:44038/i id: auto-0eb9ed707aee5130828cc17715c8abf668f328ae82f6254f5c5a791368469002 status: experimental description: Detects traffic or activity related to http://125.46.199.134:44038/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.199.134:44038/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.23/stub.exe id: auto-a2e81c4445f696946c8e155e454b352304cd03c50acb468b81260cd3118e4ad9 status: experimental description: Detects traffic or activity related to http://196.251.107.23/stub.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.23/stub.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.76.12:57510/i id: auto-3ee4607d62edaf9712666105dce5856658fb4206c157768d184179e18aee3ae1 status: experimental description: Detects traffic or activity related to http://182.117.76.12:57510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.76.12:57510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.229.54:50029/bin.sh id: auto-35c36e9792646234f9d02b18ce81d74000bf7b49d97f64145003928bfa6b96e4 status: experimental description: Detects traffic or activity related to http://85.12.229.54:50029/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.229.54:50029/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:57021/bin.sh id: auto-d4e3283928fcdbc17b1c4e1f993c41cbcfca1f704695be94a146ce500cd6eaa3 status: experimental description: Detects traffic or activity related to http://173.28.101.7:57021/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:57021/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.18.31:38409/bin.sh id: auto-cba66b7cf6d24831914895efe199a5d38713039e899974669dd871e3325610d1 status: experimental description: Detects traffic or activity related to http://42.235.18.31:38409/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.18.31:38409/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.212:37688/i id: auto-630b5dd551d505e1d3cc44cfc56e9935b1ca258700f56a4960aa3bf60e113de1 status: experimental description: Detects traffic or activity related to http://59.97.176.212:37688/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.212:37688/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.199.134:44038/bin.sh id: auto-81a3a7d29842f314457c94ed720aff1044c5882f9c95bcf03961348a69da6084 status: experimental description: Detects traffic or activity related to http://125.46.199.134:44038/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.199.134:44038/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.63.179:56520/i id: auto-c6935afd6206005dea2fc8b767290f606563e499ab04a978398981f96f6d9787 status: experimental description: Detects traffic or activity related to http://115.50.63.179:56520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.63.179:56520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.193.238.161:39808/i id: auto-d0fad00b15e663ec4c2e3df6a8f83d36d0031aec6a677726a27b45bbecc04c31 status: experimental description: Detects traffic or activity related to http://27.193.238.161:39808/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.193.238.161:39808/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.245:44115/bin.sh id: auto-19301787ce8e767057d5f27f9065e2bc801ff100e22406d297f7e22bb99e3f6b status: experimental description: Detects traffic or activity related to http://61.53.89.245:44115/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.245:44115/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.117.89:43067/i id: auto-cd7176673522f66f2c5ffa9865bb06c3ecc7987762a8e7d8a137d65bca917a2e status: experimental description: Detects traffic or activity related to http://117.235.117.89:43067/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.117.89:43067/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.5.9:55083/bin.sh id: auto-eb5cec65c5d6f4f0e82c1061d4d9cf693257144a2b5ba61c675c5f6318a97a35 status: experimental description: Detects traffic or activity related to http://42.227.5.9:55083/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.5.9:55083/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.253.196:52199/i id: auto-77980453d73eac33f2a5b8e6ddb4088f250b6b977531ad00b54ee9cbca562d15 status: experimental description: Detects traffic or activity related to http://61.54.253.196:52199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.253.196:52199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.76.50:36284/i id: auto-dfec6d0fb10934c57fd928e17c3309e39bd545c3b521f9107e5b648663248d82 status: experimental description: Detects traffic or activity related to http://39.79.76.50:36284/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.76.50:36284/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.2.35:45249/i id: auto-6f27399a8d6ca386f45883c9bc5067861cd77b466398b52bbe68cec3b9d17583 status: experimental description: Detects traffic or activity related to http://115.61.2.35:45249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.2.35:45249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.158.192:51649/i id: auto-a4acfd924ef817cd91ffca05156d5ce7671b10dbe0d81ac2d66af9ab68e5abc3 status: experimental description: Detects traffic or activity related to http://222.140.158.192:51649/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.158.192:51649/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.10.215:34072/i id: auto-ceda5a516b69ded122e99a81ad68da3b94ba5c7f93ffa239e84ce9e2d247110a status: experimental description: Detects traffic or activity related to http://115.63.10.215:34072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.10.215:34072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.76.12:57510/bin.sh id: auto-1b6e72cac7672f575112df6b0f0c1cf7808750e28bdf1a0767ff3249e104455e status: experimental description: Detects traffic or activity related to http://182.117.76.12:57510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.76.12:57510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.88.177:50375/bin.sh id: auto-376cc1a4690f14d1fb70b7252f93a58aa72ca6092cdefa37c415bddecbc9a4ce status: experimental description: Detects traffic or activity related to http://85.108.88.177:50375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.88.177:50375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.11.53:54322/i id: auto-1419cf2964c8b78c870391d28c7cab92a3b7c92759cf146e066bf82a0a7e1fbd status: experimental description: Detects traffic or activity related to http://125.40.11.53:54322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.11.53:54322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.88.228:52481/i id: auto-54cc8faf880255069e46d4115b7ed0f528615d4e41f275dd83761d8d25361869 status: experimental description: Detects traffic or activity related to http://42.226.88.228:52481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.88.228:52481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.212:37688/bin.sh id: auto-1177b39298a4ce6def4ab450739340b55b6ed0f3abad8940bdde9e681748dd7f status: experimental description: Detects traffic or activity related to http://59.97.176.212:37688/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.212:37688/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youphantom.lol/YouTubeRU.apk id: auto-b8083dee8cdebac5eff914b546036ce37d124feddd43bd796fe07245a5243f2d status: experimental description: Detects traffic or activity related to https://youphantom.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youphantom.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ru-youtube.lol/YouTubeRU.apk id: auto-d8ad9408e63e6286c4b2295341fa8466474d6c7aa15ed73ba9139943eeffd661 status: experimental description: Detects traffic or activity related to https://ru-youtube.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ru-youtube.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://yutobehol.lol/YouTubeRU.apk id: auto-b1937aa11594025c07e77eaaff16a0ea296654d632dfbbb264b430d6f3f1a653 status: experimental description: Detects traffic or activity related to https://yutobehol.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://yutobehol.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gatemaden.space/curl/985683bd660c0c47c6be513a2d1f0a554d52d241714bb17fb18ab0d0f8cc2dc6 id: auto-dc56c5a503aa4ff1e847d35d73d1da28973f1ae33c6af109df9b93f5d565be96 status: experimental description: Detects traffic or activity related to https://gatemaden.space/curl/985683bd660c0c47c6be513a2d1f0a554d52d241714bb17fb18ab0d0f8cc2dc6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gatemaden.space/curl/985683bd660c0c47c6be513a2d1f0a554d52d241714bb17fb18ab0d0f8cc2dc6*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://c.zxahso.sbs/v/V6.apk id: auto-7e4b6302890c669b511c286c5823209bff0382e8160571833bd8d661f8c78941 status: experimental description: Detects traffic or activity related to https://c.zxahso.sbs/v/V6.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://c.zxahso.sbs/v/V6.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://clausdoom.es/curl/17046f29e45193c4a6a20b87eb1cb0a08ef3805eb69deeca5e77e6346a089239 id: auto-6f714e659078ad4313ae2484c16a8043f8e3526d9684bde76f1d6cfd2fecfe71 status: experimental description: Detects traffic or activity related to http://clausdoom.es/curl/17046f29e45193c4a6a20b87eb1cb0a08ef3805eb69deeca5e77e6346a089239 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://clausdoom.es/curl/17046f29e45193c4a6a20b87eb1cb0a08ef3805eb69deeca5e77e6346a089239*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6608710704/CFHIgaR.exe id: auto-be26cbf31f9feffc421c860f5c4be680f76f1a2cf3bd8ab5060ce288d23c37cb status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6608710704/CFHIgaR.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6608710704/CFHIgaR.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.117.89:43067/bin.sh id: auto-7b4348814fb00374faffef5c86e745f1e7c53bc35f6f549f6217ba298c3fc9af status: experimental description: Detects traffic or activity related to http://117.235.117.89:43067/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.117.89:43067/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.44.114:57218/bin.sh id: auto-ad3b3e753d9657e53256320126a52c3f551ea4c6f08ea17024bf43100edf70c3 status: experimental description: Detects traffic or activity related to http://27.207.44.114:57218/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.44.114:57218/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.173.166:60412/bin.sh id: auto-858121d2d83050b0512fe9f4b76d5c7761e63701e1dbffb6fa1a95a1dacfdcb6 status: experimental description: Detects traffic or activity related to http://119.185.173.166:60412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.173.166:60412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.97.165:18727/.i id: auto-37b41cf75bb4f8ad97a55d973908d0766edb3d280f6a3a2004ed6a5edaedec9d status: experimental description: Detects traffic or activity related to http://113.221.97.165:18727/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.97.165:18727/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.199.209:57904/i id: auto-85ec598b527448fece92a2061dc2a5e01ac9c17fca2963522b8ab6982ef931b8 status: experimental description: Detects traffic or activity related to http://117.241.199.209:57904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.199.209:57904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.10.215:34072/bin.sh id: auto-2be5672c2b243e3a8d8cf1f7927334d6ec7414a7189f07ae5ac800605edd36c1 status: experimental description: Detects traffic or activity related to http://115.63.10.215:34072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.10.215:34072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.87.217:49445/i id: auto-0518bef75108cbf7edc481d62d432284f2930f1518a730fe5fb0bac40a8c8045 status: experimental description: Detects traffic or activity related to http://42.225.87.217:49445/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.87.217:49445/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.56.224:43011/i id: auto-767da9bd8fd64c4faeb2aed3f22342ac81901d511bd2b1a0ffaf2a907930ea8d status: experimental description: Detects traffic or activity related to http://182.119.56.224:43011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.56.224:43011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.68.148.99:41579/bin.sh id: auto-44df315a4c086af1791051ea5da771daf5b89a7053008a967578cf4f99c8650d status: experimental description: Detects traffic or activity related to http://39.68.148.99:41579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.68.148.99:41579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.87.217:49445/bin.sh id: auto-f29d1303aebf54d1ecb8c72ecab71dca58ea0c1cd065eea24ba818d531b9fd5b status: experimental description: Detects traffic or activity related to http://42.225.87.217:49445/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.87.217:49445/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.199.209:57904/bin.sh id: auto-af2c78b5387aa3f0ea33d3c54531a26e28d94d384dc7cb3fd5225eca22e1f6e1 status: experimental description: Detects traffic or activity related to http://117.241.199.209:57904/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.199.209:57904/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.173.154:59604/i id: auto-e0eb36591385fc3211c40b7c721601af77210d862a3064f0517cb541c62e585c status: experimental description: Detects traffic or activity related to http://42.224.173.154:59604/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.173.154:59604/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.48.212:56472/bin.sh id: auto-190d82cc8fedf5e95de81c62ac04fb7bb2a3c84e7094ed67cb3717f7be90965f status: experimental description: Detects traffic or activity related to http://182.114.48.212:56472/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.48.212:56472/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.197.4:57371/i id: auto-13f1929f33e3105d746bec2a7d3aad6e2a1d6ffba9e7753d66bfe8770874e4cc status: experimental description: Detects traffic or activity related to http://123.12.197.4:57371/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.197.4:57371/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.238.116.41:55076/bin.sh id: auto-dfc06405f531068604161b72d8f2e3efce644c90936ee7988a20dd32cf5f2cbc status: experimental description: Detects traffic or activity related to http://124.238.116.41:55076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.238.116.41:55076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.178.44:38144/bin.sh id: auto-b7c94f0ac259891ba4809bd9cce85d806e414f4badc1aa41b1e86e1b0f3fddd7 status: experimental description: Detects traffic or activity related to http://218.60.178.44:38144/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.178.44:38144/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.173.154:59604/bin.sh id: auto-788fcb5bea80d01fadfa714deb58a6ed0471059cb257fd359c3dfff3d00c6bc0 status: experimental description: Detects traffic or activity related to http://42.224.173.154:59604/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.173.154:59604/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.197.4:57371/bin.sh id: auto-db9e8a1f57273c78c61aa055c21084f175a1ffbe9d7f2047776a1c9ac9846a5e status: experimental description: Detects traffic or activity related to http://123.12.197.4:57371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.197.4:57371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.199.16:57950/bin.sh id: auto-758ead145728797d4f9d154dddad78169f05ddf03bdc47670228f59af6562f6a status: experimental description: Detects traffic or activity related to http://42.230.199.16:57950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.199.16:57950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.246.22.35:33547/i id: auto-5d089d03ff849a3beaabc1d6d574bbcd3d834da548dbf26b21fcfeb6d69108c9 status: experimental description: Detects traffic or activity related to http://112.246.22.35:33547/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.246.22.35:33547/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.208.110.31:36064/i id: auto-5b2b981737c8fd1d9b75e406ad99044e667ee62acf59b87ded711660b6be3199 status: experimental description: Detects traffic or activity related to http://222.208.110.31:36064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.208.110.31:36064/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.165.49:46973/i id: auto-fb8ef235e027cb21a740e403ef7709465d96548938cd767607aed08b434db022 status: experimental description: Detects traffic or activity related to http://42.52.165.49:46973/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.165.49:46973/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.255.12:57803/i id: auto-c34a80f98b81fc240197b622dde264e1b1cf792ceffa0ef134805d2357fa7646 status: experimental description: Detects traffic or activity related to http://59.97.255.12:57803/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.255.12:57803/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.80.109:47720/i id: auto-4007b3f9731eff66f6eea4427549ebb3812c315cd84f894e3b183f3a96a371ca status: experimental description: Detects traffic or activity related to http://182.127.80.109:47720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.80.109:47720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.70.90.108:50093/bin.sh id: auto-d624597d8807848386455e18a4a18b97263403b24aa248a42286b2f2bda2ff04 status: experimental description: Detects traffic or activity related to http://219.70.90.108:50093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.70.90.108:50093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.246.22.35:33547/bin.sh id: auto-0c706887ccc2a61391a1662211cb8b9b04f5d51fc50d5a92a7168e98f76960bd status: experimental description: Detects traffic or activity related to http://112.246.22.35:33547/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.246.22.35:33547/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.83.93:57700/bin.sh id: auto-ee7408e97ede6d6d22d9d6ef4bd1c2be4461f04e6b8a5635999cc3609eaa15e3 status: experimental description: Detects traffic or activity related to http://219.155.83.93:57700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.83.93:57700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.200.220.20:57092/i id: auto-4e104b5fde88c7b43fa0787699763baf90305cb459ecf727ba075b46dfebd499 status: experimental description: Detects traffic or activity related to http://221.200.220.20:57092/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.200.220.20:57092/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.240.45:44111/i id: auto-1f4bee5942e7b6e66cce6c5b24f6c9fda438b18fa3cf8145c6cd20b0085e2916 status: experimental description: Detects traffic or activity related to http://42.227.240.45:44111/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.240.45:44111/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:37812/i id: auto-9464b0a01e83d9e8c632c59279089a59518b8d542ca94d61636e1a40908aadc2 status: experimental description: Detects traffic or activity related to http://110.37.59.132:37812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:37812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.81.73:37418/bin.sh id: auto-2e6481e3d91681d68b9930ba745a7e4151b3df7ef01440c64688a855d627f287 status: experimental description: Detects traffic or activity related to http://112.248.81.73:37418/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.81.73:37418/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.245.63:35859/i id: auto-661bc4023f3cf29d67d58eb6634ba811ebf0ba36c68075d2319b485237ebc45e status: experimental description: Detects traffic or activity related to http://175.148.245.63:35859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.245.63:35859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.26.244:33370/i id: auto-373c83d9dbb6a170de4fad55ebe1c9773d0ca6a89864ef04f76face959e11ea1 status: experimental description: Detects traffic or activity related to http://115.48.26.244:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.26.244:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.165.49:46973/bin.sh id: auto-90a66d632bb27048fdd3e35130ca6dfb3157b8233bf116625c8ae45265b56a90 status: experimental description: Detects traffic or activity related to http://42.52.165.49:46973/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.165.49:46973/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.255.12:57803/bin.sh id: auto-a229bb32998214416ddfcd39feae8133e881374350c4d15dc020d71b22997495 status: experimental description: Detects traffic or activity related to http://59.97.255.12:57803/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.255.12:57803/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.208.110.31:36064/bin.sh id: auto-2381c7995d6d19d7fa8c717a48a9830dfd4c0b8ba13a43112a50c9487f5c2831 status: experimental description: Detects traffic or activity related to http://222.208.110.31:36064/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.208.110.31:36064/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.66.44:44346/i id: auto-b180d308f70c66f18ee216fcc8eef649ddf912d541cb52ad359cd7910d6fb5a3 status: experimental description: Detects traffic or activity related to http://42.235.66.44:44346/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.66.44:44346/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.118.169:35587/i id: auto-82f805c2b8856bafb50048fd4c62b1be4e0329129731fa5c7df04c12537dcbf9 status: experimental description: Detects traffic or activity related to http://123.14.118.169:35587/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.118.169:35587/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.80.109:47720/bin.sh id: auto-78b5c6d424e6b88db75ddd2486736bd4ecd76b7aa9547f9e8e1ad4e4c34399a3 status: experimental description: Detects traffic or activity related to http://182.127.80.109:47720/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.80.109:47720/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.205/bins/z3hir.sh4 id: auto-391d1d209020ee482b438a7d5cc2bfbd938f22c62183c64d6361fbf34ee76d21 status: experimental description: Detects traffic or activity related to http://176.65.132.205/bins/z3hir.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.205/bins/z3hir.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.200.220.20:57092/bin.sh id: auto-dc01ab705c052f3bcf58aa662aa6a91b0b819e4d0f56d4599e9c887816713550 status: experimental description: Detects traffic or activity related to http://221.200.220.20:57092/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.200.220.20:57092/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.240.45:44111/bin.sh id: auto-d5308a8f872b2ba4a68ed3174169ee134e82f28d36b3d132cacd85b6183b4167 status: experimental description: Detects traffic or activity related to http://42.227.240.45:44111/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.240.45:44111/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://symanst.page.gd/arquivo_20251230011900.txt id: auto-5bd7b556e5c6384fcae510a47e3d3c5f32b6a3611e1215b774c864a34704d6f1 status: experimental description: Detects traffic or activity related to http://symanst.page.gd/arquivo_20251230011900.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://symanst.page.gd/arquivo_20251230011900.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mncxzswedf.lovestoblog.com/arquivo_0851a7e42f5d4a219e1b2e8e930dcf59.txt id: auto-64067849c6a61a1392b26fb38dbc6a768f6457a4dd6052f88cd8837aa01d3f13 status: experimental description: Detects traffic or activity related to http://mncxzswedf.lovestoblog.com/arquivo_0851a7e42f5d4a219e1b2e8e930dcf59.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mncxzswedf.lovestoblog.com/arquivo_0851a7e42f5d4a219e1b2e8e930dcf59.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.245.63:35859/bin.sh id: auto-511199f894ca7f973703f90398286b87acb1511d0c4c874b818c5fca205a63d8 status: experimental description: Detects traffic or activity related to http://175.148.245.63:35859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.245.63:35859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.26.244:33370/bin.sh id: auto-22f83de54f7235c71ce2a09cc41486516dde850801e651879113b84d3b759617 status: experimental description: Detects traffic or activity related to http://115.48.26.244:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.26.244:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.38.52:53242/i id: auto-0db2b423780768fba135215c591949a7f6524a8e25b2da7d18dc3fbedf1b34d0 status: experimental description: Detects traffic or activity related to http://115.50.38.52:53242/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.38.52:53242/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vuetube.lol/YouTubeRU.apk id: auto-a211dc0908cf2f34963b3bd242810c530b6d00cd87758d88d7e9d1a781b2a86f status: experimental description: Detects traffic or activity related to https://vuetube.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vuetube.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.205/reaper.sh id: auto-78f2ce63f52aa6071a76b7ed69c25bdbfd87a417307da09ac37f27fc166e4f1d status: experimental description: Detects traffic or activity related to http://176.65.132.205/reaper.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.205/reaper.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.205/bins/z3hir.mips id: auto-1dfd33d2d1cc68bf09e0e4d188cd83cd6bcda44f95ea8b2fab79614fdadc2a45 status: experimental description: Detects traffic or activity related to http://176.65.132.205/bins/z3hir.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.205/bins/z3hir.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.205/bins/z3hir.arm id: auto-eedb51210a6de40f390aabb9527ea77338819ee7ea47ed14b0c2d5aeb9b1e90e status: experimental description: Detects traffic or activity related to http://176.65.132.205/bins/z3hir.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.205/bins/z3hir.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.205/bins/z3hir.x86 id: auto-f7994f3e5fb852b6e2fc3eec7d57a8cc33bddf8ac6040ad77df9a4cde27a83dc status: experimental description: Detects traffic or activity related to http://176.65.132.205/bins/z3hir.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.205/bins/z3hir.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.210.63:8888/system.dll id: auto-fcfe31562ca1dd8e41eda0e5c28fd4c1e99e08c880f1cd9d86f06f005dec3bf8 status: experimental description: Detects traffic or activity related to http://158.94.210.63:8888/system.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.210.63:8888/system.dll*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/sys id: auto-0c7c14291ac748747f44953734596c0f74b86d108cd984315a2775b261d9ba33 status: experimental description: Detects traffic or activity related to http://158.94.208.27/sys which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/sys*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/Wnp3t9q.bat id: auto-7adaeb262cf96ee7e26a27037344b89a88a1e2a0ba4bff24b44879eebd029c3c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/Wnp3t9q.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/Wnp3t9q.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:37812/bin.sh id: auto-c155587c7d7f43792acac8b668e0a84c62b4a22898703dfb1bc906449334002e status: experimental description: Detects traffic or activity related to http://110.37.59.132:37812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:37812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.66.44:44346/bin.sh id: auto-b83efc5b27d33de23ee51bc1fe3535cb3ac53ba29d7dc662a775a5804705ad05 status: experimental description: Detects traffic or activity related to http://42.235.66.44:44346/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.66.44:44346/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.101.214:56411/bin.sh id: auto-ec4f8066ec309fee553003d5cf5ec2fb286d4f8f0e999ff2fe6a412c7e29e06c status: experimental description: Detects traffic or activity related to http://117.254.101.214:56411/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.101.214:56411/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.84.113:56011/bin.sh id: auto-2e22471b74a5ad2c12a91988f49a4794bba9df466a097ab30d0c1ed0a04871fc status: experimental description: Detects traffic or activity related to http://117.209.84.113:56011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.84.113:56011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.253.150.138:50463/bin.sh id: auto-6d7e76aa17bcf19ba6fe3978a81962f72d648e5f28a0064bdf67a868d8d7c728 status: experimental description: Detects traffic or activity related to http://117.253.150.138:50463/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.253.150.138:50463/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.9.81:33233/bin.sh id: auto-ae762c8d4c2e4ff420d9536971aad860ac0d14b4ac24b1c5878b1120a7e684cf status: experimental description: Detects traffic or activity related to http://42.54.9.81:33233/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.9.81:33233/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.98.59:40076/bin.sh id: auto-1691c7a7aef76271d6734b5a40e860d047267dd0fbd670eac8febe9678418e1e status: experimental description: Detects traffic or activity related to http://42.234.98.59:40076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.98.59:40076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-114-cloud/ach id: auto-36cedf01fd0c8f46ecb189250d8e5cc7c0907c18176e268221bb23559caf5d75 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-114-cloud/ach which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q7ekh/cdn-114-cloud/ach*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.38.52:53242/bin.sh id: auto-38ea9bc6c5756e8454eb9af40fee8737f87a5e651a9737afb10479803e5e2ab0 status: experimental description: Detects traffic or activity related to http://115.50.38.52:53242/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.38.52:53242/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.251.199:60959/i id: auto-6628381e34a3aabed0cc7dbb7aef69fc96f1e8a3c1a0f7ad53382c34232ab695 status: experimental description: Detects traffic or activity related to http://42.230.251.199:60959/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.251.199:60959/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.67.156:41501/i id: auto-eb1278d83151025338f0c88162a1eb892f8844127cacaad7fe048915fab3c18b status: experimental description: Detects traffic or activity related to http://42.180.67.156:41501/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.67.156:41501/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.88.90:58109/i id: auto-f65089ee4df508be302c4328782671341604033f32865bbc9b979ee52af555dc status: experimental description: Detects traffic or activity related to http://42.231.88.90:58109/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.88.90:58109/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.191.205.40:52499/i id: auto-f586baabbd6c7309161d8ed83e2584b34f382f9da83c930f80ce9f48d86d9daa status: experimental description: Detects traffic or activity related to http://222.191.205.40:52499/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.191.205.40:52499/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://75.20.188.106:50778/i id: auto-250d1ac06fa78f94ac703976e03f60a21c33f2a734742cf6d58fe52ece5926a1 status: experimental description: Detects traffic or activity related to http://75.20.188.106:50778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://75.20.188.106:50778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.250:43379/i id: auto-e97d2dd1d76e97e3ebb9644176d19352fc4d7d234abfb1a32af61b1d19c437b5 status: experimental description: Detects traffic or activity related to http://61.53.84.250:43379/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.250:43379/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.88.90:58109/bin.sh id: auto-4345687971752a16ab6ff5f6dd8ffbda7ca1b08e49a4fca85d588b11db86a99f status: experimental description: Detects traffic or activity related to http://42.231.88.90:58109/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.88.90:58109/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.192.163:54458/i id: auto-458cc5aa341f6830c3b0b753a76ce7b2ff9e633f14bfbe7fcd2ba038b45e886c status: experimental description: Detects traffic or activity related to http://182.114.192.163:54458/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.192.163:54458/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.49.241:56441/bin.sh id: auto-e44e2e080fd3d92e8dda8a76ec7b5bc279d5597f0049c472cdae8c6ae74e9164 status: experimental description: Detects traffic or activity related to http://123.172.49.241:56441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.49.241:56441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.251.199:60959/bin.sh id: auto-57b9571871a03f1f3fdf29d789de5eeedaaee112c0f977754e028d5fd3bf466c status: experimental description: Detects traffic or activity related to http://42.230.251.199:60959/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.251.199:60959/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.222.144:56122/i id: auto-569205ef8edec7f7fbf06ede89c1c2fc23feff495d9b0e8a85e2bb6424f4a9f5 status: experimental description: Detects traffic or activity related to http://59.182.222.144:56122/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.222.144:56122/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.174.219:42675/bin.sh id: auto-b8fde4ff08230fb3eae9a31dd688d5f03bf53dd6fc9b09ca71ddd02307335ea2 status: experimental description: Detects traffic or activity related to http://42.56.174.219:42675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.174.219:42675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.192.163:54458/bin.sh id: auto-93ebb7fa80a85e6f13828940b1deff19982e8755e81540dda68deb61d6911ae1 status: experimental description: Detects traffic or activity related to http://182.114.192.163:54458/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.192.163:54458/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://75.20.188.106:50778/bin.sh id: auto-0747e1b90db1722a031f1b0d6e791afba3b6f986083ebadf54e2dc42375110d8 status: experimental description: Detects traffic or activity related to http://75.20.188.106:50778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://75.20.188.106:50778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.196.111:38293/i id: auto-ad3e1341c7df64f5bb26481b137209695a80b00d98b7f62b93c9a9015db25341 status: experimental description: Detects traffic or activity related to http://27.204.196.111:38293/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.196.111:38293/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.188:58039/bin.sh id: auto-f99f13fffdfb281a35b93f1d68aa875bd6207396bf77dc982527d736c579f947 status: experimental description: Detects traffic or activity related to http://110.37.121.188:58039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.188:58039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.81.13:46127/bin.sh id: auto-37145926dc14ff7e3a689eb07de997a6ff179ba27a4f3e5ad6ade58ad4ea3047 status: experimental description: Detects traffic or activity related to http://39.86.81.13:46127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.81.13:46127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.222.144:56122/bin.sh id: auto-859fa81f67c60411a6ca766242f430aed3f06c7246d81765749554923537eb2e status: experimental description: Detects traffic or activity related to http://59.182.222.144:56122/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.222.144:56122/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-c10ud/clo id: auto-c104fbab24a333029f654ffba552d84844357c4bb4b742a7fe9599b64cd6d77f status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-c10ud/clo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-c10ud/clo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.191.205.40:52499/bin.sh id: auto-a69d33a1823005f893bcb5469d25a31b4a05f5109c563e3605bd70a26389850a status: experimental description: Detects traffic or activity related to http://222.191.205.40:52499/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.191.205.40:52499/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.250:43379/bin.sh id: auto-29c80237790d2ddd2aee5afab976779adb9ce0f1469367bd6af377f806303063 status: experimental description: Detects traffic or activity related to http://61.53.84.250:43379/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.250:43379/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.196.111:38293/bin.sh id: auto-9fb4031467e9078f35cf72efb3e52e0bdb49c310b5354a1029dd40882ef619ca status: experimental description: Detects traffic or activity related to http://27.204.196.111:38293/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.196.111:38293/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.132.186:50071/bin.sh id: auto-5904f61604d96f236a709c3f4c8d7821962f9268f35b201ad3673f34d22237c3 status: experimental description: Detects traffic or activity related to http://219.157.132.186:50071/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.132.186:50071/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.133.92:53511/bin.sh id: auto-5ef0df29e836c8ac70ef9387286fefc14f342766315663686b567377d1f53eae status: experimental description: Detects traffic or activity related to http://115.58.133.92:53511/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.133.92:53511/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.213.36.11:35469/i id: auto-31c73b7cc1e58a8eef8be88f2c9415466792106a65d073b8a46880ec93bc2f0a status: experimental description: Detects traffic or activity related to http://27.213.36.11:35469/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.213.36.11:35469/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8407382388/P92tw6v.exe id: auto-719a65608f886b6b641b5e01fdcc62c3e58da70acb078c21fd7f9b4d48a60614 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8407382388/P92tw6v.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8407382388/P92tw6v.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.108.92:46937/bin.sh id: auto-74c2b8c1f9bc9c9ea68d9cbfe8db09e7d4ec89c1a47720f16286aa8c743411a8 status: experimental description: Detects traffic or activity related to http://123.13.108.92:46937/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.108.92:46937/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.241.44:42822/i id: auto-0b5ba562013da65e2a6804db4e04489f64df949660ddd13acac5434a6758d3f1 status: experimental description: Detects traffic or activity related to http://219.157.241.44:42822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.241.44:42822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.175.211:38309/i id: auto-001d5bdb7e47a594463d911edd6c137a25ad96ca9baf25eee57c7a27d822be5e status: experimental description: Detects traffic or activity related to http://123.4.175.211:38309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.175.211:38309/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.85.88.21:56375/i id: auto-7a37f96fe8f3a5fb51c0347f53ca4361d14d587a59015129c08e3a0899acf26c status: experimental description: Detects traffic or activity related to http://110.85.88.21:56375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.85.88.21:56375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.38.13:36579/bin.sh id: auto-cadcb5aceac6aa3d37aaf56b37e4a11747546a9c7fa2e0c382dadde9e1d70f94 status: experimental description: Detects traffic or activity related to http://119.116.38.13:36579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.38.13:36579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.122.116:47268/bin.sh id: auto-cc132ef6461e6bb04a5ddcb0f724aad5070cbb757550a6e0305eba117fb29086 status: experimental description: Detects traffic or activity related to http://42.53.122.116:47268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.122.116:47268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.30.115:41859/i id: auto-c2317a87f8f50af1c6627a4ca3b985f5993140ba56f86dbd55d80306ee242441 status: experimental description: Detects traffic or activity related to http://61.3.30.115:41859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.30.115:41859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.117.254:37341/i id: auto-9569f4ebaa256234b2f4048094a147cdf1126be5e7c3234e03a1b6bb6b4dff25 status: experimental description: Detects traffic or activity related to http://113.239.117.254:37341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.117.254:37341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.138.208:46678/i id: auto-28690250817a5fb93420d6f8302c9be55c151ed4b30dce50a8a5c9c38ba62687 status: experimental description: Detects traffic or activity related to http://112.248.138.208:46678/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.138.208:46678/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.20.13:42183/i id: auto-d46519b329b87f0ec001c35e79ca56e44760a0983639c0403b556a58b215b170 status: experimental description: Detects traffic or activity related to http://219.156.20.13:42183/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.20.13:42183/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.241.44:42822/bin.sh id: auto-619e31f15720fb8042faa087c268c5047896d1c26008628793a111d601071b61 status: experimental description: Detects traffic or activity related to http://219.157.241.44:42822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.241.44:42822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.117.254:37341/bin.sh id: auto-02bc89ccbed2a7f21469df6cd122228f835acfea9404181a3609a8d9b8f586c0 status: experimental description: Detects traffic or activity related to http://113.239.117.254:37341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.117.254:37341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.245.187:55639/i id: auto-500b0c345e0a8996e18177e4ab0588e4d81a21ee568a4a619210d3e0c8d2a13b status: experimental description: Detects traffic or activity related to http://59.184.245.187:55639/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.245.187:55639/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.212.86:43016/i id: auto-2ff40271cb98ba25f47a5e0973dac304bc01c59f63c3baf20f1e844dc1843748 status: experimental description: Detects traffic or activity related to http://27.215.212.86:43016/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.212.86:43016/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:54495/i id: auto-09a87a83a73e62e55e4c0b5bd24ec5e3e2176097484760df8f01f9ba0e438389 status: experimental description: Detects traffic or activity related to http://110.37.52.120:54495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:54495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.215.42:58217/i id: auto-fb370f5bf67601641674fb5b6c950796fba104d72f23d0019105b05675b0ff76 status: experimental description: Detects traffic or activity related to http://115.50.215.42:58217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.215.42:58217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.39.225:56138/bin.sh id: auto-3d1923db9a2563cac3da19c98cc810c3d3aab9a272d4dba670bf85994e4f41cc status: experimental description: Detects traffic or activity related to http://113.236.39.225:56138/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.39.225:56138/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.138.106:52514/i id: auto-ef332d951a8ec41f8733d7e3a880f53b0848e466a7feeafedf6097dc47ad6e71 status: experimental description: Detects traffic or activity related to http://182.121.138.106:52514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.138.106:52514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.175.211:38309/bin.sh id: auto-27d517360e957954374d6e31045bf74e6e453e99ce77715b804ab03428472c7b status: experimental description: Detects traffic or activity related to http://123.4.175.211:38309/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.175.211:38309/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.81.163:34167/bin.sh id: auto-4f3e77c3597712aee2ffbfadb54d75dd91cf6dd1f38d4f91599cddfdd998cb87 status: experimental description: Detects traffic or activity related to http://182.121.81.163:34167/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.81.163:34167/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.185.157:43520/i id: auto-9633b9dbb3f5a479f306256b5b36ee2782b4f76d2ecb8a63f99d6c7e18de0219 status: experimental description: Detects traffic or activity related to http://221.15.185.157:43520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.185.157:43520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.85.88.21:56375/bin.sh id: auto-f73cec8f072fe29d40559c29955d364944a895d3a072c387645aeb11cda44a3e status: experimental description: Detects traffic or activity related to http://110.85.88.21:56375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.85.88.21:56375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.102:39628/i id: auto-b07a5f690d5d8460e070b15d758542a6200d0fa5627caccd41d7dcefe8da27b0 status: experimental description: Detects traffic or activity related to http://181.103.0.102:39628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.102:39628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.108.129.18:44987/bin.sh id: auto-2c2835a506814f4a0837c91ce52d88054989ee41f176be3b465cce7356345c95 status: experimental description: Detects traffic or activity related to http://101.108.129.18:44987/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.108.129.18:44987/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.138.208:46678/bin.sh id: auto-05ec595561c7476a41a7e26637642767ee0bcdf4f451b455d8da0042fac37952 status: experimental description: Detects traffic or activity related to http://112.248.138.208:46678/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.138.208:46678/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.30.115:41859/bin.sh id: auto-f57ebd83e6f19443100694ded32de50d35e19badcc20047e2929b133d6d0ce2c status: experimental description: Detects traffic or activity related to http://61.3.30.115:41859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.30.115:41859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.103.185:42271/bin.sh id: auto-70ec96e4f0f59b1874ef66c097fbefcfb1c5f64339abdf4b9ca35a511c839445 status: experimental description: Detects traffic or activity related to http://112.239.103.185:42271/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.103.185:42271/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.20.13:42183/bin.sh id: auto-830005825ccb11945c63feed0543ff341ca16e28b82b6e641bfda6d9abc6e0a2 status: experimental description: Detects traffic or activity related to http://219.156.20.13:42183/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.20.13:42183/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.3.74:44060/i id: auto-097aa5d65e4dafce7f76e4f93c407ec021a5923157ab7cb0c3ecc37263e02a17 status: experimental description: Detects traffic or activity related to http://115.49.3.74:44060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.3.74:44060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.242.156:54677/i id: auto-de39bde9771b8209fa65eb3e1c912e53e6732d40735de54564eeda14b45e90f1 status: experimental description: Detects traffic or activity related to http://110.39.242.156:54677/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.242.156:54677/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.224.198:47369/i id: auto-ae8ab24279e81ec9dbdb37c1fa0ea3cd8a9464caf32e5c5537b5434a34ed9c05 status: experimental description: Detects traffic or activity related to http://125.41.224.198:47369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.224.198:47369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.220.34:33563/bin.sh id: auto-67491538d89824a6d1a5b8d47156dca3542ef576f034f64b74864f5d2ba157cc status: experimental description: Detects traffic or activity related to http://117.215.220.34:33563/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.220.34:33563/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.64:35215/i id: auto-38fda5c895efdfed6166ca8ae5bec34ce678e4e821bfaaa71843b9237762b162 status: experimental description: Detects traffic or activity related to http://59.97.183.64:35215/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.64:35215/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.255.107:55820/bin.sh id: auto-5f10d5dbb04529deaa504ae1b0d5e7b8901ee9375377fe7fef467ea7e59edfec status: experimental description: Detects traffic or activity related to http://59.97.255.107:55820/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.255.107:55820/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.3.74:44060/bin.sh id: auto-1cb713df247e7787a81312ac03674fe49c910020925cc14d8450ecf59fb5ed59 status: experimental description: Detects traffic or activity related to http://115.49.3.74:44060/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.3.74:44060/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.242.156:54677/bin.sh id: auto-287eb5280933fa921ebf9ad885e7b37cf1f0f532a4f2e582d0a60e68312b6aae status: experimental description: Detects traffic or activity related to http://110.39.242.156:54677/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.242.156:54677/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.183.64:35215/bin.sh id: auto-437d66efd1550bd80acdba4283397c40f734f335d622ae265dff36a35f7950ba status: experimental description: Detects traffic or activity related to http://59.97.183.64:35215/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.183.64:35215/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.35.13:42535/i id: auto-7aa2e814f2be37e1db7785653b60d3c51a6733b484dd111b44ba21dbe5ef46a5 status: experimental description: Detects traffic or activity related to http://117.217.35.13:42535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.35.13:42535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.227:57571/i id: auto-2f8418c86ccaed0deec5195a50f048a67e50ce4226d62ad01471efc4c0132c3b status: experimental description: Detects traffic or activity related to http://117.209.2.227:57571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.227:57571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.167.250:44734/i id: auto-cb41e3dac0194cd10d89082110b089bf515264afc962d4e9e088bf5fac763281 status: experimental description: Detects traffic or activity related to http://115.57.167.250:44734/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.167.250:44734/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.172.69:55717/i id: auto-099566c9619fa5f0d15b9022ffa2c9419c096ec5b38cd1f3e5d0f1ab5a63d153 status: experimental description: Detects traffic or activity related to http://221.14.172.69:55717/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.172.69:55717/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.227:57571/bin.sh id: auto-a04cecfc7724d12f1c5e254d72c026364fc98b9f8f9a39d4218aa4058a6a4f86 status: experimental description: Detects traffic or activity related to http://117.209.2.227:57571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.227:57571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.165.84:52149/i id: auto-4959a258000c388e048919ca148b7c295faa229b5c653689a4f9eebdca0ba9c9 status: experimental description: Detects traffic or activity related to http://42.235.165.84:52149/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.165.84:52149/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.35.13:42535/bin.sh id: auto-90adc8e8f8ec2022ad45e4d9cb8686d919b1e0e66258f520918cc467928bf240 status: experimental description: Detects traffic or activity related to http://117.217.35.13:42535/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.35.13:42535/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.172.69:55717/bin.sh id: auto-9bb81bcb7c7851753c9c7b3cab7cc53c8d46ed81c8d7426fac9c687721b4ab10 status: experimental description: Detects traffic or activity related to http://221.14.172.69:55717/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.172.69:55717/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.102:44221/i id: auto-c4c404662af1f9fedc110ee1ca836b1e9ebec337e909583367606ed7f1e77de2 status: experimental description: Detects traffic or activity related to http://60.23.236.102:44221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.102:44221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.252.121:60747/i id: auto-ae466914ace6cff92a82b484440ce795eb3a95e49b26266862be78ef4dd9f6c9 status: experimental description: Detects traffic or activity related to http://59.97.252.121:60747/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.252.121:60747/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.215.7:59808/i id: auto-138da504d13991353c09e934a7400801ea0f55d3fc96f27ce1bae759e2b13339 status: experimental description: Detects traffic or activity related to http://115.57.215.7:59808/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.215.7:59808/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.55.249:57259/i id: auto-c1bd282a137fd452fc5b22ceac6c75629706a9b187410b8030fc85fa2d7def11 status: experimental description: Detects traffic or activity related to http://125.45.55.249:57259/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.55.249:57259/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.103.185:42271/i id: auto-490ca4e7737bec546a966ff5500a00b5f524c3c6f7242cc0062d9f75f9207f8b status: experimental description: Detects traffic or activity related to http://112.239.103.185:42271/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.103.185:42271/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.77.180.62:33521/bin.sh id: auto-3afcca005084b9320c0ffb78dcf936417d0b23b783aebd9c9c986931cc20f08a status: experimental description: Detects traffic or activity related to http://110.77.180.62:33521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.77.180.62:33521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.215.7:59808/bin.sh id: auto-d1dc772e87556f73d85ed61920363ad91affeedec94efa74df6f40a87fdbd8aa status: experimental description: Detects traffic or activity related to http://115.57.215.7:59808/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.215.7:59808/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.240.240:55411/i id: auto-e00362425c63cef68b9e2f9640e6f5f8114ad047496ec3e51a03fc95e8877e95 status: experimental description: Detects traffic or activity related to http://125.44.240.240:55411/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.240.240:55411/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.249.3:35127/i id: auto-37219151e5d6f8d1e6435f4dfe63798b47d6bb0746ad236548b01f5aaebd8988 status: experimental description: Detects traffic or activity related to http://123.172.249.3:35127/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.249.3:35127/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.37.4:37041/bin.sh id: auto-2cc4e2011630d8533578bac5de439eff84c0382056cc8bce6d73f60d9f5a27a5 status: experimental description: Detects traffic or activity related to http://125.43.37.4:37041/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.37.4:37041/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.158.115:57743/i id: auto-92ae0f2273c132fa7e4c48e9258239435112a060f00b3e407a5a440618a37bd0 status: experimental description: Detects traffic or activity related to http://123.132.158.115:57743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.158.115:57743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.55.249:57259/bin.sh id: auto-793a3e5ac880ce1f1034cfbe707af6780ede403ed1748035043554a6cbc3f872 status: experimental description: Detects traffic or activity related to http://125.45.55.249:57259/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.55.249:57259/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.167.250:44734/bin.sh id: auto-ec0c7c824db60d54e04dec39076359213b1a81c6b127d45d5221fde04b64edcf status: experimental description: Detects traffic or activity related to http://115.57.167.250:44734/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.167.250:44734/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.114.105:51709/i id: auto-77d7ab99bc07efcccd0cce14222eb0852bf0e615b91c112773202b7286962c60 status: experimental description: Detects traffic or activity related to http://115.56.114.105:51709/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.114.105:51709/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.234.147:45262/i id: auto-59a96499564243f17e8deee0db4f53c513e3e54d4987bd02207220d1359fa782 status: experimental description: Detects traffic or activity related to http://115.49.234.147:45262/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.234.147:45262/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.240.240:55411/bin.sh id: auto-ae2d8bd893a3ac02adb614bdb3e7c859ac19dd4a87e27ef63133dd6c2e52d42a status: experimental description: Detects traffic or activity related to http://125.44.240.240:55411/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.240.240:55411/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.39.225:56138/i id: auto-1f20560fdf01289972e10f87c449ea65c8ac94280879ca26905af3a578e3a028 status: experimental description: Detects traffic or activity related to http://113.236.39.225:56138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.39.225:56138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.158.115:57743/bin.sh id: auto-41b54bb64a16373146041556173e44a10c697e8125d421016d8c2cd77f33b93c status: experimental description: Detects traffic or activity related to http://123.132.158.115:57743/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.158.115:57743/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.45.241:51145/bin.sh id: auto-6dd3b75cca062b61364ce695a6ce9d54f38e4949edad0f49f0a784773202608c status: experimental description: Detects traffic or activity related to http://42.230.45.241:51145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.45.241:51145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.124.242:38752/i id: auto-2ccb223d1486746950e8211696c0713d6e28c0d7ab9f5242944e1e59e394fad3 status: experimental description: Detects traffic or activity related to http://123.188.124.242:38752/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.124.242:38752/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.172.49:60497/i id: auto-3d01780f2f81c0ff9847b251272a7fc4ef8c3d0d4868e61b5c94c9e645071d0a status: experimental description: Detects traffic or activity related to http://117.212.172.49:60497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.172.49:60497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.113.6:38778/i id: auto-919f992c87c98b83198ba901088bca2fbc49b710075bdc775dbb329a10fd8176 status: experimental description: Detects traffic or activity related to http://42.179.113.6:38778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.113.6:38778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.98.59:40076/i id: auto-6b1948e01ed9dff445b7cedad339178e7ac8baac82a807bf1c7eb2c5e4642935 status: experimental description: Detects traffic or activity related to http://42.234.98.59:40076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.98.59:40076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.234.147:45262/bin.sh id: auto-cd1d984fb8cb70d82b8b3f24a4ee1012398354b3da5f2776896a8f77c8f221e9 status: experimental description: Detects traffic or activity related to http://115.49.234.147:45262/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.234.147:45262/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.93.65:43322/i id: auto-0199a5f652bf96dcdfd3b847fcd1c500a9660e17133b0c1255f2ef5c80fb767d status: experimental description: Detects traffic or activity related to http://61.53.93.65:43322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.93.65:43322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.172.49:60497/bin.sh id: auto-c35e7ece60af51c92b0b2facaacbe4d52b5c27671fb5fac3d3032151d5518f1c status: experimental description: Detects traffic or activity related to http://117.212.172.49:60497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.172.49:60497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.124.242:38752/bin.sh id: auto-e22f5ff19637fa9b43d6f83729eead1824d80a7d41eab650f64566feb8af7702 status: experimental description: Detects traffic or activity related to http://123.188.124.242:38752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.124.242:38752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.82.0:52249/i id: auto-fa968c6ebef26c0aabe11fc8a0157a9896773f7cd877305edc0c2ec660d20ebb status: experimental description: Detects traffic or activity related to http://182.121.82.0:52249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.82.0:52249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.55.22.176:58886/i id: auto-847f6630454b5853dacb110a8aacd24160028338244d2ebdf401674e08ed0a93 status: experimental description: Detects traffic or activity related to http://190.55.22.176:58886/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.55.22.176:58886/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.113.6:38778/bin.sh id: auto-23829206649a7445b4a76ebbb47f2cd8360a32a75b3662be6e7eeec315c164dd status: experimental description: Detects traffic or activity related to http://42.179.113.6:38778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.113.6:38778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.114.105:51709/bin.sh id: auto-fd9fc40c829ffb8dbf7370cf191d1599903e8cda8a304f551674b68457a51be4 status: experimental description: Detects traffic or activity related to http://115.56.114.105:51709/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.114.105:51709/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.3.26:43184/i id: auto-92f3ce0adece688d8e1242e9600c55d062c89440dc9dfa578dd803af11e6bf13 status: experimental description: Detects traffic or activity related to http://125.41.3.26:43184/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.3.26:43184/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.82.0:52249/bin.sh id: auto-c9b53e2d1a781d1db39fbe0b2efc6aa92bf11ea94fbc5a128fa4367dc9255efa status: experimental description: Detects traffic or activity related to http://182.121.82.0:52249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.82.0:52249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.55.22.176:58886/bin.sh id: auto-d325f1583ac7e5b8fe86ed016abbc149754cf1683afc6c6bc2a8826b0758d535 status: experimental description: Detects traffic or activity related to http://190.55.22.176:58886/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.55.22.176:58886/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.26.5:39682/i id: auto-4faf7ccb584a42c90952d30ec090198522d3292db9ce5358225341663d120bac status: experimental description: Detects traffic or activity related to http://42.52.26.5:39682/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.26.5:39682/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7044575709/fWaWLIo.exe id: auto-aad26d97b7f576f0cf86ef0578daa3aa1aaaadc55a8f6f32e0572e52e9138aa7 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7044575709/fWaWLIo.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7044575709/fWaWLIo.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.3.26:43184/bin.sh id: auto-4794b37172ef2fddd0f03e1008079c9eabb155918e56387d67ebd66cf17aace0 status: experimental description: Detects traffic or activity related to http://125.41.3.26:43184/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.3.26:43184/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.153.227:43020/i id: auto-57faee0ff6a0af8a11d47c8d682f383c74152151f92e068c02d46e942663d0fc status: experimental description: Detects traffic or activity related to http://113.236.153.227:43020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.153.227:43020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.135.145:53293/i id: auto-70a11862ebb54d9e06a0219a1ec32880c4f3000e77d4510e3b74ce813ea27806 status: experimental description: Detects traffic or activity related to http://115.62.135.145:53293/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.135.145:53293/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.0.96:55161/bin.sh id: auto-e7363627ef54dcd363d16bdb869ff16c0480b276e60eee4e6a5be090f98fad7e status: experimental description: Detects traffic or activity related to http://123.8.0.96:55161/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.0.96:55161/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.190.73:50341/i id: auto-0b670f99d08a4726a8c1bbf9a5b58797ef9c9c499e857f86bd0e2454a7a7f9b2 status: experimental description: Detects traffic or activity related to http://115.52.190.73:50341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.190.73:50341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.26.5:39682/bin.sh id: auto-f1b1078afa91356b79a2e30e8dc2deff6c85eba90cc2ada692835c29208a4689 status: experimental description: Detects traffic or activity related to http://42.52.26.5:39682/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.26.5:39682/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.76.119:35988/bin.sh id: auto-72d60eaa74ec4dbfa91f989708757b0d8a959050cfe98d96df36e68a05e6b04d status: experimental description: Detects traffic or activity related to http://117.244.76.119:35988/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.76.119:35988/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.190.73:50341/bin.sh id: auto-dce5c9573547693ad2756a29633ef77b1f422c9d6bc7956e0d1e615dd9d2ba05 status: experimental description: Detects traffic or activity related to http://115.52.190.73:50341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.190.73:50341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.120.50:44444/i id: auto-4a446458b702b1c360fdd1cc579188c2b6344b6d41a9672230ed77c1d4bfde39 status: experimental description: Detects traffic or activity related to http://222.141.120.50:44444/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.120.50:44444/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.22.24:58696/i id: auto-1847f35dd920398412cce25aade02513184085fafa42ffb11938af9335f50def status: experimental description: Detects traffic or activity related to http://182.116.22.24:58696/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.22.24:58696/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.69.216:33516/bin.sh id: auto-85b629d9d829fda2f05b8b8b6929aeb3f3c3dab28e15cd4427e23de8e72327ff status: experimental description: Detects traffic or activity related to http://115.59.69.216:33516/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.69.216:33516/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.17.37:41502/i id: auto-7cdbe4fcd62159402bbb98b5718683110cf9f136eb66678ef0f007fff5905ef0 status: experimental description: Detects traffic or activity related to http://221.202.17.37:41502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.17.37:41502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1212303978/Oz1zHIP.exe id: auto-3b18f745cf6cdbcf01d7a4520c76fcf230c1520fe2219a86b7167e32a5ad2a1e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1212303978/Oz1zHIP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1212303978/Oz1zHIP.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.17.37:41502/bin.sh id: auto-aaca4818a33993487f2e4e0ba2c7aee5f7c02d87eccbb77056091a8dcf2db07c status: experimental description: Detects traffic or activity related to http://221.202.17.37:41502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.17.37:41502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.229.60.159:58639/bin.sh id: auto-b9fa9cdb97a7e681d5534b215973d4f9356d648a7683101a5b77edf429648654 status: experimental description: Detects traffic or activity related to http://81.229.60.159:58639/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.229.60.159:58639/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/aarch64 id: auto-1a841757e69f40243f2c4b9b9f7a6d5f27133705212a75726c5a077860e12fee status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.111.122:42119/i id: auto-a83559875c3abe7f2e9bfcc11d130ca9b3253a3d677806990bd845309ad134ca status: experimental description: Detects traffic or activity related to http://110.37.111.122:42119/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.111.122:42119/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.82:43946/bin.sh id: auto-247b9046d639c8e6eef5f22c7b4589caac20f7720e384755118acc8624782ab2 status: experimental description: Detects traffic or activity related to http://110.37.2.82:43946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.82:43946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.120.50:44444/bin.sh id: auto-cd6e9d94f47749eeb5625dd1661f8eea432effedeb8f2f52d9330de3863d6ab6 status: experimental description: Detects traffic or activity related to http://222.141.120.50:44444/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.120.50:44444/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.126.205:57238/i id: auto-1cfaa05ba48aa662ca5d38a5619a8160d2b2946600c7ee919f3eb0353ffc4bba status: experimental description: Detects traffic or activity related to http://110.37.126.205:57238/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.126.205:57238/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.22.24:58696/bin.sh id: auto-836891f715715b7a3d614a88ecbfbff7121c13fe12ff04ebbc2c04116ba51129 status: experimental description: Detects traffic or activity related to http://182.116.22.24:58696/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.22.24:58696/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/VGByM5O.exe id: auto-1d643566d64cac72bdc6605a366082df944e76522c74c698a69d7573a0995907 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/VGByM5O.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/VGByM5O.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.25.96:36094/i id: auto-db0aec325f0e8d11272402091685110ac0ad4be64aa6e2726f8375dd30b28e65 status: experimental description: Detects traffic or activity related to http://220.201.25.96:36094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.25.96:36094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-1key/dash id: auto-8fb8bb4ec5ebd10c227ba4ebb379444d8c6a1c54e437a425c14f146d9eb7f31c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-1key/dash which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-1key/dash*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/dash id: auto-9465d5bc9686251b4f2780178a7c2d0f6ffd8296e93ef0d9ac2b46919b970a20 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/dash which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/dash*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.134.57.125:38018/i id: auto-8f1416fe32c677e93d079192e79f6f2d5a195c6f3d2e8bf2f05367b69b40ebfd status: experimental description: Detects traffic or activity related to http://123.134.57.125:38018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.134.57.125:38018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.199.127:42984/i id: auto-45d1691b691e028ae8988524f4f0612f1d7f9155befd2d981f5edb2d9b9a0219 status: experimental description: Detects traffic or activity related to http://42.59.199.127:42984/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.199.127:42984/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.36.164:59889/i id: auto-e3948b9629809e4c22fd52610639d339e31002863159b4d99276795c1478a7aa status: experimental description: Detects traffic or activity related to http://182.116.36.164:59889/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.36.164:59889/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.110.110:48832/i id: auto-cd333d92c2735f0d43628f63c98cc65351d1562eb66cea16d83984f90d0df038 status: experimental description: Detects traffic or activity related to http://182.121.110.110:48832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.110.110:48832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.41.7:52723/i id: auto-ca96d84c036a5acceebf2f6e4d6fb4b75d370651de0d5bb335785f67075ab952 status: experimental description: Detects traffic or activity related to http://42.228.41.7:52723/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.41.7:52723/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.174.18:38876/i id: auto-e99fa84bbfc22342ac77935df057cd7c9e2c7cf9daebe07f7d4273fb673d1f70 status: experimental description: Detects traffic or activity related to http://221.14.174.18:38876/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.174.18:38876/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.253.150.138:50463/i id: auto-af368dadcf0e00c8378879d7a6010ceadfc6497f78e50762894c9a529a03d808 status: experimental description: Detects traffic or activity related to http://117.253.150.138:50463/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.253.150.138:50463/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.187.17.22:58193/Mozi.m id: auto-fec6df1803ed4d27bd0ad368528af7829c8ed81ae6ba4ff5a768363cf24b3f12 status: experimental description: Detects traffic or activity related to http://78.187.17.22:58193/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.187.17.22:58193/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.88.177:50375/Mozi.m id: auto-99f6fcb2f248a185f167f83d189ab01699b7d4e2b836b7e4133693459c39930d status: experimental description: Detects traffic or activity related to http://85.108.88.177:50375/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.88.177:50375/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:50016/i id: auto-1cd6734e51a66e06e760116ef76c248eacc08528004328f2aa7046d4fede0efd status: experimental description: Detects traffic or activity related to http://110.36.16.78:50016/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:50016/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.88.228:52481/bin.sh id: auto-37f157ac4abfe27aa02b355047f05eb19d3a94e5291e2bf3aee1caf5aac67e18 status: experimental description: Detects traffic or activity related to http://42.226.88.228:52481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.88.228:52481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.25.96:36094/bin.sh id: auto-0a26cd57d05cad937269167aa8e9524a850e2581a4d71d9138c540faa0c72d29 status: experimental description: Detects traffic or activity related to http://220.201.25.96:36094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.25.96:36094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5407123006/rU4ptB6.exe id: auto-3816a50f1b5a3a3ecadefd991ea2624b398f8423e093830e31284d537ef18aaf status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5407123006/rU4ptB6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5407123006/rU4ptB6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.186.216:41426/i id: auto-49d97a35fb4725e6feba9f82dede329cef04fc75df7a7e314ed8a5bd5afceb26 status: experimental description: Detects traffic or activity related to http://39.90.186.216:41426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.186.216:41426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.111.122:42119/bin.sh id: auto-0bf595b5fdf4eba239d9d21c99cb9cb57732b03a007704b744027067deefa2f4 status: experimental description: Detects traffic or activity related to http://110.37.111.122:42119/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.111.122:42119/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.126.205:57238/bin.sh id: auto-33eff7b8ce78e5fecd2bfa404ef748eafa7c59fd744e0516b5776e02e2e98ad7 status: experimental description: Detects traffic or activity related to http://110.37.126.205:57238/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.126.205:57238/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.26.13:47291/bin.sh id: auto-49468b2f474df99c7956b9fb49509a7450bea1c9509c9b6aac9b6dae59080177 status: experimental description: Detects traffic or activity related to http://202.1.26.13:47291/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.26.13:47291/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.155.46:37688/bin.sh id: auto-1ccd3b46da20f1aea109db125c7d35af9ea184a1e9308ea143c175fa78ceaf61 status: experimental description: Detects traffic or activity related to http://113.236.155.46:37688/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.155.46:37688/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.186.216:41426/bin.sh id: auto-8ea08dcbd307cf53cc868e09e42d1b2bb58cb3d9b18a0ccd6d6eff8775930df4 status: experimental description: Detects traffic or activity related to http://39.90.186.216:41426/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.186.216:41426/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.99:50541/bin.sh id: auto-900731ec8cadec6503293205a84b9e68689e5958f30f362da147b69bfa5590c6 status: experimental description: Detects traffic or activity related to http://110.37.104.99:50541/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.99:50541/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.174.140:47403/i id: auto-006a14a949d625554a000ee5552dae117bd45416231dc5cbc8e7b16131d5c90d status: experimental description: Detects traffic or activity related to http://219.156.174.140:47403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.174.140:47403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.159.160:50619/bin.sh id: auto-73bc4ce7eae59505bd85bcbaa963ed94707a09145ac9ca38235b2fb282f8f231 status: experimental description: Detects traffic or activity related to http://119.116.159.160:50619/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.159.160:50619/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.153.52:57094/i id: auto-244d952e702c423595fad733e443ed7851655ad807a88d8e9c62bd7887b20f32 status: experimental description: Detects traffic or activity related to http://42.230.153.52:57094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.153.52:57094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.2.111:36929/i id: auto-0f83620b67d81297b65a5f0e6b493bc2cf37ae4956e7947a353520e3521e05a1 status: experimental description: Detects traffic or activity related to http://125.41.2.111:36929/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.2.111:36929/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.174.140:47403/bin.sh id: auto-de64f49debd272630a4d183673822a7b62b86ea9f7e04d02e41f5fb828b24650 status: experimental description: Detects traffic or activity related to http://219.156.174.140:47403/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.174.140:47403/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.31.118.136:32787/i id: auto-9aab9de35275c7d9089438b2438ec756d72803a1a9302f4fa13099ff7f428c5b status: experimental description: Detects traffic or activity related to http://31.31.118.136:32787/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.31.118.136:32787/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.2.111:36929/bin.sh id: auto-992d4ccbe7b025dc2137a2d72c05a1e3c9b8e3a9bfc3a63ae2ca1716874a384d status: experimental description: Detects traffic or activity related to http://125.41.2.111:36929/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.2.111:36929/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:37349/i id: auto-fe6afe2e774dd9c136021189699b79a32fe147930b3e4bff1aff764c4062e442 status: experimental description: Detects traffic or activity related to http://74.214.56.173:37349/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:37349/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.119.86:48807/bin.sh id: auto-3a97dd238ae3cd7feba6da2a313c1d1705ebc46a58c8090b348acaa1bdfaf0e2 status: experimental description: Detects traffic or activity related to http://182.116.119.86:48807/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.119.86:48807/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.230.58:34632/i id: auto-556ecbb69adbbe0d63e3c1ec4a0405828b370fc6a7d1dff93f1f3549402f919a status: experimental description: Detects traffic or activity related to http://42.232.230.58:34632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.230.58:34632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/Wnp3t9q.exe id: auto-35fdd5fb20c0b9ea551dbda6be970575745364036ce8aa33d482449acd657703 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/Wnp3t9q.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/Wnp3t9q.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.91.87/download/protection.exe id: auto-bf710208c590312e0ff6becb78d127c38a991b6549f1724777bb902742380dc6 status: experimental description: Detects traffic or activity related to http://144.172.91.87/download/protection.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.91.87/download/protection.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.209.141:42107/i id: auto-3e00d89f1d899bc45ee6ed9f09b12624e2c5d9957d52ef52063f205ca93ed493 status: experimental description: Detects traffic or activity related to http://221.202.209.141:42107/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.209.141:42107/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:37349/bin.sh id: auto-fba8175c0fb5991607217ff161166216e8558c34cc52779080ff6345fbe03989 status: experimental description: Detects traffic or activity related to http://74.214.56.173:37349/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:37349/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.230.58:34632/bin.sh id: auto-4719f953982347b3ec7a7e5c18393929d4c2cb4d703acd50f15bf0de8408ee52 status: experimental description: Detects traffic or activity related to http://42.232.230.58:34632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.230.58:34632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.113.32:51838/bin.sh id: auto-18a0014138a35e865ca7908ed270ece3ab9a45673f7341203f6825adfe65feaa status: experimental description: Detects traffic or activity related to http://115.61.113.32:51838/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.113.32:51838/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.186.61:35330/i id: auto-a1406fe1433e6135915d59c27280e3466b00464257c95098bb56ba0e0f4a8744 status: experimental description: Detects traffic or activity related to http://61.52.186.61:35330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.186.61:35330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.50.153:55641/bin.sh id: auto-02285af56c1a9c1096325f0f672eb1f93ec5eba823e58fdf5ffe797e0a6d773f status: experimental description: Detects traffic or activity related to http://123.14.50.153:55641/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.50.153:55641/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.209.13:52360/i id: auto-9b178e8e8398233a3e3752736076a8e81bf4abccabeed5b687d0577d6e50da81 status: experimental description: Detects traffic or activity related to http://125.44.209.13:52360/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.209.13:52360/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.191.32:47810/i id: auto-a83669217b07e6761ff77afebe4417f30fbca3529353f3b9d67ac6b502193c15 status: experimental description: Detects traffic or activity related to http://112.248.191.32:47810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.191.32:47810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.226:39218/i id: auto-75d3d53cf54b322bf9a3d2c6a0a13b6cf41fd394d36b3539b33c0acc60554d71 status: experimental description: Detects traffic or activity related to http://61.53.84.226:39218/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.226:39218/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.191.32:47810/bin.sh id: auto-f185427756a4375536dbd8af06e255f40c604fe9e15ead2cd2b3ae64173bb5b5 status: experimental description: Detects traffic or activity related to http://112.248.191.32:47810/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.191.32:47810/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.240.172:38101/i id: auto-8d326f8c93752871744092a70412bc7ed28199450643c8e8d80a48548aed62be status: experimental description: Detects traffic or activity related to http://119.185.240.172:38101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.240.172:38101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.31.118.136:32787/bin.sh id: auto-5a360f8bcbf89f54e5f5b8749d6b60457323bf0ba468abac36dc2575e6001aa6 status: experimental description: Detects traffic or activity related to http://31.31.118.136:32787/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.31.118.136:32787/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.209.141:42107/bin.sh id: auto-679ae1c46f4f6099bd6f107123613b03d70757e4d4ec47590757afce3c7c7b56 status: experimental description: Detects traffic or activity related to http://221.202.209.141:42107/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.209.141:42107/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.125.73:53738/i id: auto-d0ca3fb17212c330bf0c0131e392c94f16bc38ee2682cab519e71dccc18c1b0e status: experimental description: Detects traffic or activity related to http://175.165.125.73:53738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.125.73:53738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.64.192:38806/i id: auto-3b5f473029b2859150e0603971c3d5f26602364ad9fbd9e95de480841430a163 status: experimental description: Detects traffic or activity related to http://219.156.64.192:38806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.64.192:38806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.165.84:52149/bin.sh id: auto-b8f3a3349f61b73bc30d3db4d6c18f38dd9ad50a9cb221ba6d51f13a58991a3a status: experimental description: Detects traffic or activity related to http://42.235.165.84:52149/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.165.84:52149/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.186.61:35330/bin.sh id: auto-506a074ab3de32dfa562d1113217ac6123db26c3f93492fa707d8f7f20c339ba status: experimental description: Detects traffic or activity related to http://61.52.186.61:35330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.186.61:35330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.163.159.44:39754/i id: auto-0a708914fc10436934d597a63cd204931b50a8389e279c2923dac907801dc5a8 status: experimental description: Detects traffic or activity related to http://61.163.159.44:39754/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.163.159.44:39754/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.103.129:60585/i id: auto-56882dd99624126ca163bce7db9a7b5594c8cc7b84801d3bfc3ecd8400eedfa6 status: experimental description: Detects traffic or activity related to http://115.51.103.129:60585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.103.129:60585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:55778/i id: auto-e77aef9a2cf806d3f76a3da84be81eb7373cd116ab78cb7b85fe4c5399a655af status: experimental description: Detects traffic or activity related to http://118.232.137.101:55778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:55778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.167.207:51328/i id: auto-19b916da893cc4f733a4af3c055c70adfadcedcf6505e485276f0979983beba3 status: experimental description: Detects traffic or activity related to http://115.54.167.207:51328/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.167.207:51328/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.76.58:47618/i id: auto-2e4ba84bce75f41a26414cd8a2a8dfec960ad691ab33f62a22955df5548162db status: experimental description: Detects traffic or activity related to http://61.52.76.58:47618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.76.58:47618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.226:39218/bin.sh id: auto-a9409afa67e84c4c41549328bcd2ab9824ea1c0a003a723d26014b6523fe1c05 status: experimental description: Detects traffic or activity related to http://61.53.84.226:39218/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.226:39218/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.240.172:38101/bin.sh id: auto-89cae3f66fab43dbe4a7419b9345c76c8a1ea1933a3f621541190608e57a3a2e status: experimental description: Detects traffic or activity related to http://119.185.240.172:38101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.240.172:38101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.17.155:35533/i id: auto-56b37dcb07a49b2a7fba4dc68cb75f468efa58e33a3fcf541f0b8d5c48861b24 status: experimental description: Detects traffic or activity related to http://110.37.17.155:35533/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.17.155:35533/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.243.238.194:54188/02.08.2022.exe id: auto-c79a854342165f3c2985f05b32bb2de9eea358e13dac16fe9fab3e9b285e38b2 status: experimental description: Detects traffic or activity related to http://47.243.238.194:54188/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.243.238.194:54188/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.239.213.91:52200/i id: auto-2fd16660dafc509ffccda79d7290f4cce661b778cf93e3dff2b55b33827c3ba2 status: experimental description: Detects traffic or activity related to http://5.239.213.91:52200/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.239.213.91:52200/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.37.238:85/sshd id: auto-2282f18d3f57b836ea4136146b069db19e24cde3a9edb50042cb6eac9eb97fa6 status: experimental description: Detects traffic or activity related to http://120.157.37.238:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.37.238:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.207.144.126:34930/i id: auto-9cb7e1e171786e048b84874726ccb71ffd0af1587858860ac24834c9b80937a7 status: experimental description: Detects traffic or activity related to http://187.207.144.126:34930/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.207.144.126:34930/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.33.19:8081/sshd id: auto-49045cfc343a2fd9278b4caa0cb2b674080d5faf9053d4ecf930c33f8191b365 status: experimental description: Detects traffic or activity related to http://41.146.33.19:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.33.19:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.30.156.21:8082/sshd id: auto-0e8642d7e1f22d748c27d825d6c0f510bad3ed63337d8deadb3014f5e280e066 status: experimental description: Detects traffic or activity related to http://188.30.156.21:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.30.156.21:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.30.156.21:8083/sshd id: auto-b9aac3645f8209a9d89665f67d22e6f8e43785c796922bb9927e7109c7b18c82 status: experimental description: Detects traffic or activity related to http://188.30.156.21:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.30.156.21:8083/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://157.15.112.45:37654/i id: auto-6df234aa45685c332222fa0c29587e5fbc9365bfadd457cafa868b1683b4427d status: experimental description: Detects traffic or activity related to http://157.15.112.45:37654/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://157.15.112.45:37654/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.101.40.118:15433/i id: auto-98d13bc44cd17afd6ad6156a820edafa143dede43ffbb671bea97d8c800697a9 status: experimental description: Detects traffic or activity related to http://177.101.40.118:15433/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.101.40.118:15433/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.236.165.78:12958/i id: auto-bfc70b1d8be751f06d59682aa0c8622738bf2fbb887d650e1464fc3eebbfc5f8 status: experimental description: Detects traffic or activity related to http://46.236.165.78:12958/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.236.165.78:12958/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.179.152.235:8081/sshd id: auto-0972a78098963050f8741d01987a060710505df2e41af6d501f79ac0760e34fb status: experimental description: Detects traffic or activity related to http://14.179.152.235:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.179.152.235:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.110.173:85/sshd id: auto-847d1d2889a1cf9d86b8c17aba596373d151fbb2bf7144aebb693e374a57218b status: experimental description: Detects traffic or activity related to http://123.209.110.173:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.110.173:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.146.33.19:8083/sshd id: auto-6738b625e4e1a7f868d49c0fd97bef8026682fb473991232557ef85c70ad5388 status: experimental description: Detects traffic or activity related to http://41.146.33.19:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.146.33.19:8083/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.15.165.148:23209/i id: auto-3c3c6996c414d3956cb1cab7aafcf75a0a58cd7df063d919243b1a52c36611c2 status: experimental description: Detects traffic or activity related to http://223.15.165.148:23209/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.15.165.148:23209/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.55.251.22/sshd id: auto-904ae84e1a095dc49d7566f414833449003a5f739ae06a7824a7cf9abaebd948 status: experimental description: Detects traffic or activity related to http://178.55.251.22/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.55.251.22/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.120.34:85/sshd id: auto-2e8e590208c6a00d756cf750bb473343351ddb7982b6ed5b68b9b4831603232b status: experimental description: Detects traffic or activity related to http://123.209.120.34:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.120.34:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s80-ap-k56/eut11 id: auto-9a1bf744e8d9c5b58d6797034277efb5e74a64d4c643d8607753eb2d06436aae status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s80-ap-k56/eut11 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s80-ap-k56/eut11*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.103.129:60585/bin.sh id: auto-801624ad7b963c3f77e8bbc4e83d6cbdc473af5b611389260fe0318789fc713e status: experimental description: Detects traffic or activity related to http://115.51.103.129:60585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.103.129:60585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.64.192:38806/bin.sh id: auto-a298164bf08e70a3262d1f66e366880ee2fa8535b8a9e9853076bc40734ec6ac status: experimental description: Detects traffic or activity related to http://219.156.64.192:38806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.64.192:38806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.163.159.44:39754/bin.sh id: auto-7748c5cb745de296f4ac1dc20e52ad01b95dc40aba6717a9dc8ef6b330491bcf status: experimental description: Detects traffic or activity related to http://61.163.159.44:39754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.163.159.44:39754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.167.207:51328/bin.sh id: auto-f9ac6a6fd60db4c5e9c85126da22d9b71aa269e5f0e01f1bded8a88ef38ea405 status: experimental description: Detects traffic or activity related to http://115.54.167.207:51328/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.167.207:51328/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-e306adc6127c4521869ba034f1b34502.r2.dev/EnterpriseElectricalReview.exe id: auto-2ebc7195841d7a1d9829f021116ee6b219225e55442df9a30472120af8027509 status: experimental description: Detects traffic or activity related to https://pub-e306adc6127c4521869ba034f1b34502.r2.dev/EnterpriseElectricalReview.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-e306adc6127c4521869ba034f1b34502.r2.dev/EnterpriseElectricalReview.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s01-k17/eno80 id: auto-37df5c7f501acaa7eb1e1f769e72b92848b40701923c6192867f42ee31d9ce90 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s01-k17/eno80 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s01-k17/eno80*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/EsSLuZk.exe id: auto-14b7df647c0d8a55a384d38e464c1ec5f6585b6cccd86e6085c65c8b5c64aa21 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/EsSLuZk.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/EsSLuZk.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.76.58:47618/bin.sh id: auto-3866bae3ceac56801f3927a0b92fd3157446cc071d8a350f90591d04b9614083 status: experimental description: Detects traffic or activity related to http://61.52.76.58:47618/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.76.58:47618/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.125.73:53738/bin.sh id: auto-1c8d166620d627194c6e4d6948b46fdb7141da4f7cb2c2994cb0c829fec20f6c status: experimental description: Detects traffic or activity related to http://175.165.125.73:53738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.125.73:53738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-ap20-s01/bep10 id: auto-4fc4f7eaf1ff92d8241b659397cba7c4fcea78b0e944df29881a2813adbe3604 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-ap20-s01/bep10 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-ap20-s01/bep10*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.54.56:50995/i id: auto-904d7246a09e4cbfe690972d9e697e80ec1462acdfa451db915b8a7a7cbc6231 status: experimental description: Detects traffic or activity related to http://42.230.54.56:50995/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.54.56:50995/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.232.2.110:38101/bin.sh id: auto-b18950898c597b6ca7ca1dbb345898d4110e4e2d00144aa433896465af9febe8 status: experimental description: Detects traffic or activity related to http://117.232.2.110:38101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.232.2.110:38101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.79.114:33642/i id: auto-40a06fde724d2ae89fe2ebde96d5f045ffff44f40bd4a2a92cc0cda2f497feb5 status: experimental description: Detects traffic or activity related to http://123.172.79.114:33642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.79.114:33642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hehejj.shop/TikTok18.apk id: auto-c1df31346d9e27bb36859acb70f75f8f9981895af980f9ce21bb6e7307793d69 status: experimental description: Detects traffic or activity related to https://hehejj.shop/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hehejj.shop/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://helpdps.site/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-2887578a5eaf72a65a0523ccaff95374c10b0872575b1b32014a015bd4c276f7 status: experimental description: Detects traffic or activity related to https://helpdps.site/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://helpdps.site/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8042875554/spYZBf7.bat id: auto-c08c1c3c1a1c9462af0065b6dfa3e6af4a780002aaf601093435b8c8a82ee0a3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8042875554/spYZBf7.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8042875554/spYZBf7.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://exodus-io.io/exodus.exe id: auto-16052bda4c748b7b9fe948d58ceda5392facfabebd56a9ea56661b400d8569a9 status: experimental description: Detects traffic or activity related to https://exodus-io.io/exodus.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://exodus-io.io/exodus.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vetervsn.sbs/TikTok18.apk id: auto-343fff06b7ec8f81f858d29ede39a7352895097905fc3d560e901f6fd87bc826 status: experimental description: Detects traffic or activity related to http://vetervsn.sbs/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vetervsn.sbs/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://tokistuku.shop/TikTok18.apk id: auto-6cb8212b7e0089a23e7ace048fb84512254d7801c8e769425868a9e070a6daff status: experimental description: Detects traffic or activity related to http://tokistuku.shop/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://tokistuku.shop/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cloudy-verification.com/cloudfa id: auto-8a3c01dc9bcdd5103cb42b846cc5d5e877fdf907ad87544852c0649d6ee76681 status: experimental description: Detects traffic or activity related to https://cloudy-verification.com/cloudfa which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cloudy-verification.com/cloudfa*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.17.155:35533/bin.sh id: auto-c3b84e2055b8b7faa2ecbc86656fbfab1672e2dde902d0d0a9589def786da5d2 status: experimental description: Detects traffic or activity related to http://110.37.17.155:35533/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.17.155:35533/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.132.186:50071/i id: auto-dd120c1473eb6ebe71efa3b2339384b1677b1516097daadeb6168b84810d56e7 status: experimental description: Detects traffic or activity related to http://219.157.132.186:50071/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.132.186:50071/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.227.200:54078/i id: auto-854845c2086a3bf2f4b17c825aa564c3973c1b7af31f0a54fabfc7671dfec47a status: experimental description: Detects traffic or activity related to http://42.58.227.200:54078/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.227.200:54078/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.227.200:54078/bin.sh id: auto-e66786fe30ddad8a24d83c849250cdb8a3e84f5868b999e0c12bec4d434f9878 status: experimental description: Detects traffic or activity related to http://42.58.227.200:54078/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.227.200:54078/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.54.56:50995/bin.sh id: auto-2f4dea88fe491c167beff17f0227206ef150f747f3061f05b18f42780547419d status: experimental description: Detects traffic or activity related to http://42.230.54.56:50995/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.54.56:50995/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnriscv64xnxn id: auto-16c18d01bf175dbb79239b0d28f014208d93163b52417cae7989d0cf1d5c44e5 status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnriscv64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnriscv64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnaarch64xnxn id: auto-d017f2a68d9c37b58fd3efa037a6c1b0f18a20f918e6971692d5d5974a36fa5e status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnaarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnaarch64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnmipsxnxn id: auto-12b86b53ce382bbbc9b802bea732b1fb9ed98c7bd35fae6ab1e5a553fff9a4a7 status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnmipsxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnmipsxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnpowerpcxnxn id: auto-f648add3a815095a58c750a1af45a632323fec0d490d80cc77809ec7b1252ada status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnpowerpcxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnpowerpcxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnloongarch64xnxn id: auto-e4fac2efc99f2db43038af3f749e85a2eab12d6e93e02fde16792307e7388d4c status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnloongarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnloongarch64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxni386xnxn id: auto-25377539881575ac9bd64d477f24e64102006802d04cd37ea514a05d4edad6bb status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxni386xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxni386xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnor1kxnxn id: auto-158fd9a06c2c22a80fd5e847bdc45ac2bfb2c20ea46d265c5f5b9cc076ad2b3f status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnor1kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnor1kxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnriscv32xnxn id: auto-3c3775f21c722f98adecd9ff6e15ca2c7f6fd237df2700db6cf7a26e06536f11 status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnriscv32xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnriscv32xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnsh4xnxn id: auto-84775f010dd1cad7191596baad3b9b9a9511e7c534f7ca8fc43681570a7a0f20 status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnsh4xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnsh4xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnm68kxnxn id: auto-ae3e95ac6f407bf6bf0e090a9096406e533f8e4507942bb5f93a36af63c8c9df status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnm68kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnm68kxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnmicroblazexnxn id: auto-aac30c89f5f5f060639157b48915508dff8e812118de89cbbea39b9f9070eefe status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnmicroblazexnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnmicroblazexnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnsh2xnxn id: auto-8caeba401566cd93e76d69ab7da223d675e8d7595d61c26278bed7573534919e status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnsh2xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnsh2xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.112.157/bins/xnxnxnxnxnxnxnxnx86_64xnxn id: auto-105ebc13b1abc51e1d35b88a1f1a6bac755c9fa11eca273549043c28db595daa status: experimental description: Detects traffic or activity related to http://94.156.112.157/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.112.157/bins/xnxnxnxnxnxnxnxnx86_64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.120.179:47450/i id: auto-59c7807371e68bec258e15b32fd4ace5bc4afc63197f411bfb1e302ac55071fc status: experimental description: Detects traffic or activity related to http://175.166.120.179:47450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.120.179:47450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://90.174.92.184:13394/.i id: auto-a293ce7a23c00a4dee51113b9cf176168f00fb2f0fa74bd60b0b70668f10e26b status: experimental description: Detects traffic or activity related to http://90.174.92.184:13394/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://90.174.92.184:13394/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:55778/bin.sh id: auto-fe878205a538832187b341196f702e1eda31ed67b2790beeceb79a7e761d950a status: experimental description: Detects traffic or activity related to http://118.232.137.101:55778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:55778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.98.236:50756/bin.sh id: auto-0439d041613f0e48f029aa0fea19e2611920c42b1da0074b5b81553aab892c4b status: experimental description: Detects traffic or activity related to http://202.107.98.236:50756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.98.236:50756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.110.124:47390/i id: auto-553f459d4d30812eb6f53a6c12f4e2040d42a14eec1b640e5941eadb5cbea7a4 status: experimental description: Detects traffic or activity related to http://27.215.110.124:47390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.110.124:47390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.205.142:57084/i id: auto-59e33dff5dd2cf3eecfa472e723833f3399093e5fbbd05eca5ff7507aac62e00 status: experimental description: Detects traffic or activity related to http://175.146.205.142:57084/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.205.142:57084/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.200.55:44958/i id: auto-601c70c498f57217751956a2d99844d560d4b5252c91e08e095e5fee1ca7cec2 status: experimental description: Detects traffic or activity related to http://42.230.200.55:44958/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.200.55:44958/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.89.234:37489/i id: auto-26572fd5fc8af30b8b63635ac2815be7e717579bbf5d688350672af368fb32ac status: experimental description: Detects traffic or activity related to http://42.52.89.234:37489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.89.234:37489/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.48.239:40381/i id: auto-97381a1f0bc4872d5b288fb8163796ae07d8104f6bba4b1447b1ca3a23021d2c status: experimental description: Detects traffic or activity related to http://125.45.48.239:40381/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.48.239:40381/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.66.192:38531/bin.sh id: auto-90b9522c5a4a4eaf1cd1c2cea6f165466183ab6b0b8753660eb181eba1de7bd4 status: experimental description: Detects traffic or activity related to http://182.126.66.192:38531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.66.192:38531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/l89Sfic.exe id: auto-27ab79a7f0c1af6c328c6e0a14cc67786fb6b16485074f1725c8505cb31ed1e1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/l89Sfic.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/l89Sfic.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.57.7:34221/bin.sh id: auto-0704851224f4717df73949e17c4cff75f4dc8aad696a40087aaff08790d7107c status: experimental description: Detects traffic or activity related to http://113.221.57.7:34221/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.57.7:34221/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.248.23:48191/i id: auto-7d3b3b811839ad709ce81284128803212e1b93dc68cfb7a09d35767b2d1a8d7b status: experimental description: Detects traffic or activity related to http://59.184.248.23:48191/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.248.23:48191/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.130.124:40366/i id: auto-42ff37b834adbe0c58b0786a84c3d1023e995658d275c290f185d7e8690b5dc9 status: experimental description: Detects traffic or activity related to http://182.115.130.124:40366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.130.124:40366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.205.142:57084/bin.sh id: auto-6f19cc799395a37c179a932f91ea2bbd96f58252dc14d337e901c7d38fcd6bb4 status: experimental description: Detects traffic or activity related to http://175.146.205.142:57084/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.205.142:57084/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.89.234:37489/bin.sh id: auto-b84c5531cac793faad52b2f91c6e60770476755526e45ff1ff388161bbe53a7a status: experimental description: Detects traffic or activity related to http://42.52.89.234:37489/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.89.234:37489/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.200.55:44958/bin.sh id: auto-9db1fc66bf16b7039f06103fccc1ba42ace019de17159979c0c277ba5385d589 status: experimental description: Detects traffic or activity related to http://42.230.200.55:44958/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.200.55:44958/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.246.88:39257/bin.sh id: auto-70861afe5b83f8f24571161132f1ab146fba6aaf9c77c94aa699e172a45e6992 status: experimental description: Detects traffic or activity related to http://182.126.246.88:39257/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.246.88:39257/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tokityki.shop/TikTok18.apk id: auto-d5d3294f6e9d2ff406fcfb824e47b886510d5a1b0817ba15701c680ede05c80a status: experimental description: Detects traffic or activity related to https://tokityki.shop/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tokityki.shop/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://robinjsb.sbs/TikTok18.apk id: auto-0c486334b2dca3e972dc849ca4f1e8786a76cc663d4c3f6cc4a427f8744599aa status: experimental description: Detects traffic or activity related to https://robinjsb.sbs/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://robinjsb.sbs/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://barandis.sbs/TikTok18.apk id: auto-d16774dda1481d32af5353d2c5e333eb44a2d0e6ff5e7d3fee12246926ccf99d status: experimental description: Detects traffic or activity related to http://barandis.sbs/TikTok18.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://barandis.sbs/TikTok18.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.11.196:50532/i id: auto-27d53a0f64f5130f06fadfb0872985b0624758bd79ef87fcd0593e25d78ac8f9 status: experimental description: Detects traffic or activity related to http://125.45.11.196:50532/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.11.196:50532/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.247.136:45112/bin.sh id: auto-fb5f06335b442e2d5f6be68ffc938c63f63c4202d525a1b6606e06fa4e8392c6 status: experimental description: Detects traffic or activity related to http://119.116.247.136:45112/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.247.136:45112/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.44.29:53597/i id: auto-f06e1d502a2423ee58354c7a70735a76117f419848b4b2e2bb72833422bc9e7a status: experimental description: Detects traffic or activity related to http://115.55.44.29:53597/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.44.29:53597/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.57.7:34221/i id: auto-cc331e9e3446429509387fd1328ae6ff6b09c069b6bc138f3ce87804a9a03c77 status: experimental description: Detects traffic or activity related to http://113.221.57.7:34221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.57.7:34221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.248.23:48191/bin.sh id: auto-788e11a8d4189cf89a801257fe597c2b86bae1b684d6ffc8a88645847bcce2a1 status: experimental description: Detects traffic or activity related to http://59.184.248.23:48191/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.248.23:48191/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.121:38321/bin.sh id: auto-0dbbefd75d6306b640a10e014657deb86f32a8da788aa89989b6148080c5cfda status: experimental description: Detects traffic or activity related to http://110.37.102.121:38321/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.121:38321/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.144.107:39845/i id: auto-263c73b0cbb25aaf537422ee2af7d33f1c824755d46c67a4e4c1b0f363e258d3 status: experimental description: Detects traffic or activity related to http://123.5.144.107:39845/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.144.107:39845/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.94.58.172/bins/loligang.mips id: auto-c15b4678c21f134f4514dae874b102534a29ab350d065239badab1ca70ddae14 status: experimental description: Detects traffic or activity related to http://130.94.58.172/bins/loligang.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.94.58.172/bins/loligang.mips*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.179.30:33068/i id: auto-0aacb3b3392459330a3c88c4a937d03f1ab549a8b725b23dc358c9b6df86b9f4 status: experimental description: Detects traffic or activity related to http://182.119.179.30:33068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.179.30:33068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7467956971/bgIzcNk.exe id: auto-8439783f28fc5b3c04e19ec8078bba451054dfe15e90cf77d8a954b738ab50b5 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7467956971/bgIzcNk.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7467956971/bgIzcNk.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grufuncinlhar.floresflorcravovermelho.cfd/ id: auto-6e2e8e769f387492775eae19d2758ad1458ff1d7e24ee80213ed3d57331a16a4 status: experimental description: Detects traffic or activity related to https://grufuncinlhar.floresflorcravovermelho.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grufuncinlhar.floresflorcravovermelho.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.97.165:60344/i id: auto-1e9487d301c199b73ded717681cef0470ca2b1c701f6e5a5c01fb718d075ced8 status: experimental description: Detects traffic or activity related to http://116.138.97.165:60344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.97.165:60344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.9.81:33233/i id: auto-100faf0d39492951b8d4e9d1bba9e5c71758a5c69e530042a14e31666c315c4a status: experimental description: Detects traffic or activity related to http://42.54.9.81:33233/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.9.81:33233/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.30.61:44820/i id: auto-61202f444e83410c99ae380d352a2fdf02ea23100e623aece1fe4155dcc2e231 status: experimental description: Detects traffic or activity related to http://117.212.30.61:44820/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.30.61:44820/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.34.69:42869/bin.sh id: auto-f180d8e155ee8397ab0ee8dd65833dca0d55de35c82ee27c018381e92bc5344e status: experimental description: Detects traffic or activity related to http://42.85.34.69:42869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.34.69:42869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.75.198:48207/i id: auto-fff5b5d03578b4b33dfb898365f991d6272e12700383e8783bbe7c4ffa4de00c status: experimental description: Detects traffic or activity related to http://119.117.75.198:48207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.75.198:48207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.44.29:53597/bin.sh id: auto-8fbbb27023dd1e168e5bfb73386165051f2833574e65bb90fd779889e3dbde64 status: experimental description: Detects traffic or activity related to http://115.55.44.29:53597/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.44.29:53597/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-200-fd-cloudi/gds10 id: auto-4710175fd88d044928c47e3cccf628d8bb613f232ffc6dcdd4165e27554b7466 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-200-fd-cloudi/gds10 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-200-fd-cloudi/gds10*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.179.30:33068/bin.sh id: auto-2467d5326c9ba2e453e752c9e132d91d7226b8c5b1b2554ccb7c9917df0aada1 status: experimental description: Detects traffic or activity related to http://182.119.179.30:33068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.179.30:33068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/70op id: auto-c42db5b51f6612fa2419755059ce8eb19f66dd463960e7d35f9e304f357bd2cc status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/70op which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/70op*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7983541316/wB4Hbjy.exe id: auto-5fea44ce9c525e70f992fd83142616ec07632ca11fb967fe790d6835118eff06 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7983541316/wB4Hbjy.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7983541316/wB4Hbjy.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/Z29uFrq.exe id: auto-679169f9aa9fa5291dbe6341edb4ae7ba9abe6476ea081414b2c40158a520473 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/Z29uFrq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/Z29uFrq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.93.63:46143/i id: auto-c4357eecd8b0553ddf2ee0ae48215adc83cbf85acf7c30bb6f1870b39b0fa134 status: experimental description: Detects traffic or activity related to http://222.137.93.63:46143/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.93.63:46143/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.15.36:59872/i id: auto-cd6706006f4e73b036c79a0855af043280ac8cff2a0e1813b6d0b8701278867f status: experimental description: Detects traffic or activity related to http://115.51.15.36:59872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.15.36:59872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:45869/i id: auto-ec71878e9f83e6824a675afa5a88e7d2062dd899abf158b32d0952e44014424d status: experimental description: Detects traffic or activity related to http://110.36.29.76:45869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:45869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.40.83:40246/i id: auto-b626066fb3558c5fcd44413a0218eac0b41a18edd60f1ca9449525a61830e23c status: experimental description: Detects traffic or activity related to http://182.121.40.83:40246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.40.83:40246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.75.198:48207/bin.sh id: auto-dbab765b03f0397732f7121e72176a293854bcbb92c66a8c6955cc76028b330b status: experimental description: Detects traffic or activity related to http://119.117.75.198:48207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.75.198:48207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.78.189:34200/i id: auto-aefd8d36be236f3ab20862411e0322c50c5e223298c09d1143d017e6d21f6e8c status: experimental description: Detects traffic or activity related to http://59.94.78.189:34200/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.78.189:34200/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.183.85.228:48167/i id: auto-ecf9af12cb7d0b74c33e58f01460360a68b89551097362bdcbd957d8a9800a66 status: experimental description: Detects traffic or activity related to http://2.183.85.228:48167/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.183.85.228:48167/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.85.91:35698/i id: auto-a8e27cc1e54ad8ebe5ccfd54950a7ff704a3bcb215f68dc8e586400dbbede39a status: experimental description: Detects traffic or activity related to http://125.47.85.91:35698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.85.91:35698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.99.51:50652/i id: auto-6329d9937958b4c69d27ab6b58669d1724743b522772e212f32296987d3966de status: experimental description: Detects traffic or activity related to http://110.37.99.51:50652/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.99.51:50652/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.108.92:46937/i id: auto-bcdd4afa40ef41047b47e2cce7ab1a6a904e7a499bc440904a30ebf499fbc7f8 status: experimental description: Detects traffic or activity related to http://123.13.108.92:46937/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.108.92:46937/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.61:55998/i id: auto-f829079aec9f7fdc69afed554faf784d1edd66a2a34e0644133a4faa39b6dd0b status: experimental description: Detects traffic or activity related to http://110.37.55.61:55998/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.61:55998/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.30.61:44820/bin.sh id: auto-07474957a301296294f2bff59d2a7e742e46c9ba35aa8e369ac934c681846928 status: experimental description: Detects traffic or activity related to http://117.212.30.61:44820/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.30.61:44820/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.228:49920/bin.sh id: auto-aa456ebad9605bf59fdb467ec888eac6c1a24335e54bb52715c8e732b48c01b8 status: experimental description: Detects traffic or activity related to http://119.179.252.228:49920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.228:49920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.232.167:36509/i id: auto-ebd976bd2a8c25754d46356585e201b27c62860ea7a1e19416cbf56b215f4e84 status: experimental description: Detects traffic or activity related to http://123.4.232.167:36509/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.232.167:36509/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.83.224:45080/i id: auto-835abfeba3685dc05662786dfc80a604a82d0227df7f20e03d24ad6a72f6af1c status: experimental description: Detects traffic or activity related to http://182.127.83.224:45080/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.83.224:45080/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/pm45 id: auto-e3609f93a7c798f791ffef92a273719aaf50db410c2e719bb123b56f2c46b555 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/pm45 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-300-s46-k127/pm45*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/946643047/9H6uXXT.exe id: auto-9dba0ffd7434223bef3bf2bf0e08c0cdc7e37a53f1d1974c669877807953acdc status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/946643047/9H6uXXT.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/946643047/9H6uXXT.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/set29 id: auto-b43b998df48f074eccd1074a93abde6bba6bce684cd9545b14e6715dfb0d754e status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/set29 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/set29*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8089806195/kKMMRkd.exe id: auto-ee943385bd4c50d776858a94f4c11bdc2d53e604214a9742e015936d6b9dacea status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8089806195/kKMMRkd.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8089806195/kKMMRkd.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.184.211:37281/i id: auto-c4e861b199f21d39a5c1cd20975075275a1d4754a37861f6e6b4f7eca951484e status: experimental description: Detects traffic or activity related to http://123.5.184.211:37281/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.184.211:37281/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.81.13:46127/i id: auto-c0d492a08270f0436a73fca973ee99005d0d80eea033ac4db8ec07b59d8a3e59 status: experimental description: Detects traffic or activity related to http://39.86.81.13:46127/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.81.13:46127/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.84.18:44995/i id: auto-97ad917549e8d72f0a4d11962f6b9f0b70ac44633042edb8d717d2db53792bf3 status: experimental description: Detects traffic or activity related to http://117.200.84.18:44995/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.84.18:44995/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.69.216:33516/i id: auto-54a6ccbe9c18679de1070f0cd7f657d3ec1fa2145dcadc02408b2bba0c5eecde status: experimental description: Detects traffic or activity related to http://115.59.69.216:33516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.69.216:33516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/yo100 id: auto-776f6ad897a8f1b6ba08f5f8bac302676cc72d8730b12224fb13b9ef32603faa status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/yo100 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/yo100*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.232.167:36509/bin.sh id: auto-5145b8335a4b00fe831fb67ca0cd49a7635d632885d7d24e56f17c9823846070 status: experimental description: Detects traffic or activity related to http://123.4.232.167:36509/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.232.167:36509/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.83.120:35080/i id: auto-6fde19c0f0b26d6a0bfc31bd9ecf626096e45c22aab3595c968df57ba35e70b6 status: experimental description: Detects traffic or activity related to http://175.173.83.120:35080/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.83.120:35080/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.83.224:45080/bin.sh id: auto-4804e62164cc90fe5f2f8cc872b34b84227887c6fc34a0722b8f98a9bd920f60 status: experimental description: Detects traffic or activity related to http://182.127.83.224:45080/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.83.224:45080/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.226:55185/i id: auto-8dc9182c28c4be7e7011add1b2aa79cefcd2366a62abd163ed6e30747de5bd06 status: experimental description: Detects traffic or activity related to http://117.209.92.226:55185/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.226:55185/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.184.211:37281/bin.sh id: auto-3b63b938ad1403991cb9f4976b08c6a9845871baf742ddb025ddb88df1fcd031 status: experimental description: Detects traffic or activity related to http://123.5.184.211:37281/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.184.211:37281/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/nol45 id: auto-461e0de68ae1b95d917365606041326c68afde09963681492e60930f48c21fda status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/nol45 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-10-s15-ap-k/nol45*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.219.136:57087/i id: auto-3d3cfac287301e2313ec8949f813625117f731a994abc06ad2e3656a07ff77bb status: experimental description: Detects traffic or activity related to http://182.121.219.136:57087/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.219.136:57087/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.53.86:35949/i id: auto-4cd2af3f2dd4a46cb3e2ea59a4856ab682d738dabd1334a87bbb139373889dfd status: experimental description: Detects traffic or activity related to http://42.235.53.86:35949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.53.86:35949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:38888/i id: auto-a356da6e44106db0d26f8ff37dcd3a509cb1bf733c55e95eecfb16df9db046ab status: experimental description: Detects traffic or activity related to http://110.36.29.208:38888/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:38888/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.83.120:35080/bin.sh id: auto-f3dce2348fd4b1bcaf75f09aefcae972c0d5599053f5cc2f5b53579e1345207d status: experimental description: Detects traffic or activity related to http://175.173.83.120:35080/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.83.120:35080/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.92.226:55185/bin.sh id: auto-e54bc1d12e3ab6d58f2a7d1c7374b3c47bbb3a96f10c68b0ee21ba4b7d91f236 status: experimental description: Detects traffic or activity related to http://117.209.92.226:55185/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.92.226:55185/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7311893838/7BatRta.exe id: auto-41b72e2ced682a3b4c452eddf46d6b683e186fc2170147152de2da5397090013 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7311893838/7BatRta.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7311893838/7BatRta.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:45869/bin.sh id: auto-16c21786fb5e3dd992212f61add4f8b289311fcefbafe9ddec0649b5971014a4 status: experimental description: Detects traffic or activity related to http://110.36.29.76:45869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:45869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.117.58:35313/i id: auto-56a6292da05cf2acb7dbecdbaff78942baeee445683dc8735096ba8586c85921 status: experimental description: Detects traffic or activity related to http://125.42.117.58:35313/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.117.58:35313/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.97.90:40266/i id: auto-5e36fbca19f3742989f5d042f87f6a415ece0a681df296958837f9f074c01fb9 status: experimental description: Detects traffic or activity related to http://125.41.97.90:40266/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.97.90:40266/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:38888/bin.sh id: auto-dc57ce0a3df00761d95cb5475c9fa3e2e13909eba8f750f4cbc0f36681266c98 status: experimental description: Detects traffic or activity related to http://110.36.29.208:38888/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:38888/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.163:54985/i id: auto-55b2140abd42b68273a116e0fceedd2fb613cb4c015c7263cb3c3c6f829bb5be status: experimental description: Detects traffic or activity related to http://110.39.228.163:54985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.163:54985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.219.136:57087/bin.sh id: auto-1cbbe2a9855c4be0303d8312755a720e8ba79a402f92b700a92917c2bdee9d42 status: experimental description: Detects traffic or activity related to http://182.121.219.136:57087/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.219.136:57087/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.53.86:35949/bin.sh id: auto-fc00030a690a37c719562bbad6185681b1f45ba5c177885217755de8da113080 status: experimental description: Detects traffic or activity related to http://42.235.53.86:35949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.53.86:35949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.124.41:50076/bin.sh id: auto-810a92c6eb1553737914be1f0de8e704bd1ff0048b2546dbdb744daa6ceaaca8 status: experimental description: Detects traffic or activity related to http://42.176.124.41:50076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.124.41:50076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.193.126.158:8081/download/sysad id: auto-39b912334394ce810f0697a5b89c654122a79b98d794cae78041f1930d993725 status: experimental description: Detects traffic or activity related to http://185.193.126.158:8081/download/sysad which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.193.126.158:8081/download/sysad*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.193.126.158:8081/download/x64 id: auto-c5db0e66cad2b6e2227ad4fd045ccb153e047012f67a635f8219b3f6d99f4212 status: experimental description: Detects traffic or activity related to http://185.193.126.158:8081/download/x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.193.126.158:8081/download/x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.193.126.158:8081/download/x65 id: auto-bfe52976f4ee33e5ae6e0794541137a4b1586125b5c1963f268a69858c832638 status: experimental description: Detects traffic or activity related to http://185.193.126.158:8081/download/x65 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.193.126.158:8081/download/x65*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.193.126.158:8081/download/x99 id: auto-e0ef16b655102d4fabf89e2f63e1c541aa259f0b4e2bb99618789df19303e181 status: experimental description: Detects traffic or activity related to http://185.193.126.158:8081/download/x99 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.193.126.158:8081/download/x99*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.you-rus.lol/YouTubeRU.apk id: auto-abb96a0b54840204fdec7387369aba81eb376235a353881e0412c84c18470a69 status: experimental description: Detects traffic or activity related to https://www.you-rus.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.you-rus.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.163:54985/bin.sh id: auto-4cc27f1f9e1da59aa92b7c2244abe8aea5f8e9f8687927e30a44f396e89c8a63 status: experimental description: Detects traffic or activity related to http://110.39.228.163:54985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.163:54985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.117.58:35313/bin.sh id: auto-c26ba7d5d841ef754c8439287795ec55eb0280a6fa20f830050940077375ef7a status: experimental description: Detects traffic or activity related to http://125.42.117.58:35313/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.117.58:35313/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youtube-russ.lol/YouTubeRU.apk id: auto-cd5598f0b910eb4be2bc537c0917d03ac1a34d2bc9d49d2e4c52666ef8bff410 status: experimental description: Detects traffic or activity related to https://youtube-russ.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youtube-russ.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drivepro.lol/DrivePro.apk id: auto-2524e579888f17aa66d490fb3ea9b6a0c9ebbd08a60814ad7956c6ec2911a155 status: experimental description: Detects traffic or activity related to https://drivepro.lol/DrivePro.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drivepro.lol/DrivePro.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.97.90:40266/bin.sh id: auto-87aa19a641a5701c25df95527a5a38b9c6b010f21d1dcabf6e861f00f6dd8907 status: experimental description: Detects traffic or activity related to http://125.41.97.90:40266/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.97.90:40266/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://helpdps.space/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-2bbe860235cfdcca38baf700777172f2d763d5fb6d474b34ffcf3c122864619e status: experimental description: Detects traffic or activity related to https://helpdps.space/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://helpdps.space/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://newnube.lol/YTnew.apk id: auto-ac69bc5f34788c825f55cdc27b67d12228aa296b1e89b5f104e944ab32eeb6cc status: experimental description: Detects traffic or activity related to https://newnube.lol/YTnew.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://newnube.lol/YTnew.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youtubefromrussia.lol/YouTubeRU.apk id: auto-326c09f271ba826848bbfeed17da44187157e07bde69bc9379c8ab22176211d6 status: experimental description: Detects traffic or activity related to https://youtubefromrussia.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youtubefromrussia.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.107.17:48034/bin.sh id: auto-9a221c3540c678deaccf5bdfce0ba0dc4eb4739f1ccf681897c9615354290319 status: experimental description: Detects traffic or activity related to http://175.169.107.17:48034/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.107.17:48034/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.30.45:49703/bin.sh id: auto-44e063fcc040acf0b9bdb7974da3a90a57ae0dbb8b52bea4962a17f676d837ff status: experimental description: Detects traffic or activity related to http://110.37.30.45:49703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.30.45:49703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.109.32:57096/i id: auto-6ed2141d8ece24490c3e74731e221681027b14daea34b182efac87bc822ee456 status: experimental description: Detects traffic or activity related to http://110.37.109.32:57096/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.109.32:57096/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.130.112:56568/i id: auto-a6452b874b817fe2a8516a89e3becc6c283b8de2db87f0d97be70e71003725d2 status: experimental description: Detects traffic or activity related to http://112.198.130.112:56568/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.130.112:56568/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.130.112:56568/bin.sh id: auto-699ce48960b1f6525a63b9baf2374ca1739d4e96ba0b95f97091ef32f22b85b9 status: experimental description: Detects traffic or activity related to http://112.198.130.112:56568/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.130.112:56568/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.206.175:56173/bin.sh id: auto-5f111a17c3c8ffe59ab8af009d3eb9ddd5f83dc6a0f2d06a87299db8ddad1b59 status: experimental description: Detects traffic or activity related to http://115.63.206.175:56173/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.206.175:56173/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.206.175:56173/i id: auto-243cb0eb5b8b3f90366004e7cea74c5cd4bd9f89d4ef74d905148392a156a7dc status: experimental description: Detects traffic or activity related to http://115.63.206.175:56173/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.206.175:56173/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.172.249.3:35127/bin.sh id: auto-deff0821066c234ec5c84774e4128aecdbbd4a3e6f7718a4e5c2df3b69ca1a0d status: experimental description: Detects traffic or activity related to http://123.172.249.3:35127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.172.249.3:35127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.18.105:54806/i id: auto-cb79861dc167e955242ce90e36d05a5e381dddd118b3470cc9cbd84b3e83ffe4 status: experimental description: Detects traffic or activity related to http://125.40.18.105:54806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.18.105:54806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.sh4 id: auto-6ddc23a9112ceb3f6a848633a0a48851b482d1e072b5ea604d60b7dc8b0ee8f8 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.x86_64 id: auto-3960b46e72c1279063eb5622eaa7e09ff6a09879e872b9bfec19404e6fd6ec76 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.ppc id: auto-d30fb6b1ced4d0afcfb003b5d98767480aac77678a7fecda301dd31a53e9d4ee status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.m68k id: auto-245b7a1beedd7cfcf72846156d5d23db0d7a62ce9b869757069486677b0de41a status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.arm id: auto-2f4e68c96c79046e61438e36001cd27c9e325fa9a0dd01b1adea2f83aba25dc6 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.i486 id: auto-1efc8f6b9d2583445319389e7b6f95108b6307f0caf21146eb53014e81bfdd31 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.arm6 id: auto-6d179272cda389c41091df4501bc9eebe6f57d431431fdf8bb16f08daf3ef22b status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.arm5 id: auto-c77d45f89be45a248e7fcd903c8534bfac477cf0e9ea06429684a2c9d2e1e346 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.arm7 id: auto-73c8c4c147e4cc68b154d3a193945ca602bd70f50e3d52434e97926e174b53da status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.x86_32 id: auto-d65c3c7df77b7c293409ac171539ed7e2e5dd89daa99a3d8f57d4da82705c029 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.ppc440 id: auto-e037b19a9d7c23ebd0e40c34c9078ac57fc19c6d644767e6078a6df53ad91233 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.i686 id: auto-9f1c84a95fef59956c1b4bcbd8dafdc0f4fdbd7b39c64e041d66712985a8ae2b status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.mipsl id: auto-bbd70703468d8147e038e892516db385ff21bb8a6a2769b8e132ac061b14e316 status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.mips id: auto-942524bf6bbe01fd85ce927620046748cb48c47a186ed98bb3bbb141fafe10ab status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/huhu/titanjr.arc id: auto-bdf17b040bfe9180a4927defb1d28163d607a86f99f39d1224d804964f693e1f status: experimental description: Detects traffic or activity related to http://213.232.114.169/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.189.153.65:10001/SgrmPath.exe id: auto-c258a15d0433e6234efc83294939e365b642d87cced0cfbaae91acc5a66120e3 status: experimental description: Detects traffic or activity related to http://88.189.153.65:10001/SgrmPath.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.189.153.65:10001/SgrmPath.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.34.242:60110/i id: auto-d8dd377c63f0123ed9bbb85edf28dd5010a3de7ad2a6f6f2d75858a5281d0f1e status: experimental description: Detects traffic or activity related to http://42.6.34.242:60110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.34.242:60110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.232.114.169/all.sh id: auto-d4e713670491d06087bd03c76812bcc381ea8746e728476d144e2e3ee57f8cd6 status: experimental description: Detects traffic or activity related to http://213.232.114.169/all.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.232.114.169/all.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.186.212:60392/bin.sh id: auto-73ffb346b3a58c339ce4e14eac27198f90fd3f0317e86b9315a55aa2901fbee3 status: experimental description: Detects traffic or activity related to http://222.140.186.212:60392/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.186.212:60392/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.18.105:54806/bin.sh id: auto-d1e55eb1534dd4ec7fdf0d71f75fa6f58d50daaf9b2047e4ccd21963195f9188 status: experimental description: Detects traffic or activity related to http://125.40.18.105:54806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.18.105:54806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.226.52:58632/i id: auto-e78052b90dfc659d8976da3b3c6c8591706551112f954ea2a20ce073dffd5d74 status: experimental description: Detects traffic or activity related to http://115.55.226.52:58632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.226.52:58632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.248:33575/bin.sh id: auto-a92effe75d556ff3a62e8e3af90729196c0a5ad760c19a853083932881ae5028 status: experimental description: Detects traffic or activity related to http://117.209.94.248:33575/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.248:33575/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.74:45942/i id: auto-e10ed8e6201c0e05d67b24fed573ce2acea8c5bc8ccbd9047cabf20f8229ab83 status: experimental description: Detects traffic or activity related to http://117.209.82.74:45942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.74:45942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.176.142:39675/i id: auto-bdfc94193e68b0a0846a7a9975eb8030fa2f67e60e3f6102ff17cd9d134db57b status: experimental description: Detects traffic or activity related to http://42.54.176.142:39675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.176.142:39675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.247.225:34398/i id: auto-116ca7d86b0dedab9de00c510838f759be6e6a639a730028e091dfeada65c275 status: experimental description: Detects traffic or activity related to http://42.239.247.225:34398/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.247.225:34398/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.254.94:49437/i id: auto-78cf6810d46b21a1707aeef40c95e0b964d32e8a1411e60f9a69adf1f15335d6 status: experimental description: Detects traffic or activity related to http://175.175.254.94:49437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.254.94:49437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.82.74:45942/bin.sh id: auto-595f7d2c8e573050178f9399ca578d3a0a783137b7b8ffeca5b09f269996ff17 status: experimental description: Detects traffic or activity related to http://117.209.82.74:45942/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.82.74:45942/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.247.225:34398/bin.sh id: auto-8c24dbd01d76e41b3621525ec0f054ae56aa807c4299ec74702e11ea924d35a8 status: experimental description: Detects traffic or activity related to http://42.239.247.225:34398/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.247.225:34398/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.176.142:39675/bin.sh id: auto-abf01fcc1f66bb3bd3aff78fa27647de8180c21e418841f4b18dea771e3bc530 status: experimental description: Detects traffic or activity related to http://42.54.176.142:39675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.176.142:39675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.127.128:42020/i id: auto-d559ce2ad735a7dc649ba7585ddc01918d90d51be4b87bcc0aff20685f6562ee status: experimental description: Detects traffic or activity related to http://42.224.127.128:42020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.127.128:42020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.54.161:35342/bin.sh id: auto-8fdaf08ab1e46d56399015df679ef3e97ed72cddfb37509f12589aed5b64ea64 status: experimental description: Detects traffic or activity related to http://219.157.54.161:35342/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.54.161:35342/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://expressinvoicesinvoice27.ngrok.pro/invoiceservice1.zip id: auto-8eb6fec70474201fe7c5292afa6c45f74485dc18f4c61e185a7768b4b98551ca status: experimental description: Detects traffic or activity related to https://expressinvoicesinvoice27.ngrok.pro/invoiceservice1.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://expressinvoicesinvoice27.ngrok.pro/invoiceservice1.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.243.178:40421/i id: auto-6f15c03a72582042f0496417d6b93060622ba330aa1b9d971df48eab90ac5209 status: experimental description: Detects traffic or activity related to http://119.185.243.178:40421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.243.178:40421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://flisinfuntar.mail-lab.store/ id: auto-47b39397ec32639fd20040ad0c9672d55bbbc3af2ed64492b27d64f76175d7c4 status: experimental description: Detects traffic or activity related to https://flisinfuntar.mail-lab.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://flisinfuntar.mail-lab.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glejal.mail-craft.store/ id: auto-535d3c9ef3d30aba87b99774e85e793fdedbc2ca0339b98481f6c5c95a3921d3 status: experimental description: Detects traffic or activity related to https://glejal.mail-craft.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glejal.mail-craft.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cretonriz.lxmail.store/ id: auto-3031625a5c91a70b0a3926a00378d5a4bf07144f74e13920c512c6d21480f37e status: experimental description: Detects traffic or activity related to https://cretonriz.lxmail.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cretonriz.lxmail.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glefenbonder.luxomail.store/ id: auto-a4149508094357a78e9c17938283ddf623a75cf23bcebe8e743e1b03a7b51177 status: experimental description: Detects traffic or activity related to https://glefenbonder.luxomail.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glefenbonder.luxomail.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://platum.luxxmail.store/ id: auto-f9e30e1196abe8cf598d410d3f6530a6fb841c722b90a43950e6758bcf66bb06 status: experimental description: Detects traffic or activity related to https://platum.luxxmail.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://platum.luxxmail.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prorol638.luxormail.store/ id: auto-074b3f725a30c916574c9d34bfdff5dc539b3687a7ffdfa83763c665506585d2 status: experimental description: Detects traffic or activity related to https://prorol638.luxormail.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prorol638.luxormail.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glasal.luxmail.space/ id: auto-f1962eab7a2c01a019fea3d06ee521e318ddb470434a5d17ab44440170c6236b status: experimental description: Detects traffic or activity related to https://glasal.luxmail.space/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glasal.luxmail.space/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frukinvel.luxmailer.store/ id: auto-1f779d7c3cae431786eca367e5e7f98786c155c2bb0557db797bc4cfd12675bd status: experimental description: Detects traffic or activity related to https://frukinvel.luxmailer.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frukinvel.luxmailer.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cropenval8.mail-lab.store/ id: auto-6797830f81a13903a2eea522759cf50951943dde6640f23163993132d61b1016 status: experimental description: Detects traffic or activity related to https://cropenval8.mail-lab.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cropenval8.mail-lab.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://flononconsal.mail-genius.store/ id: auto-1cc7cb8bf7236b5caa852c250907019689eb2100526515878e2783c27757f245 status: experimental description: Detects traffic or activity related to https://flononconsal.mail-genius.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://flononconsal.mail-genius.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glaronhal.lxmail.store/ id: auto-8ffa254066f642de0ec49009c6ec23028dfc2f08380f81c26a946502bc3163a2 status: experimental description: Detects traffic or activity related to https://glaronhal.lxmail.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glaronhal.lxmail.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://flipinlanjal.mail-cube.store/ id: auto-62992a3b0b81e391ba517245c31b937b9ba33739f91621625acba6cba4da9d8b status: experimental description: Detects traffic or activity related to https://flipinlanjal.mail-cube.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://flipinlanjal.mail-cube.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://crolinpanrol.luxmailing.store/ id: auto-319e4b76765fb82ec85f30fe9bbac24a00cf5005e8182aaa33430a562b05ae5c status: experimental description: Detects traffic or activity related to https://crolinpanrol.luxmailing.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://crolinpanrol.luxmailing.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pripingor.mail-boss.store/ id: auto-a91360defbdb14bd7211267451db895e450e1b5ec1511e377b926aea3febf896 status: experimental description: Detects traffic or activity related to https://pripingor.mail-boss.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pripingor.mail-boss.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prukinsandiz41.luxmailing.store/ id: auto-c6027d4532b24e23a25b9f5e92c8482c5ddd2ccb21312a4517bd3330b29b22c2 status: experimental description: Detects traffic or activity related to https://prukinsandiz41.luxmailing.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prukinsandiz41.luxmailing.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prosil.mail-mentor.store/ id: auto-2cc0006ee9d1532e15f0a532b6e7716f34b883a3f2e4a405d701936ed233b961 status: experimental description: Detects traffic or activity related to https://prosil.mail-mentor.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prosil.mail-mentor.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://crical.mail-craft.store/ id: auto-e5c2ba60212edf76ae182ac14e2ce04197a0631ef697e732ffdaef24fc4aafb3 status: experimental description: Detects traffic or activity related to https://crical.mail-craft.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://crical.mail-craft.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frepanlanral563.luxpost.shop/ id: auto-1391ac1e1dc83021a26afeff1d0fba4b5f060a2fc1726288ef3c3ff60a6d4487 status: experimental description: Detects traffic or activity related to https://frepanlanral563.luxpost.shop/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frepanlanral563.luxpost.shop/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://progongor822.mail-genius.store/ id: auto-f834c10ff7dce650f563ef81a09abdd34c741e5a055697e3dcc0efa756c34f42 status: experimental description: Detects traffic or activity related to https://progongor822.mail-genius.store/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://progongor822.mail-genius.store/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.127.128:42020/bin.sh id: auto-3f2bac4a882f43a742da9d8d5dadc1c397a215bad9e6ea1c212402f2d6e19680 status: experimental description: Detects traffic or activity related to http://42.224.127.128:42020/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.127.128:42020/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.178.145:60669/i id: auto-ebfaa97ccbdaf40fb3b027eb396d1d56c7b7697ee8fe64476b50f157112422cf status: experimental description: Detects traffic or activity related to http://42.224.178.145:60669/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.178.145:60669/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.169.213:48631/i id: auto-591019f8c10706f0b186d12432a2848929d092fff39e1c397a9c5886faae4865 status: experimental description: Detects traffic or activity related to http://125.41.169.213:48631/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.169.213:48631/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.243.178:40421/bin.sh id: auto-dd173c870e05f2cd6de245e1840463198fb4e8269c8c31c51b51ad93d23215b4 status: experimental description: Detects traffic or activity related to http://119.185.243.178:40421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.243.178:40421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.71.130:40072/i id: auto-ec5404d256208936d6e3bc2b5522db55323b326b374a3af48e516e4ed096a5b9 status: experimental description: Detects traffic or activity related to http://113.238.71.130:40072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.71.130:40072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.169.74:45493/i id: auto-e72c330a139eebc538ab100cf95e8c9611cc91b09cec8618063245c6ba4cf6a7 status: experimental description: Detects traffic or activity related to http://176.226.169.74:45493/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.169.74:45493/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.178.145:60669/bin.sh id: auto-eaa5e303f0eab5c8825785a09eda4f833948c9a0e572246b5cc89164c996bf59 status: experimental description: Detects traffic or activity related to http://42.224.178.145:60669/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.178.145:60669/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.71.130:40072/bin.sh id: auto-b763477c1333e3d0499856de0aaabac6dbd67f7250d4b57ba28efcf52b969b78 status: experimental description: Detects traffic or activity related to http://113.238.71.130:40072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.71.130:40072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.241.196:42575/i id: auto-06e320fa7b869dcfc7a2313ab7f38fc04c0262c7e6ce1b3b2d59402a6be49db6 status: experimental description: Detects traffic or activity related to http://123.11.241.196:42575/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.241.196:42575/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.214.46:60429/i id: auto-5df71380769a70b97eaa52c5d16671afd718cf59b26e79253af2e469ec84564a status: experimental description: Detects traffic or activity related to http://119.189.214.46:60429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.214.46:60429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-8bf10830d4fa42d3a538fa7b302d55b3.r2.dev/whtfhtyhg%20(1).zip id: auto-6bb6e76af8f87b187cb9aa5aab9edb5294ff414b4afb43eaff3a37eb0abe16b6 status: experimental description: Detects traffic or activity related to https://pub-8bf10830d4fa42d3a538fa7b302d55b3.r2.dev/whtfhtyhg%20(1).zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-8bf10830d4fa42d3a538fa7b302d55b3.r2.dev/whtfhtyhg%20(1).zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.84.139:57681/bin.sh id: auto-cc581f3448b3cfe03f342c452af65f34c637bd1b6f907832143ae0fddd2a47f7 status: experimental description: Detects traffic or activity related to http://175.165.84.139:57681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.84.139:57681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.169.213:48631/bin.sh id: auto-9b7553150e254d5e6fb201e6bfcf5ed2c864f3bf6f997fcbf95c72f1a0e6f4d9 status: experimental description: Detects traffic or activity related to http://125.41.169.213:48631/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.169.213:48631/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.169.74:45493/bin.sh id: auto-c5fa8319824d56e45064367b00a13fcd8508938e5cee114d0c1176df3d7efa6c status: experimental description: Detects traffic or activity related to http://176.226.169.74:45493/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.169.74:45493/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.i468 id: auto-30fdb87099f24765443d03558d1d05dae7d54750e5c09a9d9c082782b8a38d31 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.i686 id: auto-54fdd22c189196ec91ff9b58f033080652520227c26132f222e6ff30c32c1d45 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.x86_64 id: auto-41f9f508b7d834cb2cea427cce2dcf676dca7e40cb756a26eabc18886925d8b4 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.122.116:47268/i id: auto-53dbb65e07a693352cd01b652cb69dd6429d33d157be0c2cf8fb8960521ad49e status: experimental description: Detects traffic or activity related to http://42.53.122.116:47268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.122.116:47268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.214.46:60429/bin.sh id: auto-207a7c68b422b73383ffc9e023f83f5f794d822d3932962350b0817c2011d390 status: experimental description: Detects traffic or activity related to http://119.189.214.46:60429/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.214.46:60429/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.241.196:42575/bin.sh id: auto-822f52c2436b5dc611b08608ead32b7322b5dd46901d323b1c42127ea8cd3864 status: experimental description: Detects traffic or activity related to http://123.11.241.196:42575/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.241.196:42575/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.73.115:35649/i id: auto-09c5677ad5e3923ead93457ef514e3f50bee1bd95aa76118845a523b81ec08b1 status: experimental description: Detects traffic or activity related to http://39.187.73.115:35649/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.73.115:35649/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.137.152:54774/i id: auto-45713e720b62497e431d248b31b16ecb7c40fe5a863a3f9c18a2ed0953548bf6 status: experimental description: Detects traffic or activity related to http://42.238.137.152:54774/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.137.152:54774/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.124:35877/i id: auto-ab783e4c78facd0feafe64b307c192dd326f1311468b90a5ffef7f84133e7852 status: experimental description: Detects traffic or activity related to http://59.97.253.124:35877/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.124:35877/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.48.239:40381/bin.sh id: auto-1b120cfd173b521d9177f8e5158b0a7c888c2e935ae1a24328810cd348386aa4 status: experimental description: Detects traffic or activity related to http://125.45.48.239:40381/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.48.239:40381/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.228:49920/i id: auto-66dbd1a414ce3b3b8a385e704200234d3b012d3202b07d8af44ed1f470f3ab94 status: experimental description: Detects traffic or activity related to http://119.179.252.228:49920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.228:49920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.50.153:55641/i id: auto-367b6393cde9b7dcf7c24895ec090d04082ea38a233202f6cdca242bde0da2bc status: experimental description: Detects traffic or activity related to http://123.14.50.153:55641/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.50.153:55641/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.255.244:50754/i id: auto-7bdd594ca538756f364e5de8ea358a3df58c9e01a5b2de72a67995a0114d8a94 status: experimental description: Detects traffic or activity related to http://185.221.255.244:50754/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.255.244:50754/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.37.4:37041/i id: auto-d2981c4308bb038a97e4f7f4aa6053348f714e252be11d8b7b290ae5910f6a16 status: experimental description: Detects traffic or activity related to http://125.43.37.4:37041/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.37.4:37041/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-key/sash21 id: auto-8020fc3d9dacd93d20467c6d39d0e8d338ba7d596abda597746b8f494ca43042 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-key/sash21 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-key/sash21*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.68.59:40042/i id: auto-5fb52ee2c92283e2a76b97ef269202ddb8654bbbb2d28e2d5970f38239fe7e7b status: experimental description: Detects traffic or activity related to http://115.57.68.59:40042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.68.59:40042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.146.234:50611/i id: auto-5d101bb0be29b6b98af54fcb86a6c25a8208a98abff614983c656ef346a3e5d5 status: experimental description: Detects traffic or activity related to http://42.178.146.234:50611/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.146.234:50611/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.225.231.222:41222/Mozi.m id: auto-18c741c1066a023ca2bf14f22788372f20021d127f91a9b001840edee49dc0fe status: experimental description: Detects traffic or activity related to http://88.225.231.222:41222/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.225.231.222:41222/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.62.74:34320/i id: auto-8bb9b72d03ea0d8f83e8678b5f78250786d845628ddbd84835bdd1360559e359 status: experimental description: Detects traffic or activity related to http://42.231.62.74:34320/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.62.74:34320/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.88.177:50375/i id: auto-3090c681b3e1f75c405ec4f1735e48697620bee34d143600befe1cc7de683473 status: experimental description: Detects traffic or activity related to http://85.108.88.177:50375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.88.177:50375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.48.212:56472/i id: auto-0de851652561755f68d3ac5973b7177d11fff9a4cf2ae57dd8db53a72424f43e status: experimental description: Detects traffic or activity related to http://182.114.48.212:56472/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.48.212:56472/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.225.231.222:41222/i id: auto-d45a8f0f0f228a52ab335ab592626b6f7ddb90d60a538a84e61ebbca58b47778 status: experimental description: Detects traffic or activity related to http://88.225.231.222:41222/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.225.231.222:41222/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.24.162:40779/i id: auto-ead797a2832c24ac76fa1515794037e9756dfdea28c6117b74c3f5714156ff47 status: experimental description: Detects traffic or activity related to http://110.37.24.162:40779/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.24.162:40779/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/sad id: auto-eb676a64a6cbcb60071f41a2b68d04045dd2a0a4e380a5542484750cbdda640c status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/sad which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-cl0ud/sad*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.73.115:35649/bin.sh id: auto-a08ac80e968da2b1049560cafe167a3b72f5e988b10bb1b8b2a1b47a2161942e status: experimental description: Detects traffic or activity related to http://39.187.73.115:35649/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.73.115:35649/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/spl.exe id: auto-20a468dbe6e31ece1dacce8eeac8c3bea05139125a2ca89c35664a9d051b7306 status: experimental description: Detects traffic or activity related to http://178.16.54.109/spl.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/spl.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jutup.ydns.eu/xworm2026dbConvertedFile.txt id: auto-a07558d5b2feff67bf2a3134cdafc6b04fc27013d7c56253fb7982c4e6ab6ca4 status: experimental description: Detects traffic or activity related to https://jutup.ydns.eu/xworm2026dbConvertedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jutup.ydns.eu/xworm2026dbConvertedFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://cryptertyyu.42web.io/arquivo_20260106003657.txt id: auto-70a99a2c666f2b7c0770d3fb588a9942dc5c2923e68b86539dd9bf3796ef7a19 status: experimental description: Detects traffic or activity related to http://cryptertyyu.42web.io/arquivo_20260106003657.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://cryptertyyu.42web.io/arquivo_20260106003657.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jutup.ydns.eu/ConvertedFile.txt id: auto-9768d7784945e0fcb50061e43d7dec38023d026e842cceaba05825a8e09cedc0 status: experimental description: Detects traffic or activity related to https://jutup.ydns.eu/ConvertedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jutup.ydns.eu/ConvertedFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.ilovegrooming.xyz/krpc.exe id: auto-ca69d081cd8bb648dd4c6e772e987ca29ad39e9c0f6400cb50cb0e31a9b2d298 status: experimental description: Detects traffic or activity related to https://download.ilovegrooming.xyz/krpc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.ilovegrooming.xyz/krpc.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.ilovegrooming.xyz/Discord.exe id: auto-2bd66abe8ed45e7f07f13a0fa4677bf6f72c7ba4fccd54d4545d0d069699dabf status: experimental description: Detects traffic or activity related to https://download.ilovegrooming.xyz/Discord.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.ilovegrooming.xyz/Discord.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.ilovegrooming.xyz/Update.exe id: auto-df1fefc498b7c333d6a44bebf5ffd41886ff14322d5c83b1574ca63c01351e5c status: experimental description: Detects traffic or activity related to https://download.ilovegrooming.xyz/Update.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.ilovegrooming.xyz/Update.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.ilovegrooming.xyz/WSSecurity.exe id: auto-df11ce1153e75d2c20542f75be3c3d3209dac4a868c942611e0aa2c62d4564a4 status: experimental description: Detects traffic or activity related to https://download.ilovegrooming.xyz/WSSecurity.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.ilovegrooming.xyz/WSSecurity.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.ilovegrooming.xyz/Realtek%20Audio%20Manager.exe id: auto-4c00cbc503ae97504db947f046cf8462ab9b0c4ef3d201f32de5f9dd65f9c982 status: experimental description: Detects traffic or activity related to https://download.ilovegrooming.xyz/Realtek%20Audio%20Manager.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.ilovegrooming.xyz/Realtek%20Audio%20Manager.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jutup.ydns.eu/ebuka2026ConvertedFile.txt id: auto-cdcc0ecdc00624ac0ff2fe5038c173bb151742505261220a04182e02c132459a status: experimental description: Detects traffic or activity related to https://jutup.ydns.eu/ebuka2026ConvertedFile.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jutup.ydns.eu/ebuka2026ConvertedFile.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/optimized_MSI_lpsd9p.jpg id: auto-a06337e7902e0e532d3de444e78f0a0923b557e3a0882678f0a38035294225b9 status: experimental description: Detects traffic or activity related to https://res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/optimized_MSI_lpsd9p.jpg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://res.cloudinary.com/dbjtzqp4q/image/upload/v1767455040/optimized_MSI_lpsd9p.jpg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.131.32:44532/i id: auto-f8f1715b75e626474a4066ae238498355c322eda72676ecb48d4f17d0598c243 status: experimental description: Detects traffic or activity related to http://123.129.131.32:44532/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.131.32:44532/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.124:35877/bin.sh id: auto-ea79992cda8961cc1f384bb49916c2551f41feba00d29ef2679a75317b4782ce status: experimental description: Detects traffic or activity related to http://59.97.253.124:35877/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.124:35877/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.159.170:47782/bin.sh id: auto-104e21847f4dfd2b52fc607be08659a5bfcfd525911ea6c6d686a78414646f5a status: experimental description: Detects traffic or activity related to http://175.148.159.170:47782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.159.170:47782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.92.210:49208/i id: auto-b9daa0a87400bf92bfc0884f6686c29c0f8f9f788eb2c11e0cccdfbe4b9090c8 status: experimental description: Detects traffic or activity related to http://175.165.92.210:49208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.92.210:49208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:58771/i id: auto-5c43bdb6317c2c599661253a9a7996a5bca068a49ad6750b2656d7b1894456ed status: experimental description: Detects traffic or activity related to http://168.195.7.78:58771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:58771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.46.143:42838/bin.sh id: auto-6741ad6814dc33ee48ebb84079b22381a65a631bb60717dbcd859faf6f26d542 status: experimental description: Detects traffic or activity related to http://42.228.46.143:42838/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.46.143:42838/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.218.101:38295/bin.sh id: auto-3aa2186afcd7d95ebaa1e888653c1441dfb84c5e78c1629841ba1d7f68470f43 status: experimental description: Detects traffic or activity related to http://119.189.218.101:38295/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.218.101:38295/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.131.32:44532/bin.sh id: auto-e21f083d6b6b35403d3767a39b6c3d9a5ef9ae85b3dd9842f40635ec9808ed4c status: experimental description: Detects traffic or activity related to http://123.129.131.32:44532/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.131.32:44532/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:47581/bin.sh id: auto-9ffd62cf19ac98df55cee7d30d307e00546d0b54886657940ba72cea463191c5 status: experimental description: Detects traffic or activity related to http://110.37.74.239:47581/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:47581/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.50.227.155:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest id: auto-1396efc4d71f805bb05810b5c8a293ec674e9db0a48e2359f7f72e2aadb77f5a status: experimental description: Detects traffic or activity related to http://209.50.227.155:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.50.227.155:8040/Bin/ScreenConnect.ClientSetup.msi?e=Access&y=Guest*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.ilovegrooming.xyz/main.exe id: auto-c9ee16b78764cae7bee271fa95dbebb01ef0b6a50fc48bb574860003765e6f97 status: experimental description: Detects traffic or activity related to https://download.ilovegrooming.xyz/main.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.ilovegrooming.xyz/main.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:58771/bin.sh id: auto-d674fb65f2c99eb6392a2e66caabfb2b84835d954ed8f28045491e49ba9cd81d status: experimental description: Detects traffic or activity related to http://168.195.7.78:58771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:58771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://biggbossteluguvote.com/BAD/AudioToastIcon.mp4 id: auto-a1235f710296b1312b0e768fe1d38162c4fa33f6e5371f5771f09f32937b34bd status: experimental description: Detects traffic or activity related to https://biggbossteluguvote.com/BAD/AudioToastIcon.mp4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://biggbossteluguvote.com/BAD/AudioToastIcon.mp4*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.20.64:42226/i id: auto-e533fffb3f51d97577104bfa6180db81d9e3ee8dbb8ac210297aca777c560a88 status: experimental description: Detects traffic or activity related to http://219.157.20.64:42226/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.20.64:42226/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.86.68:57511/i id: auto-3dd21acac1fdac3cfe0a69ed9a95e1d9033ad6cad0e0ccb35492af66736783cf status: experimental description: Detects traffic or activity related to http://175.165.86.68:57511/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.86.68:57511/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.82.43:54993/i id: auto-f7b25d4687754dfc6b9fa7cb4795f891423b7540af88196a01d9040e649adbab status: experimental description: Detects traffic or activity related to http://123.188.82.43:54993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.82.43:54993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.29.141:52342/bin.sh id: auto-036f062842fe4e9fa0841d256cde1b5f2cff1260c9215ee6673ec7691ccd65b1 status: experimental description: Detects traffic or activity related to http://42.178.29.141:52342/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.29.141:52342/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/update.ps1 id: auto-1e3341c4fe892ca6b0b4f13e2d8459c9b62265e561cc00c18081a2f517c29209 status: experimental description: Detects traffic or activity related to http://62.60.226.159/update.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/update.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.80.113:37313/i id: auto-2a38fe7d0489a4f16a0c5cd424dc75dd29b90f222de8630e3eb142961a75c403 status: experimental description: Detects traffic or activity related to http://182.126.80.113:37313/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.80.113:37313/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.93.140:56655/i id: auto-af1c3a520c14106736a5a7067b7801b4d0422b3c3b7eecc48c3229d8430db3a7 status: experimental description: Detects traffic or activity related to http://117.205.93.140:56655/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.93.140:56655/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.120.188:39306/i id: auto-48a7f9c18bc1af6d5797a821074f3e54bab6c85bc03fede89ff85b20ed9fdf3f status: experimental description: Detects traffic or activity related to http://110.37.120.188:39306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.120.188:39306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.20.64:42226/bin.sh id: auto-563bdb8e307ac7539967638a4917c27609c0e378fac5e38e1f143faa661131bd status: experimental description: Detects traffic or activity related to http://219.157.20.64:42226/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.20.64:42226/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.219.196:36276/i id: auto-76f928ca79d999b24fa0914e5736937a63fc858428767c318a4e3a2ac1100d3a status: experimental description: Detects traffic or activity related to http://42.226.219.196:36276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.219.196:36276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.82.43:54993/bin.sh id: auto-351e16d4f7a3c39f789263561008cffe9b29f63badd9d6ebb443071f4427f55d status: experimental description: Detects traffic or activity related to http://123.188.82.43:54993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.82.43:54993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.29.29:41233/i id: auto-ae99cc5e50e49f3f78b755573ae0ec54b1b9ca9d36395f4c8ac1fa3c20870f30 status: experimental description: Detects traffic or activity related to http://182.112.29.29:41233/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.29.29:41233/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.157.63:40477/bin.sh id: auto-2437444e30f92ae508bb32ffa00483c2be55553d31b4a2311b8893bc98eeb035 status: experimental description: Detects traffic or activity related to http://175.148.157.63:40477/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.157.63:40477/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/wc.sh id: auto-8e546084730b369fc30c4b03bc35de3d3a1e5e81e6ddc9df6b4067f52c448b66 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/wc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/wc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/wc.sh id: auto-7e02956b04b81261aac8e3ec4b0f4d7ffc1bbd3fea217376c7381b1127e5f23a status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/wc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/wc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/x/x.i686 id: auto-0b2f488452d978e47173aa4893f996836ad0bc8c8e7e1bd92e1e3a219a1b5b2d status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/x/x.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/x/x.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/x.sh id: auto-7933e95871915c15e10f396968a5e3db3c2a025cc94684cbca1f6a6807da4ee9 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/x.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/x.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/x.sh id: auto-5265c485c6d61d36bdcf2e3821031951bb637438206d89d6264a284cccfb1315 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/x.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/x.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/x.sh id: auto-8ea8f68622e38c8d057a8335e778350b7c285ba5f168eaf8d1ddc090b2e76105 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/x.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/x.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.arm6 id: auto-c415c952fa1c267ef5ea397dcd15684095f9b726123bf2a939897c2b72e768d3 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.arm7 id: auto-4ea0e39ce2aecdbc87be26fc5481a73fce25df2042dfa596edb81705e37859b6 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_mips id: auto-3e5a5884f9f1085213d32d478ed1033d143b6eecda24a9eedd93777a9dd11404 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.52.91:39492/i id: auto-3c414ca2850aed46df9268019216ba5c56d3c8911cf8156d426e83147df7d499 status: experimental description: Detects traffic or activity related to http://115.55.52.91:39492/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.52.91:39492/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/x.sh id: auto-8b735bdb7bceef7ce478ee5c659b6ed2d0bddae5c051272bea8645db141d1c23 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/x.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/x.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/x.sh id: auto-610ac6e01c80a4e4c17db91871d2d08a504f8369dd8e7efa6e17f96a7c8d68b5 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/x.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/x.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/x/x.aarch64 id: auto-6c8d71718b3a4972d841ba996228e4681157f0b1a15d03e7368980b7d9d8aa97 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/x/x.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/x/x.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.120.188:39306/bin.sh id: auto-17740f9aaec57c4407cb9590a93ae1bd48b4c1bd66802a856914b37ab3c13499 status: experimental description: Detects traffic or activity related to http://110.37.120.188:39306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.120.188:39306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.x86 id: auto-48a690d15f84d6a06f3093f12b71bf6ee02092ce99103547d22643436857f647 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/wc.sh id: auto-849521687c5e25e694f9dd2ef7051073c82d6305e09c75a424be0b54924a1a18 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/wc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/wc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.93.140:56655/bin.sh id: auto-20e5bd6ab17946d60b43dd3ad6d9bc96892d852672c6fda37e9032f246fe7002 status: experimental description: Detects traffic or activity related to http://117.205.93.140:56655/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.93.140:56655/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.87.160:42757/i id: auto-36218921ad08edb7ea3837753cb2715c8546d15e6163da1fcf027fcb0485d3e9 status: experimental description: Detects traffic or activity related to http://175.173.87.160:42757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.87.160:42757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/wc.sh id: auto-e3611dac1377ec82bfe13f6881ccf3ec504f809dfa6ddf0770fecfc9cac4a53a status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/wc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/wc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_mpsl id: auto-d86a1c879c57c4ff1be11acc7d0cf8a4a60582968dd658265f8b93ff7db45b1f status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/wc.sh id: auto-f96b850f3423d3ffded0e36a29705eda3504ca84c12776157a36a7bf3cff0ac2 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/wc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/wc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.mips id: auto-402f3a188fc6a94a6d0a1bc0339bf41c5f5d86ecfc91aa623df637b89d5496b1 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/x/x.x86_64 id: auto-5087f6a52ad10d31a7a94b782cfb0b4a134abefe2b5bd33147cafd6e95c7bed2 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/x/x.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/x/x.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.mips id: auto-d982fecdde2d5b374ff0bcf28cd7bbc208a475f61223699e6b864e032e268b01 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.mpsl id: auto-32e26963fa1a062146d8ab64a5a3cb21ae834f3750522df30ad46677d6e53f1f status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.arc id: auto-0b38dd283659a3f9e8dbf66957f25248c47dd4989e1102425396b72349e6308f status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.ppc id: auto-fe3f6d91e1c0ffc7ddea4ef45e4d4274129eabc597eb8741d9fd8953a3f37464 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/x/x.aarch64 id: auto-173e82beb69cd7a6acd057e5bc3f4c52230ebb78b2ff26476d7b5719a49de6ad status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/x/x.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/x/x.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.arm7 id: auto-4ff765c0bde9fe8cd0fa69d6d39293004eb571fc7430c26370cd5b3bd4b441b4 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.arm6 id: auto-24ea9904a9a2ea66e3c935fb947517c33227f316098ec93b280cccfe5afca5a6 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.arm5 id: auto-611eef1985c69d81000a87750ca570b977498b0ecdcf01d20ef5a9d5419222a2 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.mpsl id: auto-f78bd45c2627e531cb0aaacdea27730031153f77f9a1aa9848d25c98e15d821e status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.ppc id: auto-59917b0894f50b738c61a0640b6a96ee78eb1e6296081b876485762eea00ef5f status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.mips id: auto-858a44a29c4e09be3543c754e88435bb697fd5bbc00fa419df4d210463698c7c status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm7 id: auto-44b89d3e96b33843c2f6ca820e20a45ad2c08bfa1eebe4c03c7da584de1f7d9c status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.m68k id: auto-bd84e12d4621da8860ce4ad0f629d20bf71e2b1284de0589b78f27ba49df9e5e status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.arm5 id: auto-10ad6898d61f45f4cd2ed7c3d20e3ed5855ceef01a55ff0f71a59292fe541261 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.x86 id: auto-2a3cb37abc80a0ffc980f9d260da2b30244dd53223c724f31a10e0e835189055 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.sh4 id: auto-7c19c353bd748f92d8e41bcafe3e7d5f87f58df2a04addf3ced3ff9d20e325b5 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.mpsl id: auto-f1abf3d011464285dca8ad0413f53d7e6f2110a43432a0a304d02f4aa91f1318 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.mips id: auto-144d08f70a0e8746a0db674f6c045be42b0a4822fed403517b31b06802025bc4 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.mips id: auto-aa4557f030097c81875aab08e8328a441cb810cf91a209188db5996dd4bf0e61 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.x86 id: auto-e9d89268f0b4d6ee36ad2e8a5d9af0ca49a61c6727186e9250a41c63f3fe8d1e status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.spc id: auto-d6097e17163fe290705338073bb71bca09262900f5434de1140effcbf41c6db8 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.arm id: auto-1bcb34052eb34a451adc85e706a815610b0b9be68b12df8109261251e81ef9df status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/x/x.i686 id: auto-b739d756c2057590309ff3bc7352d9c8f4e46eac7e921e5d5c9a796f9682c16c status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/x/x.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/x/x.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.m68k id: auto-0ea84ada4ff0924b944cec6e9494ffeabbb46d36fe0fbabe44c7f4efcc899cf1 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.sh4 id: auto-053a389794ade588e0edcdd45881b81b5aea453e7ddf1eb66cfc842a58b0a8e4 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/x/x.i686 id: auto-483bf02d040c0fabb1f1fa71552940a69a301639f91938f121c684d27ac2f85b status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/x/x.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/x/x.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.mpsl id: auto-76715426d7fe3d2ba04d1cc2c1abdd6b16c483a3bb8e7e0866f5bbfc1712d9d6 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm id: auto-fd4c66335702fdbc2d0057f30711432ca144660a55d03a67c3db74f29cf34c3c status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.x86 id: auto-e38e3d6189b79a2f56603a0a557d2f7444bbaa6fc601ed464024e08d4db840be status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.arc id: auto-a257b1fe33f9334b527283ebdba1dfad95ccb2a9e335c482bba22bd416b8e31c status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/x/x.aarch64 id: auto-15c256e7a3a372a7660a1411d4e845fff81126256cd91b09374fd4e2f6b0d5fc status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/x/x.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/x/x.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/x/x.aarch64 id: auto-d832c13f020ed29c79c871e99a3af464ac419ba50fad3617bc0eac131ebc691f status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/x/x.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/x/x.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.spc id: auto-33f1c341da67e1d0ee56900f7435ddc2615c4ae42fd296bfcb132c5870ea9e6c status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/x/x.x86_64 id: auto-dff5c070e31ac2fd8d533682f4db36c625b4be3f943cf259b04ec8ffa45b0924 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/x/x.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/x/x.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/x/x.i686 id: auto-a5f7c80e29ff8bc9e571e05a96635f19da1ba9906235ad29c2c636fedeaf30c6 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/x/x.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/x/x.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.spc id: auto-923eb204fbfd95e47b8da5ef4d4d9d4896d3d62538332b82b117184c2569a3a0 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/x/x.aarch64 id: auto-f37bc0de41cc856aa4fcbb81340096de92b77d6d2ccb18a67e140db1a9dc059d status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/x/x.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/x/x.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.m68k id: auto-5a34dd514a9d5b6be0b4d8d488cb886353ad99f3a04a9b5069368f62eaf55a7d status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.mpsl id: auto-dea08a511588f8da92d66167f8bef3685ad8f3cf3e28d480e83bbba5594ef350 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.spc id: auto-74974d11c791e3d6a42b6426be338095d341124d61944511f91bbe490e25bfe2 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm6 id: auto-f5b7422cbd2e52dfb9a7eb7c5feb43903d7af1c21eda7d8bde404849ab47751c status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.sh4 id: auto-93741f4e9fb03e7c6fe80c5408f9ef9ddc6f6005164a3e09f375ac3660de8a45 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/x/x.x86_64 id: auto-ed83895fd6acbf17fec21a90306f2b82ad8b65dde229480aa96caa7a746d9a83 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/x/x.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/x/x.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.arm id: auto-5a8a773a07ac8fbaad7502ad2f84d09c683564c8e4d3c73d2b1d74fb66c828d7 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/x/x.x86_64 id: auto-c54080e5328c4110d0c19e08fe4a72da11e4656d13fcdaf1df2445af0060c758 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/x/x.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/x/x.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.arm5 id: auto-7675024d2ee0aae074108f9e9c631b2fda4b2c0b2bc468db1a447e1773797cca status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/x/x.i686 id: auto-ddaad4835e94780cb6b8335cdb5dce3be16f67d8811046026e08df8b69e30bba status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/x/x.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/x/x.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.ppc id: auto-ceb7c9c24fd84c90df57bedc615d9f3b2b8c7aa0ca394fe9b05bedcb52ef69e6 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.m68k id: auto-1cea0dece2d1d3b8b1b2e103d1be3644be1b49c6c03604b97d2b586fa57c9b76 status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.arc id: auto-90cc5f43498cf141fc2f784fd85b11076c55c0b9da21f33e2b4d007370ff75af status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.arm7 id: auto-0521415e5d805fe21b7e0de4ad359172110e7f3075de011b1d3c011dc0ebffc2 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.arm id: auto-9ddafadc621768e8e0c15dc179840269e80427b432bd4367cf07b70bf6decc9d status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.arm7 id: auto-126ffb2a21cac99ef63ccadce5dd3f916c91029fe11e5ee75b95134d592b480d status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arc id: auto-b650272d23a8f448c19331354f997e42f620c39ef9c2ca151090128d7f0e5ce0 status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.sh4 id: auto-7f6cf8ca638412be6be57bfc1eabf9853b315f3505bfa3bd1f881bc662135c9c status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.x86 id: auto-00fad748770df03f2526b263dffa0f494283fc2cbdcd2eb40ad5cffa721641ae status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.spc id: auto-6226e2ff2979d1e242336bf7d9d88cfbb847c9f8e0d5a510eb41b9a9358c883b status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.m68k id: auto-2a81e607c6b7c5493e36d6b8aa0796159f13b67f628f4dd6b603d69251b0f1a6 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.arm5 id: auto-1fef5d87c7b1d9c20dac9c8ecb6f6b4017e1007045692b42667925e7257c1973 status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.ppc id: auto-dd66aa1611bb401667d9506f93c867804469b1e137a0e790ec7f5087fb04c1b2 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.arc id: auto-6c187f80802f711dd54946f22f62be9b6f2ec8f8488673164f0d68c6b06b3e44 status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/x/x.x86_64 id: auto-52e0265cf3ef57b117fd5f043f30039db238fe623e9de62c949ec6e2a7c53f56 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/x/x.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/x/x.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vm05.transportrrj.com/bins/skid.arm6 id: auto-9c39fc09624ba689ce4310d5c2310255ff55a09bc564cae38f140fb64b1353cb status: experimental description: Detects traffic or activity related to http://vm05.transportrrj.com/bins/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vm05.transportrrj.com/bins/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm5 id: auto-b6421414a16aab92af88c5ff6f628ff7f3cd9f201bba6bc36bcd8f55d89fdaee status: experimental description: Detects traffic or activity related to http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://g3we2pj43ijkpfjmi.3utilities.com/bins/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.pagar8.alphaville-bt.com/bins/skid.sh4 id: auto-d9b949bd4894f2fdcc396c287618852612e0646eb10fbff1058b1ae2ab074ef1 status: experimental description: Detects traffic or activity related to http://mail.pagar8.alphaville-bt.com/bins/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.pagar8.alphaville-bt.com/bins/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.ppc id: auto-496c40359bdae362d3606ca04d000b62ab4f9bd207a1564b6fb455c60b02f1ce status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://pagar8.alphaville-bt.com/bins/skid.arm6 id: auto-e84d086a50d70b92a1613ada5cbaa8f5daf26ca7e4650093ebf7d4f3bec21ede status: experimental description: Detects traffic or activity related to http://pagar8.alphaville-bt.com/bins/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://pagar8.alphaville-bt.com/bins/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://mail.vm05.transportrrj.com/bins/skid.arm id: auto-f0972bb8a6a0d3f929cc1f733111253b6cee96948659fad87671b3fe09573bbd status: experimental description: Detects traffic or activity related to http://mail.vm05.transportrrj.com/bins/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://mail.vm05.transportrrj.com/bins/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.29.29:41233/bin.sh id: auto-27b31aea082bf5dc11454866b6d3457c77c9b9998d960993ae1ddb57266ce10c status: experimental description: Detects traffic or activity related to http://182.112.29.29:41233/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.29.29:41233/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.x86 id: auto-36c1dc34600d749f9b3b3524b0a95fb079623e66451ec40b967052b9694fab0c status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.arm5 id: auto-f536420c163f58703ac473119fb8949a43a7f2e7178c6836b84093a6757d46ea status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.m68k id: auto-037df08e3d40fdc2b1caa55f5bdbdf1dbe431f8d3a9b2058e4e321635f4ca7a9 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.sh4 id: auto-acfc07a3e10248615c7b41c5f2262bb54a7e6391625ef985abc99b269b7f9146 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.arm id: auto-038c009bb1aa85c8529ec7552aa4e305c6fb5da26470b15061873f49af815323 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.mpsl id: auto-2a1a4cc0b23e83027b44db6fb43640901817bcc06a1590efffc43ea4ca8eea6a status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.spc id: auto-83cac6a6981f09357716b48ecf4e49c01a32d20a0de085491eaeda26f9dad803 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.arm7 id: auto-c1c7b50116cff9e385c462106fc564aa0a360e8982e4fb8ba7309d12fd4b5a10 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.ppc id: auto-b11b7398f232058d742386ba6d97d3425e9df4dcedfe94f68b8126795610c385 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.x86_64 id: auto-d47ee1d9a4a075c3b5a73a52bef9eb1f7ba2285972540b5e4ac000f34f948082 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.i686 id: auto-090bef33391e3d95ac275e03d5ccda66afee2229c25ac8dc5849c3744a038f82 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.mips id: auto-5835ea76b28f08b279dcc965a6d7dd519f7da27285fb046e39f8a77dbf45db57 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://scivet.vet.ku.ac.th/bins/sora.arm6 id: auto-aea3c1575a9a4b709f9612b93b4c179c9f95e17c5e0b96a6127d86b8ae72ca14 status: experimental description: Detects traffic or activity related to http://scivet.vet.ku.ac.th/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://scivet.vet.ku.ac.th/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.dropbox.com/scl/fi/mfu1f5wn87q0d7ozj666r/rasiel-beta-x.exe?rlkey=pcagifeew1pzjszkkx8idt1y7&e=1&st=a4m2azbo&dl=1 id: auto-cfdc3fd82116602a7407cd28b759932c8faf8710f06935744c7180998868fce0 status: experimental description: Detects traffic or activity related to https://www.dropbox.com/scl/fi/mfu1f5wn87q0d7ozj666r/rasiel-beta-x.exe?rlkey=pcagifeew1pzjszkkx8idt1y7&e=1&st=a4m2azbo&dl=1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.dropbox.com/scl/fi/mfu1f5wn87q0d7ozj666r/rasiel-beta-x.exe?rlkey=pcagifeew1pzjszkkx8idt1y7&e=1&st=a4m2azbo&dl=1*' condition: selection level: high tags: - attack.t1555 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/748049926/f9ONgDp.exe id: auto-8a0a54e8d7819c492f4c955b5759cb2c1e6d070e7d8e3c6d806a264a9948411e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/748049926/f9ONgDp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/748049926/f9ONgDp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exehttps://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exe id: auto-912a901985b8ceb2d187364aaa9cb80753731520121a333710a7358f5eb26c47 status: experimental description: Detects traffic or activity related to https://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exehttps://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exehttps://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.52.91:39492/bin.sh id: auto-50b164689e368997b8f0e7fcbc6dc9d524ecbaf7bb317fdb0679833e2168adf1 status: experimental description: Detects traffic or activity related to http://115.55.52.91:39492/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.52.91:39492/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.mips id: auto-6391c552e4ad8fee390f0001c2e35ad952f5abfabd3c4cde390aedce1f962300 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.spc id: auto-aa2dc37510b08885cb8d3be497b7c3c3911aebeabb1ebd14c232eaeb7c2d7432 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.i686 id: auto-725d8910f616379ab41bb62c2a55580418a8f95603971ca9cbe02f71dbc5058a status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.arm6 id: auto-6c394b218fd67205dca10d16da8b3e458e948af1729685fa64c68089af86bb7d status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.m68k id: auto-ec64cd5c965b035c11d673d650add588f142cb5fa7d79f8070fd342313375077 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.arm5 id: auto-87b599beb5437a4cb73dfb566313c98c953062a255fed2eb64a8215b1ed3392c status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.x86 id: auto-64cf2e4542bdac1816bd76b9cb66b71aaba3308ea9f007de56ad55daa09d8ec5 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.arm id: auto-fe653b6367712514321f59e884e66782a71628ee25852caa38d4e5819b1c4dd1 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.arm7 id: auto-983d14803b44bb9167b60fad35e44a2a3ec394f558b536f34477309cc6ec6282 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.x86_64 id: auto-d1c8d463c146605ee52b6b445dcd57afdae6274f35c62efa87769b5f1e960ac9 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.ppc id: auto-8934549c70ea09e70b0112ee6418088ddbdae4c5b010337a43e7649695c00f66 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.mpsl id: auto-32dfc4b5abfce178c1fbba490a7ad27e3b51c7c2f63b28aacede0c8c8843d890 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.108.82.16/bins/sora.sh4 id: auto-8a7dc8572fae39eb214d016620773481c4f552fc961e2d9eb89b60c1516b7a61 status: experimental description: Detects traffic or activity related to http://158.108.82.16/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.108.82.16/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.79.163:46833/i id: auto-41062e8ea97330364f6b8d84fe017070243fb4b2d108dea876a64aea3bc9f41f status: experimental description: Detects traffic or activity related to http://110.37.79.163:46833/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.79.163:46833/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.210.234:36659/i id: auto-4c17661c2cdafc96665f5d777998f22219956812a0c71ed711e1ec708649f91d status: experimental description: Detects traffic or activity related to http://110.38.210.234:36659/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.210.234:36659/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.87.160:42757/bin.sh id: auto-27df7456c01b898091f4245a9222aec3d619bbd84b2a36032ed4d679a79a723d status: experimental description: Detects traffic or activity related to http://175.173.87.160:42757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.87.160:42757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.228.227:41496/i id: auto-abaf50f51cf6f4f0f8f689ee6adeb0a437eb68bac5aea429800c3bb32b478556 status: experimental description: Detects traffic or activity related to http://123.12.228.227:41496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.228.227:41496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.162.170:40348/i id: auto-1d49b70677e2869d07f7fcd6ac43b548ca43db9809c4183c1dddf8e12efe6ee2 status: experimental description: Detects traffic or activity related to http://123.8.162.170:40348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.162.170:40348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.169.108:38990/i id: auto-8aee002f5896779ddbb5c4db95a9e6d3244b1dcb31a167dcc07254a017f67aba status: experimental description: Detects traffic or activity related to http://115.56.169.108:38990/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.169.108:38990/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.33.74:34390/i id: auto-b9fcd4ff55a6b938449bdccc4af210fba924e60978e811906c3230536f3cc2f3 status: experimental description: Detects traffic or activity related to http://27.37.33.74:34390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.33.74:34390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_sh4 id: auto-139c1483bb26221816e65e518b652570973706a28803755c2723f5dbaf4d0d7f status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_x86_64 id: auto-0460a1392c46063f00cdf3b6007cd8aef6530ffc8ea145240ecc3503925aac54 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_ppc id: auto-b09740a6171f43d95275f457901ce2cf03ef0f37f48bafb854c33f55a2d1bc43 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_arm6 id: auto-f4f5f0b4ca5422c5ba1eabba30679f6fc42136c88a008baa81664fe0ffe0c606 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_m68k id: auto-2dab39abaffa2289df5c2e1341f544bcc8b29fc647107c473dda07326cdd3fdc status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_x86 id: auto-d9fa366c212ded5b466d201f27287fedd11a8f5f1bd416cf7b80faa2b85d53b1 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_arm7 id: auto-e98591beb51eb285b50d7648067982da6bebc4e6a99e02b9392a582e56509d30 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_arm id: auto-6bb90fbc538f693097c7867a82c8403589a41a79d362417a580bd38e734ebdae status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.198/main_arm5 id: auto-11ab801c157ea19b742f75c8aa97ec8ab032499f9b89ecaee74cd113b6d073e3 status: experimental description: Detects traffic or activity related to http://176.65.132.198/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.198/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.168.204.221:33689/i id: auto-49b58a1867b723e65ebfedd0c4b9795a4f0070e3488ba833efa881143182f315 status: experimental description: Detects traffic or activity related to http://31.168.204.221:33689/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.168.204.221:33689/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.79.163:46833/bin.sh id: auto-a09e116e4e1b241043a1b822be88b796e39a898a31a6ce8323d46cd90dc886b0 status: experimental description: Detects traffic or activity related to http://110.37.79.163:46833/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.79.163:46833/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://199.16.59.214:59376/i id: auto-a709f3237a20dcce1395795cb3b59f9cbbe242a7263df27355a467ba79f93867 status: experimental description: Detects traffic or activity related to http://199.16.59.214:59376/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://199.16.59.214:59376/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/mpsl id: auto-d7244d8cfd765f9b56aec96db5ed2458891a22169ae3d4153c1081700a2f51ca status: experimental description: Detects traffic or activity related to http://130.12.180.176/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/k id: auto-6780f42e1f81fbd844ce366214efcde0ae715624d6f6739e4a4c6da99c58366e status: experimental description: Detects traffic or activity related to http://130.12.180.176/k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/arc id: auto-b84f66984e6d1a93f7da867c3e1f7c3ced28ce9482d99327f9e8958e0cd49cb5 status: experimental description: Detects traffic or activity related to http://130.12.180.176/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/mips id: auto-4ac2d6073a49e9c601cda0a6dc99b78b21baba9bfe10dc86b88c89398d9e4c0f status: experimental description: Detects traffic or activity related to http://130.12.180.176/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/mipseb id: auto-b0fd0d3c3efb0a72669d0ca0659fb7acb43f6690c0b9006e7a8fa30b0d47ce1e status: experimental description: Detects traffic or activity related to http://130.12.180.176/mipseb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/mipseb*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.57:43094/i id: auto-1940177f1ed6ba97056891256bcf0f54bfbb59cf6fb0a3b75c92578765c23384 status: experimental description: Detects traffic or activity related to http://59.97.253.57:43094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.57:43094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.162.170:40348/bin.sh id: auto-926f546b8d1a950001ba4a5cd26b707cd499c89613225f40e0975f3f02c9acde status: experimental description: Detects traffic or activity related to http://123.8.162.170:40348/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.162.170:40348/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.141.138:51050/i id: auto-8e02683827a352c41f84784aa0ccae9da0e3c88c1529f15fe3c6c44fa562acbd status: experimental description: Detects traffic or activity related to http://116.140.141.138:51050/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.141.138:51050/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.169.108:38990/bin.sh id: auto-a02064152776478adddaed4cc68995d15c4ba0b4ddd253dae952ac906915cf69 status: experimental description: Detects traffic or activity related to http://115.56.169.108:38990/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.169.108:38990/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.56.221:33724/i id: auto-25db12f37c50b239067f6e37e6372411b8a00041545b228887c19b2f27c51afc status: experimental description: Detects traffic or activity related to http://110.37.56.221:33724/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.56.221:33724/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.152.48:47421/i id: auto-3d043eeff18a6d223b69c55bc806a980fa3514faea44d43a781c5e24548378a9 status: experimental description: Detects traffic or activity related to http://42.179.152.48:47421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.152.48:47421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.62.146:51300/i id: auto-113f287d45c703378ddb6d74b90a1eda6be963f54cc05b25b7f29141ad928451 status: experimental description: Detects traffic or activity related to http://110.37.62.146:51300/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.62.146:51300/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.0.148:52215/bin.sh id: auto-fc53d00934f793c857e4255bf8c347cc008376dff7d562cebe2421e75847932b status: experimental description: Detects traffic or activity related to http://219.156.0.148:52215/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.0.148:52215/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.141.138:51050/bin.sh id: auto-7d987f033446b00391d94d98b2970198fb9a57a8b0f2a0d7e75b0b6a67183e1d status: experimental description: Detects traffic or activity related to http://116.140.141.138:51050/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.141.138:51050/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.183.181:48097/i id: auto-6b9e07989e4336d2c4f9f73974ae16b223d1d2fd9d19d2de74f07184cf2a57cc status: experimental description: Detects traffic or activity related to http://218.60.183.181:48097/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.183.181:48097/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.241.239:45901/bin.sh id: auto-69ffc18f1393122b6641d916b5d5fb2ffac1ffceb75e5f33eda48b07ffefe0e8 status: experimental description: Detects traffic or activity related to http://113.236.241.239:45901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.241.239:45901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.217:48790/i id: auto-8996a1e5b66142f551018755213bbeb85a9c553ca6eebeee557fa9e13e72da66 status: experimental description: Detects traffic or activity related to http://110.37.97.217:48790/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.217:48790/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.33.10:38495/i id: auto-f39eaaeda5dc43ad9094628111420049e7c63efe7a1c4217c4a7c2010a7f87f9 status: experimental description: Detects traffic or activity related to http://27.37.33.10:38495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.33.10:38495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.180.9.52:32901/bin.sh id: auto-e03d8780cb2a09611cabb3b7355742a1d403b8dea8973f4fe26be3fa6e9c1624 status: experimental description: Detects traffic or activity related to http://119.180.9.52:32901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.180.9.52:32901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.254.94:49437/bin.sh id: auto-46ec92b66ad8c531c916248b93be190fad3f5463d566fae67cb7ba584b7f47c8 status: experimental description: Detects traffic or activity related to http://175.175.254.94:49437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.254.94:49437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.151.18:45737/i id: auto-e3cfa26dd7721b417902dbc6ec629ed02e2ac19ecad02dda241e5cfdf947058a status: experimental description: Detects traffic or activity related to http://115.48.151.18:45737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.151.18:45737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.94:40149/i id: auto-b147ea6a7999cccbd87f253ad8f64a5c11880d913a5c9c6326b4d974e29e4abc status: experimental description: Detects traffic or activity related to http://110.39.235.94:40149/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.94:40149/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.62.146:51300/bin.sh id: auto-6a4641f0badb73e69c20789b2829f61432a6b44c2f07e0d9ced3ea705f022d9e status: experimental description: Detects traffic or activity related to http://110.37.62.146:51300/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.62.146:51300/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.248.104:57364/i id: auto-3851873dc9c484b1adb0ca99898bc5926a02147192935c5154851d80e7fb73b0 status: experimental description: Detects traffic or activity related to http://115.50.248.104:57364/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.248.104:57364/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.19.113:38391/i id: auto-92e8c1a7e2eb7f638a007873a29bcf139eb3278b9cfd727977f322164c32b400 status: experimental description: Detects traffic or activity related to http://221.202.19.113:38391/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.19.113:38391/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.217:48790/bin.sh id: auto-963e9be40df8f9c473779949f509560baa0c35672cc620514f85bcb7e0d7e701 status: experimental description: Detects traffic or activity related to http://110.37.97.217:48790/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.217:48790/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.94:40149/bin.sh id: auto-e8731db0d1ebe1d00c78cf80b249c3c1c859810f70689deff93cb5f593fda2d1 status: experimental description: Detects traffic or activity related to http://110.39.235.94:40149/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.94:40149/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.151.18:45737/bin.sh id: auto-af2fe872fc167d0ad6f21eb10013a5bac0a53a63473f0970984c794fb44c8424 status: experimental description: Detects traffic or activity related to http://115.48.151.18:45737/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.151.18:45737/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.19.113:38391/bin.sh id: auto-298bce30bb4b47396603a732cde4435aabece2f86cd96e7db7cceade44cf184f status: experimental description: Detects traffic or activity related to http://221.202.19.113:38391/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.19.113:38391/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.89.117:52065/bin.sh id: auto-39790586e53af840a29be2cc04b5a1a1eefb44b61ade846c9955c165c2496aa2 status: experimental description: Detects traffic or activity related to http://120.61.89.117:52065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.89.117:52065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.34.242:60110/bin.sh id: auto-9ec4a2f08e97ebfab8b5b73d5f826f43fb850ebb722f25ea8420d8ce98eafe27 status: experimental description: Detects traffic or activity related to http://42.6.34.242:60110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.34.242:60110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.8.240:33030/i id: auto-6d93d4af17562ddddab6d5a7cb6b0168da4b68c5596a948ca445469514a34f92 status: experimental description: Detects traffic or activity related to http://123.11.8.240:33030/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.8.240:33030/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6691015685/4rGzwwB.exe id: auto-20612e2f68b1f56c4c766e755b57f29377edf7e00062ee749d23348e626ec3fa status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6691015685/4rGzwwB.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6691015685/4rGzwwB.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.247.114:39539/bin.sh id: auto-96509190334410c8761e0f8853ac2c7df7ba201944e89acb9f5c4ba0b261951f status: experimental description: Detects traffic or activity related to http://116.138.247.114:39539/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.247.114:39539/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.182.105:54275/bin.sh id: auto-f5c491d34ab926fd613651701e30d67200f84887f989a9a24b54754cad6be74c status: experimental description: Detects traffic or activity related to http://59.97.182.105:54275/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.182.105:54275/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.8.240:33030/bin.sh id: auto-088e55b1b36219c6f0e9c1c1f37ff2a2433e6b8dc7cc2c96705e69c502ff4931 status: experimental description: Detects traffic or activity related to http://123.11.8.240:33030/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.8.240:33030/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.215.79:48535/i id: auto-1d5221208e7c04e2d207c4b1bcc68502f4db97542d064aca66c054a87062a2a3 status: experimental description: Detects traffic or activity related to http://27.37.215.79:48535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.215.79:48535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.119.117:43244/i id: auto-bd0963f914bf1a454d4076c40cf9abcc894423bfbc9b162e6ca25c1ccda8d12d status: experimental description: Detects traffic or activity related to http://123.188.119.117:43244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.119.117:43244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.63.130:54409/i id: auto-6ab35720dac7092eb3e9eac7379e677a2b37005010171224f9597123c2aba5c6 status: experimental description: Detects traffic or activity related to http://27.37.63.130:54409/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.63.130:54409/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.193.97:58556/bin.sh id: auto-ed69f824e3707748228206e03416d2c1d96494467044648e7d710de1d19a7412 status: experimental description: Detects traffic or activity related to http://117.241.193.97:58556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.193.97:58556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tons25 id: auto-c491bca64d9f5567dc1ba828e503a825ad2b7a4fad8c4205bd425c21536236e2 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tons25 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tons25*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/pet12 id: auto-4c0c51dc647458858d6066562d6e5c1511d9052b306b2ab8d99b761c801d7b7a status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/pet12 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/pet12*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.46.143:42838/i id: auto-de3581ef48d65aaef3e26c568192c73cd5180c18957222c466cf7dec003932cb status: experimental description: Detects traffic or activity related to http://42.228.46.143:42838/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.46.143:42838/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tu20 id: auto-fa5086d873ee7da9ded9a7927bff41289d2af2e41f4e9f513c9f6a8cb9de4293 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tu20 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-250-cloude/tu20*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-13-fd-cloude/sten47 id: auto-6abc110c7c53f66a9c3c1f3c108d93fba0a35e83994f6509984ee3c7f2072c3d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-13-fd-cloude/sten47 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-13-fd-cloude/sten47*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.187.17.22:58193/bin.sh id: auto-d47175373be65b4546ef53d5e21b342a5885d40c00f3459cabdf463f9cd6d9c3 status: experimental description: Detects traffic or activity related to http://78.187.17.22:58193/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.187.17.22:58193/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-ky/roj19 id: auto-22c25b42a570d315d1f982810f2d0f7a70faa8f616d784b0ef4c6f8a1d476097 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-ky/roj19 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-210-so-api-ky/roj19*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/put200 id: auto-e5b9869466c5058061e458c54da4cf8574b966b2a440613831aa5a0c5a73c3de status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/put200 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/put200*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/tem41 id: auto-464e1a9f9f95432d66a09b413715d87fce8eaf5e1fbfa206ea3c869f9ec3ff14 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/tem41 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-180-set-api/tem41*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.1.26.13:47291/i id: auto-4d06898b2ca7460b4b27e4658cf70ed8b25e29dd5fac0e6f8fd88f1a2dc6d707 status: experimental description: Detects traffic or activity related to http://202.1.26.13:47291/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.1.26.13:47291/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.192.33:43150/i id: auto-a8c0a3812995c994e33c2d4742cc71ba946eb86fbdb3d4f671aa3e64f43bdc7b status: experimental description: Detects traffic or activity related to http://176.226.192.33:43150/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.192.33:43150/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.170:49013/i id: auto-2ae2ce5ea07ca3174fe5319bad13d3bd5f46d2bbba061dcfd3c52e295543017a status: experimental description: Detects traffic or activity related to http://110.39.228.170:49013/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.170:49013/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-ls-key/7fnk id: auto-89e3a0cccee45f15bfae882113009b628c6d7f2f7453f476eb68a01095f72f10 status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-ls-key/7fnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-70-api-ls-key/7fnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.148.74:43579/i id: auto-385729bfbb443f3e21cd40070c123b6a6303402ca7457de68400d99ff26f6c2c status: experimental description: Detects traffic or activity related to http://123.4.148.74:43579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.148.74:43579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.4.114.245:53505/bin.sh id: auto-3d2cdc07af616c31c559a49d359f0e1dd1a4f0d875bfe24d8636e4f9ac99d846 status: experimental description: Detects traffic or activity related to http://42.4.114.245:53505/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.4.114.245:53505/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.244.220:60692/i id: auto-dddc98ae4896a6a3bfa23101d04f587dca9a5a8635dd47f0dfe6c0a2453d3e50 status: experimental description: Detects traffic or activity related to http://123.12.244.220:60692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.244.220:60692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.244.122:35384/i id: auto-19812a6b32efe38a1b1ee3ece228060798ddb0ea0f715d102ce74a347ca34c97 status: experimental description: Detects traffic or activity related to http://42.228.244.122:35384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.244.122:35384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.201.178:50931/bin.sh id: auto-f1083c1d19967a83ad342c9c56bb7072f12d40e43c62caf5514195db03721da1 status: experimental description: Detects traffic or activity related to http://42.227.201.178:50931/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.201.178:50931/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.63.130:54409/bin.sh id: auto-9b587d37d696c27636fa7670305750e78dfc7f7657b68aba31e6c04fb798c464 status: experimental description: Detects traffic or activity related to http://27.37.63.130:54409/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.63.130:54409/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.206.197:41683/i id: auto-a183e5d78b083fd83b9c895b7e6872eaf70427cf7a5cb2a154369ffeb118c1c1 status: experimental description: Detects traffic or activity related to http://42.225.206.197:41683/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.206.197:41683/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.121:54083/i id: auto-dd48f2382deae96aa159185a24c4b6c302a38c4ed3a0644d8270ccfd3ebefa8e status: experimental description: Detects traffic or activity related to http://59.96.137.121:54083/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.121:54083/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.148.74:43579/bin.sh id: auto-d681995e684539abf12f3089b30108b11747bd432ba9c530f22ead85dc02a7e3 status: experimental description: Detects traffic or activity related to http://123.4.148.74:43579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.148.74:43579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.15.104:47840/bin.sh id: auto-851c3d0f7be0fbf7ea5df01dc0ade254b892d9fbb51315df6a880a785a66dd9e status: experimental description: Detects traffic or activity related to http://42.179.15.104:47840/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.15.104:47840/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.180.9.52:32901/i id: auto-e53c11f15b9e44750e380930641755d678e2189bbde0592bce552cdbf9eb1650 status: experimental description: Detects traffic or activity related to http://119.180.9.52:32901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.180.9.52:32901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.spc id: auto-509df9cb40fbb96eb0e7e4446789b478ef03818a8a84979ffdcbd6c6835def01 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.mpsl id: auto-9a6e3174e32a2c8973aee24072968c6304af5d108aa8dcd5c28832d9849af117 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.arm6 id: auto-889d0c00ecb98f22bbef9782ad9905a9bb7eebfb579c601d8a881e61e3c228d4 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.m68k id: auto-00fdb188c77f0a5b23f40000954b46ea8853c2463f109021b8b596d06a40fd6f status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.arm5 id: auto-2dd472602087f8748096061e3cc41bf4f5d0fe72c4ff86ac0353af5f399fd673 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.arm id: auto-7efde9feb720e64a225e6c2accdb20e2acf5607ef00e0a4a943440ad31af75e4 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.x86 id: auto-73a67e175281420c8c893c3dff5727ef4615e44d1d157dc18b5243d3d5d43467 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.mips id: auto-9a61b9b4c85c8fea4fb562fa5e731b1fd24eabac086dbf243012208dec4a56a9 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.ppc id: auto-820c00ac56abc5b8c9e13eee67248213e6c6249982f10fde2ff9507ff863dd1a status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.arm7 id: auto-1ef0f14174951f4de9c84c6c920f595cbdb153aeedbd810edd36ad6a7ac96b89 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.60.237.59/bins/UnHAnaAW.sh4 id: auto-fc0d44d2b5ccf57bd53a47c32292de32929d6f91d19e590e13d093f684dc3ce5 status: experimental description: Detects traffic or activity related to http://72.60.237.59/bins/UnHAnaAW.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.60.237.59/bins/UnHAnaAW.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.244.122:35384/bin.sh id: auto-ade61f28242ba3870d77de6740925da9d45554490d4ffc9c5d3db753274adb1e status: experimental description: Detects traffic or activity related to http://42.228.244.122:35384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.244.122:35384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.244.220:60692/bin.sh id: auto-1617ff44b85e4ff986022174ddc0c71fc8da22866dc8ecefda952a9c6b6db8e4 status: experimental description: Detects traffic or activity related to http://123.12.244.220:60692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.244.220:60692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.210.214.164:47065/i id: auto-b194c56a52484d0e13f589bf9490d9b0673cb7862a1fa34ff34e679d35ee05f3 status: experimental description: Detects traffic or activity related to http://117.210.214.164:47065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.210.214.164:47065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.162.13:57946/i id: auto-7c3074021d1dfcc894f9397658eab03d1ceab4fb552097855b8a113ab7a59de3 status: experimental description: Detects traffic or activity related to http://115.48.162.13:57946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.162.13:57946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.206.197:41683/bin.sh id: auto-5466eaee78b8b4e369800c46f7a7bb1798041db0e130bf6a2503507b483a2735 status: experimental description: Detects traffic or activity related to http://42.225.206.197:41683/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.206.197:41683/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.43.143:57949/bin.sh id: auto-247e8238d07c15a7ca6660b754876aebb7669a593e52ca22f6eb2fe7ba4283a5 status: experimental description: Detects traffic or activity related to http://115.57.43.143:57949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.43.143:57949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.88.82:37596/i id: auto-57ecbba521f75471bc9096fc2769c19303177d1857192b762b3d854ca8046393 status: experimental description: Detects traffic or activity related to http://27.37.88.82:37596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.88.82:37596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.210.214.164:47065/bin.sh id: auto-5fd61b3a290848574f45fc06dd73e3ef396133c23e2ddb8f2c40c43021d7b8be status: experimental description: Detects traffic or activity related to http://117.210.214.164:47065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.210.214.164:47065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.162.13:57946/bin.sh id: auto-a2148b61cf7c3f3549e6929008a2ec690f7b838217af3e04729d7b65ff5b5353 status: experimental description: Detects traffic or activity related to http://115.48.162.13:57946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.162.13:57946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.29.179:54386/i id: auto-43cde5d906ff75d6eeeceac338cf2afec22718a21710c7676fc1211ba6009923 status: experimental description: Detects traffic or activity related to http://115.59.29.179:54386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.29.179:54386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.77.175:46385/i id: auto-98f3fa282b2baa759c45dba5fec21b004d08d9716b43f7717acb763848d870ad status: experimental description: Detects traffic or activity related to http://175.149.77.175:46385/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.77.175:46385/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.232.13.17:45657/i id: auto-cb16b1c88cbfac55549909a832e9acc22631bd444cd249a11beb72585611a6cb status: experimental description: Detects traffic or activity related to http://117.232.13.17:45657/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.232.13.17:45657/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.199.16:57950/i id: auto-0e811c2c73b77ed15adc3d57d078c011a19a2f4474aa4e5b2ef58d5ce3362382 status: experimental description: Detects traffic or activity related to http://42.230.199.16:57950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.199.16:57950/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.34.60:60702/bin.sh id: auto-7359647767028370ec2e19abe97e373ce009fc21c3e9b966426f7d451cd9a79b status: experimental description: Detects traffic or activity related to http://182.117.34.60:60702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.34.60:60702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.151.2:38909/bin.sh id: auto-4f83014c13460bb356ccc3503f02ceee6b6f0c949cf96eafabecda70726196ea status: experimental description: Detects traffic or activity related to http://39.90.151.2:38909/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.151.2:38909/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.59.128:34885/i id: auto-56b1592b988721b9398edfdb1d6d1f975eb760e511a5a8aa829e173010a73de0 status: experimental description: Detects traffic or activity related to http://117.241.59.128:34885/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.59.128:34885/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.201.179.156:49633/bin.sh id: auto-576d863563855f5ad6987161e8feee3cbb9f6bd7d670e05e433c745d9599760b status: experimental description: Detects traffic or activity related to http://117.201.179.156:49633/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.201.179.156:49633/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.232.13.17:45657/bin.sh id: auto-ca0020fb3d88767593bd3f20b0982f232a2d2d45c857fe33155968b5d618fbd7 status: experimental description: Detects traffic or activity related to http://117.232.13.17:45657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.232.13.17:45657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.169.118:57345/bin.sh id: auto-8c873b9082599f365b34c5da0c3dd0e79423a4e80dcee4ab7e2a31a14776b28c status: experimental description: Detects traffic or activity related to http://42.235.169.118:57345/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.169.118:57345/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.77.175:46385/bin.sh id: auto-4fdf64080af58bff5ad4008f76ea17fb690ea3d823c33466ae1deecc1e3e98a0 status: experimental description: Detects traffic or activity related to http://175.149.77.175:46385/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.77.175:46385/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/frost.yarn id: auto-bd0fec5097208c50fe68667ae83efeb2ce28c66eb2320f2ae54df928661faf4e status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/frost.yarn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/frost.yarn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/frost.rtk id: auto-534019039a56d579ea0b9371e857f716b01c603cbb3cf61475377396b292ca86 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/frost.rtk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/frost.rtk*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/frost.zte id: auto-b675908c3d8e7273cdff1b0fd478d637dd5c6affb1c86fda82b647cf591c3644 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/frost.zte which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/frost.zte*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/root id: auto-8a257fb53be974d6ce3c16688384e0851947750d3ae45b157f41a1b464bb6be2 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/root which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/root*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/arc id: auto-c07305f204872fc1ee3b0a4fcf6d9c840445d1d20c23f3984754cdd49d39a39b status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.231.54:49359/i id: auto-50fc0d4b58effec4e968fa133d06c976c78bc41b1f5305b41c966496e442c496 status: experimental description: Detects traffic or activity related to http://222.139.231.54:49359/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.231.54:49359/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.59.128:34885/bin.sh id: auto-a7d775362ae71e4264950a70049f5173d64ca1ad6b74a0148518ffb7c9f552c3 status: experimental description: Detects traffic or activity related to http://117.241.59.128:34885/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.59.128:34885/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.196.249:35234/i id: auto-1c580a2bfc47601618cab9e9e7305b7bdc62947bfa441ef3db423c580422a332 status: experimental description: Detects traffic or activity related to http://42.230.196.249:35234/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.196.249:35234/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.76.211:56157/i id: auto-fdc2812f8fb185248ed77530ec844917f0bb7868e3e1a45a52ee6eae008aa57a status: experimental description: Detects traffic or activity related to http://59.182.76.211:56157/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.76.211:56157/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.28.86:38867/i id: auto-3d73c3894f1c1032d1aa31f3924dc08b95c1d219c7f7bbf5459841605a997319 status: experimental description: Detects traffic or activity related to http://182.112.28.86:38867/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.28.86:38867/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8276299418/wm8YwCC.exe id: auto-8ce70c2402e878d876420f0c606d3da3adbae435d647fa1136c52a2663febaff status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8276299418/wm8YwCC.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8276299418/wm8YwCC.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.196.249:35234/bin.sh id: auto-2c19b115edd1e66a5132c12fa351c277c9522327ab9adb6795702d31fd6cd55d status: experimental description: Detects traffic or activity related to http://42.230.196.249:35234/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.196.249:35234/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.231.54:49359/bin.sh id: auto-6efcb0f6113a14f3a4456660391363785432b00a5aed1017a90a404b889047a9 status: experimental description: Detects traffic or activity related to http://222.139.231.54:49359/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.231.54:49359/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.105:48700/bin.sh id: auto-33175567188263ce0c1b9ba1adb0d51a3b3528592cce2597dbfec0a30b53311f status: experimental description: Detects traffic or activity related to http://168.195.7.105:48700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.105:48700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.76.211:56157/bin.sh id: auto-db27f00a6e80b4a2dc362cdb51dbe237da622258cd647414ebff5706cb232f85 status: experimental description: Detects traffic or activity related to http://59.182.76.211:56157/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.76.211:56157/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.137.224:39679/i id: auto-1751ee4143f839e5357f6052d5655bf08c2686c15ca078d102c424ee2d8324c0 status: experimental description: Detects traffic or activity related to http://119.116.137.224:39679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.137.224:39679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.174:38147/i id: auto-8d1323453110c9facbd510bf7ee5417e01f55a7297e8a6e677afd208595ca34c status: experimental description: Detects traffic or activity related to http://110.36.0.174:38147/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.174:38147/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.160.233.162:34663/.i id: auto-445e99597661058cc28865f8e176be2bef6d77f968bdad1527fd080e80559132 status: experimental description: Detects traffic or activity related to http://2.160.233.162:34663/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.160.233.162:34663/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://153.0.69.12:37259/bin.sh id: auto-068b1479f66afd99d53e33a3de0095766c99b33783f3c9ed25045876c0434945 status: experimental description: Detects traffic or activity related to http://153.0.69.12:37259/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://153.0.69.12:37259/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.167.57:43395/i id: auto-1d6b93caf9837fe6d2df040521c568f09a03afa174d104c398f20fcab5bb7040 status: experimental description: Detects traffic or activity related to http://42.229.167.57:43395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.167.57:43395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.174:38147/bin.sh id: auto-2e5f0037026c3be92fe88414e4bb575cc2978c62b5d7b8dc2572b6c504687c67 status: experimental description: Detects traffic or activity related to http://110.36.0.174:38147/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.174:38147/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:37795/i id: auto-fb3c06f486d5bc4ebc40e06e3fdab9e6d13f5416500a7fc0d1fe626b9a19770a status: experimental description: Detects traffic or activity related to http://110.37.78.200:37795/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:37795/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.43.143:57949/i id: auto-54a6f97028424dd1f779cdcc8cae379e03fa4c7a674462ec5f05f1a314bc6db6 status: experimental description: Detects traffic or activity related to http://115.57.43.143:57949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.43.143:57949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.210.234:36659/bin.sh id: auto-6d8c2fe946fb4467ebbbaf1771be5a10fd31eb24d5cb20c951a8488d31318d6d status: experimental description: Detects traffic or activity related to http://110.38.210.234:36659/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.210.234:36659/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:42013/i id: auto-4e199f21aafbe9246a5fbf511a747447feb33dc99fae4d040972f4d6d04aea20 status: experimental description: Detects traffic or activity related to http://36.64.174.50:42013/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:42013/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.200:37795/bin.sh id: auto-6a1d35169aeed3f58e19c50b481b817a06626822e688203fd03599d126a993c4 status: experimental description: Detects traffic or activity related to http://110.37.78.200:37795/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.200:37795/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.3.151:54393/i id: auto-50c56a00adc5e28e7e5155b38d0c691fe587ac9c6ff79eef266c200aa1f21297 status: experimental description: Detects traffic or activity related to http://61.52.3.151:54393/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.3.151:54393/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/2038862353/SSn354D.exe id: auto-530c4cd60b8b2a2e9fa05eed3d0a545d94046336cc11c08ad4c1a84e16552aae status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/2038862353/SSn354D.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/2038862353/SSn354D.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.59:52731/bin.sh id: auto-6f5e6123ddf4cd097001e0dae393490c867d293aa0f8dc97d8759404fde60957 status: experimental description: Detects traffic or activity related to http://110.37.90.59:52731/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.59:52731/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.223.21:57726/i id: auto-9fbfbbd4532fba77be5f528022c95c49f7153448ed5cfc526146c76ee55f20a2 status: experimental description: Detects traffic or activity related to http://182.122.223.21:57726/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.223.21:57726/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.1.82:56856/i id: auto-a1db1f0cbb580d8a1f4496b71c889b2c1c986ea09d15ad25ac327b5ee9539696 status: experimental description: Detects traffic or activity related to http://60.18.1.82:56856/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.1.82:56856/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:42013/bin.sh id: auto-3e48f8df7414f2111be9ad9e97bb4f9891bd9f7e72d752bb4acd01ace9309495 status: experimental description: Detects traffic or activity related to http://36.64.174.50:42013/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:42013/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.196.82:53479/i id: auto-acd88d3b8309094a6db4af8f38fdb48fb643f642d78cf8efc42a55ca24cec9a5 status: experimental description: Detects traffic or activity related to http://175.165.196.82:53479/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.196.82:53479/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.3.151:54393/bin.sh id: auto-4777570fa2d8d71761ab469583349966eebbb2732138f787b46c060d7b1d3ecb status: experimental description: Detects traffic or activity related to http://61.52.3.151:54393/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.3.151:54393/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.70.53:53196/i id: auto-1edb38900713e7642b25ed749eb7e69d7bcb6ad26086dbca14a875d91f1cfac8 status: experimental description: Detects traffic or activity related to http://42.226.70.53:53196/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.70.53:53196/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.143.1:33550/i id: auto-00639888c36e8bd1e1217dcf5ddb62b0386c0193a7222190f829238675674d89 status: experimental description: Detects traffic or activity related to http://27.215.143.1:33550/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.143.1:33550/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.208.238:46749/i id: auto-055a1b33280db68d214e42e62444836fc26e9c1db8ccd907c1b66da76e8b4362 status: experimental description: Detects traffic or activity related to http://60.19.208.238:46749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.208.238:46749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.223.21:57726/bin.sh id: auto-ba0727c54f434e81e85e13d927be989b0001d2f20e72d99aeecdbbae8c5644d2 status: experimental description: Detects traffic or activity related to http://182.122.223.21:57726/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.223.21:57726/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.1.82:56856/bin.sh id: auto-38eb6aa018435908d45ff8aaead4d01b9ff6f7b85cbaa0206bb3dd01891a027c status: experimental description: Detects traffic or activity related to http://60.18.1.82:56856/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.1.82:56856/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.123.101:19851/i id: auto-3f7ebf70cb371e53077d0e507e6841c5d9a94aef90a3efa1dcd0c87a077ff506 status: experimental description: Detects traffic or activity related to http://123.14.123.101:19851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.123.101:19851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.61:55998/bin.sh id: auto-db5df36a70fb2c1dc457aa187caa6e07e87e6ccde4c48f398abe66fa28345b3c status: experimental description: Detects traffic or activity related to http://110.37.55.61:55998/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.61:55998/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.143.1:33550/bin.sh id: auto-ab0ea2766a5bd112a9b1cb7b187143e00a7a4b7f0a6eada586dc9aaf35b3608b status: experimental description: Detects traffic or activity related to http://27.215.143.1:33550/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.143.1:33550/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.0.74:57673/i id: auto-a48f0ffef803e4952edb92b388ce8ec13b1bb955fbda717801acd9223845effa status: experimental description: Detects traffic or activity related to http://112.248.0.74:57673/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.0.74:57673/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.123.101:19851/bin.sh id: auto-059c9bf8116da968d2651c36c336a74664f11fdfd78744864942dfde2373f59d status: experimental description: Detects traffic or activity related to http://123.14.123.101:19851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.123.101:19851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.142.48:45020/i id: auto-3981e3a62cd5319ffdc22a5035c9a32b58ce45f708992f3de55ab360e50fee75 status: experimental description: Detects traffic or activity related to http://59.96.142.48:45020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.142.48:45020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.34.109.121:35918/i id: auto-bdec9a6e6fa887e3f3d95c44dd413662025279c16af37db0ad0ce72763313227 status: experimental description: Detects traffic or activity related to http://118.34.109.121:35918/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.34.109.121:35918/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.26.165:32964/i id: auto-257c01125f5870755d960150032a03e2d380afdbeb83255f518dd613d7cbc429 status: experimental description: Detects traffic or activity related to http://117.248.26.165:32964/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.26.165:32964/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.0.74:57673/bin.sh id: auto-f1197612a375aa8f98656d59fffd5496ed861b79b6a82adc5853abb5a9667001 status: experimental description: Detects traffic or activity related to http://112.248.0.74:57673/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.0.74:57673/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.201.213:56245/i id: auto-dc07091cef99dd1b68bf967ad32eff9e00c33163b254b37673bb47027c063a0d status: experimental description: Detects traffic or activity related to http://42.57.201.213:56245/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.201.213:56245/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.254.197:55723/bin.sh id: auto-7cc5d663540978a9331fa61b83e0f01c3a1865a8e2a00501f78532345bac37a3 status: experimental description: Detects traffic or activity related to http://219.157.254.197:55723/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.254.197:55723/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.46.250:47605/i id: auto-13dc9c23b935cd7ab322839bdca7a55f69bc8c06f70c816ffa940953c010a4a3 status: experimental description: Detects traffic or activity related to http://125.40.46.250:47605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.46.250:47605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.142.48:45020/bin.sh id: auto-0264a7a0596e0cc05b2e50e29d973d34dd88f5ad924939761b39f90f02bb0645 status: experimental description: Detects traffic or activity related to http://59.96.142.48:45020/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.142.48:45020/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/Documents.exe id: auto-01a31425fd7c161701f72b1c726e445b9886ced83e375e01ccb57b6fb29dfe1b status: experimental description: Detects traffic or activity related to http://62.60.226.159/Documents.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/Documents.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.26.165:32964/bin.sh id: auto-f0ec25ac8ecab3f42252b935773b940a740f45bc2e5e9ee4099eccf0c5e2cef9 status: experimental description: Detects traffic or activity related to http://117.248.26.165:32964/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.26.165:32964/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.195.50:57371/i id: auto-a49ca92c50363ae52b450f4ce6aa43a680e90a13306bff7f3060053664fa6915 status: experimental description: Detects traffic or activity related to http://123.12.195.50:57371/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.195.50:57371/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.253.170:45851/i id: auto-81e088e8a8a4cce29eac546039d38b81ea968182d543791a11e23ab832b925ad status: experimental description: Detects traffic or activity related to http://119.117.253.170:45851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.253.170:45851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.166.248.15:38639/i id: auto-20644ceba89bcd1f40a2366eb85ae7089eb15102496c89fc36b1514dcfdfbd95 status: experimental description: Detects traffic or activity related to http://222.166.248.15:38639/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.166.248.15:38639/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-113-cloud/eos24 id: auto-ec1a30cb3899bd5a1e95e9309b5dc5b7a2b20ce87aeecc389d5a18f1b24b7e9d status: experimental description: Detects traffic or activity related to https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-113-cloud/eos24 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cdn.jsdelivr.net/gh/gstatic-kh5q6ekh/cdn-113-cloud/eos24*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.30.45:49703/i id: auto-e04b2b1d73fced073ff34db893aa39ba66f561182c8254c4d85875595eeebf9e status: experimental description: Detects traffic or activity related to http://110.37.30.45:49703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.30.45:49703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.255.247:59330/i id: auto-2880086e07601d322c2860949f82770b19542386d8d95631552ea9cdb39ec76a status: experimental description: Detects traffic or activity related to http://110.39.255.247:59330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.255.247:59330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.13.173:56897/i id: auto-9a5f23964398537650b7859ee9f375e233a77b944e4707f7ac0be4ea12c8f473 status: experimental description: Detects traffic or activity related to http://42.238.13.173:56897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.13.173:56897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://scrroeder.com/js.php id: auto-6df797b50ba5a5dee13c4de59cc86d4a689c6cffd3d24f435470aa22deaa74ee status: experimental description: Detects traffic or activity related to https://scrroeder.com/js.php which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://scrroeder.com/js.php*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://scrroeder.com/1q1q.js id: auto-7a7a51c3fefb096f751c6a895213938c33542053c2ea2792f0c033a5611333a7 status: experimental description: Detects traffic or activity related to https://scrroeder.com/1q1q.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://scrroeder.com/1q1q.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.34.60:60702/i id: auto-4b8b2296087f160da86111cbf1d5ed1cc25f67da63435944da75149164657262 status: experimental description: Detects traffic or activity related to http://182.117.34.60:60702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.34.60:60702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.113.32:51838/i id: auto-8c804a2b81ace0888afbb9e495395b3747fc5fd85e42cddde45c796cec54cf65 status: experimental description: Detects traffic or activity related to http://115.61.113.32:51838/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.113.32:51838/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.187.17.22:58193/i id: auto-266322a4a95f10fa6dd7af2df00ed2a954d90c6ce6d2c652b73f138979385af1 status: experimental description: Detects traffic or activity related to http://78.187.17.22:58193/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.187.17.22:58193/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.23.134.170:40361/i id: auto-6794ef86ed1538dd4c24ab0a2af7bf2e198bdb28678db3caf7c2bf451ecfbaf4 status: experimental description: Detects traffic or activity related to http://183.23.134.170:40361/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.23.134.170:40361/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.48.247:59673/i id: auto-8ea594e7d2fc6d4eaec4a2b31f6b4f53c3d0f9f2706b19a3bbc24311f26efe40 status: experimental description: Detects traffic or activity related to http://42.235.48.247:59673/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.48.247:59673/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.146.238:57241/i id: auto-f09fb76e070ae6ebde93875581ac9166863abcca79793c6f3c7832fa9de1f140 status: experimental description: Detects traffic or activity related to http://61.1.146.238:57241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.146.238:57241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.29.136:56012/i id: auto-b4b9e2a53fe8fec19c60a9d26c5100a8a54476201a4611f4c247b23726e2852c status: experimental description: Detects traffic or activity related to http://42.224.29.136:56012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.29.136:56012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.239.90:32978/i id: auto-30c6e22fa703bdeaee4a2ad7cf1324d0f06dbc9f1f19934aea6397b6a787661c status: experimental description: Detects traffic or activity related to http://42.85.239.90:32978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.239.90:32978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.155.142:42927/i id: auto-add0a3da1772e4060af484f27e35fb91cb20607d0ed18677c605518773bfa92d status: experimental description: Detects traffic or activity related to http://42.235.155.142:42927/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.155.142:42927/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.192.11:48603/i id: auto-6955b1bf02f3cecdd0693384771a4339e8b8b17d30efb116e1ca44f0f9832ac2 status: experimental description: Detects traffic or activity related to http://182.122.192.11:48603/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.192.11:48603/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.arm5 id: auto-b72cdfe089c06847a8db44163201b65c6d131069b7eed9068e0542759e470b20 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.ppc id: auto-d3ec10f5c59cb93ed7a8bda2121e4292c9fafc4974c7c95cf920feba710b7f10 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.mips id: auto-a953a6f53deb80eeede422af4019ed3bca6f50ae4983f529311089d9937116e8 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.spc id: auto-a6b019a9ffa75e04b5c0c08445dea93ff1e54b52341a34cfddd2e1118a09a805 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.arm6 id: auto-5fa094c65984b328861bb0e65c943ffbc2b357b3c206ee427bf55876f35f9f3b status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.mpsl id: auto-e8a9e12e99aa2e04563f8c9fc9404afdf2c29adc1b60411397ccce4a817464ce status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.arm id: auto-78175cda365a7b874bc0148285ee68ba06e157b77e4b891d48c7918ca365b0fb status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.sh4 id: auto-da50d16d535da3a4aadfb73f0f6b2a0d88784e620f6beba58f9046b79c84125d status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.m68k id: auto-55bdbbdf17346636c7c85311df8b8b8f95e3f78a8783c4e1b65e26a095b65a79 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.arm7 id: auto-2a5ef261adc1212a8b7d1550bc0390d667e7278ce55cd8c2953449b419a43721 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.201.213:56245/bin.sh id: auto-6bae3fb124adb708b5949d5657aa1004ae58bf4b12562b4e14859abe9343d1ae status: experimental description: Detects traffic or activity related to http://42.57.201.213:56245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.201.213:56245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.46.250:47605/bin.sh id: auto-200f66283f34ec350bda2746bcffe74cf91165b94936db7d999b02cbd410a666 status: experimental description: Detects traffic or activity related to http://125.40.46.250:47605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.46.250:47605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.19.150:55376/i id: auto-b897a284effced7285d0bf7ab7ce86ad524ce9c93cb5051eb77c352a57b5476e status: experimental description: Detects traffic or activity related to http://117.206.19.150:55376/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.19.150:55376/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8242164509/DTFFH1k.exe id: auto-8d8cacdf829f201f130a9b1b53e1c1613d64c0091aeb3b2cdbe8e375c79a570f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8242164509/DTFFH1k.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8242164509/DTFFH1k.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.195.50:57371/bin.sh id: auto-dc210952e30b55710e5d75c4a0a201757572bf1b00470152daf8b47a8e94fb12 status: experimental description: Detects traffic or activity related to http://123.12.195.50:57371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.195.50:57371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.192.11:48603/bin.sh id: auto-b5b669d0542704c05cecef3849df173d6580e9ece0589fef37e2f0288b4a96f8 status: experimental description: Detects traffic or activity related to http://182.122.192.11:48603/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.192.11:48603/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.253.170:45851/bin.sh id: auto-cd4b778b9db6f81173e0af33f1dbda7338f896c1f59bbf7e82980ea7d6e8eb5a status: experimental description: Detects traffic or activity related to http://119.117.253.170:45851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.253.170:45851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.29.136:56012/bin.sh id: auto-80c36840a922ea0bb5ee80ca28f10847c343955a1777f177a3ab2dfab21159a6 status: experimental description: Detects traffic or activity related to http://42.224.29.136:56012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.29.136:56012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.167.57:43395/bin.sh id: auto-f73dd7475cab3947bdc6128387fa43743b39407ff14ccd9d2257feab8ebdc0d4 status: experimental description: Detects traffic or activity related to http://42.229.167.57:43395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.167.57:43395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.155.142:42927/bin.sh id: auto-0616444736db3d3a335be107b81dd6b17b6c67bc9810519271b8ecc7cc07675f status: experimental description: Detects traffic or activity related to http://42.235.155.142:42927/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.155.142:42927/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.0.67.38:40685/i id: auto-ffb14a82a92fe3f6867825ee95b8ae8a6f7cdafc843fc6d718a7b6f34d3cd7b5 status: experimental description: Detects traffic or activity related to http://61.0.67.38:40685/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.0.67.38:40685/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.19.150:55376/bin.sh id: auto-356c77093801053e1a6c23ecc45bee14f3f3dbf60562a71f6bca8f8540128587 status: experimental description: Detects traffic or activity related to http://117.206.19.150:55376/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.19.150:55376/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.239.90:32978/bin.sh id: auto-cc9fb6d6fb93f1fdfe76daaf3409e88915f1c2fe2630054d2cb6a1d010f330cf status: experimental description: Detects traffic or activity related to http://42.85.239.90:32978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.239.90:32978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.234.99.235/bins/sora.x86 id: auto-a7c8c4c0cf61e287054a3c2d1dcf67a6c17f3e34e8e18f0b0ace6da627ae2e38 status: experimental description: Detects traffic or activity related to http://84.234.99.235/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.234.99.235/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.26.212:45344/Mozi.m id: auto-cfe305884ea049dee24db99251777a22eca3e3080b88298cb6a5f8d32e09658e status: experimental description: Detects traffic or activity related to http://117.209.26.212:45344/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.26.212:45344/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.193.126.158:8081/x64 id: auto-b9500f101fef070d828188f5a274ba8e594a5ba002d1fb019a20058ee156eb86 status: experimental description: Detects traffic or activity related to http://185.193.126.158:8081/x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.193.126.158:8081/x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.23.134.170:40361/bin.sh id: auto-ee006a957b17cdeb6cb7a1f71a887dc28f18c0666723ac2cb2656b725cc6d2d1 status: experimental description: Detects traffic or activity related to http://183.23.134.170:40361/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.23.134.170:40361/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.223.52:50269/i id: auto-cbc8b0f2bc15b638007aeac2597a66adb191c8b5bb0d82bf3bc3e5ac2ab58614 status: experimental description: Detects traffic or activity related to http://222.142.223.52:50269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.223.52:50269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.162.82:54487/i id: auto-733827d07e5045314c73564affde00f858ad24bf69eedc3a7f7dfece445547de status: experimental description: Detects traffic or activity related to http://61.168.162.82:54487/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.162.82:54487/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.44.46:35219/i id: auto-fb79c7a6135000efcf7cd3f7aeaaa9e55eda112487baee80db6563a3fdf3f13a status: experimental description: Detects traffic or activity related to http://42.57.44.46:35219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.44.46:35219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.0.67.38:40685/bin.sh id: auto-c7f5ed83e0247edcdd6e6d88517845c106ffff8c41c28bf45cbd9da1d9b74cf5 status: experimental description: Detects traffic or activity related to http://61.0.67.38:40685/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.0.67.38:40685/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.178.44:38144/i id: auto-757fdfed2dac01d69ecff7b650fa071ff5708a804a51f8efa315a0d38b622b78 status: experimental description: Detects traffic or activity related to http://218.60.178.44:38144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.178.44:38144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.113.193:44398/i id: auto-b8961b67ebceeb620ab2be5646b2e276daee299950ab1926221171a685b16c04 status: experimental description: Detects traffic or activity related to http://27.220.113.193:44398/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.113.193:44398/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.10.102:48530/i id: auto-a319761dbe72fad23cf60107a509a59ca90776c7b49212df837b9cdccb188c92 status: experimental description: Detects traffic or activity related to http://42.5.10.102:48530/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.10.102:48530/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.162.82:54487/bin.sh id: auto-96ed9126fd90463f76b375d2a65042896a73441d21960139c7f19dda3963bf00 status: experimental description: Detects traffic or activity related to http://61.168.162.82:54487/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.162.82:54487/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.223.52:50269/bin.sh id: auto-e537f38b87c96c3a6f5556dbda337979986b6b59bbe64c8505f576820147e26b status: experimental description: Detects traffic or activity related to http://222.142.223.52:50269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.223.52:50269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.164.42.134:60295/i id: auto-d2fb5305c23ea0163ce5df36c7e7837688a8e8246e580ed011738e9f6cf12cfc status: experimental description: Detects traffic or activity related to http://5.164.42.134:60295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.164.42.134:60295/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.29.84:49059/bin.sh id: auto-140a0974098b8a64a73c8d26c8b11683293f6452c5a7340f8e4812efe553b01f status: experimental description: Detects traffic or activity related to http://123.190.29.84:49059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.29.84:49059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.44.46:35219/bin.sh id: auto-296acfb821780846286ceb8d3fb672aeae98a9f92cef2defebf0f812012dd6c0 status: experimental description: Detects traffic or activity related to http://42.57.44.46:35219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.44.46:35219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.177.98.11:35815/bin.sh id: auto-1d5501c25f4914ff62e999f7fcc82addd896cbd47ce88f9c381df0102534569b status: experimental description: Detects traffic or activity related to http://59.177.98.11:35815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.177.98.11:35815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.93.168:53058/bin.sh id: auto-ff7cc71a91bec5e2bae777c5e9153b3ffd4e26d07efbf6a9a849a552d9f71436 status: experimental description: Detects traffic or activity related to http://115.58.93.168:53058/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.93.168:53058/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.113.193:44398/bin.sh id: auto-6fad864c4163d7f55635a61c1518f4e2b1d65691b684c4905a6d02a71bb13ed6 status: experimental description: Detects traffic or activity related to http://27.220.113.193:44398/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.113.193:44398/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.179.245:58665/i id: auto-7c4d2f3b1f672ce52326fa99a4bea7b134d302eaf93a7b6ac31c61aae46790b4 status: experimental description: Detects traffic or activity related to http://222.138.179.245:58665/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.179.245:58665/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.178.242:51012/bin.sh id: auto-eb9daf81a636710e7d7484da0222a482068472b8d9583d259ffe3c7f2fcc6355 status: experimental description: Detects traffic or activity related to http://125.44.178.242:51012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.178.242:51012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.179.245:58665/bin.sh id: auto-20f6b9132bfdb03d70c79c1a2664590e977e6cf4315bb0eec05a6f63404bb11a status: experimental description: Detects traffic or activity related to http://222.138.179.245:58665/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.179.245:58665/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7044575709/GCnMno3.exe id: auto-288c215b4d189d6b77c2fd0c33d06e6a63e5c27976f0dbf9b38fde5ed9e591f1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7044575709/GCnMno3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7044575709/GCnMno3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.223:49007/bin.sh id: auto-33e9c0cf55e06e6dd0787056f29a629098f2a03c33b4a5fd65c0144a7e3302da status: experimental description: Detects traffic or activity related to http://110.37.87.223:49007/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.223:49007/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.90.3.52:2087/02.08.2022.exe id: auto-c497c0968617f26ebdeecf55eeef8ffa4b21aa1f441946c9172a37a392151950 status: experimental description: Detects traffic or activity related to http://77.90.3.52:2087/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.90.3.52:2087/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.36.217.43:1234/02.08.2022.exe id: auto-ea8e4c58cdebc031dd62665d5b0d8d945b8ce42401a89a7396dc38669ae465a0 status: experimental description: Detects traffic or activity related to http://121.36.217.43:1234/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.36.217.43:1234/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.81.164.199:8443/02.08.2022.exe id: auto-dfc6637e14a6bd7c1065d0966fa5ffd96abad8d38f2dc138d2d3c06f03bb436d status: experimental description: Detects traffic or activity related to http://20.81.164.199:8443/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.81.164.199:8443/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.255.44.77/02.08.2022.exe id: auto-88a85c0886ce07c407e80faa5c95e83cab8149d890fd9604c11c1a1528809228 status: experimental description: Detects traffic or activity related to http://182.255.44.77/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.255.44.77/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.242:4444/02.08.2022.exe id: auto-8caa17dd5fb0befcce2ad61f51781afcc66e9ef572525b26a73a97762fc455d3 status: experimental description: Detects traffic or activity related to http://176.65.132.242:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.242:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.87.99.91/02.08.2022.exe id: auto-6fb16490ccca13f0ebea867463a4fc0b1df0cbb3dce674b097ed4bb3027386f6 status: experimental description: Detects traffic or activity related to http://58.87.99.91/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.87.99.91/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.255.92.202:38259/i id: auto-1a791c4437577467896d6e2d984c5063f658d90c923c5bcdff239f990e3e1189 status: experimental description: Detects traffic or activity related to http://101.255.92.202:38259/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.255.92.202:38259/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.117.26.238:37405/i id: auto-b2091f21b3e21753ae0d6b4cd212426761384754d8925a0561912323f345ba58 status: experimental description: Detects traffic or activity related to http://122.117.26.238:37405/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.117.26.238:37405/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.52.84.155:61071/i id: auto-3867c1ff45a763d239284b539e0cd75b3d6ad7446576462da227e6ce89230ee2 status: experimental description: Detects traffic or activity related to http://95.52.84.155:61071/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.52.84.155:61071/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.153.161.181:16906/i id: auto-93dc1ec662a8537534b77e167acf568c39fac1a5fc75cd6f4ee2c5de2b035301 status: experimental description: Detects traffic or activity related to http://218.153.161.181:16906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.153.161.181:16906/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.12.150.109:8080/sshd id: auto-d6888e5a30c61d1d6737f128e784a644b11a9238d6a646b2f692a25c1df6c306 status: experimental description: Detects traffic or activity related to http://77.12.150.109:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.12.150.109:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.21.27:43290/i id: auto-721f826fb2a429c89d8a28c1297e46fc562016d38fce7713a44dbaaa9b23d2e6 status: experimental description: Detects traffic or activity related to http://115.52.21.27:43290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.21.27:43290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.114.109:36352/bin.sh id: auto-fc5d23886d490795205d66eca56554109a8409c20d5883a52aacd2831b1b2449 status: experimental description: Detects traffic or activity related to http://42.239.114.109:36352/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.114.109:36352/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://157.66.146.183:40962/bin.sh id: auto-fc208bc91bf9d05e8e60fe85f407bba6c607b80b616094625b981a8c27d44c78 status: experimental description: Detects traffic or activity related to http://157.66.146.183:40962/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://157.66.146.183:40962/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.178.168:57638/bin.sh id: auto-fc101a66af2b13f51ddcb43f8a7430b510b3e49bfd28b511f381cb6b88c82753 status: experimental description: Detects traffic or activity related to http://27.215.178.168:57638/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.178.168:57638/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exe id: auto-47b39d9ff6650d9f3ff9335d086f29195cf708cdf0661913998e8c493d1d6508 status: experimental description: Detects traffic or activity related to https://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/zxc4wewewe-cpu/sdfsdb/raw/refs/heads/main/svchost.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.222.159:45453/i id: auto-36bc5b93a3f263afe4b816b083b3edc8fa526d94a22845eed6215d8ba4929e1e status: experimental description: Detects traffic or activity related to http://110.38.222.159:45453/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.222.159:45453/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.21.27:43290/bin.sh id: auto-cee2c9b98572c945033a1b3e691baadb3f5515803f1bd1d04b0684ff2e67a09e status: experimental description: Detects traffic or activity related to http://115.52.21.27:43290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.21.27:43290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.180.11.199:38087/i id: auto-6e0478c878a04c28dc4f08c3504b8521ec1f966cdb93b75b9f05266c41edc702 status: experimental description: Detects traffic or activity related to http://119.180.11.199:38087/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.180.11.199:38087/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.160.56.117/p.sh id: auto-f52901f7435f025928982f16e574dbe9edb5dafdcf56f0919ddd87ef387d963d status: experimental description: Detects traffic or activity related to http://23.160.56.117/p.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.160.56.117/p.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.160.56.117/r.txt id: auto-ed09b8c7926753feb9ff551cdff155ef9665bb88a3d7f244e9f0db75629fd85c status: experimental description: Detects traffic or activity related to http://23.160.56.117/r.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.160.56.117/r.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.153:42428/i id: auto-e8d0b2d5c4bd3b4e48cb901068dd904201bb9e2fc6014ea0f36613202b454c5d status: experimental description: Detects traffic or activity related to http://110.39.235.153:42428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.153:42428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://servachok.space/release/ControlsPursue.exe id: auto-0fc83d87136b71ce6e601f918013260a22c722a15bd3f460c8a85bf4dd03acd5 status: experimental description: Detects traffic or activity related to https://servachok.space/release/ControlsPursue.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://servachok.space/release/ControlsPursue.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.29.179:54386/bin.sh id: auto-3e23998e0cb65bb891f9df4fd9f3107b9d00b41940939253fc93b81d23003099 status: experimental description: Detects traffic or activity related to http://115.59.29.179:54386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.29.179:54386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.194.160:44812/i id: auto-bacc031cc68bbe0e65b3d96c255a43be73bcdf1cd96c99494b9705f280f940ab status: experimental description: Detects traffic or activity related to http://120.28.194.160:44812/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.194.160:44812/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.86.91:57341/i id: auto-b91e4e4bdf6dfad7868fa0f6128d562f9efc84913e7ba633329771c701cb298d status: experimental description: Detects traffic or activity related to http://115.58.86.91:57341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.86.91:57341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.90.184:53552/bin.sh id: auto-9a4ed989bb90dcc9aabd9e689f670eca9c8679af1afd32f6a8ffbebdf4c4a1bd status: experimental description: Detects traffic or activity related to http://221.15.90.184:53552/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.90.184:53552/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.188.57:34324/bin.sh id: auto-6853c8e0c5424d4491249cb6a5ab78751d6b4a7ec57e80acd66b984808ae2669 status: experimental description: Detects traffic or activity related to http://113.229.188.57:34324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.188.57:34324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.38.211.50:49692/i id: auto-37dfc28bb6c93aeee3109062d06e64912c8af5930938e97f2cd2799f3a43d26e status: experimental description: Detects traffic or activity related to http://95.38.211.50:49692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.38.211.50:49692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.96.47.59:34691/i id: auto-c19bc9f008b12a3b58ef7cbb68e3e47f15c0b305e5ea00cab6c6b14ec0b38b85 status: experimental description: Detects traffic or activity related to http://118.96.47.59:34691/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.96.47.59:34691/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.96.47.59:34691/bin.sh id: auto-6125cd909c1345af6058aa9584015978fbdb4b858309eea9795acdc2bfc69f30 status: experimental description: Detects traffic or activity related to http://118.96.47.59:34691/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.96.47.59:34691/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.166.111:53983/bin.sh id: auto-77fe762d78ce51add8baa4929724e47d0437cfc4c364abbe4cbc3a0c8e521978 status: experimental description: Detects traffic or activity related to http://113.229.166.111:53983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.166.111:53983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.232.30:42079/bin.sh id: auto-b3f600c9bf338b22a7f8c3c1660f31031a5977779811205eab706d77b518b30d status: experimental description: Detects traffic or activity related to http://42.232.232.30:42079/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.232.30:42079/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.194.160:44812/bin.sh id: auto-b5aeadea5d9f8b33239e0f3882088f0ac82508ae5192a8f50f11381c6762f0ea status: experimental description: Detects traffic or activity related to http://120.28.194.160:44812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.194.160:44812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.13.169:36235/i id: auto-2ad3fb7f01a3a7b135ba6ca2800a0c679f0bf81338ddef8fda3ad2ec3546a8a9 status: experimental description: Detects traffic or activity related to http://115.63.13.169:36235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.13.169:36235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.208.20:55087/bin.sh id: auto-b1f2c62fb1b1f12f515c69e8197b5cd97ce4f5f32295f19157cdf3a17c2cced9 status: experimental description: Detects traffic or activity related to http://182.112.208.20:55087/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.208.20:55087/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.38.211.50:49692/bin.sh id: auto-f4b2313d25becd3d8e85ce136c979a74e6d4d485897a7b10d76ddbe7e34f2172 status: experimental description: Detects traffic or activity related to http://95.38.211.50:49692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.38.211.50:49692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.105.213:52151/i id: auto-d87b19a92b2977b0397ae48685028f7fbc237a46a7aa682df4f04d76bb3db038 status: experimental description: Detects traffic or activity related to http://115.50.105.213:52151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.105.213:52151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.13.169:36235/bin.sh id: auto-8a50d5348d601842e745976806fff469757468219c11fd671636c70f55070520 status: experimental description: Detects traffic or activity related to http://115.63.13.169:36235/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.13.169:36235/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.73.183:59402/i id: auto-ad3e2ede88531a188741bb2a69f8d2f4faa7efcc62180d46b9744d5454f3008e status: experimental description: Detects traffic or activity related to http://182.112.73.183:59402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.73.183:59402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.119.151:59528/i id: auto-0dbe74201ca0aaa1551cc8081647e09b4b3d2a6555f85598e7c69442391aaded status: experimental description: Detects traffic or activity related to http://222.139.119.151:59528/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.119.151:59528/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.117.19:56508/i id: auto-ade3c36426acdf03d78053f8d5450dd2f815d60c8458685250a2582edeeed37d status: experimental description: Detects traffic or activity related to http://222.138.117.19:56508/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.117.19:56508/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.187.104:49197/i id: auto-b496d309f197da3e5e57d0e6e5aec05c98b587fa515f7331082e185fb821752d status: experimental description: Detects traffic or activity related to http://222.140.187.104:49197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.187.104:49197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.240.134:42843/i id: auto-982ee898ed68a136a516bd6f9850e427466817ac7c1c15cce60c75219d651137 status: experimental description: Detects traffic or activity related to http://123.4.240.134:42843/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.240.134:42843/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.91.164.159:37940/bin.sh id: auto-2c0676b886166dc10dc66c4747661f10f80ae891d8612fcc9e5d268e4dc84724 status: experimental description: Detects traffic or activity related to http://59.91.164.159:37940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.91.164.159:37940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.240.134:42843/bin.sh id: auto-227ed53507157f05e4abfdfbbc89f7e4d67b9bb8b1bffeec964961447122de7d status: experimental description: Detects traffic or activity related to http://123.4.240.134:42843/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.240.134:42843/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.119.151:59528/bin.sh id: auto-219320501cdf00f1a6046d85ec19c4b4deeee9065b2de9782f397b54efb8cd1e status: experimental description: Detects traffic or activity related to http://222.139.119.151:59528/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.119.151:59528/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.117.19:56508/bin.sh id: auto-94ca872e0571b72af13b19fd357f400f8fd8f2346938c62df6edf2dbff5e8620 status: experimental description: Detects traffic or activity related to http://222.138.117.19:56508/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.117.19:56508/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.73.183:59402/bin.sh id: auto-2f621fc23bcdd1bd2fab173f8e1f7fbd930e25af42b4432078ebdcb52d28c36e status: experimental description: Detects traffic or activity related to http://182.112.73.183:59402/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.73.183:59402/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.231.36:55904/i id: auto-01bec4b5145ac25f9153be0123ed571f19f1483a2ee4129975ccbfc5a89cb954 status: experimental description: Detects traffic or activity related to http://110.39.231.36:55904/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.231.36:55904/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.161.184:49039/i id: auto-c5c31f7233fadf1888b310204108993fd8b930184321548e667af76baa36719e status: experimental description: Detects traffic or activity related to http://115.48.161.184:49039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.161.184:49039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.187.104:49197/bin.sh id: auto-80048bcf4cc46de8af3d1365349f04c83d55be63f23f97fbdb95c723646c6289 status: experimental description: Detects traffic or activity related to http://222.140.187.104:49197/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.187.104:49197/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7103746036/mYMnpl6.exe id: auto-46c2587326708207e3ee9d6b2be2bcfd0a4ae1ab707604c639101d4c7eb86141 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7103746036/mYMnpl6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7103746036/mYMnpl6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.229.50:59307/i id: auto-4ead09f4467ef64658c53182e38f3b28b26593d17d7bf72428c0d98b117061ac status: experimental description: Detects traffic or activity related to http://115.50.229.50:59307/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.229.50:59307/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.x86_64 id: auto-374872ed707eecb7503eb3234cc1e839ac93143de2c0892b4a7ada560f444069 status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.67.99:57782/i id: auto-b47ce473c75d9e4ccd20e5e532e08ecc150d67166cb3f9e467ee28f81af8532d status: experimental description: Detects traffic or activity related to http://42.232.67.99:57782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.67.99:57782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.161.184:49039/bin.sh id: auto-de1cce6a6a35484410bbc485a3d95f32d6b35f8a08590c3df2c0e18251a826fb status: experimental description: Detects traffic or activity related to http://115.48.161.184:49039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.161.184:49039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.150.207:41513/i id: auto-cbb10ad0531112a84505304699e1895f0d9d0dab52beb2b63a70b834a127e5eb status: experimental description: Detects traffic or activity related to http://125.46.150.207:41513/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.150.207:41513/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.11.196:50532/bin.sh id: auto-63a87e489dfc63853a9f05d2893af949ae7bb98ae651f4ab93e80692ec4cebc4 status: experimental description: Detects traffic or activity related to http://125.45.11.196:50532/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.11.196:50532/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.30.128:51132/bin.sh id: auto-7df86712775afcbd2fdc1d586cdfe44027145e43834fdcbc959aa756299983e4 status: experimental description: Detects traffic or activity related to http://123.13.30.128:51132/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.30.128:51132/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/x/x.aarch64 id: auto-f7d0c7f0cfc51f15cfc084bfa61c3c468738a0c3c5f94dd2e90aa1e554a65e86 status: experimental description: Detects traffic or activity related to http://176.97.210.242/x/x.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/x/x.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/x/x.x86_64 id: auto-a43d26fd8f62ed033cf0688b42981ce46a1b1cfcf93f4117c41f2b4f308b12eb status: experimental description: Detects traffic or activity related to http://176.97.210.242/x/x.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/x/x.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/arm6 id: auto-70c19d69bcb46c3ae8bb2adb8f95da9f2c07f0eac8953d9debff456f07342322 status: experimental description: Detects traffic or activity related to http://130.12.180.176/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/arm4 id: auto-6e559922bdbbd3eba74f6940a8a95fa14e7caedf2253a7072710e6baed9a5000 status: experimental description: Detects traffic or activity related to http://130.12.180.176/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.176/arm5 id: auto-506e6252a2a4a7a316682798a03ffe11d8b0fa1e2cb78bbf58da333c2c82435b status: experimental description: Detects traffic or activity related to http://130.12.180.176/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.176/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.i586 id: auto-e3e0dc94c5e2edd2b38cd1f1d46d6ec447cbf9272eab33aa4f94f531bbd541be status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/x/x.i686 id: auto-7078df137fcc020f2d74218c705e17e5a206e9925c2844350211b4b50fc1c01f status: experimental description: Detects traffic or activity related to http://176.97.210.242/x/x.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/x/x.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.50.18:59721/i id: auto-69952803e8aec199520ee190b1699df258b35f28aedc136e681a71738d5c8d96 status: experimental description: Detects traffic or activity related to http://27.215.50.18:59721/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.50.18:59721/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.67.99:57782/bin.sh id: auto-bf0f1eb347c19937c542ee2eb003270ff796a212fa3f86a38e07aec0e671da56 status: experimental description: Detects traffic or activity related to http://42.232.67.99:57782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.67.99:57782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.61.97.104:46520/i id: auto-2cc24ba3f138103a463bf4f4f62a1694db8fedf877bc179cebe5c0aeb618de23 status: experimental description: Detects traffic or activity related to http://218.61.97.104:46520/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.61.97.104:46520/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.232.30:42079/i id: auto-39838a790c2d36d6c787a04516b85b0afb0fd0a58434c453647004bbfa0f3539 status: experimental description: Detects traffic or activity related to http://42.232.232.30:42079/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.232.30:42079/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.82.255:55576/i id: auto-158b367fc543e027e1801c210cebe031bbc6482b959597c874c197fcff2030a3 status: experimental description: Detects traffic or activity related to http://110.37.82.255:55576/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.82.255:55576/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.204.201:56243/i id: auto-b58e01ac66813dd288b7e12c5d43ee946e3c96582c424ee7a85fed45f462ac1a status: experimental description: Detects traffic or activity related to http://42.231.204.201:56243/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.204.201:56243/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.86.223:34258/i id: auto-99d6d6436a9d8301e2f2891dad861a8041b10bc82d5967824cf371a1779cf151 status: experimental description: Detects traffic or activity related to http://221.202.86.223:34258/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.86.223:34258/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.50.18:59721/bin.sh id: auto-7c8d439383195d2e430c941536b1e1d8db04fa6d09aa6699fedf7c0d7468f492 status: experimental description: Detects traffic or activity related to http://27.215.50.18:59721/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.50.18:59721/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.27.55:57702/bin.sh id: auto-33d576783d83e9784a26cfb74aea959df23c7f6d62cf362a5a87d35345778b55 status: experimental description: Detects traffic or activity related to http://123.14.27.55:57702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.27.55:57702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.81.43:55603/i id: auto-bbfe877a2af6ae50d63d4b569a44885bcf9a72e8977eea7f20d2f142a67d6a04 status: experimental description: Detects traffic or activity related to http://110.37.81.43:55603/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.81.43:55603/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.172.135:59275/i id: auto-8fb14f2b4c5d403eda46197f56afb627c1db3ea497204b35f1ea9eac1879b44f status: experimental description: Detects traffic or activity related to http://42.224.172.135:59275/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.172.135:59275/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.61.97.104:46520/bin.sh id: auto-9e538ba30c2dcb785d41ad05b7b455dfcf0d42f3cb4c2f6312923726e515128c status: experimental description: Detects traffic or activity related to http://218.61.97.104:46520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.61.97.104:46520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.204.201:56243/bin.sh id: auto-72e956ead13a9b69b04e7c0f087aa20c4bd62c521f8f122aaa7e7189c40bd06c status: experimental description: Detects traffic or activity related to http://42.231.204.201:56243/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.204.201:56243/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.175.136.77/bot_linux id: auto-aaa977959514b57e6d42ca319c19260994fe4375bf38b1a45d1089f3ae389d0e status: experimental description: Detects traffic or activity related to http://5.175.136.77/bot_linux which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.175.136.77/bot_linux*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.86.223:34258/bin.sh id: auto-263f76e4ae8fdc405843cdc0cdd73ec1e86f15ac5d0abe19c80d2113beb29e02 status: experimental description: Detects traffic or activity related to http://221.202.86.223:34258/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.86.223:34258/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.5.6.69:58437/i id: auto-ae03056326ab6fbc4a609a44d9d826848e8022dd88a45e9d839021ff3c319045 status: experimental description: Detects traffic or activity related to http://112.5.6.69:58437/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.5.6.69:58437/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.41.226:35675/i id: auto-efde35d6b334aa79095bd7fd627e674e12ac2423056599cbc025fed5fba59d76 status: experimental description: Detects traffic or activity related to http://221.14.41.226:35675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.41.226:35675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8134207822/mBmmyTK.exe id: auto-0e456153e177d98eb1f8ea5883940f8fd98e07a4e8f53ec81219d3de72be4dad status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8134207822/mBmmyTK.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8134207822/mBmmyTK.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.172.135:59275/bin.sh id: auto-a537f46a9ed0729fd05994cbc48d9ac4ee834cb1e19de28ee92252fbaacf5076 status: experimental description: Detects traffic or activity related to http://42.224.172.135:59275/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.172.135:59275/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:44813/Mozi.m id: auto-3a96c849c4f28c9898d87c14449e20b6289bfe8c5e77a60dbb0f25fc5df054f7 status: experimental description: Detects traffic or activity related to http://188.38.158.163:44813/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:44813/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.247.177:45080/i id: auto-b0e4dd662409f498eac91608b45fb98547dd783c88e29ca665e8fb2b0f0091f3 status: experimental description: Detects traffic or activity related to http://42.239.247.177:45080/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.247.177:45080/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.155.46:37688/i id: auto-e88650643db3b74608fb96ad7440ee05e6133d351d17805d07750f6362e04de6 status: experimental description: Detects traffic or activity related to http://113.236.155.46:37688/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.155.46:37688/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.0:40309/i id: auto-2e9d1fa844015384dba48ffaa95499ba2c92624609777b9b9ecf7eaf66090804 status: experimental description: Detects traffic or activity related to http://42.227.238.0:40309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.0:40309/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%211158&authkey=ACUV8eZ2ZZ9Qq9sa id: auto-b9f069c56761e4ee1112290ff6aeba7ccc098e0785344a43e657a1715d34f01e status: experimental description: Detects traffic or activity related to https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%211158&authkey=ACUV8eZ2ZZ9Qq9sa which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://onedrive.live.com/download?cid=10C44A5247ACCFDE&resid=10C44A5247ACCFDE%211158&authkey=ACUV8eZ2ZZ9Qq9sa*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.0.6:42438/i id: auto-22060c09d8ef413f8d61bc914eb5cee6d9db93e42f85e9fc3ed1616158a16af5 status: experimental description: Detects traffic or activity related to http://180.191.0.6:42438/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.0.6:42438/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.16:50178/i id: auto-a7adfe852ba0e097120637cb91ec891345f101315b48fe934f01fc07c999d0b7 status: experimental description: Detects traffic or activity related to http://219.155.210.16:50178/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.16:50178/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.185.182.4:43643/i id: auto-0afe2c8e3f04837a5f2f28d7e1d46e33bdfdff6fe8b22b0fefeda34270775d96 status: experimental description: Detects traffic or activity related to http://119.185.182.4:43643/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.185.182.4:43643/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.114.109:36352/i id: auto-0f45cbc54fe2ff66a742402588edaee7ccc05d651664f8a969491a06f40e0273 status: experimental description: Detects traffic or activity related to http://42.239.114.109:36352/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.114.109:36352/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.254.197:55723/i id: auto-3ed697a8958b9bf84e99438d2983cf977c59a61f1b1ef2e16e2d9bb64260f329 status: experimental description: Detects traffic or activity related to http://219.157.254.197:55723/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.254.197:55723/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.24.1:58122/i id: auto-3517fc2a9efb1471131669ec1b63bbce169451f3ad141801e49c3e770bda2e92 status: experimental description: Detects traffic or activity related to http://61.3.24.1:58122/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.24.1:58122/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.147.41.88/i id: auto-db2f3695aab04361336e8f5c1e27059e54488af1acfb4c49111c01bc3d515ee9 status: experimental description: Detects traffic or activity related to http://185.147.41.88/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.147.41.88/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.26.195.93:48402/i id: auto-df32a35e7dcecf255fd9e08f62ad3779ed6706125ac35fcdbbc452c8c15dc082 status: experimental description: Detects traffic or activity related to http://5.26.195.93:48402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.26.195.93:48402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.246.88:39257/i id: auto-ae2594cdc73bd7c82401194d9f1f39db1061996b0872d3d9a0382a33f83d0d7a status: experimental description: Detects traffic or activity related to http://182.126.246.88:39257/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.246.88:39257/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.90.102.185:7382/Mozi.m id: auto-0bec70843b27b004b20ec91e687f59958e06cb5de93cac5af0141dfd31fa971d status: experimental description: Detects traffic or activity related to http://176.90.102.185:7382/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.90.102.185:7382/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/u5pycnk.exe id: auto-085732ce45864a54523b4da4fec96dbe037365470af0dae087853cd12d331d8c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/u5pycnk.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/u5pycnk.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.166.194.117:19708/bin.sh id: auto-f630f232436025eba6b2321a2034ae86e0038707ede3b9ff80a2cb06f485ec4c status: experimental description: Detects traffic or activity related to http://124.166.194.117:19708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.166.194.117:19708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.251.102:39807/bin.sh id: auto-bf27e7b93e4f6d7deb0d222b6a55a4e26c73598bc384759893c7457c18d9ce50 status: experimental description: Detects traffic or activity related to http://125.47.251.102:39807/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.251.102:39807/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.5.6.69:58437/bin.sh id: auto-309e48c5a022e1e894600ac9258f4ad69a2c9a89fe903ed3f5d833bad91e0ffb status: experimental description: Detects traffic or activity related to http://112.5.6.69:58437/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.5.6.69:58437/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.238.0:40309/bin.sh id: auto-70b5383f7685db6c964bc3581789ce921774067303f06548a24262028368cb58 status: experimental description: Detects traffic or activity related to http://42.227.238.0:40309/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.238.0:40309/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.108.82:43043/i id: auto-03bbdcbe83d4149d28ded5ef2584a973b2017263031386256ffe97ef10b2cfa9 status: experimental description: Detects traffic or activity related to http://61.52.108.82:43043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.108.82:43043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.168.31.80:49173/i id: auto-60bcd7417629ae11f264082c40041356f3422ea3d5efb094730771e17dddfff8 status: experimental description: Detects traffic or activity related to http://113.168.31.80:49173/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.168.31.80:49173/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.155.39:45338/i id: auto-97c7adcab2c4f734883860ebd9a03fc672a5bf46c4931e920328e7395ef4eeb4 status: experimental description: Detects traffic or activity related to http://42.230.155.39:45338/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.155.39:45338/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://xkdrz4tn6l.ufs.sh/f/Byenrkx7DKMy4sCSIRonBNpRC9Lagw1sWtvdjh23IJMkQy5E id: auto-b5d97c46767a0a7382b7ecc79aee2840b1df0c6c3703f431be73c6c81849f7cb status: experimental description: Detects traffic or activity related to https://xkdrz4tn6l.ufs.sh/f/Byenrkx7DKMy4sCSIRonBNpRC9Lagw1sWtvdjh23IJMkQy5E which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://xkdrz4tn6l.ufs.sh/f/Byenrkx7DKMy4sCSIRonBNpRC9Lagw1sWtvdjh23IJMkQy5E*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.64.130:39949/bin.sh id: auto-a44106dc8407b03b04addc0f1c9886f53cba6c83d7fbecb01d8e520c28a81d54 status: experimental description: Detects traffic or activity related to http://219.157.64.130:39949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.64.130:39949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.108.82:43043/bin.sh id: auto-e562bf64679097406bfa19df9f0ef12a8d615b121f1358ac268c3705fa32627e status: experimental description: Detects traffic or activity related to http://61.52.108.82:43043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.108.82:43043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l8.exe id: auto-984b5f75afffffb39299698e7105e6b31cfe1680c05953094fa955e85981d39d status: experimental description: Detects traffic or activity related to http://178.16.54.109/l8.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l8.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l12.exe id: auto-38b9a0794463a49bfdb9c1e3cc16b8da2c5cb08ffdf5f6eaf298922ad8209b82 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l12.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l12.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l15.exe id: auto-102a669d6f169c7054bac983856fd0e56e05cd400aec9b8e763aa5e29d294587 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l15.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l15.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l9.exe id: auto-d18fe493a43a98f1737921b81119dce2617ec750c39c41a37b005ab037b052e9 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l9.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l9.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l14.exe id: auto-4a29f4bbd820a88238a62155df34c5efbc1a1017fbc773fe092218d110103140 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l14.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l14.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l13.exe id: auto-c3a3e3f573863c35c80dd5c42804fd47915ce4cb7e24ba2ff198d8f30f65fdec status: experimental description: Detects traffic or activity related to http://178.16.54.109/l13.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l13.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l10.exe id: auto-3d352c7a63b8a6d189f5422c80e17ae6916525beff3684a5f6ef190154c6b8b3 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l10.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l10.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l11.exe id: auto-f22651bf3c1758d79c47df396c7246b58e7ca6d263f6d3f8e88c7daa31788cf9 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l11.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l11.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l1.exe id: auto-00e2d0a94b42059ac862ea5f81cfe50a038a2dd506f08e8820db2abadcd4207d status: experimental description: Detects traffic or activity related to http://178.16.54.109/l1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l6.exe id: auto-3b9496252c755711e6e05e25f6704035d89f33a9c18aff8f7124988c4ffb1417 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l7.exe id: auto-b28050cb1e8d2ff296f9cd0b801b3c8b0ae600c51806146dbb7d7becc6538ab6 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l7.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l7.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l2.exe id: auto-6a861a2f943ecd2406b4192d13192dc6c6c40436186b37bdab0abd8e0b1e6e78 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l2.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l5.exe id: auto-a99dfa438facfc1082890e456002a375b70cc05a68ebf226a7631d453dd525d9 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l4.exe id: auto-4dcc5e31cfcf973743001821b8d235e21a3445c3bb6b04463bb20760ee4f6c40 status: experimental description: Detects traffic or activity related to http://178.16.54.109/l4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l4.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/l3.exe id: auto-323dd0d705b698355027092ca90b64122d957bb656113f87015a90bb7c206f8f status: experimental description: Detects traffic or activity related to http://178.16.54.109/l3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/l3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.168.31.80:49173/bin.sh id: auto-1ff62c8bc53eb14a9db285ba1655f01cede7996f912ee2b4f8c098696d207766 status: experimental description: Detects traffic or activity related to http://113.168.31.80:49173/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.168.31.80:49173/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.105:48700/i id: auto-837e11cae5f64d10ab037ddf0fe1522199a22837a6cddca43e1982555c9c1408 status: experimental description: Detects traffic or activity related to http://168.195.7.105:48700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.105:48700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8434421771/tRMtQMw.exe id: auto-5c3f666de054426f34e23cd456d96ce17565382e6ce9adc3c0b326c75bf29029 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8434421771/tRMtQMw.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8434421771/tRMtQMw.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.armv7l id: auto-bbf2a4989789ceafcd5991c57a2e7887a163362f21f85828f271fb20c4bbaa1b status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.i486 id: auto-fa7298cfec76b1cd1f1824389dd785ce0853952c34f1548ab401e00e0f32524e status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.mipsel id: auto-496beed537aac4dc9731cc5f206c478aeb736687baf63e9dbe80367c2b8a2f7b status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.armv4l id: auto-0865ca3a112031258d5b9e43a4da3f5224d1b12fc047d045ea72e69ca011528d status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.sh4 id: auto-679d9e71c3148ea7e7261549bcceacfed04e0f25103ef45960a09d640b7e5e44 status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.m68k id: auto-d5d6edef48794bc818de67b76f5a3beab743a5f1f7461857e3337fae519b3241 status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.aarch64 id: auto-66cfe70cf210e41c5dc014659129d79e1f661ed20d6f88f65f15b49053749d14 status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.arc id: auto-f3d88b17b147ff7b5fa2f4811ad18dcc8f8439a14ee69a755a8cd1ee040a301b status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.sparc id: auto-bfa8de95dbc7681041cb1f303187e27baca2a6783eafd28ab974baf839758cae status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.armv5l id: auto-80cb72c781fc9ed240378077b977353c651d748f385c57e979822ab92df6a64f status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.armv6l id: auto-8953285d7e4d382d1fbe1ea5610a699137fd166875f68aaf92b81f4d7edbf15e status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.powerpc id: auto-469cf2439231afc0d60b57eebd6d5cd284525a6851107c8e312aeb96f404d52e status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.234.156:58837/i id: auto-437105b48bb755ce2f37c86940cda0986eaf1a6705572f3d6e58232dada4fe6d status: experimental description: Detects traffic or activity related to http://42.228.234.156:58837/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.234.156:58837/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.90.137:48268/i id: auto-dfb5fb91233468eede16fceae257b89e0c7f2e50071189aab70857ee021b6ebf status: experimental description: Detects traffic or activity related to http://42.224.90.137:48268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.90.137:48268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mrbejrkjhttmqyqbazmm.supabase.co/storage/v1/object/public/gh/pic.jpg? id: auto-2aaf6e2793b388548e6c3524f1ea271998b076b52bd3be9ecdda0d40947a6107 status: experimental description: Detects traffic or activity related to https://mrbejrkjhttmqyqbazmm.supabase.co/storage/v1/object/public/gh/pic.jpg? which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mrbejrkjhttmqyqbazmm.supabase.co/storage/v1/object/public/gh/pic.jpg?*' condition: selection level: high tags: - attack.t1027.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bitbucket.org/rrrrrrrrhgf/gsdg/downloads/image.jpg id: auto-5424c44a9b829b90cfaca34ddfef1ea7dcf483c58517ad43b91af5600b38ec26 status: experimental description: Detects traffic or activity related to https://bitbucket.org/rrrrrrrrhgf/gsdg/downloads/image.jpg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bitbucket.org/rrrrrrrrhgf/gsdg/downloads/image.jpg*' condition: selection level: high tags: - attack.t1027.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bitbucket.org/rrrrrrrrhgf/gsdg/downloads/image.jpg?12711343 id: auto-30b9f9a429426393d8318c3ad5ab68b881d016a5b99e7644e184847a84243f40 status: experimental description: Detects traffic or activity related to https://bitbucket.org/rrrrrrrrhgf/gsdg/downloads/image.jpg?12711343 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bitbucket.org/rrrrrrrrhgf/gsdg/downloads/image.jpg?12711343*' condition: selection level: high tags: - attack.t1027.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://charlesschrf.com/Purchase_Order.rar id: auto-fe07fd577b1a15affa4be782696d192effb0a98d1e3670f6c4b65b2d324c483b status: experimental description: Detects traffic or activity related to https://charlesschrf.com/Purchase_Order.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://charlesschrf.com/Purchase_Order.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mrbejrkjhttmqyqbazmm.supabase.co/storage/v1/object/public/gh/pic.jpg?12711343 id: auto-220de3cd69a910ba43335d40bb06c17c216d26ad8c67a22400d35699e74fbd5b status: experimental description: Detects traffic or activity related to https://mrbejrkjhttmqyqbazmm.supabase.co/storage/v1/object/public/gh/pic.jpg?12711343 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mrbejrkjhttmqyqbazmm.supabase.co/storage/v1/object/public/gh/pic.jpg?12711343*' condition: selection level: high tags: - attack.t1027.003 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/iran.mips id: auto-d6e40036b224c44abf9a25a3886ba5f4b709c4202ae2b06c8e2f3860274506df status: experimental description: Detects traffic or activity related to http://201.149.127.158/iran.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/iran.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.127.158/cat.sh id: auto-ed2121b17e8999140ba56afaec4847c677eac895a091066ec626166d510130ae status: experimental description: Detects traffic or activity related to http://201.149.127.158/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.127.158/cat.sh*' condition: selection level: high tags: - attack.t1587.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.112.62.119/xmrig.exe id: auto-800627bae02d6e359034f6789e4f5ecfd7deab6ec8c948c53fb184fba1d16b81 status: experimental description: Detects traffic or activity related to http://140.112.62.119/xmrig.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.112.62.119/xmrig.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://clisi.digifors.de/2_Ransomware/GO/aarch64-macos/Angel id: auto-de5bd0b60ed5d33931ef64e11e15666542a8a262642ac972c20c66528c06b1fc status: experimental description: Detects traffic or activity related to https://clisi.digifors.de/2_Ransomware/GO/aarch64-macos/Angel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://clisi.digifors.de/2_Ransomware/GO/aarch64-macos/Angel*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.226.174.252/frps id: auto-79d2b17199beed5e8af2bd97d614c7d83f6202031e8031691a30e9fdc0c66ee0 status: experimental description: Detects traffic or activity related to http://156.226.174.252/frps which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.226.174.252/frps*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://clisi.digifors.de/2_Ransomware/GO/aarch64-macos/Angels id: auto-9347a545f80d5e574a3a63016832be76a95f9d0178da8a2765794d674f40b2d2 status: experimental description: Detects traffic or activity related to https://clisi.digifors.de/2_Ransomware/GO/aarch64-macos/Angels which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://clisi.digifors.de/2_Ransomware/GO/aarch64-macos/Angels*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://156.226.174.252/implant.bin id: auto-250d9e15fe5c0ccf55844dca14257ed50a7a1e42e10a8a539ab04db9675bc2f3 status: experimental description: Detects traffic or activity related to http://156.226.174.252/implant.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://156.226.174.252/implant.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.30.128:51132/i id: auto-f99ab0a025cb933ce988eb3a5f1bc427a947d21ac0e151d13347e92710982e6a status: experimental description: Detects traffic or activity related to http://123.13.30.128:51132/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.30.128:51132/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.115.159:54394/i id: auto-8c8ded276fca8f95c2d843ebdc1bca0ccef547cd453f86ab43dee5c5a187c817 status: experimental description: Detects traffic or activity related to http://112.248.115.159:54394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.115.159:54394/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.228.166:38590/i id: auto-af616c0051558574167d718f0e48f4a65f19e4b7a5b7bf7ab1e805fe74fedaee status: experimental description: Detects traffic or activity related to http://59.98.228.166:38590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.228.166:38590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.222.159:45453/bin.sh id: auto-211005c2a9fb4898bdb8f93054df9861dd6e24115ef065a001b731776b3a496d status: experimental description: Detects traffic or activity related to http://110.38.222.159:45453/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.222.159:45453/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.122.79:36189/bin.sh id: auto-0803554d5cb3bb9d4076406bac0f1ee7012fc80561289e218239b4e8194d8c50 status: experimental description: Detects traffic or activity related to http://27.215.122.79:36189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.122.79:36189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.234.156:58837/bin.sh id: auto-ae6c4a2660aaa260c33b8c8110676aa1e2fb3851f78f8064893bbb52ce27a132 status: experimental description: Detects traffic or activity related to http://42.228.234.156:58837/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.234.156:58837/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/lfucky.exe id: auto-0b6ac4d958ef51a937a244a47e179f209f07639e8f4b20b03d52743a16aaabcc status: experimental description: Detects traffic or activity related to http://178.16.54.109/lfucky.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/lfucky.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.146.99:52542/i id: auto-8d1f487c27d11be5f3008c32676f96989aa014adfd9f50ed6d31c0c096a7398e status: experimental description: Detects traffic or activity related to http://125.43.146.99:52542/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.146.99:52542/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.108.129.18:44987/i id: auto-0eea5d46145bc06497d6ee1934fd0de75590216cc7f5d3be41e6e9614f1dff3f status: experimental description: Detects traffic or activity related to http://101.108.129.18:44987/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.108.129.18:44987/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.18.121:46328/i id: auto-670dc3bd9c691b2a57729065f532aa095f4e7efda8bba197c0097a37c8c13988 status: experimental description: Detects traffic or activity related to http://119.116.18.121:46328/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.18.121:46328/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.252.99:51104/i id: auto-1c37a810aa6094a73799a23c083ff376a54f8ab5570838a42ad79ebb506cf359 status: experimental description: Detects traffic or activity related to http://182.114.252.99:51104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.252.99:51104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.54.109/lfuck.exe id: auto-8a7d1a97a1268afb72c87c0535050d3159007ea58ba9f553f639dae7bf1a5327 status: experimental description: Detects traffic or activity related to http://178.16.54.109/lfuck.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.54.109/lfuck.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.90.137:48268/bin.sh id: auto-0d96698f8c1ab1709ff561c5aa52246cb41380f1fd8eaef45d864c670eee5399 status: experimental description: Detects traffic or activity related to http://42.224.90.137:48268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.90.137:48268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.231.77:34514/i id: auto-538ef7dd3731dd6a6b9720e3849e8dc173faebef96370684d2c027a6b7df29a4 status: experimental description: Detects traffic or activity related to http://182.121.231.77:34514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.231.77:34514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.228.166:38590/bin.sh id: auto-82250d1738ee92c11135debf4811749788a4905d8559626e768f90cfa504c882 status: experimental description: Detects traffic or activity related to http://59.98.228.166:38590/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.228.166:38590/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.231.77:34514/bin.sh id: auto-5ed037cb520d34fdc0c9eb710c2017605dacbb9904393a9ccf2e7df812fe4761 status: experimental description: Detects traffic or activity related to http://182.121.231.77:34514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.231.77:34514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.mips id: auto-25eda21ac8c7ebbcfeddb23617ea0c47a10d459c9f47c67e4c0e9b016c985bb7 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.mpsl id: auto-1dd3ad9a1791465c54a701d42bd3cb64e43f5149985111e796e68a9944e171c1 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.sh id: auto-f4de45af2603a836f8c8085ba2f29458ca5c18d1b5c3336ccd2f37a559775f22 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.spc id: auto-1633ee6d1195d5a8136cce563ced8c116046603d7e7402a22e4cd07e3d9ae0d2 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.m68k id: auto-262c32282a483b1b50c1068bac2acd05ab93e97a34d8fc00581d113977fbd119 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.arm4 id: auto-2ee7be9c8f439558919c7766f381c77907e0ec4b6fa5cb3f533d90af443c9e1f status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.ppc id: auto-d5bebbc4214e9ebbdbd528cafdbc94ec7a318af3a052cab4b871542e515e795d status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.arc id: auto-f8f5ab74aee146a9483bb8078836e80cb18d8ac61417af78da8a0adf3095ba22 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.i686 id: auto-bea4c925c50436ba6ecd572b2b565c5b8188af3bed1750fe7303e59527020ee5 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.arm5 id: auto-e4b85b17980276e5d1b6cffafa55fdfca96aeb5fabf556e6c225d5f7020e3886 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.x86_64 id: auto-9b3bc1b8a582e1532663236bba7d2566ac28089a8903d29459d02fe549a8d77d status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.arm6 id: auto-6af1972d0cb001706016d78eea0324911df77dda561e5e0fed062c81a15e485f status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.sh4 id: auto-aab6352c1faa45bc1a9eb18492e6a5049cc9bf41c2f239af27bf450d7754ee81 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.arc id: auto-964bf5cc8a0f4c63839bf139bbcd16e06e1e380fb210eb4217175e881df4cf3f status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.i686 id: auto-dab03cc0bd8a8aa35fd2125296eef4eba2e90b3187a275e0909779fc34a72540 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.i486 id: auto-6551296cbca2fdf209831f2ab02c9fd9bd4d514b01ad3dc2b9957d3dd4454fb0 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.i486 id: auto-0cf1e0382187599d76b30fd3e69c7d9b6ee942583d2a8cebc57799ffe744d172 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.146.99:52542/bin.sh id: auto-ab5f797a2319a384b1e7edc7c02476ee342ba41af9e36b7193e9056bfdfaee96 status: experimental description: Detects traffic or activity related to http://125.43.146.99:52542/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.146.99:52542/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.86.91:57341/bin.sh id: auto-1e201c6b5ce052615f0a3c18055558546fa21587341bfdcf1e5fefe7a1aeb940 status: experimental description: Detects traffic or activity related to http://115.58.86.91:57341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.86.91:57341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.174.164:40671/i id: auto-a54ba4260edce532f93292dcbaf904d472ca8cf302db0a1ee1913d1c29772dd4 status: experimental description: Detects traffic or activity related to http://219.156.174.164:40671/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.174.164:40671/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.188:45677/i id: auto-98ccebf4eac73bb78252b134e0409ed1857bbea366cbd886ade0b3be61b146b3 status: experimental description: Detects traffic or activity related to http://110.39.229.188:45677/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.188:45677/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/87sbhas6as.x86_64 id: auto-c913ea2f2505d39da067e8861da065f6cf06d41e069a3502b7d3073ebd1dfdc6 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/87sbhas6as.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/87sbhas6as.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/c.sh id: auto-7ab251c407122ba7f20637226b5104eb86053d4da422f71b46d75451634918f3 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/w.sh id: auto-2a313b337e671164bb006c9c2a25ad560eb17dcd2d321211b9272be5f337e2bb status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/wget.sh id: auto-0cb82b9b39e517d1c7f315f2e8de43137e6099ac01e21d9af3d442cddf0e414f status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.174.164:40671/bin.sh id: auto-eef14e99616fa1653751405c11cb976c1cb12d632b0099da35a732d99e175152 status: experimental description: Detects traffic or activity related to http://219.156.174.164:40671/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.174.164:40671/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.132.154:59825/i id: auto-de2625f04745f163a31a297e52440fe363a49138d7b49a7c7aaff99721f5be5e status: experimental description: Detects traffic or activity related to http://123.129.132.154:59825/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.132.154:59825/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.33.188:34240/i id: auto-165be5286f08974f933b77007628f1acd450e07d813f5346783d894dd8151eba status: experimental description: Detects traffic or activity related to http://27.37.33.188:34240/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.33.188:34240/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.227.131:33752/i id: auto-4dd28b060c3b17125b2d20b2d8d38034fd2346f37286e9dedfa6fe3bd5f69878 status: experimental description: Detects traffic or activity related to http://182.112.227.131:33752/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.227.131:33752/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.250.254.235:60114/i id: auto-09e9ccee9bea618bba80ac2fa2bb6467051bd91c3bf0e20d1413e6b46ad8707b status: experimental description: Detects traffic or activity related to http://154.250.254.235:60114/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.250.254.235:60114/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.227.131:33752/bin.sh id: auto-02fd42dd0ff031e09a6ac4ba8b14b36fd161ddf75886624b4f4dacb02958ab40 status: experimental description: Detects traffic or activity related to http://182.112.227.131:33752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.227.131:33752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.132.154:59825/bin.sh id: auto-658e13b1ba098b6e98fddf5b734ff3fc71e837599b8ae3198beeb4403e585bc9 status: experimental description: Detects traffic or activity related to http://123.129.132.154:59825/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.132.154:59825/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.188:45677/bin.sh id: auto-2a985dd370356b4fa5b3dd0bb688607af83bc51f46dcc330e5de2cc080066dee status: experimental description: Detects traffic or activity related to http://110.39.229.188:45677/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.188:45677/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.155:44101/i id: auto-22dcef2dfc4e412b176e11666b0778edaff321433077912fbf78a4dcafd28e4c status: experimental description: Detects traffic or activity related to http://110.37.2.155:44101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.155:44101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.236.198:52784/i id: auto-2fe8474cd11044a1ff12db8f508d63c823c47e3676c2d9343665351d4418aba2 status: experimental description: Detects traffic or activity related to http://61.54.236.198:52784/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.236.198:52784/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.171:41250/i id: auto-092167ce9643ddd2b673a1f51435934815845bd102adabb221d6978ef18626dc status: experimental description: Detects traffic or activity related to http://221.15.5.171:41250/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.171:41250/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.112.55:36631/bin.sh id: auto-3551a093157e8cdfa37baef714be4632faa075ba40a8e8ded03a4493c6d4be17 status: experimental description: Detects traffic or activity related to http://110.37.112.55:36631/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.112.55:36631/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.95.160:43749/i id: auto-b226c2d14bee122afc695a1fee19af5c351c6acd40a60fa5a678ec6438abf039 status: experimental description: Detects traffic or activity related to http://39.74.95.160:43749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.95.160:43749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.125.132:41645/i id: auto-06595c71bf2ca14e2abacdf651d08fc6f1709807b04e351d5a8cf7a1e64817f3 status: experimental description: Detects traffic or activity related to http://123.5.125.132:41645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.125.132:41645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.155:44101/bin.sh id: auto-b4cca01d8ea8a4e1894c5abb83123e5f255016923e53674b91f0a2b74a5a2d0a status: experimental description: Detects traffic or activity related to http://110.37.2.155:44101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.155:44101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:38650/i id: auto-6bc6d5d19a5a0c5c47a737f38b0995877576b30749d01124ce62e275c52eb0ea status: experimental description: Detects traffic or activity related to http://118.232.137.101:38650/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:38650/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.78.153:45701/i id: auto-8b3e4c64f9e66505cc800a0b891da0f1d27d62fa32bf4657b1330623e4fcb180 status: experimental description: Detects traffic or activity related to http://175.173.78.153:45701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.78.153:45701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.241.239:45901/i id: auto-3b79605f1de8aabe8380a11c2d3eaf2b80251219c6869aa244b18ce187c29243 status: experimental description: Detects traffic or activity related to http://113.236.241.239:45901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.241.239:45901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.12.188:55390/i id: auto-61da9a27b501b440ab5aa6e7bf418090be30ae364c64f8ea591c785e9710cde9 status: experimental description: Detects traffic or activity related to http://39.79.12.188:55390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.12.188:55390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.250.254.235:60114/bin.sh id: auto-eab809462e6e4aa621036e9082ad17e1f846b8b5b6e06d9c585d0ec4b31dd2f9 status: experimental description: Detects traffic or activity related to http://154.250.254.235:60114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.250.254.235:60114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.113.89:50227/i id: auto-c89989abba51bc02a83eacde32d23e43590318120ef324e6f9b9575a327b9985 status: experimental description: Detects traffic or activity related to http://125.40.113.89:50227/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.113.89:50227/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.171:41250/bin.sh id: auto-e708b3863e02f58bc0a3f7587338bfb0ff28ff66cad3aaa241fccca7ec494f7a status: experimental description: Detects traffic or activity related to http://221.15.5.171:41250/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.171:41250/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.33.188:34240/bin.sh id: auto-e0091b953d1fa62eb251977cb1f3282a82b64133a5676987b46dbc4b8b7bda55 status: experimental description: Detects traffic or activity related to http://27.37.33.188:34240/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.33.188:34240/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.188:58039/i id: auto-b4a193e96a52c5c593c486916d865810ac9c03cd2bfd7afa87da7081a97d6224 status: experimental description: Detects traffic or activity related to http://110.37.121.188:58039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.188:58039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.125.132:41645/bin.sh id: auto-0b6bd328983c51862a6c3c319b2edf57eade7810935ed3960bef3881e3e33b2f status: experimental description: Detects traffic or activity related to http://123.5.125.132:41645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.125.132:41645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.143.172.196:57672/bin.sh id: auto-d1264a7477cd708142cb693597440fed151dbc474686d24b4d9d16b28aaede92 status: experimental description: Detects traffic or activity related to http://91.143.172.196:57672/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.143.172.196:57672/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.95.160:43749/bin.sh id: auto-b634e0b861dd8d72595b6db60aa00018446b4d898d5b1323140b353459b3b8b0 status: experimental description: Detects traffic or activity related to http://39.74.95.160:43749/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.95.160:43749/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.78.153:45701/bin.sh id: auto-9a76ffe170f607379a0449b90a9379aed63b24c136811f92de9e96175cc0fd19 status: experimental description: Detects traffic or activity related to http://175.173.78.153:45701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.78.153:45701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.13.149:33890/i id: auto-70df70ce70395e13f5ff0e0bcc98752cf8c685228e928c4f14a0e41ba9bea88b status: experimental description: Detects traffic or activity related to http://110.37.13.149:33890/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.13.149:33890/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.174.219:42675/i id: auto-38626012d8fec443b62fcfefdb48f55b57998b9a4efd5a61a27251d00b0dfe32 status: experimental description: Detects traffic or activity related to http://42.56.174.219:42675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.174.219:42675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/armv6l id: auto-2f3a52e96e13627f5a7a8b051aa103e2fb483c8168328230ea629283aabeee91 status: experimental description: Detects traffic or activity related to http://89.125.187.224/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/armv5l id: auto-7db2e78eb5621276ad31e498bc4ee9ab9874093bcd8f17bc05553e9e5e53141f status: experimental description: Detects traffic or activity related to http://89.125.187.224/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/armv4l id: auto-c13c716b4456378a0fd290243633292c19d75f85d101feeb89f01e9cbca1db87 status: experimental description: Detects traffic or activity related to http://89.125.187.224/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/armv7l id: auto-5a45375c985b634e027694b584ed8690bb6f2f18d22e0099e35bd6fe139b5685 status: experimental description: Detects traffic or activity related to http://89.125.187.224/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/sh4 id: auto-c4a82cb176ea30c8a980079ba9c1b2765eece104949206284e49960fd2821908 status: experimental description: Detects traffic or activity related to http://89.125.187.224/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/powerpc id: auto-c2c4e2a7726921d0a9d4d0f1d1c044ca1afcb2ff1be688be390bbf307c59fa81 status: experimental description: Detects traffic or activity related to http://89.125.187.224/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/i586 id: auto-4618b02edb621815618e64775a6d7a1bdefcf16f6eeb7d947e630ac2de3fbb38 status: experimental description: Detects traffic or activity related to http://89.125.187.224/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/x86_64 id: auto-3c8a7d6510b08b1713bc56f2c4e037c548f7db3c79d0ed50df67078708add134 status: experimental description: Detects traffic or activity related to http://89.125.187.224/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/i686 id: auto-af5321931398a6be3092f2fdb84e3126afd6e0f63c0baab7645c43891b49bd44 status: experimental description: Detects traffic or activity related to http://89.125.187.224/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/mipsel id: auto-fa81523562f7d7e3d341f13f6a56af14d786c9f0bc4bc643722a6922f4a290e4 status: experimental description: Detects traffic or activity related to http://89.125.187.224/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/mips id: auto-054ae25f3517ed8c977533e8e5f23310fcbac8618c3db208ca7f7b19877ced64 status: experimental description: Detects traffic or activity related to http://89.125.187.224/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.125.187.224/m68k id: auto-976d8c13ce6fce00f39468b886390d8b10f8d6ad4b3599aa778e0a03305c7a96 status: experimental description: Detects traffic or activity related to http://89.125.187.224/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.125.187.224/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.96:43406/bin.sh id: auto-01a7d630d9b735d9c4257a561bcd897e26867956c0a6a48a80d453181a65fd34 status: experimental description: Detects traffic or activity related to http://110.37.104.96:43406/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.96:43406/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.12.188:55390/bin.sh id: auto-94ed0463ac648aef20f16331c2b14089661db0ddc21313344f89f2eddab55b88 status: experimental description: Detects traffic or activity related to http://39.79.12.188:55390/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.12.188:55390/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.36.140:40714/i id: auto-c84f4080a1bf16c479a17c140708391926773338259d6a8fbe10dbc8f12b9c10 status: experimental description: Detects traffic or activity related to http://42.231.36.140:40714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.36.140:40714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://download.kbcard.com/security/wizvera/delfino-g3/delfino-g3.exe id: auto-cc4937f38c1a5783ab3e87fe311e7a87188afbf0c269bdb2f3a1e61ff3e1beef status: experimental description: Detects traffic or activity related to https://download.kbcard.com/security/wizvera/delfino-g3/delfino-g3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://download.kbcard.com/security/wizvera/delfino-g3/delfino-g3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-86da01ef5dcc48a5835da89640b8232a.r2.dev/KB38459284_x86.exe id: auto-61e2aef7b24ec78b6d89fc45c3f0abf44d4b99913630e31e8d875bf201686c9d status: experimental description: Detects traffic or activity related to https://pub-86da01ef5dcc48a5835da89640b8232a.r2.dev/KB38459284_x86.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-86da01ef5dcc48a5835da89640b8232a.r2.dev/KB38459284_x86.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://store-eu-par-6.gofile.io/download/direct/a7eebe98-4533-4cc3-8280-e62c64c09856/VVIP4.msi id: auto-6c7c6428fed5275826e9a9e7a55677d815cb9b192bcd7d9c9ed24a2d49b1cd6a status: experimental description: Detects traffic or activity related to https://store-eu-par-6.gofile.io/download/direct/a7eebe98-4533-4cc3-8280-e62c64c09856/VVIP4.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://store-eu-par-6.gofile.io/download/direct/a7eebe98-4533-4cc3-8280-e62c64c09856/VVIP4.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vdfccjpnedujhrzscjtq.supabase.co/storage/v1/object/public/image/v4.msi id: auto-50e806dbcf3071f8b4c94bb68aee5c4d33b41f51cdd5e91e5684f8ec980677ba status: experimental description: Detects traffic or activity related to https://vdfccjpnedujhrzscjtq.supabase.co/storage/v1/object/public/image/v4.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vdfccjpnedujhrzscjtq.supabase.co/storage/v1/object/public/image/v4.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://anxt.ru/files/Grand%20Theft%20Auto%20V%202025.12.30%20-%2020.16.23.06.DVR.mp4%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.exe id: auto-be8e87c8b459d8cfef5d30f7cc36fbb5f5a09dd63e0fc458cc67fe49425a0803 status: experimental description: Detects traffic or activity related to https://anxt.ru/files/Grand%20Theft%20Auto%20V%202025.12.30%20-%2020.16.23.06.DVR.mp4%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://anxt.ru/files/Grand%20Theft%20Auto%20V%202025.12.30%20-%2020.16.23.06.DVR.mp4%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://666zy.vip/Z7757.exe id: auto-931f60d80f1da6c22138ebbad7daddc3888e4d17bc4db35d6ff1b668c97d863c status: experimental description: Detects traffic or activity related to http://666zy.vip/Z7757.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://666zy.vip/Z7757.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://chelpus.com/luckypatcher/LuckyPatcherInstaller.apk id: auto-d87754519948b14d7177ea12ac7a3749adc48fc512a625beca7b3e51663b2ae7 status: experimental description: Detects traffic or activity related to https://chelpus.com/luckypatcher/LuckyPatcherInstaller.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://chelpus.com/luckypatcher/LuckyPatcherInstaller.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gama567ad2.online/Gama567.apk id: auto-1a150360af083a4e2c0246f56bfa47cef0b8cba5e7ff1e20394b285e95a4eb33 status: experimental description: Detects traffic or activity related to https://gama567ad2.online/Gama567.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gama567ad2.online/Gama567.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://favoritebet189.online/aplikasi/Kingbet189.apk id: auto-80466a3bf6a016508aa95be5263796b3734945cd176307f23cc9202f1f547bff status: experimental description: Detects traffic or activity related to https://favoritebet189.online/aplikasi/Kingbet189.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://favoritebet189.online/aplikasi/Kingbet189.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lmofficialtrustedmatka.online/apk/lmmatka.apk id: auto-b3bfd2acbaafa81ba14a8196900f8ecc80f2b8e8d35884df2d28c9eb9fa0c1e0 status: experimental description: Detects traffic or activity related to https://lmofficialtrustedmatka.online/apk/lmmatka.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lmofficialtrustedmatka.online/apk/lmmatka.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://masuraturbo.com/aplikasi/masuraplay77.apk id: auto-205bba58d972dabfb168060237aa85b2c4fe9e628f9d55d16dc088a7314760d1 status: experimental description: Detects traffic or activity related to https://masuraturbo.com/aplikasi/masuraplay77.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://masuraturbo.com/aplikasi/masuraplay77.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://onitsuka77.org/aplikasi/Zenplay77.apk id: auto-416568326d6954a4e32d15ae631e959e4394abaab76fecda7022ca4930e4a932 status: experimental description: Detects traffic or activity related to https://onitsuka77.org/aplikasi/Zenplay77.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://onitsuka77.org/aplikasi/Zenplay77.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://img.nwuyn19.com/uploads/products/2025-12-14-18/upload_2e570611584e2f0a471d45a30e277818.apk id: auto-8b176eb7040ac8f25a59e9346dc02c2687f75c6014702ba3d1ac9938bbcdfd9f status: experimental description: Detects traffic or activity related to https://img.nwuyn19.com/uploads/products/2025-12-14-18/upload_2e570611584e2f0a471d45a30e277818.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://img.nwuyn19.com/uploads/products/2025-12-14-18/upload_2e570611584e2f0a471d45a30e277818.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://centerbet189.online/aplikasi/Kingbet189.apk id: auto-41c1b3d7ffe8b79b188df43d15a69bd5c9d9d3e4f96d6837460a90d5d21ac098 status: experimental description: Detects traffic or activity related to https://centerbet189.online/aplikasi/Kingbet189.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://centerbet189.online/aplikasi/Kingbet189.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jjmicro.com/sc2.msi id: auto-2a985bc01731fe806f5d4a427ac5b1e22a9658f002446a57accfeb58bc28107e status: experimental description: Detects traffic or activity related to https://jjmicro.com/sc2.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jjmicro.com/sc2.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sicepatlive189.online/aplikasi/Kingbet189.apk id: auto-faa401276b8f90b78584bcbd1bdb9359ab88cb7f6973f6af6d794a92a6c09b29 status: experimental description: Detects traffic or activity related to https://sicepatlive189.online/aplikasi/Kingbet189.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sicepatlive189.online/aplikasi/Kingbet189.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://webstub-net.pages.dev/app/FRS01.apk id: auto-b3b507d0991ca9173f114bda9113d515417fe3fc511023a015ead6dee0276f6b status: experimental description: Detects traffic or activity related to https://webstub-net.pages.dev/app/FRS01.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://webstub-net.pages.dev/app/FRS01.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://officialbet189.online/aplikasi/Kingbet189.apk id: auto-9b3fc90f6ed818f3d74852b89d892851c5b094aebf72ed306ff511c1369cf651 status: experimental description: Detects traffic or activity related to https://officialbet189.online/aplikasi/Kingbet189.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://officialbet189.online/aplikasi/Kingbet189.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://betplay138jr.net/aplikasi/Betplay138.apk id: auto-7da03003d867aeee34034a9a9daee987824652823dbb350b88a7b83dce650685 status: experimental description: Detects traffic or activity related to https://betplay138jr.net/aplikasi/Betplay138.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://betplay138jr.net/aplikasi/Betplay138.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-3d288ec7530a4c18b2a60ff5ff4d7fc9.r2.dev/NEW%20YEAR_GATHERING_INVITE_2026.msi id: auto-a3f2f3d6ec98a17c6b4ed0b6e07863c4ef2590505fe5d590bf354233290f4556 status: experimental description: Detects traffic or activity related to https://pub-3d288ec7530a4c18b2a60ff5ff4d7fc9.r2.dev/NEW%20YEAR_GATHERING_INVITE_2026.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-3d288ec7530a4c18b2a60ff5ff4d7fc9.r2.dev/NEW%20YEAR_GATHERING_INVITE_2026.msi*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mg-1.us/aplikasi/Mastergaming138.apk id: auto-6b5c01403af150e52276447edf62f32db8849371e6b85477a1d136f7a3b8948c status: experimental description: Detects traffic or activity related to https://mg-1.us/aplikasi/Mastergaming138.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mg-1.us/aplikasi/Mastergaming138.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mastergaming138.games/aplikasi/Mastergaming138.apk id: auto-e66d21fe52eb90f49154dd5297507edbca9c3b285a5b1ddb2d6e929f38d679a2 status: experimental description: Detects traffic or activity related to https://mastergaming138.games/aplikasi/Mastergaming138.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mastergaming138.games/aplikasi/Mastergaming138.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.109.174.102:22455/.i id: auto-4376843e57878053d82b612b9ee224fee14cfa9df1098b15df9cba3a6a58cd94 status: experimental description: Detects traffic or activity related to http://116.109.174.102:22455/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.109.174.102:22455/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://oelgaard.dk/torkils/userfiles/downloads/tmm/1.006/torkilsmicmuter.exe id: auto-c337fe6a1f71fe31c451ff2304cafc4259bba7a8a91701fe7048f1af7c3c76f4 status: experimental description: Detects traffic or activity related to https://oelgaard.dk/torkils/userfiles/downloads/tmm/1.006/torkilsmicmuter.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://oelgaard.dk/torkils/userfiles/downloads/tmm/1.006/torkilsmicmuter.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.169.131.219:46666/i id: auto-62a0a8b0daefe1e5dc060da03f32c2eafc0d6ee51fad47838778e9c34cd12eaa status: experimental description: Detects traffic or activity related to http://212.169.131.219:46666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.169.131.219:46666/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.42.229.80:15195/.i id: auto-2d2db96953f055ac151768c246eaba607443ef3c27ab713a29c6747acc7cea37 status: experimental description: Detects traffic or activity related to http://118.42.229.80:15195/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.42.229.80:15195/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.45.149.45:25868/.i id: auto-1ca69a34427466fe4d53191295a539aad0814c1d56cb36ff59587eedcdaa8db1 status: experimental description: Detects traffic or activity related to http://31.45.149.45:25868/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.45.149.45:25868/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://wh1495840.ispot.cc/NovaVault.exe id: auto-8a8fed5a3b60ed2060138566a0297b6c0ad22926a7cf2bdeda2aaf8eaf58ef2d status: experimental description: Detects traffic or activity related to https://wh1495840.ispot.cc/NovaVault.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://wh1495840.ispot.cc/NovaVault.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.fireload.com/11ffeb75df4dafd5/The_MegaDrive.7z id: auto-b6bd3e1ba4cf63a2c76c1992fda38fbf83b067ef7ddeb939206f423b9ecccdbb status: experimental description: Detects traffic or activity related to https://www.fireload.com/11ffeb75df4dafd5/The_MegaDrive.7z which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.fireload.com/11ffeb75df4dafd5/The_MegaDrive.7z*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mastergaming138.design/aplikasi/Mastergaming138.apk id: auto-a92641828f29250be818a4b8013454270f6ceaaf05f5a803c3a9d19f11da5551 status: experimental description: Detects traffic or activity related to https://mastergaming138.design/aplikasi/Mastergaming138.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mastergaming138.design/aplikasi/Mastergaming138.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.218.75.240:27473/.i id: auto-fa47b1dd2fa8d77ecfb433c6eadec70eebe1bcf141bc7b05f0af13c59c99570d status: experimental description: Detects traffic or activity related to http://46.218.75.240:27473/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.218.75.240:27473/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.92.154.218:50595/.i id: auto-507c1a2edd45bd9a61c0665445d1ddfda472c6dd38427f59c472e1691acab817 status: experimental description: Detects traffic or activity related to http://36.92.154.218:50595/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.92.154.218:50595/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.158.74.30:33033/Mozi.m id: auto-c7781e78124375bab99daea61c9335994b053805b1cf4b71642552e8d3c92e12 status: experimental description: Detects traffic or activity related to http://36.158.74.30:33033/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.158.74.30:33033/Mozi.m*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:38650/bin.sh id: auto-90c91178fe5cb2a5eecb21f67e8389697f7acfc10575793cbd5a53584fee65bf status: experimental description: Detects traffic or activity related to http://118.232.137.101:38650/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:38650/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://servachok.space/release/RaisingLinear.exe id: auto-49032d7b2eafe580aca8f1451a22ed140525dbbc624577c4cf938c773b52ea76 status: experimental description: Detects traffic or activity related to https://servachok.space/release/RaisingLinear.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://servachok.space/release/RaisingLinear.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.36.140:40714/bin.sh id: auto-e100e91bec313b4a7ed1392887efccbaf469526eaed60077fc1caedd9664d0f6 status: experimental description: Detects traffic or activity related to http://42.231.36.140:40714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.36.140:40714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.52.143:60496/i id: auto-00f0c445f30fca98102c6036f34fbbbbfb2433e117022ff16d189e3ffe042244 status: experimental description: Detects traffic or activity related to http://117.215.52.143:60496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.52.143:60496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.50.149:56251/i id: auto-acbe57626728863d25db8ad1902fd5501000a12b85402b376bf9598b33b6e5b6 status: experimental description: Detects traffic or activity related to http://175.146.50.149:56251/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.50.149:56251/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.215.152:60899/i id: auto-ec781cea08c2fc8eea39654ceca9de498142ef21e163f0e6477d3a4b74483931 status: experimental description: Detects traffic or activity related to http://110.38.215.152:60899/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.215.152:60899/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.177.47:40134/bin.sh id: auto-bbb30f8aa9695546ca948d7142dc98b3fdbd4caef89f9d807adc62c82d18a70e status: experimental description: Detects traffic or activity related to http://182.127.177.47:40134/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.177.47:40134/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.122.79:36189/i id: auto-e9c977b929e1c1138479fb524908c1d1131f3478e4f3ddaa10c3b6e270eaed31 status: experimental description: Detects traffic or activity related to http://27.215.122.79:36189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.122.79:36189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.mips id: auto-357a9a507c85331efef3a045b07137ebc2c5e0d8a3be33db0aa92f4488b11a9a status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.arm7 id: auto-16082817f934eacfd2789b44653a4952c798d185f44f5430c3a9fec1aced4963 status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.48.158:45733/i id: auto-b4734050342780cc204323ba951f6fa38bd24f7ffcd003f762c49794a7d1b852 status: experimental description: Detects traffic or activity related to http://61.52.48.158:45733/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.48.158:45733/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.arm5 id: auto-deac4bfce6c79dd288f6032e0104f2de2b84c9aaa1351ae041f6ea297387ac9f status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.mpsl id: auto-950f23ab6f07a28cfe2a1c29ce33d5e586cf960d8c324af06089a179ac915282 status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.x86 id: auto-3a91edb7048045fb383f6f304b52afdf0eb581197e8b8d0234a0bc523bc3982d status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.arm id: auto-34d5a4cb30ee7444203ef9185ec480054de87cbbf60c495d7a5f5daa93c3aec5 status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.m68k id: auto-ba0a35f467f53f7c9bcf5ca43c787556b4f2d14453976ea4db5145f4a24c8323 status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.arm6 id: auto-109436553b90554c814aeee2aa25bbe4192c4e23e0823ce62a33748fb82b86ed status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.ppc id: auto-8036d8475e827cf5651241d86c4217bdabcf36deb24002c011ede5b3cfe57c41 status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.104.79.203/Pandoras_Box/pandora.sh4 id: auto-8c13ec94da88ae0b4b6517086ffffa9c828ffa5059a20996169f4ac7690e89d4 status: experimental description: Detects traffic or activity related to http://149.104.79.203/Pandoras_Box/pandora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.104.79.203/Pandoras_Box/pandora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.52.143:60496/bin.sh id: auto-6b8f26993cd277a3eaa1858423db89b27760980d18dfbd15382f28e1b613f8e5 status: experimental description: Detects traffic or activity related to http://117.215.52.143:60496/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.52.143:60496/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.157.85:40270/i id: auto-9c6e1bed2568935408949ebcd0ab42c80a2b0567246beace2947f6e4008e3f87 status: experimental description: Detects traffic or activity related to http://119.116.157.85:40270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.157.85:40270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.223.49:59225/i id: auto-25aade5003fddd9501d2fb9acd47dec2b91507969be0a1e8f8ab2a71e13b98b1 status: experimental description: Detects traffic or activity related to http://175.146.223.49:59225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.223.49:59225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://157.66.146.183:40962/i id: auto-4ba648038efa6c16fdd33c4653e7ec875530c175b42b3bf7a09c80cb068debe5 status: experimental description: Detects traffic or activity related to http://157.66.146.183:40962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://157.66.146.183:40962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.178.242:51012/i id: auto-9e2406e3f6f09d482b750dda60af8c9c2dbf2787156d9866518d3c23fe23614a status: experimental description: Detects traffic or activity related to http://125.44.178.242:51012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.178.242:51012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.91.121:57510/i id: auto-fa23554f68251f9be4161324f63045b525b9abc0ce4b340cdd654d1eeab43e67 status: experimental description: Detects traffic or activity related to http://61.53.91.121:57510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.91.121:57510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.201.140.48:45744/i id: auto-20278d2a4f864c299f2a0a8323a80e77430f48eb330817086e8efea5a108102e status: experimental description: Detects traffic or activity related to http://27.201.140.48:45744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.201.140.48:45744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.26.195.93:48402/Mozi.a id: auto-ab2560ccc44d45f2a8c1591811073a4395d3f7bbcae28fee6b8f0397d0b5cd12 status: experimental description: Detects traffic or activity related to http://5.26.195.93:48402/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.26.195.93:48402/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.153.198:40819/i id: auto-bf7398bdfffe012271a15a1ef61b1754d58c4cd8c9954357798d331872d0413c status: experimental description: Detects traffic or activity related to http://125.40.153.198:40819/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.153.198:40819/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.230.0:59423/i id: auto-5277aa44a19f3b405d1c2ce4302ad204681e5ccb8b95faa09801b8b7c5ba0f9d status: experimental description: Detects traffic or activity related to http://115.49.230.0:59423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.230.0:59423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.83.210:50375/i id: auto-cf2439a432cd920cc46953d3dc093f80a6ab530066efe5a255c740f04cbd11c9 status: experimental description: Detects traffic or activity related to http://85.108.83.210:50375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.83.210:50375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.33.197:52309/i id: auto-63b1459ef6888287e030e714918031134c032b781b00e54163f26e39d3917934 status: experimental description: Detects traffic or activity related to http://110.37.33.197:52309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.33.197:52309/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.34.69:42869/i id: auto-1b871329946c6c761258195910dad8be2d4af26f0ee18e93e1ca372f4dee1d68 status: experimental description: Detects traffic or activity related to http://42.85.34.69:42869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.34.69:42869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.186.6:45922/i id: auto-e1e88c057c0c17e059a20015c5e6db7ee70b3668c5608f2cead9f0faa8f4c16d status: experimental description: Detects traffic or activity related to http://123.8.186.6:45922/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.186.6:45922/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.78.183:43059/i id: auto-f5ec87f20356eb9a03bcc4a9356415fd245f4ad661347d19a50f7b0f07176a3f status: experimental description: Detects traffic or activity related to http://182.117.78.183:43059/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.78.183:43059/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.214.229:34485/i id: auto-e787bc6d747c305022819c66d8b7e4b052cadb6f728a56f22a962b34bf6217ba status: experimental description: Detects traffic or activity related to http://27.215.214.229:34485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.214.229:34485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.106.115:42701/i id: auto-cc77731352e3b38ff8eda893f18b8cc1cfb446aaa2468cad09f65a2f8ad953b8 status: experimental description: Detects traffic or activity related to http://5.59.106.115:42701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.106.115:42701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.194.54:56085/bin.sh id: auto-b2b10f0fa5a28068bbe3339aef4953583b2261fa6a94f20af50c20bd108a4bec status: experimental description: Detects traffic or activity related to http://175.165.194.54:56085/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.194.54:56085/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.99.65:54064/i id: auto-fc95f5dad5bea84004333afd593464e098480251b9d366832b7df5a2f760985f status: experimental description: Detects traffic or activity related to http://222.139.99.65:54064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.99.65:54064/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.10.133:36424/i id: auto-381e83012d9d6e1488f66f2d45aa8da1876f7f2451cecae230e87739764169b9 status: experimental description: Detects traffic or activity related to http://182.113.10.133:36424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.10.133:36424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.255.45.54:48893/i id: auto-010e51da7564c6260d11e77eee68d44a7405a6f560b128764e2a07f3b2416b29 status: experimental description: Detects traffic or activity related to http://83.255.45.54:48893/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.255.45.54:48893/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.218.101:38295/i id: auto-6f10c86588e2a402039fa8a8edd3b3ceef68cddf64ec8dbf3f42fe0439d4d580 status: experimental description: Detects traffic or activity related to http://119.189.218.101:38295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.218.101:38295/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.84.20:45787/i id: auto-076795cbe4d9cf598af3ecc56759e9213cedac204fad76cc7d1c7194eb90b9d9 status: experimental description: Detects traffic or activity related to http://110.37.84.20:45787/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.84.20:45787/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.157.85:40270/bin.sh id: auto-c7aa758a285fe81e133975b07adee7a406e64f5f94d511f55f2f24d85c4f243d status: experimental description: Detects traffic or activity related to http://119.116.157.85:40270/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.157.85:40270/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.184.48.116:37280/bin.sh id: auto-9099eed88f2d646ddea26b0cd5d94e87e9ca7f52fbd532ed85e5e53161232143 status: experimental description: Detects traffic or activity related to http://119.184.48.116:37280/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.184.48.116:37280/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.80.214:37749/i id: auto-e4c28de3d492dedc2aba970e2f3ff16994a0e82753e13a50922425d804fe77fd status: experimental description: Detects traffic or activity related to http://175.165.80.214:37749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.80.214:37749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.212.139:37329/i id: auto-995d518d435f9b454a2ee724ba589c0a6e9555e773aa6b9e26ffc59a822d43e5 status: experimental description: Detects traffic or activity related to http://125.44.212.139:37329/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.212.139:37329/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.84.140:38020/i id: auto-8ee1d3592f450b3906ed4de262989a152da4e51fd11a59820a4202b78a92454e status: experimental description: Detects traffic or activity related to http://182.121.84.140:38020/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.84.140:38020/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:52013/i id: auto-1a26b69713c0de691ec366cb82ca80b889b5e5f2e965e822d1869ea3ce6575fc status: experimental description: Detects traffic or activity related to http://124.29.225.50:52013/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:52013/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.78.183:43059/bin.sh id: auto-35ac23cdc65f8dbf0a6211887b849d5bcbc2d6c3252c007fdfd5f0321a1cc8eb status: experimental description: Detects traffic or activity related to http://182.117.78.183:43059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.78.183:43059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.29.84:49059/i id: auto-735fdd8896531072f4d146f1ce4578e800979570c8c2aa7486ed0195e08e6f63 status: experimental description: Detects traffic or activity related to http://123.190.29.84:49059/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.29.84:49059/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.84.20:45787/bin.sh id: auto-45f37ad70611260d41f160e2b83b4f8d937eb5fa0ece9216905525bb939d7866 status: experimental description: Detects traffic or activity related to http://110.37.84.20:45787/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.84.20:45787/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.235.142:47704/i id: auto-a5b8d991096b7ed0af8f3d132cf7394f7aa4dab696e8b95dc443d9e62fe63f28 status: experimental description: Detects traffic or activity related to http://61.54.235.142:47704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.235.142:47704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.27.55:57702/i id: auto-12a4266c5391785138e12c8c0396c9caddb90377a02ce52bcb5aee23b7bb1499 status: experimental description: Detects traffic or activity related to http://123.14.27.55:57702/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.27.55:57702/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.47.244:47189/i id: auto-dacc80289efe3190937f6bc111db43fe3ec1e6b900da6b7ace413b2ed42228ec status: experimental description: Detects traffic or activity related to http://42.178.47.244:47189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.47.244:47189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.212.139:37329/bin.sh id: auto-346df196471fe16ed4fee815ecd2b542350db5ef153f0f9b89157cbf7d2f7d95 status: experimental description: Detects traffic or activity related to http://125.44.212.139:37329/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.212.139:37329/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.255.47.101:46073/i id: auto-6e127e8e2307b2043a9e83c86beb68a4484b264b7a56957d080cd7c2a537e5c8 status: experimental description: Detects traffic or activity related to http://58.255.47.101:46073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.255.47.101:46073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:52013/bin.sh id: auto-ee243ce3138bd5daef8d9c3f663254454b55746f17f77820544657de35cabd30 status: experimental description: Detects traffic or activity related to http://124.29.225.50:52013/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:52013/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.84.140:38020/bin.sh id: auto-a2382d8e98d444797d13d70da073c4ac6941835a3f90191031cb801c7c8129a7 status: experimental description: Detects traffic or activity related to http://182.121.84.140:38020/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.84.140:38020/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:45252/bin.sh id: auto-21a90f55964f551bf282828298bfe29327cd298217405debc3b2e25ad2e76ffb status: experimental description: Detects traffic or activity related to http://110.37.73.233:45252/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:45252/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.126.184:37512/i id: auto-b8eb9919146554cc870742ec13a549b7bdae30adfb2f546d8e2b786dae1a1271 status: experimental description: Detects traffic or activity related to http://182.127.126.184:37512/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.126.184:37512/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.186.84:49210/i id: auto-ccb8067e73ed03ebc4af6419d196c04f2b1ec1b8217d746be1c2d309b1587930 status: experimental description: Detects traffic or activity related to http://178.141.186.84:49210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.186.84:49210/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.54.235.142:47704/bin.sh id: auto-db3376b80da7bcea30f994aec94f72a2367ff537bb2f853daf91bdc562584f93 status: experimental description: Detects traffic or activity related to http://61.54.235.142:47704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.54.235.142:47704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.190.250:43065/i id: auto-3a9bbda11ca7871bdcbb87d176c289d930fffe95c49b642d7fd6030b51dfc4f4 status: experimental description: Detects traffic or activity related to http://42.235.190.250:43065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.190.250:43065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.194.184:40925/i id: auto-00ed79830342456d3216209213b653f0d10e5b9eb71a0db9fad2f426c2c5f5e8 status: experimental description: Detects traffic or activity related to http://182.113.194.184:40925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.194.184:40925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.48.158:45733/bin.sh id: auto-bef2c3679327db786036068da760bf553f31b4748571783b1b4334668b5c63a8 status: experimental description: Detects traffic or activity related to http://61.52.48.158:45733/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.48.158:45733/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.47.244:47189/bin.sh id: auto-6a9e783d8681654e68d999953caa8b62361653466f4ea078e5c4d1100dd02388 status: experimental description: Detects traffic or activity related to http://42.178.47.244:47189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.47.244:47189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.31.198:39719/i id: auto-a5801f622b788ab6d672dc190f758398925e7657273a12341b75dbe187de37f0 status: experimental description: Detects traffic or activity related to http://110.37.31.198:39719/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.31.198:39719/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.186.84:49210/bin.sh id: auto-4e3399d38dd336d0c0a903f62e6805a21f7cea578db229efa19673620b021667 status: experimental description: Detects traffic or activity related to http://178.141.186.84:49210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.186.84:49210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.247.164:43204/bin.sh id: auto-af29322acc2a186bcae0c52afdaec49a70776a9a498c16a2b0dca268b3483951 status: experimental description: Detects traffic or activity related to http://110.39.247.164:43204/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.247.164:43204/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.137.185.109:54161/i id: auto-e2b83c7b85be87685a908cfd6359ba9fd256abbbedcff749cd7615b48063e136 status: experimental description: Detects traffic or activity related to http://61.137.185.109:54161/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.137.185.109:54161/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.91.96:60117/i id: auto-eaf6b0af3ae21f82801f4021376daac325217de4862cc6cd5516304416731b6a status: experimental description: Detects traffic or activity related to http://219.155.91.96:60117/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.91.96:60117/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.126.184:37512/bin.sh id: auto-8a717df9646c42c074a32d796b4fb556bdb3adccc39f9620ed0ea7e8d0f87ded status: experimental description: Detects traffic or activity related to http://182.127.126.184:37512/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.126.184:37512/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.203.54:44554/i id: auto-04a0363a7f05eb756c9190cb7cedb893a9a6d13e3bc34e801d6537576e88153f status: experimental description: Detects traffic or activity related to http://115.55.203.54:44554/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.203.54:44554/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.192.221:49674/bin.sh id: auto-dbe489dece6be388558afd0fb8e24f188e3c4d088d65b65416ad0e9025b0c057 status: experimental description: Detects traffic or activity related to http://123.188.192.221:49674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.192.221:49674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.170.136.155:42120/bin.sh id: auto-c3ac513738c6466d099d8b8f81d137baf6b4c0aa227e7770a499625cc5d5032c status: experimental description: Detects traffic or activity related to http://108.170.136.155:42120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.170.136.155:42120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.84.47:57368/i id: auto-7521025250c40c77fcbc8d6ccc9950cf52e9bdaaf3c29e08bd12e9b27c54b2fb status: experimental description: Detects traffic or activity related to http://115.59.84.47:57368/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.84.47:57368/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.217.75:45815/i id: auto-f42c91fb1da8fd6b08a340351eee8faa61dcfcf6b2c7353ab0d8ca934869a587 status: experimental description: Detects traffic or activity related to http://115.55.217.75:45815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.217.75:45815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.223.218:38033/i id: auto-8e53ddcb80997e959c356997b178f159d6e4d2166cf588248c035157fd0cbf35 status: experimental description: Detects traffic or activity related to http://59.184.223.218:38033/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.223.218:38033/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.12.185:55544/bin.sh id: auto-7e918eb2f093944882efdd8edd3ed4d5526fa69793a93899ae29104b14998f3c status: experimental description: Detects traffic or activity related to http://221.14.12.185:55544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.12.185:55544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bafybeiaj6jw2xhbppgji757tn3hg5uu6splaa5gyydkwnzwprzakcp44ve.ipfs.w3s.link/PurchaseOrder_0006094050126_%20Procomps_Docx.vhd id: auto-c2fa35cdf4f598175b6d2aad7d3c50e6a533c2b0fb6b9f3bcae98153187c7b1a status: experimental description: Detects traffic or activity related to https://bafybeiaj6jw2xhbppgji757tn3hg5uu6splaa5gyydkwnzwprzakcp44ve.ipfs.w3s.link/PurchaseOrder_0006094050126_%20Procomps_Docx.vhd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bafybeiaj6jw2xhbppgji757tn3hg5uu6splaa5gyydkwnzwprzakcp44ve.ipfs.w3s.link/PurchaseOrder_0006094050126_%20Procomps_Docx.vhd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.203.54:44554/bin.sh id: auto-3391985d48a397adafc9a0e8e04ae13b382e3ed92b86572b12711dd8622c2903 status: experimental description: Detects traffic or activity related to http://115.55.203.54:44554/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.203.54:44554/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://109.107.168.164/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-d3fa75480f9d9a3458859767aed4e1b3cc84d0ee0a179a688dfa6873676ffd2b status: experimental description: Detects traffic or activity related to https://109.107.168.164/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://109.107.168.164/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.91.96:60117/bin.sh id: auto-c8a33c9bea4b988ee284f7a24bb7f74498df1cf4c560a9e344dd6df722ca48a9 status: experimental description: Detects traffic or activity related to http://219.155.91.96:60117/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.91.96:60117/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.137.185.109:54161/bin.sh id: auto-f097d399155f97d42a06108fae1ef90ad4d92724e3142590c9afa4d2dab971fc status: experimental description: Detects traffic or activity related to http://61.137.185.109:54161/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.137.185.109:54161/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.82:43946/i id: auto-965c7e2bd76b768b6b7381388d8d3ac768bd66f2e46eae336e85df8bc06da7ca status: experimental description: Detects traffic or activity related to http://110.37.2.82:43946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.82:43946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.125.32:51714/i id: auto-7d1e7509e42b67b3a9a2085333f494fce634b6c24674bd8656cdf06df7cdcd04 status: experimental description: Detects traffic or activity related to http://42.178.125.32:51714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.125.32:51714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.84.47:57368/bin.sh id: auto-48a6e4a519b533c9acbb38d23794e8b47477804f2e2c3b8ddb6d406b7aa0958a status: experimental description: Detects traffic or activity related to http://115.59.84.47:57368/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.84.47:57368/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.189.39.99:45485/i id: auto-efad8b1ff02d7b16aafe49bea655d87b1b3a245eeefb0965b88b71ab10f378ce status: experimental description: Detects traffic or activity related to http://47.189.39.99:45485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.189.39.99:45485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.223.218:38033/bin.sh id: auto-f699a3975fe549fc4343a2fc36fef365075701706dc332e1e3df8a749caf0c70 status: experimental description: Detects traffic or activity related to http://59.184.223.218:38033/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.223.218:38033/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.180.141.5:44330/i id: auto-01f3e794a43bf618f79adb49601bd9322646f42ad5b034a4383461aa4fa562b6 status: experimental description: Detects traffic or activity related to http://59.180.141.5:44330/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.180.141.5:44330/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.88.249.78:48841/i id: auto-54ca1998ffc927eb0173a5f99aedc3f9e1dc12390d5ea553c65a7bf05fbe66fa status: experimental description: Detects traffic or activity related to http://39.88.249.78:48841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.88.249.78:48841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.115.159:54394/bin.sh id: auto-6cfc8973521cedf4072bc25614ab2dec27548aea1adab6715ef0b5000962a515 status: experimental description: Detects traffic or activity related to http://112.248.115.159:54394/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.115.159:54394/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:57089/bin.sh id: auto-0b40b4061a62d1a5cb44e521e1823576c5f0d29d4a7babdbc987800f89ce985e status: experimental description: Detects traffic or activity related to http://110.36.29.208:57089/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:57089/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.188.93:53152/bin.sh id: auto-0438cd8f3e395aaa7836c000ae6852e92010fedba3f00335315ddbf46d94becf status: experimental description: Detects traffic or activity related to http://222.140.188.93:53152/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.188.93:53152/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.120.203:47421/bin.sh id: auto-bcf8b05dc5219be7a68120b440b4bdfe4c448f2759df123d15dce32d320f8950 status: experimental description: Detects traffic or activity related to http://175.149.120.203:47421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.120.203:47421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.189.23:57159/bin.sh id: auto-48d5c02f4add5ff5d7492563183dbb081145ba35a87d545f65b2bd869377b41b status: experimental description: Detects traffic or activity related to http://42.57.189.23:57159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.189.23:57159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.189.39.99:45485/bin.sh id: auto-60d68492c9192e2212ad55156530f21385007a01935e4971ccc57baebc7cb057 status: experimental description: Detects traffic or activity related to http://47.189.39.99:45485/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.189.39.99:45485/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.88.249.78:48841/bin.sh id: auto-6f3fa519370a4772c47f70e6f3946836327ee09d71107c68cc365fca4a0c6c2d status: experimental description: Detects traffic or activity related to http://39.88.249.78:48841/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.88.249.78:48841/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.139.244:45508/i id: auto-80bbfc306b30ac2f20fc3d3b9d2a2690b496621d52f90d158a057c70e541da5a status: experimental description: Detects traffic or activity related to http://59.96.139.244:45508/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.139.244:45508/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.184.223:34690/i id: auto-6cc94a908bec4ccbe05a271d35a87219035d6e6a4965d4c9ee7bb7a162e9fdef status: experimental description: Detects traffic or activity related to http://42.224.184.223:34690/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.184.223:34690/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.172.56:41764/bin.sh id: auto-821fa9f50f5534a06aa4849773a836085331e3180f788ad7b9f91dcd7f3b3f57 status: experimental description: Detects traffic or activity related to http://119.189.172.56:41764/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.172.56:41764/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.164.201:47030/i id: auto-7c35a2ae17f9c8bf4e781ee8fec0bc84f954ad2c107f72eeb7bf3940726acaa2 status: experimental description: Detects traffic or activity related to http://112.242.164.201:47030/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.164.201:47030/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.184.223:34690/bin.sh id: auto-929d4b5a98318351446156d03cf0835db80672722856f6f86304fe918732ed2b status: experimental description: Detects traffic or activity related to http://42.224.184.223:34690/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.184.223:34690/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.139.244:45508/bin.sh id: auto-d4d1a915a4c7aaf624489916eaf1f776282aac42ecd27046bce9e0808a149dc7 status: experimental description: Detects traffic or activity related to http://59.96.139.244:45508/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.139.244:45508/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.61.156:33380/i id: auto-daaffd58b40c68f9364bc5ad6df27d3142ed2be19944a04e82281d50314578d8 status: experimental description: Detects traffic or activity related to http://113.237.61.156:33380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.61.156:33380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.243.36:49506/i id: auto-c9275c751265771eebb89768c06fb33005d3b8de48fcfaf087a8a8d9f10a4ff1 status: experimental description: Detects traffic or activity related to http://59.97.243.36:49506/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.243.36:49506/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.164.201:47030/bin.sh id: auto-e3e3f548d2214a465d5a1d27e065c5405dcb414454f2729792ad3d05ec23ec1d status: experimental description: Detects traffic or activity related to http://112.242.164.201:47030/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.164.201:47030/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.186.84:56307/bin.sh id: auto-9aa5f3229ae3435595d247e43c34b5efe9d60a6a743401f8e7584e14c58826cf status: experimental description: Detects traffic or activity related to http://39.90.186.84:56307/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.186.84:56307/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.128.68:48994/i id: auto-6446d0345fba39456f3f2a0aeae821bf1797e1fbb0af5c213acd1287935ffe5a status: experimental description: Detects traffic or activity related to http://222.140.128.68:48994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.128.68:48994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.95.153:52597/i id: auto-dd0f70441f62f3a7ba6a616a1d524518fc69ad0da41cfcfaec4d41462b6ed7cf status: experimental description: Detects traffic or activity related to http://42.235.95.153:52597/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.95.153:52597/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.42.58:48145/i id: auto-f5c24a5f3a09cf9eccff0bb065b609f89d462274491ac39130bd125a363760e0 status: experimental description: Detects traffic or activity related to http://182.121.42.58:48145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.42.58:48145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.95.153:52597/bin.sh id: auto-7799c4d67071fbf3c9fa8700a60571fc651fced19f7f9846cd95f5399aaff9f8 status: experimental description: Detects traffic or activity related to http://42.235.95.153:52597/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.95.153:52597/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.12.119:41892/bin.sh id: auto-3ba66860949522f8a40e430bf402e755df5a1ffbc3737f1d8e5a1a7fd599b722 status: experimental description: Detects traffic or activity related to http://42.180.12.119:41892/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.12.119:41892/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.178.144.96:47263/i id: auto-6f8579e558c03c5ce4638a474f6f8063de1498543b478eb956efe0286ea52f47 status: experimental description: Detects traffic or activity related to http://59.178.144.96:47263/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.178.144.96:47263/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.243.36:49506/bin.sh id: auto-8ffaad6f1ebfe23d98f5363f21dc43f191b0db7e51fe217a28f37f2e6158f60c status: experimental description: Detects traffic or activity related to http://59.97.243.36:49506/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.243.36:49506/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.128.68:48994/bin.sh id: auto-7b38f0ce7035f2ca6d09050fd73a9b69d62a5a6bc8f0719428516a9a831afa70 status: experimental description: Detects traffic or activity related to http://222.140.128.68:48994/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.128.68:48994/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.61.156:33380/bin.sh id: auto-87468307bcd521f8b7bc1645976e74717c0bcb0116ee3cce3a90bae2a1c11d8d status: experimental description: Detects traffic or activity related to http://113.237.61.156:33380/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.61.156:33380/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.178.144.96:47263/bin.sh id: auto-2d0e92d5d3f84c13d9bade25c941632b37a01aaeb8172008b58c09a4be792aae status: experimental description: Detects traffic or activity related to http://59.178.144.96:47263/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.178.144.96:47263/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.214.47.119:33051/i id: auto-8aaf45302854fd80ceebf9fb041540acaa83764198a40be48ee8a1a923346b45 status: experimental description: Detects traffic or activity related to http://176.214.47.119:33051/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.214.47.119:33051/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.184.225:59828/i id: auto-0d8e9c27f258bb95ebb00a6499cccfdc0aabec2f96af5f3e8638c5c0ded46af7 status: experimental description: Detects traffic or activity related to http://222.140.184.225:59828/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.184.225:59828/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.215.95:56384/i id: auto-4191eec4860c9b4abdaeb8f5e92b255f74fd51bc26698b7d6d86951b0417d8ad status: experimental description: Detects traffic or activity related to http://42.224.215.95:56384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.215.95:56384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.138.136:47231/bin.sh id: auto-61ec130810d499b51bd6226f6d627c5b12541e2fd1c08c1c163b4b332be0526e status: experimental description: Detects traffic or activity related to http://59.96.138.136:47231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.138.136:47231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.184.225:59828/bin.sh id: auto-3c55715f2534672cb45727cf189cbc4c35f4b3016a57cd477a0212411503561a status: experimental description: Detects traffic or activity related to http://222.140.184.225:59828/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.184.225:59828/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.240.230:34900/i id: auto-9b372b3134141de2cb5c3abb0d8b9e44c47e4e34c7140a8cdc24985a0472415d status: experimental description: Detects traffic or activity related to http://110.39.240.230:34900/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.240.230:34900/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.215.95:56384/bin.sh id: auto-79533bb3513bad0cfb4218fd0c93c5619e06eda376ca92d00f98fdd9c9728e2a status: experimental description: Detects traffic or activity related to http://42.224.215.95:56384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.215.95:56384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.141.127:57957/i id: auto-1a33314c6228fcd16b1af7a64ba9a6cca23b9321e8489e82754eab7f2dd02351 status: experimental description: Detects traffic or activity related to http://112.248.141.127:57957/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.141.127:57957/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.240.230:34900/bin.sh id: auto-f5cfd3ed29674260a5eb3bd66a7129eb1d9659430987a26dc8e2320e0725f133 status: experimental description: Detects traffic or activity related to http://110.39.240.230:34900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.240.230:34900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.83.210:50375/bin.sh id: auto-d249c650616a1af63676d6c92fa2e7c1d081e33e9792f870db29e7ead438c9c8 status: experimental description: Detects traffic or activity related to http://85.108.83.210:50375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.83.210:50375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.192.127.12:33742/i id: auto-9bc521a3c39fe8173b9eef8cdbf46c9787ba54cd4534d1de9eae5cd105ddbb51 status: experimental description: Detects traffic or activity related to http://117.192.127.12:33742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.192.127.12:33742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.83.210:50375/Mozi.m id: auto-5c851e6dc63c7604128ec0f6cb85ecf379f36f934d0b1482743a9c3538e6080f status: experimental description: Detects traffic or activity related to http://85.108.83.210:50375/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.83.210:50375/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:47581/i id: auto-09ebc9e94628428c3efca7e11182e04fc3351268b602235d20dfc15b8f930837 status: experimental description: Detects traffic or activity related to http://110.37.74.239:47581/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:47581/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.29.156:38587/i id: auto-0e387d97369bc3769295458dc0134e74744a9d3c4f4a96628114461060a6e0bd status: experimental description: Detects traffic or activity related to http://110.37.29.156:38587/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.29.156:38587/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.0.17:51682/bin.sh id: auto-4f7b103f3517d51a5a3deed38d92325aceb5216355c0b539bc01f58ef76a7a4f status: experimental description: Detects traffic or activity related to http://42.235.0.17:51682/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.0.17:51682/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.119.246:57504/i id: auto-d2491d9484f29abe4292f1ac7ed4f64a86a3a179d5d4b830ce94c6d01061ee50 status: experimental description: Detects traffic or activity related to http://110.37.119.246:57504/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.119.246:57504/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.59.73:47853/i id: auto-6c20e3b469a7f0eb3b234b66ae17b3ab4633ccdcac32bad9ce698b1e8b7bfa0d status: experimental description: Detects traffic or activity related to http://182.119.59.73:47853/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.59.73:47853/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.123.71:48647/i id: auto-1a87d39ed98e30674333b8bda9abcbe6df6f875255b78ff02c0e3829b9eb4ee8 status: experimental description: Detects traffic or activity related to http://117.208.123.71:48647/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.123.71:48647/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.141.127:57957/bin.sh id: auto-5c541b89a4884b416f882d6ea1b7d7a66ae931fde4e71c3be8eb6dc5dfd97f36 status: experimental description: Detects traffic or activity related to http://112.248.141.127:57957/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.141.127:57957/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.188.93:53152/i id: auto-d74f4d3565f46bcbe4467936baa11784bc825ef5b2b0fc2a3fbf219911125fa0 status: experimental description: Detects traffic or activity related to http://222.140.188.93:53152/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.188.93:53152/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.163.89:33626/i id: auto-d7eb3888c26df7ebc6b247d19b507416576dc80c842f67435b9bc4b076243296 status: experimental description: Detects traffic or activity related to http://42.56.163.89:33626/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.163.89:33626/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.151.240:49861/bin.sh id: auto-b99b766f68428a2e3ac1dc822ddd48c1eeb339c5348e23bd7119175f7b01c70c status: experimental description: Detects traffic or activity related to http://42.58.151.240:49861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.151.240:49861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.72.50:49946/i id: auto-d97e0ea25ffb43c0075d1b03c3706d6053a44f094a1925ff01462001f056a074 status: experimental description: Detects traffic or activity related to http://110.37.72.50:49946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.72.50:49946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.52.171:45395/i id: auto-ddff016cb60b4dc192618094e4edeb08adaf7ec1ea5c18106d81d38903f341aa status: experimental description: Detects traffic or activity related to http://182.116.52.171:45395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.52.171:45395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.59.73:47853/bin.sh id: auto-32c73292ba2c3dd01a14cb286a5d949c71c133f692e00e6d76aeb8d083a5c971 status: experimental description: Detects traffic or activity related to http://182.119.59.73:47853/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.59.73:47853/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.119.246:57504/bin.sh id: auto-d103e77509f27d9555cd5cd180fa104d7705ac71d25d5498af0ceb5562774a47 status: experimental description: Detects traffic or activity related to http://110.37.119.246:57504/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.119.246:57504/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.158.74.30:33033/i id: auto-8eb4a3caa5116d141df53d46bdb646b5ea50b8e07f8eb42349a74cca3e409069 status: experimental description: Detects traffic or activity related to http://36.158.74.30:33033/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.158.74.30:33033/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.34.179:39927/i id: auto-f247caa26299a94b0a072205329cc87e449f18de2cc6862c4df3faee712b528b status: experimental description: Detects traffic or activity related to http://110.37.34.179:39927/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.34.179:39927/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.232.199:53934/i id: auto-5c0810e56d1c715410324a5048725cdc63566f6f5615dfbf885b4ccfe97090c4 status: experimental description: Detects traffic or activity related to http://113.237.232.199:53934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.232.199:53934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.52.171:45395/bin.sh id: auto-7657123e167fccc72655580d387e34f31953db8fdd29fe388748eb6c06f2cd91 status: experimental description: Detects traffic or activity related to http://182.116.52.171:45395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.52.171:45395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.163.89:33626/bin.sh id: auto-800ec806b099bed5c98d6067adc7531963c1a30b630aa9038528d5b6fc9ac6ca status: experimental description: Detects traffic or activity related to http://42.56.163.89:33626/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.163.89:33626/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.94.108:44738/i id: auto-c0b4eaca44a16f170122fcc54a6fca900a37147f14c2aafd1c0f685b7b171707 status: experimental description: Detects traffic or activity related to http://42.231.94.108:44738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.94.108:44738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.72.50:49946/bin.sh id: auto-0030ede1707e2669beea86927700e197b710e6aa4e983c7552a111b8a9f29a2d status: experimental description: Detects traffic or activity related to http://110.37.72.50:49946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.72.50:49946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.69.113.141:42974/bin.sh id: auto-0d02238b763426222481c5c16f83c93416d68d22aa1dba1f0496464b7a1a7f6b status: experimental description: Detects traffic or activity related to http://78.69.113.141:42974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.69.113.141:42974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.158.74.30:33033/bin.sh id: auto-4e22c9f9bbaf3cad0d87ea8cf2ed991bfaaa4c3673a1007cb27ca6989c21ed65 status: experimental description: Detects traffic or activity related to http://36.158.74.30:33033/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.158.74.30:33033/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.103.93:33254/bin.sh id: auto-ef74fb3fd287fe6be38487cc99f03f0a733b33483f2e94140f05231ee06626d3 status: experimental description: Detects traffic or activity related to http://110.37.103.93:33254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.103.93:33254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.90.227:32911/bin.sh id: auto-ea3aa25b541623f2590fd864895d61ac300633cf92580a31697ca6134a37acc6 status: experimental description: Detects traffic or activity related to http://42.231.90.227:32911/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.90.227:32911/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.231.91:50858/i id: auto-a4270edcf9bd2031a6596fd6bb0bfd50bdf9f71d925388104384fdc96d2a4d9f status: experimental description: Detects traffic or activity related to http://175.173.231.91:50858/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.231.91:50858/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.232.199:53934/bin.sh id: auto-52b4d465ec2bbd1c4b0bf05702bf5d32aa5c76dc38b0d5b279c7f9201a357be5 status: experimental description: Detects traffic or activity related to http://113.237.232.199:53934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.232.199:53934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.94.108:44738/bin.sh id: auto-86a91891a760b2d8c2680eeb9a624ce9fcf5ac410613f6d7fc2ec18100e1da01 status: experimental description: Detects traffic or activity related to http://42.231.94.108:44738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.94.108:44738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.31.132:51212/bin.sh id: auto-ad06263f75b99ff6468c8d3cd881b80b98d8d57cf7f8d01a07354a4293f90243 status: experimental description: Detects traffic or activity related to http://110.37.31.132:51212/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.31.132:51212/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.159.21:42932/bin.sh id: auto-5419743ded15aee70204eeb5c72e0b230ecfb85d5b3718315953aa16bd1d7f45 status: experimental description: Detects traffic or activity related to http://222.140.159.21:42932/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.159.21:42932/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.192.23:52543/i id: auto-d112c1992ed613ae98de0c202267046458e6eec4116c3727c30387dbcf18bc9f status: experimental description: Detects traffic or activity related to http://115.57.192.23:52543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.192.23:52543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.44:46335/i id: auto-a719a9e7f4b7c9ae55e05c661a0fce6f5996e89dc0adfd233596458472d4d74e status: experimental description: Detects traffic or activity related to http://110.37.61.44:46335/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.44:46335/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.192.23:52543/bin.sh id: auto-09d1ee22eba6371680b585150ab88562ce91923a67cff7ef2ecd09d9eb33113e status: experimental description: Detects traffic or activity related to http://115.57.192.23:52543/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.192.23:52543/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.231.91:50858/bin.sh id: auto-c1c7543e5f0847f43511a7f7bf1648daccc7383fb227e3161ecc905e06a934b9 status: experimental description: Detects traffic or activity related to http://175.173.231.91:50858/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.231.91:50858/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.44:46335/bin.sh id: auto-5035f20741bd4fcf690090d47b8251953ce3c992d025d14237e4ecc386e5d62f status: experimental description: Detects traffic or activity related to http://110.37.61.44:46335/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.44:46335/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.45.171:60382/bin.sh id: auto-4dfef72dbacfc6692c88e2de3f49a1a7377c159a06e8668dbf550030818f8b12 status: experimental description: Detects traffic or activity related to http://61.168.45.171:60382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.45.171:60382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/p0wCvws.exe id: auto-f66baa4f9663866ccec900c8ff31153368a79d68c51db354ad93215ba31c3443 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/p0wCvws.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/p0wCvws.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://92bh4ebq.m0ri5ompump.ru/?=check&&actmn=buiImLuFwSgImduq id: auto-5959a2ee5cb195950ab6d684de69b70d017fdd528f22f557ce50d2cf0745dbe1 status: experimental description: Detects traffic or activity related to https://92bh4ebq.m0ri5ompump.ru/?=check&&actmn=buiImLuFwSgImduq which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://92bh4ebq.m0ri5ompump.ru/?=check&&actmn=buiImLuFwSgImduq*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.34.26:50502/i id: auto-723ab700786b1bcd12642348016f9086b9e9665e03fa90ced8506b77feabf07f status: experimental description: Detects traffic or activity related to http://123.8.34.26:50502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.34.26:50502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.149:34395/i id: auto-04ee1fba2096492df425824ba868bf6d08967e0963182c8721bf61e094a7fd8a status: experimental description: Detects traffic or activity related to http://181.103.0.149:34395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.149:34395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7972786482/I9f5Ms5.exe id: auto-3e59627239914cb1e120111f326b8a8f7cd913193cd1f489311d58c62603ff3a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7972786482/I9f5Ms5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7972786482/I9f5Ms5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.184.227:35210/i id: auto-8b2cd0833166b061fcd2890e6e59e452295bc6f9152353c34b91847bad212d36 status: experimental description: Detects traffic or activity related to http://113.229.184.227:35210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.184.227:35210/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.133.224:57346/i id: auto-1638e7503856606343c0c40d34c18a52f024e020371ab8a281a3b2e71798786e status: experimental description: Detects traffic or activity related to http://175.150.133.224:57346/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.133.224:57346/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://41xyhih6.sunb2zealou5.ru/?=check&&actmn=hvLcxNDNWbCVkBxi id: auto-eefcfb993d51e6ff21375d4c79ee549e5127baefa7412df6c64861466a489c9e status: experimental description: Detects traffic or activity related to https://41xyhih6.sunb2zealou5.ru/?=check&&actmn=hvLcxNDNWbCVkBxi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://41xyhih6.sunb2zealou5.ru/?=check&&actmn=hvLcxNDNWbCVkBxi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.116.101:36268/i id: auto-1074ffbf8ddc852c743b41e4b7c4eba40b339ec58e5b52dee965c093142e1f73 status: experimental description: Detects traffic or activity related to http://61.53.116.101:36268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.116.101:36268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.223:47677/i id: auto-268dcf1d86d8e21b79d01c96a2600831ee49e95b88bdc0b143d924a5043a2b82 status: experimental description: Detects traffic or activity related to http://61.53.126.223:47677/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.223:47677/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.208:57089/i id: auto-fd2ffa2841622a4385ec4fdf99db12bdc8b5bfeb814c0a7bee9f6efce3c9abd7 status: experimental description: Detects traffic or activity related to http://110.36.29.208:57089/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.208:57089/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1ulufjyr.dive9uoht2.ru/?=check&&actmn=hTOogXSmYVwzkdIX id: auto-49a7bdbfa64ca29c4134cde426cc4ed61d3a6458369fa32bcbe33bc74c128c3f status: experimental description: Detects traffic or activity related to https://1ulufjyr.dive9uoht2.ru/?=check&&actmn=hTOogXSmYVwzkdIX which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1ulufjyr.dive9uoht2.ru/?=check&&actmn=hTOogXSmYVwzkdIX*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.116.101:36268/bin.sh id: auto-93f18389b864932035aa4698ad53598199b2e69ca279dadd9edc0f664f60569d status: experimental description: Detects traffic or activity related to http://61.53.116.101:36268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.116.101:36268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.80.153:59923/i id: auto-54a7510db19a5c9e7b86eefb69953afd275c3475681fa0b06456c9d0997d5411 status: experimental description: Detects traffic or activity related to http://175.165.80.153:59923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.80.153:59923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.34.26:50502/bin.sh id: auto-1e68053c0491d5034a275213badbbc485e2f0ac6ac2632c9bac59de1e2d61608 status: experimental description: Detects traffic or activity related to http://123.8.34.26:50502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.34.26:50502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.133.224:57346/bin.sh id: auto-20d8c15c3dda6baf4d9b76f8b5570e1d626bf289d9a63df2c4f0fad3e7d8a49d status: experimental description: Detects traffic or activity related to http://175.150.133.224:57346/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.133.224:57346/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://u9bygw3d.liner5ag0.ru/?=check&&actmn=XDzIBFcmCgLACkBE id: auto-e9687633777f62d1460590a67544e1c7acde3eb27fb7f4d7270e7d9fdc57f42a status: experimental description: Detects traffic or activity related to https://u9bygw3d.liner5ag0.ru/?=check&&actmn=XDzIBFcmCgLACkBE which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://u9bygw3d.liner5ag0.ru/?=check&&actmn=XDzIBFcmCgLACkBE*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.144.249:43774/i id: auto-2c84db8bae65e885a5c4543f8853362c7bbd93d30646a63f0dab4ee5c8400a71 status: experimental description: Detects traffic or activity related to http://222.137.144.249:43774/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.144.249:43774/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.223:47677/bin.sh id: auto-4e7927f6b6917515480ba4b75632f41a959e36c330de9ce8feb91253fed48c05 status: experimental description: Detects traffic or activity related to http://61.53.126.223:47677/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.223:47677/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.186.124:58971/bin.sh id: auto-8f839dd58c2105881f08e70c3ab4e22e3545fc0260eb92931eef50e564ad2cca status: experimental description: Detects traffic or activity related to http://42.6.186.124:58971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.186.124:58971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.109.22:33101/i id: auto-58675ee5c99845e4009dc11828b25516d5fe933c66b16292b418e6f12667a5c5 status: experimental description: Detects traffic or activity related to http://61.3.109.22:33101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.109.22:33101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.184.227:35210/bin.sh id: auto-34388b3afbefb9b65cb531d73a9a683afdefae6ccc0b2ed00c12c7f612b29166 status: experimental description: Detects traffic or activity related to http://113.229.184.227:35210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.184.227:35210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://0ouow35c.con8ratken2r.ru/?=check&&actmn=uKKHgJteDhrzfrWi id: auto-7afbc0facbcb9338f9fc82d5518ce14178f2874f5605f23e1567cc3d07a4c83a status: experimental description: Detects traffic or activity related to https://0ouow35c.con8ratken2r.ru/?=check&&actmn=uKKHgJteDhrzfrWi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://0ouow35c.con8ratken2r.ru/?=check&&actmn=uKKHgJteDhrzfrWi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.80.153:59923/bin.sh id: auto-000d34c9c76d6d56636c09d4b5b5be737ab43255ffb67dae68999f237dc43dc8 status: experimental description: Detects traffic or activity related to http://175.165.80.153:59923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.80.153:59923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.69.187:37043/i id: auto-5bd14c1c573c1b2edd6d6eb9688af15e78237f14648c403d32f6d0d118126f45 status: experimental description: Detects traffic or activity related to http://110.37.69.187:37043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.69.187:37043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.29:55727/i id: auto-c62b9feeb747adcf00138dad773917f5f4d0e54d573c6c550b678020adf21fab status: experimental description: Detects traffic or activity related to http://110.37.52.29:55727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.29:55727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.73.250:44657/i id: auto-d75b5ac9c2185bc42b563db785ac2731841c407ca5be8c90767f1891262f0667 status: experimental description: Detects traffic or activity related to http://61.53.73.250:44657/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.73.250:44657/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.165.88:42751/i id: auto-59adb68185b8b57c3161d223ac4c7c13a3a426cb723d6ccecb2e0e598ec529c2 status: experimental description: Detects traffic or activity related to http://115.54.165.88:42751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.165.88:42751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.144.249:43774/bin.sh id: auto-75b5fe810a756e8fdb3fa2a681082cfb39be03690f977424d6861e019c33a842 status: experimental description: Detects traffic or activity related to http://222.137.144.249:43774/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.144.249:43774/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://nzrhwm99.d0tte1ran.ru/?=check&&actmn=hfbCUJvYulLAqBqB id: auto-02212a5f54a239e714ef6e39c5b75d23388bd8b148a8b778d88c990505493a43 status: experimental description: Detects traffic or activity related to https://nzrhwm99.d0tte1ran.ru/?=check&&actmn=hfbCUJvYulLAqBqB which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://nzrhwm99.d0tte1ran.ru/?=check&&actmn=hfbCUJvYulLAqBqB*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.216.141:47345/i id: auto-6a4d53a8f39c46e50836eefcdaea72b86c7d1212c8b5f2dcc4d4c2c3882038e3 status: experimental description: Detects traffic or activity related to http://59.184.216.141:47345/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.216.141:47345/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.109.22:33101/bin.sh id: auto-bdd59411ce230b62247645e6ea31d82923e10d650f092a1826ca25e2ebd51c93 status: experimental description: Detects traffic or activity related to http://61.3.109.22:33101/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.109.22:33101/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://203.177.251.31:39406/bin.sh id: auto-30adcceba3d36eebbbffb3d5de06572fefd5a7bc58b6f8133100d9be650ae67d status: experimental description: Detects traffic or activity related to http://203.177.251.31:39406/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://203.177.251.31:39406/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ynr4ubkn.b1tterb0tt.ru/?=check&&actmn=CdznblPoqNYaYAAa id: auto-44f0fe61ce9b4f13db76bde5db2fd617d08518ccc729ca08c946e0a563245700 status: experimental description: Detects traffic or activity related to https://ynr4ubkn.b1tterb0tt.ru/?=check&&actmn=CdznblPoqNYaYAAa which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ynr4ubkn.b1tterb0tt.ru/?=check&&actmn=CdznblPoqNYaYAAa*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.83.18:32863/i id: auto-abe0b0746d2bcf4a55c55596f969c9c8dd55cb2eaec0af256c5d6e899c1b0714 status: experimental description: Detects traffic or activity related to http://125.43.83.18:32863/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.83.18:32863/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.69.187:37043/bin.sh id: auto-049d0d36f9f748a5b42a8b700cead773fa2812167647db5e80f45ceab6cef086 status: experimental description: Detects traffic or activity related to http://110.37.69.187:37043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.69.187:37043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.165.88:42751/bin.sh id: auto-24768631a5774b769431aab1782f9301d9433262d9b4b11c842b29b35cdfe430 status: experimental description: Detects traffic or activity related to http://115.54.165.88:42751/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.165.88:42751/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.216.141:47345/bin.sh id: auto-1e71eb0938ffff8df5eee8e4bf5bbd52ceb00d08c9cfb4bc3615773ef9ecf9c4 status: experimental description: Detects traffic or activity related to http://59.184.216.141:47345/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.216.141:47345/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.73.250:44657/bin.sh id: auto-ba345906cb8321595b81d9ebe3b90c0c49fc20d7a290edf07d3cb7f43bf88fd6 status: experimental description: Detects traffic or activity related to http://61.53.73.250:44657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.73.250:44657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.180.68:44810/i id: auto-cbede957fbc3da2c2187e0bd47f81f2624a350e22d6cc88d7aca9d3898579f8e status: experimental description: Detects traffic or activity related to http://182.122.180.68:44810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.180.68:44810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://b4g475eq.atte4dh2ve.ru/?=check&&actmn=pLDLBszFpfloeGim id: auto-679b143e0468327599007b58a338f17ee5e5f20454eebb1cab2f83e14a1abbc7 status: experimental description: Detects traffic or activity related to https://b4g475eq.atte4dh2ve.ru/?=check&&actmn=pLDLBszFpfloeGim which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://b4g475eq.atte4dh2ve.ru/?=check&&actmn=pLDLBszFpfloeGim*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/spc id: auto-c4a880e2ec30ec88557bdb422480728faa1d827bc6845bf64ed63e8e6ce4c93f status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.spc id: auto-17fb81a51808ae50d75ecf5a385f9e3d5405b17e2e72f309b80f22c79d0836af status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.29.50.238:51669/i id: auto-3d133dc20dd7efcb120009faa8b0ce99b2cde0f685d81fcdb101176bf752d280 status: experimental description: Detects traffic or activity related to http://78.29.50.238:51669/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.29.50.238:51669/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/i686 id: auto-b42853289f30b28e8457026455f295d926c4d25d6104b83129aec422857dd271 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.29:55727/bin.sh id: auto-f5c1d349c81709fca6b42b6747cc9923933f28c02c5a3f37110ea2f7c4492276 status: experimental description: Detects traffic or activity related to http://110.37.52.29:55727/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.29:55727/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/arm/ id: auto-40be7707548e870a5594411989fda5ea3035128b3c83dc5c00a5238680018c15 status: experimental description: Detects traffic or activity related to http://91.92.241.102/arm/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/arm/*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/arc id: auto-122808d6faefabd6c259fab6bf21f346daeed68579df5c7acbcff310c95aa769 status: experimental description: Detects traffic or activity related to http://91.92.241.102/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/x86_64 id: auto-437fdddc5e384b2d67a417caf8096588fdbbf7f035e20250c8cd263c4b96c26c status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.arm7 id: auto-f12c4474dec0842138a5466d4a7196955103cab8355efe3dbed09a56b7ba09cd status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.arm6 id: auto-3fe8e28b37cce66640a03cf2ca56c04217cfffa7a23b31236611a8568a51c606 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.i686 id: auto-37eb05961f834f273873f26f04111f1de4937547c28ad06b1da0921dbcb40e1e status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.m68k id: auto-3da60f129b81f92937b11f9ecb9cbbcc0f09f592117c06475b720fa42063491b status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.arm5 id: auto-5352510b42afea22275b432899d4f15041ad279fe962ebc6d218bcc23519f2ad status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.x86_64 id: auto-e048a7021ca284f523dc693d258d812c496ccc1b08595cce00ad7f3dce913724 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.mpsl id: auto-1969eb71618c9c44fd13bacfcb6b0cc04bde30cd81441a8bc951de0cc8f1b357 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.mips id: auto-10b5cd4181c33e8b82e77520e6fd90702daaba31f1261ecfc7b775e34dac4c12 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.spc id: auto-5a801b26ffc6ff3f2343c5d3b511a6cbe0eeaab44b98fa1f9b2ccfdd5a6c9805 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.x86 id: auto-53150ca9a2eaf3ebc1fbabf9be94a25d5080480b86de70022316d13b2c72d8bd status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.arm id: auto-929bb21c3b22a5d191dc7f0780ab1426b7e9b3b06f724bdaeb3dbc7221bab6cc status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.ppc id: auto-14229504bff2d87d302823592fef0d00bdefc0a52b16c5eaefb66f9b19db9322 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.arc id: auto-fbc46f4ef49e7ebeed9fd93049a507ab511776da515287d710e8b5b84d021582 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/Space.sh4 id: auto-db092604f70624578ca78708119ae04e6123733b162b63eb203f755bd01ad2bb status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/Space.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/Space.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/mpsl id: auto-00bdbe92e4d9af1de33c00b21838ff154bb0007e7471874c06045954d1db21a5 status: experimental description: Detects traffic or activity related to http://109.107.181.28/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/arm5 id: auto-b491ad272d24fc9127dbd73589524cfe207541b03e2a2a8b5632abac0e3b8797 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/arm6 id: auto-d549c040d2a35a58102db8c10a9313fd1fa8bc7cc4bd51a22d80f944bd2fa283 status: experimental description: Detects traffic or activity related to http://196.251.100.100/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/spc id: auto-4467c3159102df8c40a10302ff52a61528d1a99b74b5236b2b666f7caa527e2f status: experimental description: Detects traffic or activity related to http://196.251.100.100/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/x86 id: auto-202ac2b9888cb74765c14b7a5e98c85c937f3cecbf11dde72a40aa650338cd7c status: experimental description: Detects traffic or activity related to http://109.107.181.28/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/arm5 id: auto-c554f0faf445f1fa6fb50f024dc91579be1cb740b6f68db1ea8080954073d816 status: experimental description: Detects traffic or activity related to http://109.107.181.28/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/mips id: auto-a645b96d76cf182d32c3c8a6c19f3f1be479cead646b7ba656c55ef8494f6a78 status: experimental description: Detects traffic or activity related to http://109.107.181.28/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.arm6 id: auto-6af4b1f170966888b391aa2c07841987cd89529fdda67cfc7e868ad4243e7546 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/arm5 id: auto-9dc589600dbe01f0b09934d8d63ca368d26cf072ee23bbf14f551062d2f5975c status: experimental description: Detects traffic or activity related to http://91.92.241.102/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/aarch64 id: auto-24ec2932c38ad901078c98edd81446545ace1e40f7f6ba367c7dc41988ccf5db status: experimental description: Detects traffic or activity related to http://91.92.241.102/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/mipsel id: auto-c005b63489ad86bcd2a244817c60334ad11e011d6516b7b3c94826633e83a270 status: experimental description: Detects traffic or activity related to http://91.92.241.102/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/mpsl id: auto-d63800b5710121644e60450f184fb75ab018631097c43ee6dfaab21cebeee101 status: experimental description: Detects traffic or activity related to http://91.92.241.102/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.mips id: auto-574301dd78f6efcddd957eb17940f8661c1c7780eb0a88bbacd37cd68661f5a7 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.x86 id: auto-edbe589ce833fa2137db71b91e5355c9be60d20d4a60f9a6e79d84f106ae7e2d status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/arm4 id: auto-2a1bee9385312a774f4899404e0dc7b981d7dbee4cc059afe358f2aa8584a52b status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/mpsl id: auto-cc840bc9e47cdc75b54c3b49f5fb1ad5f5c2dd3c779069645c2512fbb459dbb9 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/ppc id: auto-bb2772fcb2d5114dfcb99387ea61fee186b4f418ade5a61c9c55104c7b1836d8 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/arm7 id: auto-4b4e5bd1a34895de22c2cc0dbdceeea9afe5e25e51a370f0e24fd545baa21056 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.arm7 id: auto-df499cb0bdfe30e7b9407d0f188276d7c957f844d0a6f38d7a0ae005dcfd1d63 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/mips id: auto-448232b92414d6842b5ed59c5ebde8bce543c63f91cbed07d79ac021de66286c status: experimental description: Detects traffic or activity related to http://196.251.100.100/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/mips id: auto-632935ae8aa4de50a7ed28607a430cd0e79e5a319eb5b0ab44569f751bfdaf0f status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.sh4 id: auto-9df62e02fdb8332a6805adb487c42494ca7b7128be4210288daf7e06cea33bfa status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/x86 id: auto-8b0d006760e27df1b623ebdb2865e31f7cd89ea71544dc6efa0c8f7e671e3d75 status: experimental description: Detects traffic or activity related to http://196.251.100.100/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/x86 id: auto-32f56fc2ef4c2d8f5483bf1c11b85817dba1f3b7bb33e6f4b67719cadc65f0b3 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/sh4 id: auto-cf3aa18f48f97c2ef1e86959bea88035d282353ce415dd770fd53f7215dec743 status: experimental description: Detects traffic or activity related to http://196.251.100.100/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.arm id: auto-11f023c8b440887ca314aed6ec97c9255cf0750211ab1efb4603fccf72888021 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/i686 id: auto-3b5808ca73a9fa66b0ea6e87ea1053e8e1125c5d66134e6d9fa42b4b569bd5a0 status: experimental description: Detects traffic or activity related to http://196.251.100.100/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/x86_64 id: auto-e2ce21b647e6b1961bec54f12be050d7c5e27383299912b1b79f8e2c01ab7e73 status: experimental description: Detects traffic or activity related to http://196.251.100.100/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.ppc id: auto-699a8b38905a82268a1fec2e6a9dbb70dec86179da8a79b9ee15944b3aa9e1c3 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/m68k id: auto-77363e504d5b1500ecdbfc20c632ce6c34dd6e78b1af1ca762e218101e217f61 status: experimental description: Detects traffic or activity related to http://196.251.100.100/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.mpsl id: auto-84e94560e413ee292372d91734fbb6102bda7951539b153ca7734b4048223be2 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/ppc id: auto-3682bdf4b4cb45611f88737dac447224de0f2c028c468c320db6ba5f7d4bb27d status: experimental description: Detects traffic or activity related to http://196.251.100.100/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/arm7 id: auto-aed9d63f87fedb07485f92721b0bacbbbfd090664f776f0435ad87d86c596b35 status: experimental description: Detects traffic or activity related to http://196.251.100.100/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/arm4 id: auto-c582bacb5de7d2a3a027c5626e3e738f75007a352343e57be125abd7784b9d52 status: experimental description: Detects traffic or activity related to http://196.251.100.100/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/arm4 id: auto-9c5517492210773fe37a1d9fbb1dea99dfa4f8e326d239a3e4d6be5ec8baaf72 status: experimental description: Detects traffic or activity related to http://91.92.241.102/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/mpsl id: auto-b3f8b00bd27e7cc827b278bbc9fd1f406f4f6fd7fbab8eac5864bb9247fb5323 status: experimental description: Detects traffic or activity related to http://196.251.100.100/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.arm5 id: auto-16f409a9f3d3991df738a9fda78c5071871e08a2e4c0d22124742e1923798860 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/sh4 id: auto-d8ddc7bad859e0f73623ee4b3813ecdfda2ad3ad678ee11d56bc5df0f14f8612 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/m68k id: auto-9e75c8ef4de109864e3254be4fb2ed17ab53c258e0c52fcedf58c03732f65bef status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.arc id: auto-14bba1b19808fa580b44463f15053953d7d2dcb3d953c33187f34ae2bf5f4cb3 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.115/hiddenbin/boatnet.m68k id: auto-59978939b3bf5fb0466044ee23ec1756f65a214400791a16064cf226cc0773d7 status: experimental description: Detects traffic or activity related to http://45.156.87.115/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.115/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.46/bins/arm6 id: auto-4e89af45c389a08d39044b2a02c6f68dc8968ea0b6b596592de313657af94203 status: experimental description: Detects traffic or activity related to http://176.65.132.46/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.46/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/x86_64 id: auto-03e5a117474df9c5464c331d88f184e8c479d37ca68f1a01e0f8d8681f69f95d status: experimental description: Detects traffic or activity related to http://91.92.241.102/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/arm7 id: auto-dee95e7890915deec96efcdacb433d5d24ab77588b7b7785e4a72cee277acfb7 status: experimental description: Detects traffic or activity related to http://91.92.241.102/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.100/arm5 id: auto-7a7acd09328bdeacdd9936a9ec12f242a4ac8a6b4cf565803d89828fb7c23ee0 status: experimental description: Detects traffic or activity related to http://196.251.100.100/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.100/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.83.18:32863/bin.sh id: auto-38d17c9a363dc4589268da1fbad7f288eac15bfef18589137faa6d8592b32611 status: experimental description: Detects traffic or activity related to http://125.43.83.18:32863/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.83.18:32863/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.27.186:46979/i id: auto-6bba673cf7fea7208dc90b16b5bf34f1a10ab63fbe7bb5658227b1d95bc026f5 status: experimental description: Detects traffic or activity related to http://115.49.27.186:46979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.27.186:46979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.79.163:52738/i id: auto-d1e73e49fd8dd15883c5cf186c6af676fd1dc6d0eac395fcc8ddc1cab6ce8fc9 status: experimental description: Detects traffic or activity related to http://110.37.79.163:52738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.79.163:52738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.244.150:53408/i id: auto-4f25941fe363a84b9373bf63be144811a22f9a81ee743e709b96b3d0a41ba344 status: experimental description: Detects traffic or activity related to http://59.182.244.150:53408/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.244.150:53408/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.79.163:52738/bin.sh id: auto-fb3fda1cc42117434e5e29f8a191dc4d632c40c57fcba6a51da6ee7d5c3f7c52 status: experimental description: Detects traffic or activity related to http://110.37.79.163:52738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.79.163:52738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://w6lcjzd6.ei8hthyp0.ru/?=check&&actmn=QufECeMOHtijLxeV id: auto-4632ea8d656c497ada3a716c7b3049278ee21411745ac3f3823c1bfa049df3f7 status: experimental description: Detects traffic or activity related to https://w6lcjzd6.ei8hthyp0.ru/?=check&&actmn=QufECeMOHtijLxeV which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://w6lcjzd6.ei8hthyp0.ru/?=check&&actmn=QufECeMOHtijLxeV*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.29.50.238:51669/bin.sh id: auto-ee5b6e29c3eb2f53cdea73f6b068ee5433960454c04a6888b2a70ce518625063 status: experimental description: Detects traffic or activity related to http://78.29.50.238:51669/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.29.50.238:51669/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.180.68:44810/bin.sh id: auto-7453728786a4d168846caa044529fe10bfb5f104357fad778a21ab521d33ab7c status: experimental description: Detects traffic or activity related to http://182.122.180.68:44810/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.180.68:44810/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.235.129:53293/bin.sh id: auto-5f818fa6bad5b278132d5aaae30af759f840df7adbd37821676ce642cdc72464 status: experimental description: Detects traffic or activity related to http://115.55.235.129:53293/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.235.129:53293/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://11mo4fsx.ho1idayt2rn.ru/?=check&&actmn=GJGAChJJqJDphpiv id: auto-967f6624d9bed9148bafa25c34008df308deb2d4b99dc8cb709ce9edd4a85794 status: experimental description: Detects traffic or activity related to https://11mo4fsx.ho1idayt2rn.ru/?=check&&actmn=GJGAChJJqJDphpiv which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://11mo4fsx.ho1idayt2rn.ru/?=check&&actmn=GJGAChJJqJDphpiv*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.141.138:57692/i id: auto-c1f00f0d6b966554f011a9311fb9beeacd4106e7a8953a51b4c21ca1273ecaad status: experimental description: Detects traffic or activity related to http://182.126.141.138:57692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.141.138:57692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/2085577942/UCkDmUH.exe id: auto-ee2ee236672ae0b4a1dde2a76f0f09d94c7636283a45da27d68acb895308cf72 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/2085577942/UCkDmUH.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/2085577942/UCkDmUH.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/micieghebing/asdawd/refs/heads/main/x2-main.sh id: auto-9df75047f8c391e805c17a408fe114204ad505d65745b5b3acf0e1a738fea146 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/micieghebing/asdawd/refs/heads/main/x2-main.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/micieghebing/asdawd/refs/heads/main/x2-main.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://v65hz4cb.b1ondepi8s.ru/?=check&&actmn=tGJRbhSgyvPWRITp id: auto-c8afcf0c7337fa6390c91c277113d3ffd0c005758275d98231d45cd52ac55a87 status: experimental description: Detects traffic or activity related to https://v65hz4cb.b1ondepi8s.ru/?=check&&actmn=tGJRbhSgyvPWRITp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://v65hz4cb.b1ondepi8s.ru/?=check&&actmn=tGJRbhSgyvPWRITp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.90.52:38061/i id: auto-7b819bbed642e3a080d519c13790acbd50820b91e77471f6078ad48959e19018 status: experimental description: Detects traffic or activity related to http://220.202.90.52:38061/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.90.52:38061/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.244.150:53408/bin.sh id: auto-f60f753506d8fad3f29ae25244b96f4cba67a10fdab3156eb93eea4db29a7e00 status: experimental description: Detects traffic or activity related to http://59.182.244.150:53408/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.244.150:53408/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6691015685/qEmyrX2.exe id: auto-9601cf8e3bc81d981c5367505accbf8ea5598f0eab7061a672b0bfdf78c80766 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6691015685/qEmyrX2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6691015685/qEmyrX2.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.158.87:36371/i id: auto-5850efafa5aedecbeb54a9fd97b5749287b085bfe3c57b108bde3a1914dcf030 status: experimental description: Detects traffic or activity related to http://120.61.158.87:36371/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.158.87:36371/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://929j5tsa.rainriver.ru/?=check&&actmn=RYgrtqQGUakcQqks id: auto-e2add1ad8e49e8e9c1f8ed11f949c16b0516044eec85d5cd038d2d2d8463bcd2 status: experimental description: Detects traffic or activity related to https://929j5tsa.rainriver.ru/?=check&&actmn=RYgrtqQGUakcQqks which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://929j5tsa.rainriver.ru/?=check&&actmn=RYgrtqQGUakcQqks*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:41871/i id: auto-f508cc645bd9f383b853c21d582d3b64e74ec997c54f7302318057e6aa32bf67 status: experimental description: Detects traffic or activity related to http://168.195.7.106:41871/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:41871/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.104.93:36603/i id: auto-0f8b2fed6652b09b5115ddd8e08899b60b7a43675c1e6caeb182a02558f69b3a status: experimental description: Detects traffic or activity related to http://182.126.104.93:36603/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.104.93:36603/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.78.238:36071/bin.sh id: auto-14ec6ad6c755e6a1e5e5f1e79a92aae2f2d0bab8d66853ddf6cfca68e4a42eda status: experimental description: Detects traffic or activity related to http://27.215.78.238:36071/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.78.238:36071/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:41871/bin.sh id: auto-ba321b16bce88b52fce760badaa15d3cf930cf65d423a560dce04c965ddc53d5 status: experimental description: Detects traffic or activity related to http://168.195.7.106:41871/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:41871/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.235.129:53293/i id: auto-c69ee0ac90f28f1e5e725076fb58bec340f56140659019fbdd380d892cea6a2c status: experimental description: Detects traffic or activity related to http://115.55.235.129:53293/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.235.129:53293/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.90.52:38061/bin.sh id: auto-0c54f05c9050c2c01c24bd42d448de1f3fdf15775b379dc9bcd2332ca8d200f6 status: experimental description: Detects traffic or activity related to http://220.202.90.52:38061/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.90.52:38061/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3gr8e6lu.n1ghtfaise.ru/?=check&&actmn=bJpVJSjpCbsHgHpX id: auto-7cfafea863b14b1460bb96a4927e7b16049ad62e576ebeb08ad111a3a4db7c29 status: experimental description: Detects traffic or activity related to https://3gr8e6lu.n1ghtfaise.ru/?=check&&actmn=bJpVJSjpCbsHgHpX which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3gr8e6lu.n1ghtfaise.ru/?=check&&actmn=bJpVJSjpCbsHgHpX*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.23/duobs.exe id: auto-52904a39f00594a9dc44d18098ea6bb9e5e1b9f9c90975561217fde3a1bf7753 status: experimental description: Detects traffic or activity related to http://196.251.107.23/duobs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.23/duobs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.158.87:36371/bin.sh id: auto-4a3842d3faebeca9fd8eb244d3777fc69eacc8a89657ddd0c6e6afb0a617a80e status: experimental description: Detects traffic or activity related to http://120.61.158.87:36371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.158.87:36371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.203.224:58815/bin.sh id: auto-221c6915f8a116ecdc2d03d22359d6940221c7dd6df5e6ca01e0da56b404c27e status: experimental description: Detects traffic or activity related to http://115.49.203.224:58815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.203.224:58815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/releases/download/static/id-owf836aos id: auto-5199edc5d7190075f0a2cb65f0fe85323963371e56bfcff691bfa326cf2d0c39 status: experimental description: Detects traffic or activity related to https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/releases/download/static/id-owf836aos which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/gstatic-kh5q6ekh/cdn-113-cloud/releases/download/static/id-owf836aos*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/5 id: auto-cf60e5ad70f482020c2a01c510e76d389770a57a5ceb44cddeee825ce45af329 status: experimental description: Detects traffic or activity related to http://195.178.136.19/5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/5*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.80.110:38477/bin.sh id: auto-2f77505889b24b6c918a318d1236503c6e1079cf974ec011750e7d91e923b8fc status: experimental description: Detects traffic or activity related to http://175.173.80.110:38477/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.80.110:38477/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://489hkp0t.sunfiare.ru/?=check&&actmn=eLEDcHNyyXIxvXxn id: auto-abcde6f62b291917960072e2d82185139b52bcbc8e433570461a278133f406fb status: experimental description: Detects traffic or activity related to https://489hkp0t.sunfiare.ru/?=check&&actmn=eLEDcHNyyXIxvXxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://489hkp0t.sunfiare.ru/?=check&&actmn=eLEDcHNyyXIxvXxn*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.104.93:36603/bin.sh id: auto-1fabca6ffeff645587a36e0f4dbf0739fbea63a10794316f756f3ebdcc709ce8 status: experimental description: Detects traffic or activity related to http://182.126.104.93:36603/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.104.93:36603/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.66.145:45960/i id: auto-1966475168ee29d6feb292feec8605aa5272b025a819cfe345cff1531d5fc0a2 status: experimental description: Detects traffic or activity related to http://115.50.66.145:45960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.66.145:45960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.196:59057/i id: auto-c13fcf8f0b161c10d72d3f0dd2fe32fd49cff2949a966459fbb111e2e581a80c status: experimental description: Detects traffic or activity related to http://110.37.76.196:59057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.196:59057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.0.17:51682/i id: auto-2ee92d067ed1433cdc12f3f362ee12d98d940a67613f54f1974bc674d16c4eba status: experimental description: Detects traffic or activity related to http://42.235.0.17:51682/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.0.17:51682/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://luxor.boscoplus.com/LunX.zip id: auto-aafd4f646bca45b619ad70ecfd37fb8a3c497eb199ca4a06026bebbaf784b20b status: experimental description: Detects traffic or activity related to https://luxor.boscoplus.com/LunX.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://luxor.boscoplus.com/LunX.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:51621/bin.sh id: auto-a757f1112bb344ee085ce90343f405700c6b585270e300c65216221bbbddc152 status: experimental description: Detects traffic or activity related to http://188.38.158.163:51621/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:51621/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:51621/i id: auto-bb82f9b2e4806f1ed552046af3b8aa9382275bc92d35d8f3e126e5f0b5e29ff4 status: experimental description: Detects traffic or activity related to http://188.38.158.163:51621/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:51621/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.57.195:39032/i id: auto-cc202169b5949cecaf2c77f77bdda57ef18d3b26cdc930aabfc4a45b101640df status: experimental description: Detects traffic or activity related to http://219.156.57.195:39032/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.57.195:39032/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.100.178:51255/i id: auto-503f53fbdce2f85adcd66c8e4a5a4cbb77a24f516743eaad5164dc32346f9eb7 status: experimental description: Detects traffic or activity related to http://117.254.100.178:51255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.100.178:51255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.34.214:35580/bin.sh id: auto-ca947f48afa19d2123459963987a981257038e812e515ad9863c8597c71f9b36 status: experimental description: Detects traffic or activity related to http://110.37.34.214:35580/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.34.214:35580/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://m1dr52xc.windbioom.ru/?=check&&actmn=yonVXGbGBRioDSkM id: auto-772af0d7613b1d4e72844fbb477ed6133871d365719773d88ea7c0749c4da416 status: experimental description: Detects traffic or activity related to https://m1dr52xc.windbioom.ru/?=check&&actmn=yonVXGbGBRioDSkM which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://m1dr52xc.windbioom.ru/?=check&&actmn=yonVXGbGBRioDSkM*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.24.212:41448/i id: auto-8588f3bea2246bdbad8b2bb78594755d5bfb49037660b06c38d411fe4c558455 status: experimental description: Detects traffic or activity related to http://123.9.24.212:41448/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.24.212:41448/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.3.15:45299/i id: auto-ad5b2e318e748b8ede451621be60044efae05c5a47e8f3ee4ab4ca4425b75107 status: experimental description: Detects traffic or activity related to http://115.50.3.15:45299/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.3.15:45299/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.66.145:45960/bin.sh id: auto-edb66ae3c7ff72d243397f03e5c51d2efeb5c17759e30fc5b53b839c7d0475c2 status: experimental description: Detects traffic or activity related to http://115.50.66.145:45960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.66.145:45960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://l1e26ikw.5t0rmhiil.ru/?=check&&actmn=cmvzEGPVGmncnNQm id: auto-8432d75f32401d49663c02d26779145aece4b163b02f40dcafafaa3f99843d75 status: experimental description: Detects traffic or activity related to https://l1e26ikw.5t0rmhiil.ru/?=check&&actmn=cmvzEGPVGmncnNQm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://l1e26ikw.5t0rmhiil.ru/?=check&&actmn=cmvzEGPVGmncnNQm*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.186.124:58971/i id: auto-50f937d1eb38e6b5a679e59e947b57fd313a20deaf1f14f49c97e2374ef134ea status: experimental description: Detects traffic or activity related to http://42.6.186.124:58971/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.186.124:58971/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.100.178:51255/bin.sh id: auto-9009bc25a12665a34f7ac9ddd7a1b066858c739573bcb8bad837af6ba44cd3bb status: experimental description: Detects traffic or activity related to http://117.254.100.178:51255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.100.178:51255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.98.42:38324/bin.sh id: auto-a34bc03c76e613289a562939ec2b14a7290ff414c6931fa95fe29830f556d3b5 status: experimental description: Detects traffic or activity related to http://113.231.98.42:38324/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.98.42:38324/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.3.15:45299/bin.sh id: auto-0c15afebd2302bd6680c3ede7e09c35d936df424120ade82c9af4552ef721506 status: experimental description: Detects traffic or activity related to http://115.50.3.15:45299/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.3.15:45299/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.89.203:40030/bin.sh id: auto-86d958231fdde7ba1c578d2f90de4208931310e0305f26144b21fdb29c21002f status: experimental description: Detects traffic or activity related to http://182.126.89.203:40030/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.89.203:40030/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.129.182.176:41716/bin.sh id: auto-f6f99e16c6cd337e53ecc3c98a8dfa890fb498504df619fc606648712bacdeba status: experimental description: Detects traffic or activity related to http://124.129.182.176:41716/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.129.182.176:41716/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.24.212:41448/bin.sh id: auto-3f11c6a349cc4b8fdd34c2dfca1a35707c777aed57f37690e9a98ace49c2da8a status: experimental description: Detects traffic or activity related to http://123.9.24.212:41448/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.24.212:41448/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.179.160:38035/i id: auto-dd0fb5e4b08ba81d08b9a6141b0d1a76f4f2b8f66f8dd5c4abc287678ae7b490 status: experimental description: Detects traffic or activity related to http://118.81.179.160:38035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.179.160:38035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://z9bdth4n.blu3cioud.ru/?=check&&actmn=FvGtxDayZoYcjkIf id: auto-df57fd30e02cf8c51c4ebe7e4737c4e9252398d535a93181adb4f4615ae0f129 status: experimental description: Detects traffic or activity related to https://z9bdth4n.blu3cioud.ru/?=check&&actmn=FvGtxDayZoYcjkIf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://z9bdth4n.blu3cioud.ru/?=check&&actmn=FvGtxDayZoYcjkIf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.221.32:35214/i id: auto-0201da05ea8a431cb3da98820bc8a56b404d4aa1f0bd810049cacfc1bbf883b1 status: experimental description: Detects traffic or activity related to http://120.28.221.32:35214/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.221.32:35214/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.162:52640/i id: auto-3ac58735bb404a1ecccb24ea776a172588ebc85bdd66f6a6d4975e7b51204cdd status: experimental description: Detects traffic or activity related to http://110.37.102.162:52640/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.162:52640/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://b76ctsj1.5kyline.ru/?=check&&actmn=wXqQaLCNSaYFpIHi id: auto-84acec655b63190619862d74f5717c9f0b3f22ab3a205ba77aec7ae610ab3bbb status: experimental description: Detects traffic or activity related to https://b76ctsj1.5kyline.ru/?=check&&actmn=wXqQaLCNSaYFpIHi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://b76ctsj1.5kyline.ru/?=check&&actmn=wXqQaLCNSaYFpIHi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.135.232.33/d/roberto99223 id: auto-1db0e182426475f6dc7403157cd2446031e6bfb8f0043a2ef0be03d2923e90b5 status: experimental description: Detects traffic or activity related to http://45.135.232.33/d/roberto99223 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.135.232.33/d/roberto99223*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.112.55:36631/i id: auto-a553fa1808c3c494b1fa24b9b644bca306221a31ac7149c7b4067c422696fb7c status: experimental description: Detects traffic or activity related to http://110.37.112.55:36631/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.112.55:36631/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.119.139.117/d/roberto32100 id: auto-f8e2a8ce3c26724db1d1b38e78bf037dd77db24993692edca4db2fdecb56e7a7 status: experimental description: Detects traffic or activity related to http://217.119.139.117/d/roberto32100 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.119.139.117/d/roberto32100*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.144.233.192/ id: auto-bfe6f68d5c4f134da8e43e799a278987af1112f7037423df11b25ad552d4cd2e status: experimental description: Detects traffic or activity related to https://45.144.233.192/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.144.233.192/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tesllamacapp.com/ id: auto-7d7a6ffbcd6fa821020f97b92489839dd2e8ad105e0b1dcf94b88766fee51edc status: experimental description: Detects traffic or activity related to https://tesllamacapp.com/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tesllamacapp.com/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.64.11.150:48531/i id: auto-a6bf9c827251029f5a120e9168ed433e9c66fa50b1668a5c89c46c84cda91c3e status: experimental description: Detects traffic or activity related to http://192.64.11.150:48531/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.64.11.150:48531/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.34.179:39927/bin.sh id: auto-9ecf04f36f69230e3e8fafe6d804fe3f793fea10c1d5fab528ecbff9eb415e63 status: experimental description: Detects traffic or activity related to http://110.37.34.179:39927/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.34.179:39927/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://7i2b9swt.expe7iencfu9.ru/?=check&&actmn=RMKdTpkXGlgxWDhR id: auto-8cd25493fbd94f546768022c95cb7f7ea13827ca11d3bdd40f7b5cd58670d6fb status: experimental description: Detects traffic or activity related to https://7i2b9swt.expe7iencfu9.ru/?=check&&actmn=RMKdTpkXGlgxWDhR which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://7i2b9swt.expe7iencfu9.ru/?=check&&actmn=RMKdTpkXGlgxWDhR*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ol01a5t4.expe7iencfu9.ru/?=check&&actmn=QjNgOxfrZCHQspCo id: auto-7689265ba960a7235ebcecc545dc2c005ecb359c4cf94958429e3a7a6d079e6e status: experimental description: Detects traffic or activity related to https://ol01a5t4.expe7iencfu9.ru/?=check&&actmn=QjNgOxfrZCHQspCo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ol01a5t4.expe7iencfu9.ru/?=check&&actmn=QjNgOxfrZCHQspCo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.247.164:43204/i id: auto-3338e5b2e8bc315febd06588ab0670d8b6e0f476bd969aba9a7ddeca27d8dce2 status: experimental description: Detects traffic or activity related to http://110.39.247.164:43204/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.247.164:43204/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.81.179.160:38035/bin.sh id: auto-a6ae665a2ec0beb088a98779bd15ace70c620aee1dd7b273f69618bbb844aefa status: experimental description: Detects traffic or activity related to http://118.81.179.160:38035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.81.179.160:38035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gp0nuv6i.expe7iencfu9.ru/?=check&&actmn=gyeFeQzrkLZkZebs id: auto-dfd7cf17b4921a051702939bcfaee3ba8309351ce691a5e7cfea4cb46a6cdc30 status: experimental description: Detects traffic or activity related to https://gp0nuv6i.expe7iencfu9.ru/?=check&&actmn=gyeFeQzrkLZkZebs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gp0nuv6i.expe7iencfu9.ru/?=check&&actmn=gyeFeQzrkLZkZebs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.162:52640/bin.sh id: auto-06728535a3e6a68603180cd7a3730aa9a7f795d584506686353b25d6fdd334fc status: experimental description: Detects traffic or activity related to http://110.37.102.162:52640/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.162:52640/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.152:33875/bin.sh id: auto-4e80677098be003011d4680fe49ba74f37e87d8affad85f5b7d1ef6e4a99551e status: experimental description: Detects traffic or activity related to http://110.37.100.152:33875/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.152:33875/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.124.18.9/fuck# id: auto-a5cf8cad644f4b642a89380ab0bab5dfabde329983efce2534e1750e481ed54a status: experimental description: Detects traffic or activity related to http://138.124.18.9/fuck# which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.124.18.9/fuck#*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.88.8.88/c.sh id: auto-209b5e67eba855c189fca54f576223068582e92bb14382fdad1c20830663a3c3 status: experimental description: Detects traffic or activity related to http://45.88.8.88/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.88.8.88/c.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.88.8.88/b.sh id: auto-d034bb992c0e9e8fdd7ca0d7a5c27e1931057252d9bba77f76645c39f27d8023 status: experimental description: Detects traffic or activity related to http://45.88.8.88/b.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.88.8.88/b.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.k id: auto-c9198391af24a8f167a71fa55e6ef04ecc5a7320c16c4ae117a75b89aca0515d status: experimental description: Detects traffic or activity related to http://86.54.42.154/.k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.93.168:53058/i id: auto-e0c4193288b29575819cbdce868c5052d0bf0620923e25a72053faf1e4283a99 status: experimental description: Detects traffic or activity related to http://115.58.93.168:53058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.93.168:53058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.l id: auto-7c7298eaab07b505199324398ce2de7965d7d27c1b7b0c966666f85d1b515afb status: experimental description: Detects traffic or activity related to http://86.54.42.154/.l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.p id: auto-a71ee929c999596b1d4dbb51cf84e58b69b659b93f4710afecd4d9af859ab62a status: experimental description: Detects traffic or activity related to http://86.54.42.154/.p which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.p*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.a id: auto-b8e8d01896ade68662b5191ed90558d6de70e8666056c1df9dbe561b4a7c25cb status: experimental description: Detects traffic or activity related to http://86.54.42.154/.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.64.11.150:48531/bin.sh id: auto-84d52d837eafce4ca02f30453acd20ecc745d819c94e5e101bf54082d793d344 status: experimental description: Detects traffic or activity related to http://192.64.11.150:48531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.64.11.150:48531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.m id: auto-316ba23b2c2411a15fda7502e6101b94fd5b0bb462b0afceb3f9158e528f1201 status: experimental description: Detects traffic or activity related to http://86.54.42.154/.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.x id: auto-c8cab75d27eac55901f3715161742d3112fc75b7e10466c0aa6bcb23cc14efa4 status: experimental description: Detects traffic or activity related to http://86.54.42.154/.x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.x*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/bins.sh id: auto-858c345e92f02f4a27b133271129730f5ec9fd0a9c1d2d0162ec0b3ead77527c status: experimental description: Detects traffic or activity related to http://86.54.42.154/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/bins.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gim0hpzu.ce1lsfeste7.ru/?=check&&actmn=NnrNgfSmVJxxOKXh id: auto-aa754daed91c2c7d70a5974b5cf021411c8a3998105403f7f9c57afb1c5ffddf status: experimental description: Detects traffic or activity related to https://gim0hpzu.ce1lsfeste7.ru/?=check&&actmn=NnrNgfSmVJxxOKXh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gim0hpzu.ce1lsfeste7.ru/?=check&&actmn=NnrNgfSmVJxxOKXh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.3.77:53058/i id: auto-da75907909ac4fe2f2c1a1ff032aea033487abde169269e62520f7ca3f3c9960 status: experimental description: Detects traffic or activity related to http://123.10.3.77:53058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.3.77:53058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ag9sdh7p.expre5ssme4d.ru/?=check&&actmn=ZetsNQumfFeloeSK id: auto-022b02080812eced214ed069f650bc9bc3c40d49dd619c08fb1ffdb62040f51c status: experimental description: Detects traffic or activity related to https://ag9sdh7p.expre5ssme4d.ru/?=check&&actmn=ZetsNQumfFeloeSK which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ag9sdh7p.expre5ssme4d.ru/?=check&&actmn=ZetsNQumfFeloeSK*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/background_9.5982.7702.8199_INSTALL.exe id: auto-871d0d898c90c841402ab04e8d2b7c073aac2475c4f45d91bdedd32124f68338 status: experimental description: Detects traffic or activity related to http://62.60.226.159/background_9.5982.7702.8199_INSTALL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/background_9.5982.7702.8199_INSTALL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/aiopbu.exe id: auto-e29ce3a729cd7aad719bdb6ab77ccfd7c847f07abf43de73bbf03437a05b29ad status: experimental description: Detects traffic or activity related to http://62.60.226.159/aiopbu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/aiopbu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hywk36mt.gr2vityta1k.ru/?=check&&actmn=JfiGsfHwhXWntqUv id: auto-318a67ecc5d354d8d1a13d81c0547a74515ab41c0a5ab32618fdd179d2dd96b1 status: experimental description: Detects traffic or activity related to https://hywk36mt.gr2vityta1k.ru/?=check&&actmn=JfiGsfHwhXWntqUv which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hywk36mt.gr2vityta1k.ru/?=check&&actmn=JfiGsfHwhXWntqUv*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.3.77:53058/bin.sh id: auto-8254e3a6d4eaa2c476257357dc938d868efb6ff288114ebd53c824406e56ca75 status: experimental description: Detects traffic or activity related to http://123.10.3.77:53058/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.3.77:53058/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://m5yvac5o.gr2vityta1k.ru/?=check&&actmn=BtDcIRJZjIJgPOlQ id: auto-805f01d2da0ebbd0ebc1eb357fa8329f3ad2ed6c4e80df642a9b929a412ec4a4 status: experimental description: Detects traffic or activity related to https://m5yvac5o.gr2vityta1k.ru/?=check&&actmn=BtDcIRJZjIJgPOlQ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://m5yvac5o.gr2vityta1k.ru/?=check&&actmn=BtDcIRJZjIJgPOlQ*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://release-assets.githubusercontent.com/github-production-release-asset/1127859862/608fcc5e-b316-4609-89d6-1f51f0af514f?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-01-04T19%3A40%3A57Z&rscd=attachment%3B+filename%3Dgstate&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-01-04T18%3A40%3A19Z&ske=2026-01-04T19%3A40%3A57Z&sks=b&skv=2018-11-09&sig=5FkCr4Yalha9dw2dBHa3TVgQCwbqZL6OjqOWw3zsnNA%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc2NzU1MjU2NSwibmJmIjoxNzY3NTUyMjY1LCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.bKWWDoxdM6A41QfUGhV2ALzjb5zgqs300beg-63KSj8&response-content-disposition=attachment%3B%20filename%3Dgstate&response-content-type=application%2Foctet-stream id: auto-84a4a71b4c058bdd0a8f20a04d16517305a9c995d571e0ed3ebfc8f4e8c761f1 status: experimental description: Detects traffic or activity related to https://release-assets.githubusercontent.com/github-production-release-asset/1127859862/608fcc5e-b316-4609-89d6-1f51f0af514f?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-01-04T19%3A40%3A57Z&rscd=attachment%3B+filename%3Dgstate&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-01-04T18%3A40%3A19Z&ske=2026-01-04T19%3A40%3A57Z&sks=b&skv=2018-11-09&sig=5FkCr4Yalha9dw2dBHa3TVgQCwbqZL6OjqOWw3zsnNA%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc2NzU1MjU2NSwibmJmIjoxNzY3NTUyMjY1LCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.bKWWDoxdM6A41QfUGhV2ALzjb5zgqs300beg-63KSj8&response-content-disposition=attachment%3B%20filename%3Dgstate&response-content-type=application%2Foctet-stream which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://release-assets.githubusercontent.com/github-production-release-asset/1127859862/608fcc5e-b316-4609-89d6-1f51f0af514f?sp=r&sv=2018-11-09&sr=b&spr=https&se=2026-01-04T19%3A40%3A57Z&rscd=attachment%3B+filename%3Dgstate&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2026-01-04T18%3A40%3A19Z&ske=2026-01-04T19%3A40%3A57Z&sks=b&skv=2018-11-09&sig=5FkCr4Yalha9dw2dBHa3TVgQCwbqZL6OjqOWw3zsnNA%3D&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc2NzU1MjU2NSwibmJmIjoxNzY3NTUyMjY1LCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.bKWWDoxdM6A41QfUGhV2ALzjb5zgqs300beg-63KSj8&response-content-disposition=attachment%3B%20filename%3Dgstate&response-content-type=application%2Foctet-stream*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/atoragivapo50/Flashbulb-Iodize/releases/download/123/gstate id: auto-1acbd9078afd6a568293e3414835fa7a9b91376badfb81de5cce385d26e6619f status: experimental description: Detects traffic or activity related to https://github.com/atoragivapo50/Flashbulb-Iodize/releases/download/123/gstate which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/atoragivapo50/Flashbulb-Iodize/releases/download/123/gstate*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/2090623753/N4xTvHP.exe id: auto-7a5049fde49ab273c690706dba2fb6f90c131e59ce1698e2e390f1a99c2614d3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/2090623753/N4xTvHP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/2090623753/N4xTvHP.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.146.20:41392/i id: auto-cff0226e895b6ceabf9754a0941121154704b8ca69fea7632866446b22c65409 status: experimental description: Detects traffic or activity related to http://182.122.146.20:41392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.146.20:41392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/4 id: auto-b0f663c5275d36d4d9e46bd51626872efc62d7e6dcdc01039f9601ec2de86fe0 status: experimental description: Detects traffic or activity related to http://195.178.136.19/4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/4*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.146.20:41392/bin.sh id: auto-0ea7ad2fa23acbbd2a14cebb01e4cb9e8cecbd30813f8946c2669a88c30d866f status: experimental description: Detects traffic or activity related to http://182.122.146.20:41392/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.146.20:41392/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.14.189.24:58277/.i id: auto-8b9b3168db27501c3499d595eafa4205bd0eeabb268f77cdeb6541f78dffa915 status: experimental description: Detects traffic or activity related to http://74.14.189.24:58277/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.14.189.24:58277/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.1.134:57040/i id: auto-653ce51a8e28b6ea1eb59408e65086a9f39e85670a4a2ae068fc6ff49af69ce6 status: experimental description: Detects traffic or activity related to http://221.15.1.134:57040/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.1.134:57040/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://servachok.space/release/FewerAngola.exe id: auto-56a2b52808d02a8d80d055900844f2b4f159a3cd9b0526e515ef678cc9db31b2 status: experimental description: Detects traffic or activity related to https://servachok.space/release/FewerAngola.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://servachok.space/release/FewerAngola.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://servachok.space/release/OrdinanceAfter.exe id: auto-b42c48fc7e13cc90a9f4644aea5db57e3746be475eb71236545a1cc109b4e90b status: experimental description: Detects traffic or activity related to https://servachok.space/release/OrdinanceAfter.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://servachok.space/release/OrdinanceAfter.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:57215/i id: auto-86b900b958fdbeab53ff85f8fb9ed81ddb9df9d4ee413081723bfbf8eaa8fe1d status: experimental description: Detects traffic or activity related to http://110.37.76.189:57215/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:57215/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.219.13.36:58818/i id: auto-7dd25501e466b91e37dc20900f4e8d369effc1ac33f856a13e91579e6072f912 status: experimental description: Detects traffic or activity related to http://222.219.13.36:58818/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.219.13.36:58818/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.238:6969/exe/miner.exe id: auto-62b9ffe454e3eaf36b89759e3c6544dadd0bf220843222a2f52983b3dfa3a92d status: experimental description: Detects traffic or activity related to http://46.151.182.238:6969/exe/miner.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.238:6969/exe/miner.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.238:6969/exe/rat.exe id: auto-56dd4983452e0b731c0a182c804d97bcef1cff50b6100f1b36f7df810448bf5c status: experimental description: Detects traffic or activity related to http://46.151.182.238:6969/exe/rat.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.238:6969/exe/rat.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.238:6969/exe/titledetector.exe id: auto-7b93fc15344bf96712d00bcd65dbfcafb34cf5695056065799f586f1c0a7fe12 status: experimental description: Detects traffic or activity related to http://46.151.182.238:6969/exe/titledetector.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.238:6969/exe/titledetector.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.151.182.238:6969/exe/clipper.exe id: auto-4e3d9e7417f5fb8f47d9091b6e6b874c753a91669814ac64044d5e81a547ab52 status: experimental description: Detects traffic or activity related to http://46.151.182.238:6969/exe/clipper.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.151.182.238:6969/exe/clipper.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.arm id: auto-119d0d7a38797028812bd50a0667376977c7646f3f2df5c14cd6b3bf1bfe3f0a status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d7.tfdl.net/public/2026-01-03/d03f20cf-2c3f-44ee-a1ad-0f0816e40b7b/PC-Executor-New.exe id: auto-232cdfb3b58f458b548669de949444c801cb1199cb2d11966ffa734443d0c8b4 status: experimental description: Detects traffic or activity related to https://d7.tfdl.net/public/2026-01-03/d03f20cf-2c3f-44ee-a1ad-0f0816e40b7b/PC-Executor-New.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d7.tfdl.net/public/2026-01-03/d03f20cf-2c3f-44ee-a1ad-0f0816e40b7b/PC-Executor-New.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dpshelp.store/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-3735253eb7afa36762bb7c65e29606d1ea2a0e6d9f59238ab536ed4b60310367 status: experimental description: Detects traffic or activity related to https://dpshelp.store/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dpshelp.store/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.219.13.36:58818/bin.sh id: auto-1f2c97790f70d3ece1ce7496f6e1602e4e29de9e1206e1358bd26bd7a046c283 status: experimental description: Detects traffic or activity related to http://222.219.13.36:58818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.219.13.36:58818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.1.134:57040/bin.sh id: auto-4f871e159af535d73633c986a8083440c9adeb62fd80bc30bcfa340a04ee96be status: experimental description: Detects traffic or activity related to http://221.15.1.134:57040/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.1.134:57040/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.92.208:40680/i id: auto-3feb828805101baac5a853439c312f7fcef3a57401c13b72cceef19fa4a25c4e status: experimental description: Detects traffic or activity related to http://117.205.92.208:40680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.92.208:40680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.148.225:35792/bin.sh id: auto-3a49b9a9341d33d97ff3cab5e7d8ea87e9fdc358d5bdcb377a7394911f8239eb status: experimental description: Detects traffic or activity related to http://221.13.148.225:35792/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.148.225:35792/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.146.113:60844/i id: auto-b3dd9173bb0ccd3d9f28692d329e433998117e8986a7c2e99a5f74261becea20 status: experimental description: Detects traffic or activity related to http://115.48.146.113:60844/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.146.113:60844/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.189:57215/bin.sh id: auto-5c51abc6ef4daaa160acf5fc28900d143423f9d3f4c29b6d21274fc8d3814ab1 status: experimental description: Detects traffic or activity related to http://110.37.76.189:57215/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.189:57215/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.193.139:43949/bin.sh id: auto-865fdb895a7ea9dd87a99c868dcd7976ea8dc1f2a6f55c470fa14ac8be3329f8 status: experimental description: Detects traffic or activity related to http://123.9.193.139:43949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.193.139:43949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.236.74.65:52449/bin.sh id: auto-40687468be496a3ac78bf514226b9e5fd2e1105130445e579f4c87828fd9c816 status: experimental description: Detects traffic or activity related to http://77.236.74.65:52449/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.236.74.65:52449/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7782139129/oXrtZ4P.exe id: auto-46a346ca0f5d5d669f599dcdd8630e6d89edfd402971a3cd8ebea2405e27ce33 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7782139129/oXrtZ4P.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7782139129/oXrtZ4P.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/KhSFM05.exe id: auto-22794af5f8bdfbb95e755a29f6d6ee438d77ef7e940912de1ae0096e2955b1f9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/KhSFM05.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/KhSFM05.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.182.25:50384/i id: auto-a7cd2c3e0b85c8322b53d6975c7a6d4c0a5e1fb01e66ee822d04ea6b43700ca5 status: experimental description: Detects traffic or activity related to http://182.121.182.25:50384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.182.25:50384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.92.208:40680/bin.sh id: auto-57d14317cd35d1606bfcc6d3e74b9e28f8119caff21ef6c86ca1ea713b09a7ca status: experimental description: Detects traffic or activity related to http://117.205.92.208:40680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.92.208:40680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.150.126:40074/i id: auto-6bcfa1355b3a4dc0237a8492a0a797089bcec75f58562182dc3c04ed14ab7e66 status: experimental description: Detects traffic or activity related to http://42.239.150.126:40074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.150.126:40074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.46.191:36534/bin.sh id: auto-8c6626412461a008167bcd30d6bed5f5a93c09bb0149619e3be40812f29fc19f status: experimental description: Detects traffic or activity related to http://110.37.46.191:36534/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.46.191:36534/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.125.209:47009/i id: auto-ad579c094eecf3a0fc07e98dfd94d8adf3b8c48673e0175bc050694b317836be status: experimental description: Detects traffic or activity related to http://27.207.125.209:47009/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.125.209:47009/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.182.25:50384/bin.sh id: auto-1130de1f67496d035735a8c173b89caa4aae2b73d9010c68ba39ee79e4c2688d status: experimental description: Detects traffic or activity related to http://182.121.182.25:50384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.182.25:50384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.148.241:50547/i id: auto-4c4cb257403b8e6adb65d45a846ce7df06b50a19063bd3682252f3337c17945f status: experimental description: Detects traffic or activity related to http://123.4.148.241:50547/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.148.241:50547/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.82.49:48571/i id: auto-c378502d1b91d62f29bb98eec6be8fe61fea08e3efb09bfd931d74f46e85ec75 status: experimental description: Detects traffic or activity related to http://42.232.82.49:48571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.82.49:48571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.125.209:47009/bin.sh id: auto-57f23c1eda9ce1c2e9489c9f79090eeb04877b3e043332af0e5285aaccab2828 status: experimental description: Detects traffic or activity related to http://27.207.125.209:47009/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.125.209:47009/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.148.241:50547/bin.sh id: auto-77f7f9ffc94c19c539252a63ad52c2d0ffe92b34907c827740b6b8fd086ba1df status: experimental description: Detects traffic or activity related to http://123.4.148.241:50547/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.148.241:50547/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.224.253:43517/bin.sh id: auto-ac07224c9e4528c747eac0688408b1590d9fc9b14e5ef3b82d301b7ee594d238 status: experimental description: Detects traffic or activity related to http://175.151.224.253:43517/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.224.253:43517/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.162.202.122:52778/i id: auto-9e87507138fd9b903b66ae62a0e3cde26c6c672dd733c6f763342c62d9a1c010 status: experimental description: Detects traffic or activity related to http://61.162.202.122:52778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.162.202.122:52778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.248.101:53579/i id: auto-8d996ddb559ac414c61036351be4819223517b2e77c4df943c4bb6e26d4db552 status: experimental description: Detects traffic or activity related to http://59.184.248.101:53579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.248.101:53579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.29.27:51485/i id: auto-2943ac0f460b7bda4180472a83f573d393e36fe632ddf28b6bbf5077cb3ec040 status: experimental description: Detects traffic or activity related to http://175.175.29.27:51485/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.29.27:51485/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.82.49:48571/bin.sh id: auto-0267101919bb423da22b5b52554db29d10009be04e6c3a4ccd832567cb68c4a6 status: experimental description: Detects traffic or activity related to http://42.232.82.49:48571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.82.49:48571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.248.101:53579/bin.sh id: auto-e48c1b41e26aebb0e6d6a7994008d460318e92c7c5cdf22b0a0efa918a221cd2 status: experimental description: Detects traffic or activity related to http://59.184.248.101:53579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.248.101:53579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.162.202.122:52778/bin.sh id: auto-3926b9b71753c3cc38e59b7404e1752476b6a964f2b3ee843cde7e9ea214e88c status: experimental description: Detects traffic or activity related to http://61.162.202.122:52778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.162.202.122:52778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.25.132:35099/i id: auto-04528dde3f4dad146402bc083f47a71ccc62603790c941add5542275bdaa3538 status: experimental description: Detects traffic or activity related to http://219.156.25.132:35099/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.25.132:35099/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.29.27:51485/bin.sh id: auto-fd1b69316664bfea819a2b2aab034684f8ab24c7c2da67e110e2ed9b78c7832d status: experimental description: Detects traffic or activity related to http://175.175.29.27:51485/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.29.27:51485/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.224:41784/bin.sh id: auto-fe48cf0c2935c7423f60c6a16739c7fdfce2b791bd3c330e5bdc5bef70c9605a status: experimental description: Detects traffic or activity related to http://110.37.121.224:41784/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.224:41784/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.154.237:46706/i id: auto-b1940558cb18175491e14c0f8e5aea63cbd0ed9d3a0d59b1172633df23d8630f status: experimental description: Detects traffic or activity related to http://42.224.154.237:46706/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.154.237:46706/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.25.132:35099/bin.sh id: auto-45c657ee22a0790ad3a3e70695acc7d10ec44488af58731d0fe6834c3ccf69c6 status: experimental description: Detects traffic or activity related to http://219.156.25.132:35099/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.25.132:35099/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.188.57:34324/i id: auto-639dc7a7ad24e4d438be80834e1e46cf46cc9c9648c615905b2bca975d438dd8 status: experimental description: Detects traffic or activity related to http://113.229.188.57:34324/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.188.57:34324/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.242.67:59642/i id: auto-5534c45339e8d944b1ce03c4fad78d3b11ab3566b61aef358ba583016cd8a4cd status: experimental description: Detects traffic or activity related to http://106.40.242.67:59642/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.242.67:59642/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.121.14:44698/i id: auto-63307ad22eceeb0b25ccd2db9a23f55aa4b73c736a5b2af50a1c1ed735bab4bc status: experimental description: Detects traffic or activity related to http://117.208.121.14:44698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.121.14:44698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.93.26.110:51198/i id: auto-482a548038b0fb708b9c3b491de073315d18ef7198f4b29053f689d65d30aeb6 status: experimental description: Detects traffic or activity related to http://222.93.26.110:51198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.93.26.110:51198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.35.51:33370/i id: auto-565e16c197d83e9b5ab0545c51e197003dbee15ddd72c5e7659b20382bd27a43 status: experimental description: Detects traffic or activity related to http://222.139.35.51:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.35.51:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.23.115:49341/i id: auto-7ef5564107ed108e46b710a4e57ab74e6972a0ae19344bcc82f49bcaffcd2fd9 status: experimental description: Detects traffic or activity related to http://42.57.23.115:49341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.23.115:49341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.150.126:40074/bin.sh id: auto-1858d36faf547a3c61e6d38288840fac57164091533159bd282a329f21caa197 status: experimental description: Detects traffic or activity related to http://42.239.150.126:40074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.150.126:40074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.204.192.29:42732/bin.sh id: auto-44d4c9965c1a236ee853cd1ddbbddd2a78dabff46c537e423c502d3e63242d84 status: experimental description: Detects traffic or activity related to http://27.204.192.29:42732/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.204.192.29:42732/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.152:33875/i id: auto-6ffda1f8de8c5f3362c29f852e19657f7fac7251643941691bcbf4821a2b5573 status: experimental description: Detects traffic or activity related to http://110.37.100.152:33875/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.152:33875/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.23.115:49341/bin.sh id: auto-f1bd8b735c0b9585f73bece284c1ecad8f32bfd2eea39b9300718bcfbf5649f1 status: experimental description: Detects traffic or activity related to http://42.57.23.115:49341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.23.115:49341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.33.125:38002/i id: auto-0340bdb104ec6f148d12619b59f4f1d503c3a4a8f428d7f5e732005892e24a16 status: experimental description: Detects traffic or activity related to http://119.116.33.125:38002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.33.125:38002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.93.159:42230/i id: auto-334939e5c08df874e0eae36705d5625c639d5c84a15de9b3b97e54d4d3f12062 status: experimental description: Detects traffic or activity related to http://110.37.93.159:42230/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.93.159:42230/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.210.167:49164/i id: auto-66c225f5abdb162cb433a22b66594380bacad595dc3e03408d665a253d51e2f2 status: experimental description: Detects traffic or activity related to http://222.142.210.167:49164/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.210.167:49164/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.1.87:51480/i id: auto-ec2b1e7127418bccfbac09d3075a16e27d648b50ad94a56736e234590e560e61 status: experimental description: Detects traffic or activity related to http://27.207.1.87:51480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.1.87:51480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.210.167:49164/bin.sh id: auto-03d58845c28b015b62de92d75f3f7df9bd347b6edd87f61b98fa0786e0e0dfe1 status: experimental description: Detects traffic or activity related to http://222.142.210.167:49164/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.210.167:49164/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.33.125:38002/bin.sh id: auto-2f93f1029ff3491c5a67b7409bd0f75a15cfa0b207d0087b8a8184f542797605 status: experimental description: Detects traffic or activity related to http://119.116.33.125:38002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.33.125:38002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.143.254:38384/i id: auto-6a86faae73a3ffb4f368531c55fd45329467518842279af37a196a85e418eb0f status: experimental description: Detects traffic or activity related to http://42.224.143.254:38384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.143.254:38384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.6.20:50222/i id: auto-ccdd4ebd4fe1b53484b1e801968f5e028e93a962324df6198e864a7e42468aec status: experimental description: Detects traffic or activity related to http://113.237.6.20:50222/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.6.20:50222/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.194.203:33109/i id: auto-64f17b3d5d52da8efe33b4e70a5cc904004d879d5613ab14f632add56e203b42 status: experimental description: Detects traffic or activity related to http://42.7.194.203:33109/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.194.203:33109/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.70.95.15:51603/i id: auto-7203467a3b3714590ecb5ed5efc8f4fe48b22b12c30633fda7445bef54619c51 status: experimental description: Detects traffic or activity related to http://219.70.95.15:51603/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.70.95.15:51603/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.70.95.15:51603/bin.sh id: auto-6e553e03b1526518ccb28e3d021e34ace76a0e2f8b23f1d9d20fedd94588bed3 status: experimental description: Detects traffic or activity related to http://219.70.95.15:51603/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.70.95.15:51603/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.93.159:42230/bin.sh id: auto-c92ef03a457ad1cd21e7002377542e570475ae73a64bf266b26a17357ff704fe status: experimental description: Detects traffic or activity related to http://110.37.93.159:42230/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.93.159:42230/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.1.87:51480/bin.sh id: auto-4255d73c808cc2f4f6494b901f9731c8766868559d0274bb723fe62c8d621663 status: experimental description: Detects traffic or activity related to http://27.207.1.87:51480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.1.87:51480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.143.254:38384/bin.sh id: auto-5b6ab7b8642957ed6aca2d026cc3e5697ad70d04a19ca0480fe3c9ceed9158e1 status: experimental description: Detects traffic or activity related to http://42.224.143.254:38384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.143.254:38384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.148.203.82/02.08.2022.exe id: auto-b66e55aa2237541c078578b94dad7972b4bb1aa9dabb4f6d5ee8c1c0c6507041 status: experimental description: Detects traffic or activity related to http://38.148.203.82/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.148.203.82/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://8.138.28.12/02.08.2022.exe id: auto-925da282e677e85ad45236bd747e6cb1120f8c469246e33aa758659ae4a569ec status: experimental description: Detects traffic or activity related to http://8.138.28.12/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://8.138.28.12/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.43.8.166:8000/02.08.2022.exe id: auto-87d80d00ce661bef9ee154e254b5f33f2400ef9b6fd0451f0731ca236ce7de8c status: experimental description: Detects traffic or activity related to http://103.43.8.166:8000/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.43.8.166:8000/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.145.229.72:8088/02.08.2022.exe id: auto-01f4cf74374157d71efd61824d4578b0aafb0ec03edf10e32f26bd815e0248c0 status: experimental description: Detects traffic or activity related to http://45.145.229.72:8088/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.145.229.72:8088/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.183.142.117:2403/i id: auto-2249b51c48d272aecbae3e20b5c33391c59c8eb535b900de9cf0b2ced41b522a status: experimental description: Detects traffic or activity related to http://59.183.142.117:2403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.183.142.117:2403/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.204.221.232:4497/i id: auto-2d965169bd6821698d5cd1ea9492204e3e28232bc50ce5b9175ec3183062435c status: experimental description: Detects traffic or activity related to http://85.204.221.232:4497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.204.221.232:4497/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.24.64.77:32210/i id: auto-13e81a545f2554776ec368c0713bbbd0eeb440e0ed9a3d46d396f60c1ab0234d status: experimental description: Detects traffic or activity related to http://123.24.64.77:32210/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.24.64.77:32210/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.49.202.139:33116/i id: auto-ff2539a3d8c37c2f0345cc9f4609f5a6d3c51cae8b667ff30792f807ce07aee1 status: experimental description: Detects traffic or activity related to http://14.49.202.139:33116/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.49.202.139:33116/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.231.35.22:40954/i id: auto-f991a7967978480443e4520faaae2aaa8f8131c6dcaa1ee7f99e454315a8946e status: experimental description: Detects traffic or activity related to http://46.231.35.22:40954/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.231.35.22:40954/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.42.177.12:3389/i id: auto-7e5d5d40cf50a175f7c84da3517ef2719b465ff6c8ae30e25f950420e88775af status: experimental description: Detects traffic or activity related to http://94.42.177.12:3389/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.42.177.12:3389/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.75.173:6006/i id: auto-1d6f5510c5915b11ec4a5fd728cf076b6c803dc41c60190b597f00e7fe3de461 status: experimental description: Detects traffic or activity related to http://113.221.75.173:6006/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.75.173:6006/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.63.0:38045/i id: auto-93f751b4fd90908cf7b35190693a81e5e0daa39bd40a9598ae8b773da2aa3eb7 status: experimental description: Detects traffic or activity related to http://59.184.63.0:38045/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.63.0:38045/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.111.11.171:11264/i id: auto-2a008beca172b9fbebaf93a89d9219a2a9426db8d9322a0f7695e9bf4a84070e status: experimental description: Detects traffic or activity related to http://116.111.11.171:11264/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.111.11.171:11264/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.110.30.195:8080/sshd id: auto-85a21d3c9d75d315200648abef249b3c99fee48675e79f034854d0b5c97eae05 status: experimental description: Detects traffic or activity related to http://201.110.30.195:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.110.30.195:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.6.20:50222/bin.sh id: auto-9dbbc2d9883540d452c5fd8a556df90d338ffa83f1b68fee03fb18ced5fec3c2 status: experimental description: Detects traffic or activity related to http://113.237.6.20:50222/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.6.20:50222/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.138.179:85/sshd id: auto-b1d49fd640a562e4bdef903bcfbd27dc6e8ecbf141ccf0066cea771bc4bbbbe7 status: experimental description: Detects traffic or activity related to http://120.157.138.179:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.138.179:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.132.64.234:82/sshd id: auto-d605adc98f866bdfc567a10a1fd3249cbbb25cfdb4e3270895f513f11e503955 status: experimental description: Detects traffic or activity related to http://86.132.64.234:82/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.132.64.234:82/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.30.26:2000/sshd id: auto-3fda77ce7ca823b9e3350dba28674660837ef903f3c7edea555e3f3702261518 status: experimental description: Detects traffic or activity related to http://117.216.30.26:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.30.26:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.179.59.149:8080/sshd id: auto-ab3dc6cf1e392645516801eb8f246ee4e39d3b2be6445c82519c48ff52c36a6c status: experimental description: Detects traffic or activity related to http://77.179.59.149:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.179.59.149:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.159.187/sshd id: auto-ae02e9fbe3c34e373240f7f30b3941568a827c1586d22559e82f04ed59c662ef status: experimental description: Detects traffic or activity related to http://83.224.159.187/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.159.187/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.63.0:38045/bin.sh id: auto-6170d1a8a04596f643794dd9b27193bf647090b098617063162b9828ac88af28 status: experimental description: Detects traffic or activity related to http://59.184.63.0:38045/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.63.0:38045/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.194.203:33109/bin.sh id: auto-e8b22fbaadc55f27f412497bdce0d1df57d48dc42f911db6ba7c577056b783a3 status: experimental description: Detects traffic or activity related to http://42.7.194.203:33109/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.194.203:33109/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.87.71:45101/i id: auto-f0831b9363300dd701f3897b227b5ba9f57cebb722bd85d65dcf763562f0dde3 status: experimental description: Detects traffic or activity related to http://175.173.87.71:45101/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.87.71:45101/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.75:40458/i id: auto-e9d4bf36aca4d957f76e5ce32f2b40f9e24e1e6faf8c684a12bf2b163a6f4243 status: experimental description: Detects traffic or activity related to http://110.36.29.75:40458/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.75:40458/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/748049926/k1n07lu.exe id: auto-1836863663e867e1c0fcbcd87683b815edfeb12270ef01cefdde6077d6ef2957 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/748049926/k1n07lu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/748049926/k1n07lu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.106.15:59480/bin.sh id: auto-6dd03bda7261fc498d3122305d79215ea297f956015238ad41ee2b86fc8a10bc status: experimental description: Detects traffic or activity related to http://110.37.106.15:59480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.106.15:59480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.136.228:33068/bin.sh id: auto-922daba62a90e26b5d31025e2581571319cfe959856541fca940153468c03223 status: experimental description: Detects traffic or activity related to http://125.41.136.228:33068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.136.228:33068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.35.51:33370/bin.sh id: auto-d07e1a7f0035238d5da31e3bb3bf61c82b5d4b5b8b0dac6bf44f08840d72af17 status: experimental description: Detects traffic or activity related to http://222.139.35.51:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.35.51:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.arm7 id: auto-706a433d2df26fa528a0aec00783440d1cb1a2a292eca1db97675760992975d8 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy.x86 id: auto-6d76d3265503ef623933467cbb9433de25d74822148efba3fab7678298e96eec status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.75:40458/bin.sh id: auto-be12ae35769e95de35d2ab3c3c737990cb6c2f12105f19fa31101025078945d5 status: experimental description: Detects traffic or activity related to http://110.36.29.75:40458/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.75:40458/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.158.125:40847/i id: auto-2756ec93cd61b3dbc200069f191df4c3f0f826e4a5c1e5026660745b043741a6 status: experimental description: Detects traffic or activity related to http://123.5.158.125:40847/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.158.125:40847/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.0.60:47042/i id: auto-1b8c08f9630c89db6824beb9932aa65fa239ca1b67a410b58b27a1456c509444 status: experimental description: Detects traffic or activity related to http://182.120.0.60:47042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.0.60:47042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.84:41435/i id: auto-d872a6e445545f2f99293fde1f31d26151a2fbf9bd6a2111823d4abca2ccfd1e status: experimental description: Detects traffic or activity related to http://110.39.246.84:41435/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.84:41435/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.34.113:47181/i id: auto-356cc1a3ecda852601743f055071f5962a312a0ad10965f41112d8eea9c97430 status: experimental description: Detects traffic or activity related to http://182.113.34.113:47181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.34.113:47181/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/QNzkKeZ.exe id: auto-e5a8a4e3a761ccf5dcad6094c5b2617c44b5c23370fa70b0b0312161460c39e9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/QNzkKeZ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/QNzkKeZ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.45/main_arm id: auto-e8e9a892c1287402409130646042b80ecfa474bddbd3818d072f2f340affbb88 status: experimental description: Detects traffic or activity related to http://45.156.87.45/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.45/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.45/main_arm7 id: auto-d4748741f4e316aabfc820fc5f9c1e7936f1cc31b530f0151a22d747a0e0a07c status: experimental description: Detects traffic or activity related to http://45.156.87.45/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.45/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:59986/i id: auto-6b54a831b4849384b788f579b67086a9f507ed7dfe4aebdbf7e3d660ca3b9835 status: experimental description: Detects traffic or activity related to http://110.37.35.89:59986/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:59986/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.34.113:47181/bin.sh id: auto-fdc02d96fd7c81c67cfc4e68338e2c6667ab43a94000e64b04efabe6813c66a6 status: experimental description: Detects traffic or activity related to http://182.113.34.113:47181/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.34.113:47181/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.0.60:47042/bin.sh id: auto-ba07bac913143998f591ee0bdb2ae37df2b18e0edcdbcb1a819b4f9dec4715e3 status: experimental description: Detects traffic or activity related to http://182.120.0.60:47042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.0.60:47042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.37.234:50350/i id: auto-fefaa1fd4bf6957fbb080d354769d42106c325dc63ab4315fb0ecadc8cf078cd status: experimental description: Detects traffic or activity related to http://42.52.37.234:50350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.37.234:50350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.83.201:38644/i id: auto-64fae3be6e17fa0e07e486402fac52b1cd0ee940ad640cb2ada1c8afa47c2f77 status: experimental description: Detects traffic or activity related to http://115.57.83.201:38644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.83.201:38644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/arm7 id: auto-f8f91e38e109a567dd22539395ba5c901250e0f16cd21bbb318f5867f3d7c93f status: experimental description: Detects traffic or activity related to http://109.107.181.28/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.107.181.28/arm id: auto-04709dd683c3a0e97757e5a47ae473ca659524277ceda7e2d13744ae0d074cb7 status: experimental description: Detects traffic or activity related to http://109.107.181.28/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.107.181.28/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.84:41435/bin.sh id: auto-e9df962dbbe5e12315a2ad301b541b3100df6a04c228ea9b7dec5f2d06229aa2 status: experimental description: Detects traffic or activity related to http://110.39.246.84:41435/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.84:41435/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:59986/bin.sh id: auto-52cfd3f9e6db3050f786c6ac242a42a68bbcadf30a3a108f2d3d2525dec7cd4e status: experimental description: Detects traffic or activity related to http://110.37.35.89:59986/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:59986/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.98:53037/i id: auto-81e8ea24af6ce7c538fd36763b590a1b80d136280a53242a31e738c4b422ea61 status: experimental description: Detects traffic or activity related to http://60.23.239.98:53037/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.98:53037/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.195.159:42447/i id: auto-3f35f45698c70c911b38c2ae270fcb26115e7048ac61c907485369e5f2610970 status: experimental description: Detects traffic or activity related to http://60.23.195.159:42447/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.195.159:42447/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.44.23:35469/bin.sh id: auto-3e39e4b4e5c5c3af8cb834c2c025332821d3ff5756dfb56562c589a96c53cea1 status: experimental description: Detects traffic or activity related to http://112.237.44.23:35469/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.44.23:35469/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.194.101:44180/i id: auto-0a37994f6630ae27140d306413a8598ac4852e4b02fa451ef4999d897105352a status: experimental description: Detects traffic or activity related to http://42.7.194.101:44180/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.194.101:44180/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.98:53037/bin.sh id: auto-c72917833d13abc5a63cd4b5f8687364a53ad183982c904e3e2c3af03568c0cc status: experimental description: Detects traffic or activity related to http://60.23.239.98:53037/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.98:53037/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.227:43893/i id: auto-af12809f9dedce72d85fdbd752da07f36f3d8a6801f6234926448524d2aedf3e status: experimental description: Detects traffic or activity related to http://110.37.3.227:43893/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.227:43893/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.195.159:42447/bin.sh id: auto-77f779a12c3b62e513f1e78cc00760716bed2102acf2c5fea602b97de4ecdbb2 status: experimental description: Detects traffic or activity related to http://60.23.195.159:42447/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.195.159:42447/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.151.250:49920/i id: auto-d278172359b7db130591fb905e6302399ecdd9ae63d610f75e0ece90ef50ab49 status: experimental description: Detects traffic or activity related to http://39.90.151.250:49920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.151.250:49920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.106.15:59480/i id: auto-372dae180e8768a1dc453dcf17866a87cfd8b9d110bbfab4a10ce7d513ff80b6 status: experimental description: Detects traffic or activity related to http://110.37.106.15:59480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.106.15:59480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.12.37:46936/i id: auto-4648a92e52539b4d738134d0cacaf7eaaa0670d3169e12641553221271f7a127 status: experimental description: Detects traffic or activity related to http://221.15.12.37:46936/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.12.37:46936/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://youtubrussia.lol/YouTubeRU.apk id: auto-6b48b0c1fcabec8149e3179deb6abdcdd31428a2f8e509ac1149abdea65e357b status: experimental description: Detects traffic or activity related to https://youtubrussia.lol/YouTubeRU.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://youtubrussia.lol/YouTubeRU.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.12.37:46936/bin.sh id: auto-cbbacd23bfd436b702f93d4758b3978d0ed03ca6cd10b7c2071829c390bcdef2 status: experimental description: Detects traffic or activity related to http://221.15.12.37:46936/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.12.37:46936/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.13.173:56897/bin.sh id: auto-e1e10b61670c67430a354c00e50c491ae885cedeb17878eb0f7a48a6fc9a22d2 status: experimental description: Detects traffic or activity related to http://42.238.13.173:56897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.13.173:56897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.62.106:34781/bin.sh id: auto-f383cdd6bf29a55ad5dca717214ece555f14bb7488e6e109288018ffbea4fffd status: experimental description: Detects traffic or activity related to http://123.188.62.106:34781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.62.106:34781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.83.100:45115/bin.sh id: auto-300176befe63ca4fc152c374a98c4304525a68c075e2d663401745c4b4707866 status: experimental description: Detects traffic or activity related to http://175.165.83.100:45115/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.83.100:45115/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.42.58:48145/bin.sh id: auto-7437421b4a1ebef29836b201c4fe9f59b5c9da6f97bc49cd66cb68c2ffd78760 status: experimental description: Detects traffic or activity related to http://182.121.42.58:48145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.42.58:48145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.34:45721/i id: auto-6a7040239e044453a5092b220f0dc546b5eb7532bb1f148b6410fe1283add2b5 status: experimental description: Detects traffic or activity related to http://117.209.95.34:45721/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.34:45721/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.40.76:55377/i id: auto-92575e03f36d106031c78250ac0e1666410d34ba4a0345eb7cb4b9299fe87b79 status: experimental description: Detects traffic or activity related to http://42.180.40.76:55377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.40.76:55377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.117:46159/i id: auto-6cf51a0953652abc2f9083f8c8c3129ae0ae21cd9980bfa9b4152d26a5926b5c status: experimental description: Detects traffic or activity related to http://110.37.67.117:46159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.117:46159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.219.163:52320/i id: auto-ff94cedfdc1c19db16ddb1ce0c0768edb32c9ab09c4a2d77df56b69b6dbc0ce1 status: experimental description: Detects traffic or activity related to http://116.138.219.163:52320/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.219.163:52320/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.95.34:45721/bin.sh id: auto-83267114f6a5d893a411fed2e8a3b5fa0a80e5c51fe92a955a3e43a47fdf69ce status: experimental description: Detects traffic or activity related to http://117.209.95.34:45721/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.95.34:45721/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.78.96:49038/bin.sh id: auto-7ba891ca96682a7259b5d81f8ea0278187c1a7fd95094a13dd33e68c5f7c74bf status: experimental description: Detects traffic or activity related to http://182.117.78.96:49038/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.78.96:49038/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.151.250:49920/bin.sh id: auto-eff692693fe8c50c073656be84bccd9fde939b2a9824e9306576ad5123b9ec06 status: experimental description: Detects traffic or activity related to http://39.90.151.250:49920/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.151.250:49920/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.40.76:55377/bin.sh id: auto-2242dd5f325ac804c1d24a42f56afeb79c1fa8b18bc52074cfe3ce06af6601bd status: experimental description: Detects traffic or activity related to http://42.180.40.76:55377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.40.76:55377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.156.54:35037/i id: auto-d375101c034a99c179fb33ecf896298104359f57f49e1247acf4f1974149d439 status: experimental description: Detects traffic or activity related to http://61.52.156.54:35037/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.156.54:35037/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.117:46159/bin.sh id: auto-bed06be775c91f1cdc0e5e16795a5f4da1a02d7902c48a90ee2f6d0af89a381d status: experimental description: Detects traffic or activity related to http://110.37.67.117:46159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.117:46159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.156.54:35037/bin.sh id: auto-ee59425f114aae585c69be6c21c7d7fbb8468292b4d0f735f9ec405343db831e status: experimental description: Detects traffic or activity related to http://61.52.156.54:35037/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.156.54:35037/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.219.163:52320/bin.sh id: auto-69d573e680cde2e26b4477aef5802ea3453b46a7773b396ede3f921d17b6fd7a status: experimental description: Detects traffic or activity related to http://116.138.219.163:52320/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.219.163:52320/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.198:36859/i id: auto-4e3be1236ec82b053f0ecabecb1d2e543c4f8753f829dafcd79621fb1a370a87 status: experimental description: Detects traffic or activity related to http://110.39.244.198:36859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.198:36859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.16:50919/i id: auto-45a6e23c007a96502db55dccf3ba9062460a5a58aba91bcae301931d8856d652 status: experimental description: Detects traffic or activity related to http://110.37.76.16:50919/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.16:50919/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.1:39815/i id: auto-8b5f03d428f09ade6d968709c204979af5f89fc87ae43ac1844620727f8ec0b0 status: experimental description: Detects traffic or activity related to http://110.37.45.1:39815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.1:39815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.158.125:40847/bin.sh id: auto-166d3d9da58df1c951848b4e26fe37eb8cc8df7bade8d051c667ec0fcc681d1f status: experimental description: Detects traffic or activity related to http://123.5.158.125:40847/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.158.125:40847/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.193.139:43949/i id: auto-2610352b62340c80087af62159388fe710a3c91bbb8f59def31fc51153ef9fd6 status: experimental description: Detects traffic or activity related to http://123.9.193.139:43949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.193.139:43949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.198:36859/bin.sh id: auto-255cd08eb553ea25e2173b9de630dd644dd44e947efa6638152adb1ce2dfc56c status: experimental description: Detects traffic or activity related to http://110.39.244.198:36859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.198:36859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.36.124:57992/i id: auto-26bae057c2d69f50a1ea2fc9dc74f240370c95ee9ff097a25c67dd0a13f2e1e5 status: experimental description: Detects traffic or activity related to http://222.136.36.124:57992/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.36.124:57992/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.53.23.211:54487/bin.sh id: auto-8a8e5bcab74e1e6fedbe0992544d302a44de68cd20d1891a3b9e859d7bbc369a status: experimental description: Detects traffic or activity related to http://115.53.23.211:54487/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.53.23.211:54487/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.238.107:60727/i id: auto-dafadb1586d7fd22b2f68efc90f9b650eec824ba1c92e8253636ec69d793d9f7 status: experimental description: Detects traffic or activity related to http://42.58.238.107:60727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.238.107:60727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.181.57:36024/i id: auto-bfde9963d05f9c4295ca87b6a62637ff2dc3c64b6f165f1a7889699741697a12 status: experimental description: Detects traffic or activity related to http://123.8.181.57:36024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.181.57:36024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.16:50919/bin.sh id: auto-fadd526000454367c80dc6abf5d9195c354e8ad85dc4b4cfd753155ace01e129 status: experimental description: Detects traffic or activity related to http://110.37.76.16:50919/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.16:50919/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.227:43893/bin.sh id: auto-cd330a9ffffb520248cf3bf2a5f491061ba76eedfb59653f7bc1d41bd1d96b14 status: experimental description: Detects traffic or activity related to http://110.37.3.227:43893/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.227:43893/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.36.124:57992/bin.sh id: auto-82b139c149ffb55c0309795050588b933f8efe0533081fcb6fc84990cae8a02e status: experimental description: Detects traffic or activity related to http://222.136.36.124:57992/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.36.124:57992/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.x86 id: auto-1a6d78a6b426a23124bc452b1219c64e39eb7b331a9fcafefd82232ae74ba1aa status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.sh4 id: auto-f569c3c5875edfc1b895af922bde35919efe5ce8002cae8f839a8eb6a76761df status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.mpsl id: auto-fc759caf22a1544139a205f406bcc0e5b8229212573f5f8580d0bc8fb1d0faa9 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.mips id: auto-b206a0ef4cf7eb3260d0742cb965cba421c0698f2d380ff59ae302062fca2a4e status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.239:55869/i id: auto-19e7edb212ebc0231682fc41eb1e9fd0d0dbf55f70a231cf7a68ca6d74d934e0 status: experimental description: Detects traffic or activity related to http://60.23.239.239:55869/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.239:55869/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.ppc id: auto-9190ea407a2858c2c7d6e053f85630a6e65cf62a868275784d671bc2ce4e0438 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.spc id: auto-3d3ea6f07b2a849297da6717aaef0cb2ad5651dbe714dbfd61efd2a2cb33c09c status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.arm6 id: auto-d819bf4ac3730c33aa2c49c0fc371df828d167481c50a89357c199ffb900cbdf status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.m68k id: auto-9ac6ba11c5a66cef9d9b86412e089b4b24c5e6fa7c03bffb601c7bb59371eab8 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.arm7 id: auto-9398d806191a4c0be53305c9bb36cacbb1e53ed0e0248b985d90089e59577c06 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.arm5 id: auto-2a8cf8b4567834d279a8d20311ff06736346b0f071f629a2edc4a4616f2fa85d status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.arm4 id: auto-7a1d92be018874708db9e39d3183ce928ff3ab5399786b4e3c449f101f638073 status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/Fantazy/Fantazy.x86_64 id: auto-69a790c581521b55205f0f2239f4591ea1f18e6ee6ee413631d734dcf53d4a5c status: experimental description: Detects traffic or activity related to http://130.12.180.28/Fantazy/Fantazy.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/Fantazy/Fantazy.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.101.175:55199/i id: auto-f3a73b9afd3d1dd7b189c3e7d7ebeaf057f39ae89e1501625f64af2f1e1e5c39 status: experimental description: Detects traffic or activity related to http://112.239.101.175:55199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.101.175:55199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.238.107:60727/bin.sh id: auto-a8b6379f170bdfb8c2850689f6f78f88c793a4cea99d2908b57c50b3ec00c106 status: experimental description: Detects traffic or activity related to http://42.58.238.107:60727/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.238.107:60727/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.41.218:39845/bin.sh id: auto-377e27048d3ec3def9bfd2dc67675c7140635ddc23c48481e32f268a9309bad8 status: experimental description: Detects traffic or activity related to http://182.121.41.218:39845/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.41.218:39845/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.228.193:39682/i id: auto-b41c5659999e98c5395ffe1ffb006b9be2b118f46b5586d823bdb0851202c9c4 status: experimental description: Detects traffic or activity related to http://42.5.228.193:39682/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.228.193:39682/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.78.238:36071/i id: auto-0aea3c471a5b04589ffa2a7b4a43c2f73801cf9dd128a43c95f16ffa75f103f4 status: experimental description: Detects traffic or activity related to http://27.215.78.238:36071/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.78.238:36071/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.122.105:52925/bin.sh id: auto-c2153de83432814c983afef598ac76b36ddb54d2e2d7e6c987cc71bbc8c1d36b status: experimental description: Detects traffic or activity related to http://221.14.122.105:52925/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.122.105:52925/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.239.239:55869/bin.sh id: auto-d696f9cb5bc7fd95ea70cd2a95a66d7360bf691d4392318d4c47cba5110c0ab2 status: experimental description: Detects traffic or activity related to http://60.23.239.239:55869/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.239.239:55869/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5750743047/kuryVOF.exe id: auto-1a5d94486c9b9ddbb11ec9fda92af227ddeaab5e90fb0a4265a2651b56694d0d status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5750743047/kuryVOF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5750743047/kuryVOF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.55.234:46782/i id: auto-ff8a2e35c4ce9e7e2db713bc9e498fa3f84bafa597dd3c896f43c8c69bfb39f4 status: experimental description: Detects traffic or activity related to http://110.37.55.234:46782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.55.234:46782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.95.238:39916/i id: auto-cee9d3810428d554934d2f3cd99501e62886d57f868405de9b8896d69c87b980 status: experimental description: Detects traffic or activity related to http://110.37.95.238:39916/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.95.238:39916/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.26.195.93:48402/Mozi.m id: auto-d2ee4ae30c695ab552f485302b6c234b0ae9a17041756d95ce320615a7146059 status: experimental description: Detects traffic or activity related to http://5.26.195.93:48402/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.26.195.93:48402/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/armv6l id: auto-a29a5a2eeeba1f5a74ecc60ecd7b02642dafe50d4e66d313dd6fd2be62220217 status: experimental description: Detects traffic or activity related to http://158.94.208.27/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/armv4l id: auto-ff4d7c167b38b9c39de0a9ead3709fd8fa3c1f441f29c1951880af279b089b32 status: experimental description: Detects traffic or activity related to http://158.94.208.27/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/i686 id: auto-fcc7dfbfb517954a37b24657e85f359bb36de8880cae6412b7e6b0eb5e2542ad status: experimental description: Detects traffic or activity related to http://158.94.208.27/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.207:36162/i id: auto-a212421ac8e64766dfbe1c3692b7924de710af63f8e7b1374ae1e5800d9201f7 status: experimental description: Detects traffic or activity related to http://110.39.226.207:36162/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.207:36162/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://122.189.11.31:52951/i id: auto-a2aadc51fb840f951793e414c6e7f1f6053d1f22dae44433c350a7d9db5da3eb status: experimental description: Detects traffic or activity related to http://122.189.11.31:52951/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://122.189.11.31:52951/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/armv7l id: auto-7f2bcdc19ec67cf2c0393804fee894c02efdd5526d44703d55f6fd2bfede344b status: experimental description: Detects traffic or activity related to http://158.94.208.27/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.23.20:53412/bin.sh id: auto-7176f6505c8b2107bd73950c42494865f06181bc90d35f9a65416c83df91506f status: experimental description: Detects traffic or activity related to http://117.209.23.20:53412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.23.20:53412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/mips id: auto-666629a6b8dae0d32802be617675b35362c7f10d571e07e16eb3763387886247 status: experimental description: Detects traffic or activity related to http://158.94.208.27/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/i486 id: auto-6d84cffbaefd46623bceecf629a6f03bba24569983adfe9fa30e6866c4036de6 status: experimental description: Detects traffic or activity related to http://158.94.208.27/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/m68k id: auto-9eb04bf6825b2f4d208dcc065d9f15a91e571259a711703b723015a2efcc6c62 status: experimental description: Detects traffic or activity related to http://158.94.208.27/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/armv5l id: auto-a7f0708f7550af5c0191cf8a49ae735e79acae2d17bbf6f372011b43a0411cd1 status: experimental description: Detects traffic or activity related to http://158.94.208.27/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/mipsel id: auto-2e12b327514cbb2078c34bb643806674edbd781b96e137be42e4ff333aba2dfa status: experimental description: Detects traffic or activity related to http://158.94.208.27/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/sh4 id: auto-266bb1c3514ef337bd9028edc312b7bd235f5b3f5e09243ec79823b95b5ef490 status: experimental description: Detects traffic or activity related to http://158.94.208.27/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/i586 id: auto-32b81551409c8a35a3151692a4678a30e233a9e6f73fd2182479137ccb2a9b8f status: experimental description: Detects traffic or activity related to http://158.94.208.27/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/powerpc id: auto-933f0f8c82e9884752cfc4cb3aa3aa7d748911fb1bf7c29811b2e28575406865 status: experimental description: Detects traffic or activity related to http://158.94.208.27/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/x86_64 id: auto-c22bbb7f3b790f52fc8b44a1864d2873f0246835d2328ad24b44e231e5b58400 status: experimental description: Detects traffic or activity related to http://158.94.208.27/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.183.91.250:47049/i id: auto-efa34fd5c7166393dd91773e2fa05ff96144d5ab3f2f0f64aae756128e702fb4 status: experimental description: Detects traffic or activity related to http://2.183.91.250:47049/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.183.91.250:47049/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.228.193:39682/bin.sh id: auto-ad4e517d96aa64e022bac13a594802040e69d8456b88c737a27d5a3949a96270 status: experimental description: Detects traffic or activity related to http://42.5.228.193:39682/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.228.193:39682/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.99.38:37752/bin.sh id: auto-5d6bb8e412063d9eb7c9e8c9742a37fafded553f88d35c52f00f76bd3a14b3d4 status: experimental description: Detects traffic or activity related to http://110.37.99.38:37752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.99.38:37752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.181.57:36024/bin.sh id: auto-d12b10ac2be55083572e8dda899e0fbeb15f746b17849043f1e4ff719c57e872 status: experimental description: Detects traffic or activity related to http://123.8.181.57:36024/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.181.57:36024/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.85.79:45857/i id: auto-c48be4765d6a12a5b92199d5bd66c50a3cf51970bf707b596b270f31942a5c11 status: experimental description: Detects traffic or activity related to http://27.37.85.79:45857/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.85.79:45857/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.25.181:42140/i id: auto-8e9dc03c652f3b9f5b434164ce437281ace76c7bb44a4b3fc8621a80b93a2afd status: experimental description: Detects traffic or activity related to http://42.224.25.181:42140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.25.181:42140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.58.14:42801/i id: auto-adb314889b7199eda09bc4dfe5650a975bb90e8d91fc45216f85afd9e878970a status: experimental description: Detects traffic or activity related to http://42.53.58.14:42801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.58.14:42801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.85.79:45857/bin.sh id: auto-ea1072f14cdbcc7d9b52ca4709b90ff37d626de2574e28a376a429e155eb8273 status: experimental description: Detects traffic or activity related to http://27.37.85.79:45857/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.85.79:45857/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://invoker.rootxran.com:8081/Loader.efi id: auto-8391e6e7c37159dde51fb79baa34edde25ec903d6a7a5ab0fe551bce7e861431 status: experimental description: Detects traffic or activity related to http://invoker.rootxran.com:8081/Loader.efi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://invoker.rootxran.com:8081/Loader.efi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://invoker.rootxran.com:8081/EfiGuardDxe.efi id: auto-c32534a8bb1ca31e3badbf249b11c0ee8857829ceca677fa2cf67f3e10ea32c9 status: experimental description: Detects traffic or activity related to http://invoker.rootxran.com:8081/EfiGuardDxe.efi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://invoker.rootxran.com:8081/EfiGuardDxe.efi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.159.21:42932/i id: auto-9bb1088bc08440d823d8ca3cda9494b673d68c9766dcd0419eb695905e802c65 status: experimental description: Detects traffic or activity related to http://222.140.159.21:42932/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.159.21:42932/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.249.115:59039/i id: auto-dd8650e6a3896a005ff01bd7bb2f0daac921b78f35df42db901808b53b4d417f status: experimental description: Detects traffic or activity related to http://115.63.249.115:59039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.249.115:59039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.61:50980/i id: auto-282bfbe802d286e5e122da81cb96365a428539f45799fc5ebe594186d1a5ec9d status: experimental description: Detects traffic or activity related to http://219.155.210.61:50980/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.61:50980/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.204.206:34764/i id: auto-0485e716d8013023f489d7d740cfcca4979f4c452448a3e46d54b42d5bbb232d status: experimental description: Detects traffic or activity related to http://85.12.204.206:34764/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.204.206:34764/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/888.sh id: auto-0f4b4fd68fb03c237f14b93d9ef0c33d7224bd775dcd3308e0463a87e2dde364 status: experimental description: Detects traffic or activity related to http://158.94.208.27/888.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/888.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/chingchong.sh id: auto-01381d2ee876a9158344f405a9585688e310ad91e438bc91f0ea2b1c86975d25 status: experimental description: Detects traffic or activity related to http://158.94.208.27/chingchong.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/chingchong.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/cat.sh id: auto-c233f1c97e3ab1b498c62596a43db90e503554ebc74e89e3e3dbbcfd77e5c5f4 status: experimental description: Detects traffic or activity related to http://158.94.208.27/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/cat.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/hik.sh id: auto-ed3d12b5c55f1e155d856416f69f39b4034bbab352fa429c02c5726b614b76dc status: experimental description: Detects traffic or activity related to http://158.94.208.27/hik.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/hik.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.122.105:52925/i id: auto-988f5d5567acc54e0a65f3315921f3b24cd3fadf85237ce1f90c971ef2cc9cad status: experimental description: Detects traffic or activity related to http://221.14.122.105:52925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.122.105:52925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dpshelp.space/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk id: auto-128fc8bfca87fd05e743befb5d5470dc09279ddbfabccf04c4133d400788b3c5 status: experimental description: Detects traffic or activity related to https://dpshelp.space/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dpshelp.space/assets/%D0%A0%D0%B0%D0%B4%D0%B0%D1%80%20%D0%94%D0%9F%D0%A1.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tryytmanyrei.live/YouTubeUltra.apk id: auto-39ad849494bb062954bdc24dd7002a711f7191ed24fa23e722f25c2f9154dd75 status: experimental description: Detects traffic or activity related to https://tryytmanyrei.live/YouTubeUltra.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tryytmanyrei.live/YouTubeUltra.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drivercool.lol/DriverCool.apk id: auto-3597b603e38b8e65820a6bb6af084c99717a8215634a2faaa57cecc3da9bef3b status: experimental description: Detects traffic or activity related to https://drivercool.lol/DriverCool.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drivercool.lol/DriverCool.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://probable-winner.info/ id: auto-d30130851fd137dbef1e885a2e2068945bfa74e8a3dd64874fbc22c792ffff5b status: experimental description: Detects traffic or activity related to https://probable-winner.info/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://probable-winner.info/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.mediafire.com/file/nrsy74u8bhzpxjb/SystemService.exe id: auto-4c268372fce8f75efc8e8b2cbe431acc77b4e8d9cb73d4a590bc5663e140a0aa status: experimental description: Detects traffic or activity related to https://www.mediafire.com/file/nrsy74u8bhzpxjb/SystemService.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.mediafire.com/file/nrsy74u8bhzpxjb/SystemService.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5.252.153.57/epstein.exe id: auto-ae8784c9d837bd0cbb1f2c2af68be7831e56d34dd04449f40283f11cb5395231 status: experimental description: Detects traffic or activity related to https://5.252.153.57/epstein.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5.252.153.57/epstein.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6234411520/w6SR9Ll.msi id: auto-5cfd2e5811d094d8557c7412efd7fdbdad5a76eb75426d5bf616414e3881a84e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6234411520/w6SR9Ll.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6234411520/w6SR9Ll.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6234411520/hwQFP9W.msi id: auto-b50760c7bc3d94fbb7d1e58cfc8911d7e01f9dfd216ce81b8317012750170a41 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6234411520/hwQFP9W.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6234411520/hwQFP9W.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.gao.or.kr/vendor/jquery/img.png id: auto-b5583d5ef46caae5f72728193d1aa98ef202602d3ce690cebf05147af15902a1 status: experimental description: Detects traffic or activity related to https://www.gao.or.kr/vendor/jquery/img.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.gao.or.kr/vendor/jquery/img.png*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-df13d803030c4cab8b69722fbd66d7cd.r2.dev/din-Hr20254861.zip id: auto-832f046969bac3544b3b6b29d9bbac2c031673536653c99e4ccd790f674cfce7 status: experimental description: Detects traffic or activity related to https://pub-df13d803030c4cab8b69722fbd66d7cd.r2.dev/din-Hr20254861.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-df13d803030c4cab8b69722fbd66d7cd.r2.dev/din-Hr20254861.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bestcruisetravelinsurance.com/ppruystgksmc.zip id: auto-68393fc249fc047559620f506e298a46744fefdff2733c61a09493c30d99cb76 status: experimental description: Detects traffic or activity related to https://bestcruisetravelinsurance.com/ppruystgksmc.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bestcruisetravelinsurance.com/ppruystgksmc.zip*' condition: selection level: high tags: - attack.t1566.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/telnet.sh id: auto-20ca927646f0e56bd0e1b25af2be9a9dea9f2849a0a56966b345dfd63f2e3185 status: experimental description: Detects traffic or activity related to http://158.94.208.27/telnet.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/telnet.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.199:54411/i id: auto-187901ae87f31d5efa6e23b833cb626ad224cdfdd6e9d865162d189f61db7224 status: experimental description: Detects traffic or activity related to http://110.37.35.199:54411/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.199:54411/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.249.115:59039/bin.sh id: auto-aeb68b9c884c4af95c40b40d85d757382f6a2ecca1456aae5505c2f7bfe9c839 status: experimental description: Detects traffic or activity related to http://115.63.249.115:59039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.249.115:59039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.204.206:34764/bin.sh id: auto-f2b8468cfa12e3bb009429995d635e72739054a1a3206412ebffa00f8a7c3ca7 status: experimental description: Detects traffic or activity related to http://85.12.204.206:34764/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.204.206:34764/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/m68k.uhavenobotsxd id: auto-0c113b8d091b158fc786890ed38285e1f4e0698457c5935573788efad6fe628a status: experimental description: Detects traffic or activity related to http://194.26.192.202/m68k.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/m68k.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/sparc.uhavenobotsxd id: auto-00949a7c0cc97f4108679fccc9a1f210cf13583b9e00f6f6d0b202a2eb2e02af status: experimental description: Detects traffic or activity related to http://194.26.192.202/sparc.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/sparc.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/sh4.uhavenobotsxd id: auto-e96c314ebfe642d5f16e0e10a3e9aed6953b38112c183c616d7e9603fc5d1f80 status: experimental description: Detects traffic or activity related to http://194.26.192.202/sh4.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/sh4.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/sh4.kok id: auto-d6c1cca8a52d733ca30556ae81d09b136c0e96d526c8ae6900bfab354342b04c status: experimental description: Detects traffic or activity related to http://91.92.241.10/sh4.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/sh4.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/sparc.kok id: auto-0f01232135fcc7cba6b13d6ec2690269d5e4963635dbefc902dbf0114b55c1ad status: experimental description: Detects traffic or activity related to http://91.92.241.10/sparc.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/sparc.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/m68k.kok id: auto-fa8ff560e0de01acb18084eea79c39df4623b13f3223480c7e1fad6b55deb922 status: experimental description: Detects traffic or activity related to http://91.92.241.10/m68k.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/m68k.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/arc id: auto-188244fb3b429e4d62f97831f8ba8cee072dadd8b11138087cafe9e44a475223 status: experimental description: Detects traffic or activity related to http://103.116.52.219/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.158.158.245:44113/i id: auto-8ad8e918e908d4dd5669a41583cf0cb9a8ce5abc79876f3bd9802927102ecc94 status: experimental description: Detects traffic or activity related to http://61.158.158.245:44113/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.158.158.245:44113/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.83.200:55216/i id: auto-a606b1aab095841748609764605199ca3c75d0298dc439935a689dc4e88a6bbb status: experimental description: Detects traffic or activity related to http://113.230.83.200:55216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.83.200:55216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.34.179:57155/bin.sh id: auto-82d58fe5a5cdd97803f5054568a3fa763b3481a42d24aabd66fdbcecb45db578 status: experimental description: Detects traffic or activity related to http://110.37.34.179:57155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.34.179:57155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/NvVoBZs.exe id: auto-5647a1bc73814b6cebc839e863d446cac47a85db18ca0c3e825b6a63b8aa8516 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/NvVoBZs.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/NvVoBZs.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.158.158.245:44113/bin.sh id: auto-57678dd0fe6cbe49b155fc10cf944d65a995bc516d7b8d111a6e18b05f9f3934 status: experimental description: Detects traffic or activity related to http://61.158.158.245:44113/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.158.158.245:44113/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.24.162:42561/i id: auto-cb8df6e11ba130e4379eca749652189f01b3bb974e9d2409755fd4a98b717cc4 status: experimental description: Detects traffic or activity related to http://110.37.24.162:42561/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.24.162:42561/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:49191/bin.sh id: auto-236befaf0bf69d8532182eaafc53b8cac15f448dd5565ff84c8346825e480fde status: experimental description: Detects traffic or activity related to http://110.37.37.232:49191/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:49191/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.190.16.223:38597/i id: auto-4afacad872b5c6989d8d59d807fdfacaf3e363ab90f5f7b25bf8a67e93166495 status: experimental description: Detects traffic or activity related to http://119.190.16.223:38597/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.190.16.223:38597/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.246.101:36943/bin.sh id: auto-cd19be6effea70f2742d082ffb7de2f8a9e3a5f6163502ccd09e646dfa8497ff status: experimental description: Detects traffic or activity related to http://221.1.246.101:36943/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.246.101:36943/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.24.162:42561/bin.sh id: auto-52200905514366482d0bdf41524b36ee335793a7393a6f701dbfc0c7614c0b79 status: experimental description: Detects traffic or activity related to http://110.37.24.162:42561/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.24.162:42561/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.190.16.223:38597/bin.sh id: auto-6e9adb07cb91061b03cf0974702d3b05a6a631a57a0ac6f6ce7d48918b647b7b status: experimental description: Detects traffic or activity related to http://119.190.16.223:38597/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.190.16.223:38597/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.164.207:38449/i id: auto-8362c9432f5f4b01ddf7eb9a377d0b399299b36122edf8760bb9c6f9d5490af5 status: experimental description: Detects traffic or activity related to http://175.167.164.207:38449/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.164.207:38449/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.76.194:38563/i id: auto-8b3cef763bb9523b74e46ac7a9b746dbba86468dfdfab6cc05b35dbef65347d3 status: experimental description: Detects traffic or activity related to http://112.249.76.194:38563/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.76.194:38563/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.89.121:57359/bin.sh id: auto-3fb93ba919bf181d4eff5a05ddfde85a124797c28ad02d031b5369a4a768454d status: experimental description: Detects traffic or activity related to http://42.59.89.121:57359/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.89.121:57359/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.224.203:40208/bin.sh id: auto-1fdfa28f9a98460a675889f0324ff3089d2455f6fa6f03ba413072ff4074099f status: experimental description: Detects traffic or activity related to http://110.39.224.203:40208/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.224.203:40208/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:37265/i id: auto-1d279c89423a31a11c4de98b3574227b8c4334a14ad69559bf5e753c1d06fa81 status: experimental description: Detects traffic or activity related to http://110.37.123.210:37265/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:37265/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.151:38340/i id: auto-f00d9629bf0e3977e9fc3430a9aa507b0234b4686893f787449def1cdf2c4110 status: experimental description: Detects traffic or activity related to http://110.37.118.151:38340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.151:38340/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.243.99.154/kinsing id: auto-11387efc3e75580a7851d989573b7be974c874f94032c2a4f5abc1ab2f8f8ca2 status: experimental description: Detects traffic or activity related to http://185.243.99.154/kinsing which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.243.99.154/kinsing*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.243.99.154/kinsing_aarch64 id: auto-e8d6b2c40dfcea1ced18e1288d9d1dc75e5705a25cee288bf1dc4d9f79f94ebe status: experimental description: Detects traffic or activity related to http://185.243.99.154/kinsing_aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.243.99.154/kinsing_aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.243.99.154/d.sh id: auto-00b0b6ae284003b7821d9cff8d2d5da9f1f387cf7990f4ff1dfe6caddba4e943 status: experimental description: Detects traffic or activity related to http://185.243.99.154/d.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.243.99.154/d.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.157.221:41253/bin.sh id: auto-ce1c8da475632883353eb0a83670991b807c54217c195997e9db2a18c015202a status: experimental description: Detects traffic or activity related to http://123.132.157.221:41253/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.157.221:41253/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.137.194.180:51113/i id: auto-2f49ed1aec4e25749967f5fa1fba498b272aeab536817e38ad87d3a01ef13995 status: experimental description: Detects traffic or activity related to http://61.137.194.180:51113/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.137.194.180:51113/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.137.194.180:51113/bin.sh id: auto-0b6702bc2ff615663ecc9e4fb472bb492b79357eaaeb8d651abcce4e3ab0b9fe status: experimental description: Detects traffic or activity related to http://61.137.194.180:51113/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.137.194.180:51113/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7992210799/Rxd6mTk.exe id: auto-169339e6d1d7768915f7914b4e47e82d6f499a3a4c6e1633aa5228b206bc392b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7992210799/Rxd6mTk.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7992210799/Rxd6mTk.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.144.203:49746/i id: auto-41d6d36bb494e5cda205b6296b57ad7a8c04440842406a96ff667e55cbb8db2e status: experimental description: Detects traffic or activity related to http://125.40.144.203:49746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.144.203:49746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:37265/bin.sh id: auto-ca4d32135268f7e2b07333897b89e164ea9cc8b95e6011337f8e6670bb65e989 status: experimental description: Detects traffic or activity related to http://110.37.123.210:37265/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:37265/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.69.76:50236/i id: auto-6cebf1d61ac890dc82a3881f6c5c663250595141e0b8b89adf140f437e583504 status: experimental description: Detects traffic or activity related to http://110.37.69.76:50236/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.69.76:50236/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.67:53717/i id: auto-5710ea8a21da77573d12437104e4f2a20acb4284567995d65a188ca163de1bfe status: experimental description: Detects traffic or activity related to http://110.39.235.67:53717/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.67:53717/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.214.160:57277/i id: auto-7fe46b59e1f0e2796eeeaaa0ec95ada443d66ec0c544f81ba3e7c805cc03ecce status: experimental description: Detects traffic or activity related to http://42.7.214.160:57277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.214.160:57277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.151:38340/bin.sh id: auto-1e8e5199d9fa14c191b1c2050685256ac10036a17f6d89926c0a78bb29ab4a8d status: experimental description: Detects traffic or activity related to http://110.37.118.151:38340/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.151:38340/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.146.219:47857/i id: auto-ac74085a1e4676ca9bd6e8f8746e4cafb9aac604bbc1529b64be7d05251ac629 status: experimental description: Detects traffic or activity related to http://182.118.146.219:47857/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.146.219:47857/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.214.160:57277/bin.sh id: auto-70662fc1c42a344982d2a43b351e6ecc4af2c4627e92f1ae3b572a9be0e44d64 status: experimental description: Detects traffic or activity related to http://42.7.214.160:57277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.214.160:57277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.221.107:47439/i id: auto-65c633f33bbefa52bddfc186165dc66f178806fbed351f8cfa359fe109e4194d status: experimental description: Detects traffic or activity related to http://178.141.221.107:47439/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.221.107:47439/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.69.146:46684/i id: auto-af2aaaf9f699dc00e0c99d78d3b0b6d31b05020b57a122e7b89db89560ee4c4b status: experimental description: Detects traffic or activity related to http://60.18.69.146:46684/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.69.146:46684/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.160.130.8:34024/i id: auto-c185dca5e8e9713b16f5ad6ff07159613b494c3ea54fdadc6873dfbcfd561ef9 status: experimental description: Detects traffic or activity related to http://103.160.130.8:34024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.160.130.8:34024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.146.219:47857/bin.sh id: auto-86ade2dab7bfc27bc87712f00de9a677c22ed55329c792b92d4e1bcffada623a status: experimental description: Detects traffic or activity related to http://182.118.146.219:47857/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.146.219:47857/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.196:55459/i id: auto-1282ab0b7a467d080a09b15679ee7e9df512f2bf96a4c1fd9ae2a4c1b505ae31 status: experimental description: Detects traffic or activity related to http://110.36.0.196:55459/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.196:55459/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.200:58892/i id: auto-673386ce6dee75194d1e1782d8a1e074101a1691891c8da91a634c2d11145dcf status: experimental description: Detects traffic or activity related to http://110.37.97.200:58892/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.200:58892/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.247.132:36821/i id: auto-5e40b05023943af17838cad05599924961aed0e6c9151340940d26482aa8f305 status: experimental description: Detects traffic or activity related to http://175.147.247.132:36821/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.247.132:36821/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.69.146:46684/bin.sh id: auto-704ad01752ce3194575a6d758d8b447b1ee2aee1adcabd43fa11e10048b31bd0 status: experimental description: Detects traffic or activity related to http://60.18.69.146:46684/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.69.146:46684/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.160.130.8:34024/bin.sh id: auto-ea49e0f627a107a8450c8a79dde4172e10bd9c10cc10d85875136ab8becdb82d status: experimental description: Detects traffic or activity related to http://103.160.130.8:34024/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.160.130.8:34024/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.64.254:51854/bin.sh id: auto-7bacb0289ad8844379877b8cabf8cc84934e039eb9279c5eaf5df98e33ebbb4a status: experimental description: Detects traffic or activity related to http://110.37.64.254:51854/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.64.254:51854/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.136.228:33068/i id: auto-f5f95f9a4fa86b1a126a4a8ac792aaa3ec0b9ce81e68bc80ceeed388db9aaf50 status: experimental description: Detects traffic or activity related to http://125.41.136.228:33068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.136.228:33068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.242:34947/i id: auto-6107dc992453db638ae03ccae005a17af06bf935da79f24e3a3ee5022d45a8b9 status: experimental description: Detects traffic or activity related to http://110.39.226.242:34947/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.242:34947/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.247.132:36821/bin.sh id: auto-7e5f13f28942212502e3d29bb67da1d5a29e1ec0770207b25bfd8caad2a2d5a1 status: experimental description: Detects traffic or activity related to http://175.147.247.132:36821/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.247.132:36821/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.191.16:33456/i id: auto-aa1d6a7926e747a6371054509318d48773c4ed7f1de193ced0d4ad49ba3dbf5c status: experimental description: Detects traffic or activity related to http://222.137.191.16:33456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.191.16:33456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.15.172:55780/bin.sh id: auto-ec7136d221b48a140572c4e782a1c0b3666681cd9867ec4cb135d52d1a3738d0 status: experimental description: Detects traffic or activity related to http://59.89.15.172:55780/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.15.172:55780/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.253.128:36957/bin.sh id: auto-3ff583c508ab16b18ce3541596e002f51a236804624cde2eb9f959ba760212b1 status: experimental description: Detects traffic or activity related to http://59.97.253.128:36957/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.253.128:36957/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.251.127:54168/i id: auto-118f6bed6f30dff961898fb84437fcebd1fd98056bd4c46828f0e0f41d3030b0 status: experimental description: Detects traffic or activity related to http://110.39.251.127:54168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.251.127:54168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.121:38321/i id: auto-bde103976d53bc167ca2520992a6dd853db47afafe7f1499cd36248bf30d1e32 status: experimental description: Detects traffic or activity related to http://110.37.102.121:38321/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.121:38321/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.141.221.107:47439/bin.sh id: auto-13903bb81bee024e7ca326a55c3e205dda6957e6a5e801829fd76fd2cd6b56ff status: experimental description: Detects traffic or activity related to http://178.141.221.107:47439/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.141.221.107:47439/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.138.131:37745/i id: auto-fb849e629e04fd07d5b05e23a540d72ad6a04c29bddd1121148994613f6aac15 status: experimental description: Detects traffic or activity related to http://222.138.138.131:37745/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.138.131:37745/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.191.16:33456/bin.sh id: auto-48f989306c9e5760f9b05aba89ddf575a11ce7e703f4b2101943d1f03de18dcd status: experimental description: Detects traffic or activity related to http://222.137.191.16:33456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.191.16:33456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:58608/i id: auto-0b19e013798a843a4221d18dc397a1b020080341a81fddc1a4c656ef3a5194d5 status: experimental description: Detects traffic or activity related to http://110.36.0.104:58608/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:58608/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.198.164:49120/i id: auto-d5dce4ee97509b595e2489f4998268fff55e295fd577585ef61240473a57678a status: experimental description: Detects traffic or activity related to http://42.179.198.164:49120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.198.164:49120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.182.215:38996/i id: auto-49b8e01a47221edb753aa6ff7230159a2725b968569e5f725134ea9116fb10c8 status: experimental description: Detects traffic or activity related to http://117.215.182.215:38996/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.182.215:38996/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.104:58608/bin.sh id: auto-7ec9fd45feb3f5c5ceffdaf42efaf4cd484283c583b0cbfc68459921c806357a status: experimental description: Detects traffic or activity related to http://110.36.0.104:58608/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.104:58608/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.232.208:38186/i id: auto-28f03c7347fc07c11ee215855ed9d20f9b0b71eecc3e85810b7cf36094fe6a6f status: experimental description: Detects traffic or activity related to http://110.39.232.208:38186/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.232.208:38186/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.198.164:49120/bin.sh id: auto-74b667292dc3744244ad98c4c4f96fbf5ec4299e385d587bb26fc176be92f6e9 status: experimental description: Detects traffic or activity related to http://42.179.198.164:49120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.198.164:49120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.129.182.176:41716/i id: auto-1ae973db1820e4be939e65ca9ec5e801c51e0bfcc09d437331ad60581f23c476 status: experimental description: Detects traffic or activity related to http://124.129.182.176:41716/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.129.182.176:41716/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.152.212:40639/i id: auto-7eb836e17949f69c6e0d46eac93e2a37a9a89c5a445f92d909b123db57d09f4c status: experimental description: Detects traffic or activity related to http://182.117.152.212:40639/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.152.212:40639/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/mips id: auto-376d67b8027540eb3aaf85a7e599b6c8ea624127d3c860fec63dc0bec20ea84f status: experimental description: Detects traffic or activity related to http://91.92.241.102/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.159:55138/i id: auto-98dbd4d37707faf203b91bddbafec143605ea95353e1d71972501dac0a0f1fa3 status: experimental description: Detects traffic or activity related to http://110.39.229.159:55138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.159:55138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.102/arm id: auto-08e7e9c22ab41db79b09115e6ab1feebb904a005f5e64abf2df240d698ce3282 status: experimental description: Detects traffic or activity related to http://91.92.241.102/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.102/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.33.115:56382/i id: auto-944e13b52b5d63c60ac7e71523ae027b9a01cbcc3b53c436976ce424db5aa7b8 status: experimental description: Detects traffic or activity related to http://123.4.33.115:56382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.33.115:56382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.113.157:50375/i id: auto-97d79dd140c996eea59d795e9577444e0192d4c77c7bff19fad205431ed36995 status: experimental description: Detects traffic or activity related to http://78.165.113.157:50375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.113.157:50375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.113.157:50375/bin.sh id: auto-910666c647eb3f1e2e93ad057696fa1150160ec19c024485368f40ed13fe75ba status: experimental description: Detects traffic or activity related to http://78.165.113.157:50375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.113.157:50375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.129:60025/i id: auto-0f6a308bd7be9b39d20041bb791deac10ab8694cbb8aa3be17a5864efb53b036 status: experimental description: Detects traffic or activity related to http://110.36.0.129:60025/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.129:60025/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.52.143:50609/i id: auto-cceeeccd3502f7db1d437380e6878fbe927637bd2f0e7c9da2ba2ca0821a1c25 status: experimental description: Detects traffic or activity related to http://42.235.52.143:50609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.52.143:50609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.134.212:40442/i id: auto-f7d358973bbf1f528306660926c8410eceb2f1267b3fa8c073d7f215c043a576 status: experimental description: Detects traffic or activity related to http://42.55.134.212:40442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.134.212:40442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.74/mips id: auto-43847cd856418fcc05df339105d1e3471067be893d992a8b2c8b56ee15b69cbb status: experimental description: Detects traffic or activity related to http://45.153.34.74/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.74/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.242.108:60806/i id: auto-05b48b30dcee3f7a504158f29b8c5ffd857638b61ae38ef8041558aa53114db4 status: experimental description: Detects traffic or activity related to http://123.11.242.108:60806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.242.108:60806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.0.94.72:46368/bin.sh id: auto-c4764bbe36d887444f9727632f6d070a39a3658633013ea16f3f7d3f54840d7c status: experimental description: Detects traffic or activity related to http://61.0.94.72:46368/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.0.94.72:46368/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.227.222:37804/bin.sh id: auto-896680eeb1a8ca5105e46ff6ab1ae82f12a91dc5591cf4b15ec19d4c030a2f16 status: experimental description: Detects traffic or activity related to http://113.229.227.222:37804/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.227.222:37804/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.233.53:52565/i id: auto-a7e1d73c171e9e0120571a8e66b7c9c06697614335101d0e5405b0c8d06554c0 status: experimental description: Detects traffic or activity related to http://60.23.233.53:52565/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.233.53:52565/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.182.215:38996/bin.sh id: auto-4dc04c4d766c3dcc65a048ea1bbbb55d9c3d3b0b8434d0786dd1ec8e2b02b782 status: experimental description: Detects traffic or activity related to http://117.215.182.215:38996/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.182.215:38996/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.175:37515/i id: auto-0c981c5ddd9bd005850107f8c461f1a16a3dc308c67da6f72fd472c52314d6bd status: experimental description: Detects traffic or activity related to http://110.36.0.175:37515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.175:37515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.233.53:52565/bin.sh id: auto-6233f656512c8cb23594e87d6bec411429f4b8958a020c247a35db96fba7ed12 status: experimental description: Detects traffic or activity related to http://60.23.233.53:52565/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.233.53:52565/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.149.194:37801/i id: auto-5249ceae82593e8fdae756da773d938dee2939fbdeded2cca8bd5e05ad419cd6 status: experimental description: Detects traffic or activity related to http://39.90.149.194:37801/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.149.194:37801/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.209.93:45057/bin.sh id: auto-1cb5daafcc47da739ac5e8d8bbaf0239a46ea6a3e7c5eca7774374c5071c9bf1 status: experimental description: Detects traffic or activity related to http://176.226.209.93:45057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.209.93:45057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.175:37515/bin.sh id: auto-9728be49bb7958cdfa70eacf33146d285f3e8485b4959c19c17646548a09869b status: experimental description: Detects traffic or activity related to http://110.36.0.175:37515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.175:37515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.155:44090/i id: auto-2041e9e26cea36ff0c4aba5622b1d01c234b51092b90e80cff771da8da1b017e status: experimental description: Detects traffic or activity related to http://59.97.251.155:44090/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.155:44090/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.92.130.154:52646/i id: auto-4ef9797bcb9461aba51a239535a194c0378d7d6c1718eebfe2b9aba04c30b45f status: experimental description: Detects traffic or activity related to http://23.92.130.154:52646/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.92.130.154:52646/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:45792/bin.sh id: auto-2788cc3915936065ba370a090867244fb69e268e9040d38af486a075114d5930 status: experimental description: Detects traffic or activity related to http://110.37.59.132:45792/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:45792/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.95.187:58743/i id: auto-0792333a68a55b5b307992d8190aabbc994cd6ba52931bc42b856ba237244b70 status: experimental description: Detects traffic or activity related to http://182.126.95.187:58743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.95.187:58743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.171.173:39708/i id: auto-682de60f58c308951fca46f333046fcb0266caf7d66b0c335ffcdaf33aad7159 status: experimental description: Detects traffic or activity related to http://42.238.171.173:39708/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.171.173:39708/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.67.68:44136/i id: auto-9ea2a84057bbf7e91f01ab02f5683bd5d4d33514375f352f2b896f48ced4c555 status: experimental description: Detects traffic or activity related to http://110.37.67.68:44136/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.67.68:44136/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.82.139:45507/i id: auto-9d2510404a106f30eb843506f2d4661df4b0b4678456a64d9e8191e6034b5011 status: experimental description: Detects traffic or activity related to http://175.173.82.139:45507/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.82.139:45507/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.95.187:58743/bin.sh id: auto-830980a7c5dbded91f41516020414a17c54de953b78d9d3626bf1446408ad9a3 status: experimental description: Detects traffic or activity related to http://182.126.95.187:58743/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.95.187:58743/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.240.166:49010/i id: auto-6da3d43d1cc812902b5b4ec74c4b5c5be2a9baf9ec106cbc9ff78dc810cf53ed status: experimental description: Detects traffic or activity related to http://27.220.240.166:49010/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.240.166:49010/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.114.248:37027/i id: auto-ddf23181b020b8d873d7d943232c89c4bcd37eedc62fba01e77bd20e5e83d4d2 status: experimental description: Detects traffic or activity related to http://110.37.114.248:37027/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.114.248:37027/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.240.166:49010/bin.sh id: auto-4260d23576bc2a7737e6c75d81b225ab7e8b2b445486e880499dc4312ec4939a status: experimental description: Detects traffic or activity related to http://27.220.240.166:49010/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.240.166:49010/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.78:51126/i id: auto-c2c2875cdabf4f54eb31dd8b0eb755c293c3aed97e5b7af7595eba1eb7825c9e status: experimental description: Detects traffic or activity related to http://110.36.29.78:51126/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.78:51126/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.82.139:45507/bin.sh id: auto-0a6e45525ac41162b100b98ac1dccc328172355c291e7d35cbeb92aacd431e1f status: experimental description: Detects traffic or activity related to http://175.173.82.139:45507/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.82.139:45507/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.186.142:50916/i id: auto-0c44fefe44f7cb47f3e324c7e8e379f34f14e77208ac112b3948cae6479e6eea status: experimental description: Detects traffic or activity related to http://112.248.186.142:50916/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.186.142:50916/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.88.190:47859/i id: auto-3f672fb47a2063f4a7c85b5ca3e89445203745f539b1fe75e619a507b77ee4a8 status: experimental description: Detects traffic or activity related to http://219.156.88.190:47859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.88.190:47859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.114.248:37027/bin.sh id: auto-9ad81dc65110033a13115ae0b92c6603a73b2980580f2812ebab8bda4d0aec58 status: experimental description: Detects traffic or activity related to http://110.37.114.248:37027/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.114.248:37027/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.133.52:59560/i id: auto-2c700ea620e4614df5503198d2140f200aaca76c84755fef87e7280db24eaf21 status: experimental description: Detects traffic or activity related to http://61.53.133.52:59560/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.133.52:59560/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.186.142:50916/bin.sh id: auto-bd4ee1e9333df574f5f70c931216bcf04a094b93e4f8b5dba11166598df61ca8 status: experimental description: Detects traffic or activity related to http://112.248.186.142:50916/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.186.142:50916/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.78:51126/bin.sh id: auto-443314b52a3e3b716147799def5e73f69ad962687f0147e2a6951163216a01c9 status: experimental description: Detects traffic or activity related to http://110.36.29.78:51126/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.78:51126/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.151.76.51:60653/bin.sh id: auto-2ac7fe2d07303a737c113aa49c2f9e92e636ac0cfc1331f40197df8975b9f466 status: experimental description: Detects traffic or activity related to http://223.151.76.51:60653/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.151.76.51:60653/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7972786482/m8igQad.exe id: auto-a86459d1db1b6b15ae5fa3d33587b75c256c39b0d7287cf6447ff7419e7c6c73 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7972786482/m8igQad.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7972786482/m8igQad.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.88.190:47859/bin.sh id: auto-10f4a9d5bf042564ab30c2f1f4f19f40942db8590d23b0af2f1a825c4607c65e status: experimental description: Detects traffic or activity related to http://219.156.88.190:47859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.88.190:47859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.172.56:41764/i id: auto-bc74f927d9a11a3066216a0f5d4cdcf80c61b2fd3ba3c164d84bda3513f03ba5 status: experimental description: Detects traffic or activity related to http://119.189.172.56:41764/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.172.56:41764/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.82.255:41096/i id: auto-1bd562a18100475051c786211a8390cda572723f5cf585b826578a20f33f29f8 status: experimental description: Detects traffic or activity related to http://110.37.82.255:41096/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.82.255:41096/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.133.52:59560/bin.sh id: auto-67f5edc2001a717bb92b59614889d8d5739270d4abfbb4f1f169eff6c666e3a0 status: experimental description: Detects traffic or activity related to http://61.53.133.52:59560/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.133.52:59560/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.248.117:41057/i id: auto-95a62a867ccfedaa9757deb92a7cbb6e0ef9dc7bf0b8e8243d0734e68eb49b7f status: experimental description: Detects traffic or activity related to http://110.39.248.117:41057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.248.117:41057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.223.159:49852/i id: auto-8eaa895e477b576c8e486ca2a44452cdbe1fc1f5972a55ffba938a18e7d7ba92 status: experimental description: Detects traffic or activity related to http://60.19.223.159:49852/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.223.159:49852/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.61.16:38737/i id: auto-b843af1767ec364929cc7b8e35483695c8635606cdf76c3b971f16b9fa5d86fc status: experimental description: Detects traffic or activity related to http://42.177.61.16:38737/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.61.16:38737/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.175.20:50860/i id: auto-620ac9e9369e708ed1551c7ef6f604af9b87db559385bcf2c5ba3afdadc16b4f status: experimental description: Detects traffic or activity related to http://115.50.175.20:50860/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.175.20:50860/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.82.255:41096/bin.sh id: auto-d02e102f2b6db3a3b6134d90328428660294e1ed29ca0b00abe5d67f52525ad9 status: experimental description: Detects traffic or activity related to http://110.37.82.255:41096/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.82.255:41096/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.248.117:41057/bin.sh id: auto-4df3b89d05a3b945adde8a7926ebc83a858d0a865f528c750af202afefbd959b status: experimental description: Detects traffic or activity related to http://110.39.248.117:41057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.248.117:41057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.61.16:38737/bin.sh id: auto-8229b89ad922e119e693d0eb0f4e59cd42b65cfcade2e5ab7b81e5cc443d6aee status: experimental description: Detects traffic or activity related to http://42.177.61.16:38737/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.61.16:38737/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.219.53:59043/i id: auto-0c3cbdc295a95f418d4aa0c19636c53d27cdbf497ea763a5505c55f06cdec8c4 status: experimental description: Detects traffic or activity related to http://182.124.219.53:59043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.219.53:59043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.175.20:50860/bin.sh id: auto-c4660e6b030020b48403fa494d795da49f4a0d4715eed8b48fa11e5250e0eca3 status: experimental description: Detects traffic or activity related to http://115.50.175.20:50860/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.175.20:50860/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.153.11:49960/i id: auto-23bdd36c0d3a20c602722d0013e7cda68291f92f78d93adf726e07f7d5eb5bf4 status: experimental description: Detects traffic or activity related to http://221.214.153.11:49960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.153.11:49960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.245.13:46564/i id: auto-c06729c4d933747360696061de9ba980c763e1bede8bb006becf62ddd93f6f23 status: experimental description: Detects traffic or activity related to http://42.238.245.13:46564/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.245.13:46564/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.26.3:43993/bin.sh id: auto-9e7047e68fb5516746660cf7d0706f83367e76cb70e1c7aaa6015d7c9de75e66 status: experimental description: Detects traffic or activity related to http://117.248.26.3:43993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.26.3:43993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.153.11:49960/bin.sh id: auto-83a5fcb5b1ee35e0b309de7c0ff957098e606d714e8059bee3a4a4c4742dd11b status: experimental description: Detects traffic or activity related to http://221.214.153.11:49960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.153.11:49960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.75.192:54806/bin.sh id: auto-bab49fab070b88a8afa35f062523e46ce6a929c6d9fa4f0127fc0cacc7e64393 status: experimental description: Detects traffic or activity related to http://219.155.75.192:54806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.75.192:54806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.218.8:35821/bin.sh id: auto-0f5847737f4a56f5764ddfc41c95f280d72e1bace5c5ce03268e4881fa7b4871 status: experimental description: Detects traffic or activity related to http://60.19.218.8:35821/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.218.8:35821/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.44:50944/i id: auto-d44519258956a8dd13a6379bef35f4741104d3185dbcc8e9c04c09e4e3173456 status: experimental description: Detects traffic or activity related to http://110.39.227.44:50944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.44:50944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.109.46:45288/i id: auto-d8b59e6250db00012b5e16ebce643883d17b511e3279a6e9a49b8d7ffc108bbb status: experimental description: Detects traffic or activity related to http://113.229.109.46:45288/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.109.46:45288/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.96.16:51441/i id: auto-bf35c944ca0de667bfa6d1e44a94820dfbedc8791abac7042538ced3f8f8a30c status: experimental description: Detects traffic or activity related to http://42.178.96.16:51441/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.96.16:51441/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.167.107:53388/i id: auto-e16c73ea59ce6b6ef10ce8223bd0540449b08142b02d411334c74108004e4db8 status: experimental description: Detects traffic or activity related to http://42.239.167.107:53388/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.167.107:53388/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.1.25:38459/i id: auto-278e7f1495441a55b50fb20d9a5f3bc46da0e6958ff987d758347e22fc358832 status: experimental description: Detects traffic or activity related to http://106.57.1.25:38459/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.1.25:38459/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.1.25:38459/bin.sh id: auto-702dd665f2def1602ba828f81401ac29e560ba11ae4b78fc76ac28544ce362a7 status: experimental description: Detects traffic or activity related to http://106.57.1.25:38459/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.1.25:38459/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.49.73:47970/i id: auto-148a7faf8b12349c65d9db62d86bf95ab80a0f3500b92141cb94c91ea2ec964c status: experimental description: Detects traffic or activity related to http://27.215.49.73:47970/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.49.73:47970/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.114.229:37538/i id: auto-987880c81d9846c097fc5efe13056cb14d90e94ca693515d19f91e65215c6fc0 status: experimental description: Detects traffic or activity related to http://42.85.114.229:37538/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.114.229:37538/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.122.12.254:50567/bin.sh id: auto-101c5d588aa47fab3e56766b4bf75e0d5e4659099db01b228b99eed634a10899 status: experimental description: Detects traffic or activity related to http://46.122.12.254:50567/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.122.12.254:50567/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.178.136.19/3 id: auto-f8a4a05ca54bf5c96aa805468df8cf04e09a578f018c9fe303504a9a051680a8 status: experimental description: Detects traffic or activity related to http://195.178.136.19/3 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.178.136.19/3*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.44:50944/bin.sh id: auto-b7dd2a34051d19b055873bdaabab544caaaf43952e063bda3c7f16d3a62914ae status: experimental description: Detects traffic or activity related to http://110.39.227.44:50944/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.44:50944/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.17.218:33172/bin.sh id: auto-36d7acafddfddb297f518836f217dad199bf4e6e82f1104ba2c35161406b6463 status: experimental description: Detects traffic or activity related to http://221.202.17.218:33172/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.17.218:33172/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.96.16:51441/bin.sh id: auto-7f4a4bf8473ef61a0b5ec857ca7728635252cdd72342f0aab75e57409c4f4a4b status: experimental description: Detects traffic or activity related to http://42.178.96.16:51441/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.96.16:51441/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.225.33:39951/i id: auto-ae3ff1638cae4a1e4b075cd46939012b26836aa8d3ca45465963b30829ce0818 status: experimental description: Detects traffic or activity related to http://221.1.225.33:39951/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.225.33:39951/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.167.107:53388/bin.sh id: auto-aac2447dbb2921484358c98578fedc559ee07210733c6e9c5cb88203b7cd0cb5 status: experimental description: Detects traffic or activity related to http://42.239.167.107:53388/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.167.107:53388/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.20.63:54551/bin.sh id: auto-b736729edcc16afa0513b86e56f718ed34b1eda9eb300d5216c97d0921448ee8 status: experimental description: Detects traffic or activity related to http://117.198.20.63:54551/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.20.63:54551/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.49.73:47970/bin.sh id: auto-57de96734291c845281bd2d11bfa728b4e9f9001c0f2ab48f13713f02592a987 status: experimental description: Detects traffic or activity related to http://27.215.49.73:47970/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.49.73:47970/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.30.49:53991/Mozi.m id: auto-e9c4b8b2bc8aac8546c15c8776b201c87b7c122f50c7391d7ecd942ef35e4d8f status: experimental description: Detects traffic or activity related to http://61.3.30.49:53991/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.30.49:53991/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.114.229:37538/bin.sh id: auto-a9b422a631371c0e604b057ca2eb6fc268f1e4bb7aa072587df10ec752261435 status: experimental description: Detects traffic or activity related to http://42.85.114.229:37538/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.114.229:37538/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.229.240:49705/i id: auto-a57d1948b63dceebdffd68ca04c03fa341238ddfd4c159fc98313d5e486d349a status: experimental description: Detects traffic or activity related to http://113.231.229.240:49705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.229.240:49705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.229.240:49705/bin.sh id: auto-dc37460caed1c86c7730f7453278d89b55f275d8f2ef5f9a074cf84f242b97d3 status: experimental description: Detects traffic or activity related to http://113.231.229.240:49705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.229.240:49705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:52650/i id: auto-acd8e8ff85750b83c5d6075a58c7c309c0eb600a6160003f9400bcff0755f162 status: experimental description: Detects traffic or activity related to http://118.232.137.101:52650/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:52650/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.154.114:47877/bin.sh id: auto-5fc0bbfde2ee9b0701b53158725e765933c2c5651effd85ddffd8d824000d033 status: experimental description: Detects traffic or activity related to http://182.121.154.114:47877/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.154.114:47877/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.93:59463/bin.sh id: auto-5b7f425eb9cdbd014b21937b85ce235d90764df817ee37c342111ce3968251f6 status: experimental description: Detects traffic or activity related to http://181.103.0.93:59463/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.93:59463/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/raf/random.exe id: auto-8b57e86d6b156b96906c74bfe48e9a68c3cf04b633d59dffe3aa47e0b0091fa9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/raf/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/raf/random.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.148.225:35792/i id: auto-87e51af9881b3be4129b6b3f9c402bb4411334e04787a33d49072177004b0063 status: experimental description: Detects traffic or activity related to http://221.13.148.225:35792/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.148.225:35792/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.225.231.222:45947/bin.sh id: auto-3f216337e0bec64febf9160f711e2df627a16e178f71041656a22519b10bd769 status: experimental description: Detects traffic or activity related to http://88.225.231.222:45947/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.225.231.222:45947/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.225.231.222:45947/i id: auto-8de3e031b16245b3f8d7ef54acd71924f9514f28f7514cb7db03a0e6b0e11eda status: experimental description: Detects traffic or activity related to http://88.225.231.222:45947/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.225.231.222:45947/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.127:45926/i id: auto-0d937953ffe75a0a59c2e5f73e128ae177dd401171bdcafeb066ededdf217280 status: experimental description: Detects traffic or activity related to http://110.39.246.127:45926/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.127:45926/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.104.22.168:60621/i id: auto-0dea8706337ead213240ecf62c115535f41076b4dcba2d508c96cb890d1e799e status: experimental description: Detects traffic or activity related to http://95.104.22.168:60621/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.104.22.168:60621/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.59.132:45792/i id: auto-d379cb5cd7a040613ffe97083f39cf25813baecc3ab79d5bc0bba88db006934f status: experimental description: Detects traffic or activity related to http://110.37.59.132:45792/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.59.132:45792/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.66.159:57353/bin.sh id: auto-02019e247d9079aed71f4b3c0ebc2be90cb4e6a1eb4b9f4646b5b546e4dd9746 status: experimental description: Detects traffic or activity related to http://106.40.66.159:57353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.66.159:57353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ssl-host.com/lp/home id: auto-28b7928b328041e62963df65ff5ee222ea0e76b7af0977580fddf095e799fe46 status: experimental description: Detects traffic or activity related to https://ssl-host.com/lp/home which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ssl-host.com/lp/home*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.164.191:39826/i id: auto-2b9a283a5c2673bf509171975b0b4630a56fb2ef620d68d5dfacf1acc7cb73a1 status: experimental description: Detects traffic or activity related to http://115.56.164.191:39826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.164.191:39826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.60.72:47296/i id: auto-1180648ca03d23e45baccb85d6d0990a0f9e2c469caaf920b7974460bae42311 status: experimental description: Detects traffic or activity related to http://115.55.60.72:47296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.60.72:47296/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/t/qpwoe32.txt id: auto-5c2ffd52fb96623cb1a855390146fc284974ee63e6cea4e5b8f3859fad8ff8e8 status: experimental description: Detects traffic or activity related to http://193.24.123.232/t/qpwoe32.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/t/qpwoe32.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/t/teste32.txt id: auto-7009f2158b4007ad3aeeac02a0e7fc9a53de954e9abc7a6c1379b6fb8258e0c2 status: experimental description: Detects traffic or activity related to http://193.24.123.232/t/teste32.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/t/teste32.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://193.24.123.232/t/teste32.txt id: auto-f33f10a4fe2704c9985506da39251154afdf8eb800e2aa8a2b6b9b8ba5eb6874 status: experimental description: Detects traffic or activity related to https://193.24.123.232/t/teste32.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://193.24.123.232/t/teste32.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/t/qpwoe64.txt id: auto-c3752dc3616e241de798acf40f2489741aea77af15e88d0992e855cd9dbdaabb status: experimental description: Detects traffic or activity related to http://193.24.123.232/t/qpwoe64.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/t/qpwoe64.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://193.24.123.232/t/qpwoe32.txt id: auto-f45b18fb0e454f731f9a799080de224f9f55786227fe4af061796a1c963b7ccc status: experimental description: Detects traffic or activity related to https://193.24.123.232/t/qpwoe32.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://193.24.123.232/t/qpwoe32.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://193.24.123.232/t/qpwoe64.txt id: auto-10e7eb63438750c794234a5b41c5e08c856f91b77542cfd8d1f383366bbe215b status: experimental description: Detects traffic or activity related to https://193.24.123.232/t/qpwoe64.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://193.24.123.232/t/qpwoe64.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/t/teste64.txt id: auto-bdf05eebbd576aad062fbc4c6de29fe81f64f2d544a6cf577f87c5f9a09a7e2b status: experimental description: Detects traffic or activity related to http://193.24.123.232/t/teste64.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/t/teste64.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://193.24.123.232/t/teste64.txt id: auto-90b5a25f14bc27b65b5433913edfbb54595bd85da1cccc38b91289f7d86c3de5 status: experimental description: Detects traffic or activity related to https://193.24.123.232/t/teste64.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://193.24.123.232/t/teste64.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.24.123.232/win32.vbs id: auto-6c8ad10c3e83706e33b704bdf05f809284c13094fc8f36c631502fd0cb342c6c status: experimental description: Detects traffic or activity related to http://193.24.123.232/win32.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.24.123.232/win32.vbs*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://193.24.123.232/win32.vbs id: auto-19c3d8156209d2d69f99568b70674228067ccfe0f64f77c292d560992ed5d855 status: experimental description: Detects traffic or activity related to https://193.24.123.232/win32.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://193.24.123.232/win32.vbs*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.205:47969/i id: auto-358d76c2ed06a31c9175356963a7873d5657ac62740981320f1c0ce3a7aea51d status: experimental description: Detects traffic or activity related to http://110.36.0.205:47969/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.205:47969/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.164.191:39826/bin.sh id: auto-73b814ff2bb34d1c6a2a083e5a3f9f48e674bea23600ce77aeb22ec3a029b142 status: experimental description: Detects traffic or activity related to http://115.56.164.191:39826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.164.191:39826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.74.172:36206/i id: auto-2c82744a68d5d12b7fec93e5c4daed8b3b4fa1d4bca8feb72e8cd7aaf8419d18 status: experimental description: Detects traffic or activity related to http://123.188.74.172:36206/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.74.172:36206/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.243.3.117:8001/a id: auto-3c341ec285b7395e7629101ebb0eaa7a2c89149fda7790aabbbc18838039d0de status: experimental description: Detects traffic or activity related to http://46.243.3.117:8001/a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.243.3.117:8001/a*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.243.3.117:8001/h/shell.exe id: auto-1f8881cb2e64db4f273dd115a28fdfd0f6b4009d20c801ca3067024be2eccc50 status: experimental description: Detects traffic or activity related to http://46.243.3.117:8001/h/shell.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.243.3.117:8001/h/shell.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.243.3.117:8001/file.exe id: auto-da4e198029674570b2052d3dc6dbe9cdc33a59c17d98b34c71d64404833d116c status: experimental description: Detects traffic or activity related to http://46.243.3.117:8001/file.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.243.3.117:8001/file.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.16:46249/i id: auto-fb268d42630d6f5ac9fb80928d28872102a0497e1ec49adbfb373d3f2eeb6f05 status: experimental description: Detects traffic or activity related to http://110.39.237.16:46249/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.16:46249/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.243.3.117:8000/shell.exe id: auto-38fddc001aa3a3c0663673363aa2eab4c84aef079c37501083e6871de2f5e111 status: experimental description: Detects traffic or activity related to http://46.243.3.117:8000/shell.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.243.3.117:8000/shell.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.243.3.117:8001/shell-x642.exe id: auto-ed5fa7b6e4e4c9da2152b93b601f9b3bef4ef5ddc6761d5e30f219375e1ec6cc status: experimental description: Detects traffic or activity related to http://46.243.3.117:8001/shell-x642.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.243.3.117:8001/shell-x642.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.243.3.117:8001/shell-x64.exe id: auto-a6ab028d30a26a464ca841738a18b685948ba55a54ff93656cebf2a336cad209 status: experimental description: Detects traffic or activity related to http://46.243.3.117:8001/shell-x64.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.243.3.117:8001/shell-x64.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.140.171.60:81/nc.exe id: auto-aeb467dcdde3cc8bbd554decb45ace19084cac8728805520a93f5de0e2f69c88 status: experimental description: Detects traffic or activity related to http://89.140.171.60:81/nc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.140.171.60:81/nc.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.140.171.60:81/Autodata.apk id: auto-4b084ec4277a960ac9ef0835b19a4d60a9ee0e8704896d5125e0cc1d2cadca33 status: experimental description: Detects traffic or activity related to http://89.140.171.60:81/Autodata.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.140.171.60:81/Autodata.apk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.140.171.60:81/payload.exe id: auto-1acad805e86067c6242eb0af966006e082c44b78ca4449750afa420d0dfeb235 status: experimental description: Detects traffic or activity related to http://89.140.171.60:81/payload.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.140.171.60:81/payload.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.140.171.60:81/svchost.exe id: auto-3c252f93d12f472ea06e51c517db54337ff4686f7264a28055dfbe4a5394570e status: experimental description: Detects traffic or activity related to http://89.140.171.60:81/svchost.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.140.171.60:81/svchost.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.140.171.60:81/ctfmon.exe id: auto-ab688eda6109e7d2401c98c58aabaf55d4ec482738d3db71721e76c4e83bcdc2 status: experimental description: Detects traffic or activity related to http://89.140.171.60:81/ctfmon.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.140.171.60:81/ctfmon.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.140.171.60:81/Test.exe id: auto-f900729f8d9359e8dc43a6476590db602c07a218b870847f042157fd7fe15ba2 status: experimental description: Detects traffic or activity related to http://89.140.171.60:81/Test.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.140.171.60:81/Test.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.205.253.156:88/buding1/139Assicc.dll id: auto-3d974972c9a6d0cdee08fcd5a5d376c1b060ed3dd059e8af0888df38850a3baf status: experimental description: Detects traffic or activity related to http://103.205.253.156:88/buding1/139Assicc.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.205.253.156:88/buding1/139Assicc.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.87.92.169:88/buding1/139Assicc.dll id: auto-bf6c61cec10fb218e355a89cc6f9adb2aec3c55bed4bd6824b92cecdb98618d3 status: experimental description: Detects traffic or activity related to http://58.87.92.169:88/buding1/139Assicc.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.87.92.169:88/buding1/139Assicc.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.205:47969/bin.sh id: auto-99077d0559b3dfa65e6116a6cdaee75100fb103562ff38b581d939d3e5dc7e3c status: experimental description: Detects traffic or activity related to http://110.36.0.205:47969/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.205:47969/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.111:47865/i id: auto-d8b38ad2c43cc1a24cce6af63cac88f99e5ffb4dada5d9fe7f664709c832e755 status: experimental description: Detects traffic or activity related to http://59.97.250.111:47865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.111:47865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.16:46249/bin.sh id: auto-e240adb613ec1f8b2e2edfaf555ed497c7ba3d527f3804a8f7d7df9c2580cf24 status: experimental description: Detects traffic or activity related to http://110.39.237.16:46249/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.16:46249/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.42.39.182:999/buding/139Assicc.dll id: auto-c2a957e088caef173c6a846eb3e975a12234e1684d0a4762fbd300d7609e7435 status: experimental description: Detects traffic or activity related to http://110.42.39.182:999/buding/139Assicc.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.42.39.182:999/buding/139Assicc.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.66.51.223:85/buding/139Assicc.dll id: auto-e4e1ce1b351a9d40ba9c4dafc098f81aec54a3b27a9d76900b4070d9a0aa80b5 status: experimental description: Detects traffic or activity related to http://114.66.51.223:85/buding/139Assicc.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.66.51.223:85/buding/139Assicc.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.66.51.223:66/buding/139Assicc.dll id: auto-2e8139c855e3f0ad05a9e11178d33a7c5972cccb6087e45ad2e16495881a807c status: experimental description: Detects traffic or activity related to http://114.66.51.223:66/buding/139Assicc.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.66.51.223:66/buding/139Assicc.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.87.92.169:88/buding/139Assicc.dll id: auto-1cae728780bd24e626f02089db6f20703a7a04075d3a04b4e4fe93a8d6b0a692 status: experimental description: Detects traffic or activity related to http://58.87.92.169:88/buding/139Assicc.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.87.92.169:88/buding/139Assicc.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.115.240:60198/i id: auto-0621824b0d28bdb97189afdfcf25cee77df1669009cedc5050d2f875fe997657 status: experimental description: Detects traffic or activity related to http://182.126.115.240:60198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.115.240:60198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.163.232.127:83/buding1/dbghelp.dll id: auto-681b70682a0ad0d3a3d8067303ca21f0856a80d4646d2afa936e0f437841a62c status: experimental description: Detects traffic or activity related to http://119.163.232.127:83/buding1/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.163.232.127:83/buding1/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.248.118.169:81/buding/dbghelp.dll id: auto-6511b27391510527c82fe145617b9dffcb37653cd595e5c8f805969b53a0221c status: experimental description: Detects traffic or activity related to http://43.248.118.169:81/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.248.118.169:81/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.56.110.227:99/buding/dbghelp.dll id: auto-c9aaf70048ca1f0229494e3ea29a97c343c0bd0ba443fdc8ff1e70845c6d78ee status: experimental description: Detects traffic or activity related to http://59.56.110.227:99/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.56.110.227:99/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.234.146.238:81/buding/dbghelp.dll id: auto-5e50c80c30ab0e1cbe927dcc45f218dcb8922095cb335582f5172e4c06c6d064 status: experimental description: Detects traffic or activity related to http://62.234.146.238:81/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.234.146.238:81/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.249.192.151:88/buding/dbghelp.dll id: auto-7ab483082bf8c8bf11f1e63a8b21dc2e934e8f01be4a3bd20bdadb30059fae49 status: experimental description: Detects traffic or activity related to http://43.249.192.151:88/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.249.192.151:88/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.40.13.122:81/buding/dbghelp.dll id: auto-127fe7f57a6fb66bd3eff2e6a2a2b14f48b18eb1acb10c2ac9c071d9f30709e9 status: experimental description: Detects traffic or activity related to http://103.40.13.122:81/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.40.13.122:81/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.99.197.19:99/buding/dbghelp.dll id: auto-f1f1508ef5a4a1029d637fdbd7e97397106ad016c5e5c8e8c07e14f2feaac11b status: experimental description: Detects traffic or activity related to http://123.99.197.19:99/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.99.197.19:99/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.125.44.137:66/buding/dbghelp.dll id: auto-dfa4d95c447b088e6f9def6f7ff5c9ec411470ae3668e46f0d45e4cb8b204ae2 status: experimental description: Detects traffic or activity related to http://45.125.44.137:66/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.125.44.137:66/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.125.44.137:99/buding/dbghelp.dll id: auto-1345a40636239134cec1397c544b1e212e061ab7e9015908db4cc8b77b5c1d66 status: experimental description: Detects traffic or activity related to http://45.125.44.137:99/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.125.44.137:99/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.236.93.228:88/buding/dbghelp.dll id: auto-f06641481afeca3aa3b1454c021dcde55628e541db3774ed67152370f25ea61e status: experimental description: Detects traffic or activity related to http://103.236.93.228:88/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.236.93.228:88/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.60.72:47296/bin.sh id: auto-5a22e47981aa84e9033799400c3a6814259b404c030f4f64d626b931f6042c5f status: experimental description: Detects traffic or activity related to http://115.55.60.72:47296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.60.72:47296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.25.104.111:58201/i id: auto-9a4114f2244d14cb49500b37972a8770bacd16b91c0bd639d7832b5146d6af06 status: experimental description: Detects traffic or activity related to http://113.25.104.111:58201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.25.104.111:58201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.83.75:59201/Mozi.m id: auto-a8629909af1c7b900b2e7ef31fee26bc861d265bf4a5793c8e7c88ee96b60623 status: experimental description: Detects traffic or activity related to http://175.165.83.75:59201/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.83.75:59201/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.250.111:47865/bin.sh id: auto-d0de8f4a5cecc9e4103cf401016f9ac8ab3528f1e26b0c219b50be7f5613a37f status: experimental description: Detects traffic or activity related to http://59.97.250.111:47865/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.250.111:47865/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.149.58:38294/bin.sh id: auto-806a65c934c9e891c0bdbe6606060ddb8d6a488dceeaaae8c5cb170eafad520d status: experimental description: Detects traffic or activity related to http://222.138.149.58:38294/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.149.58:38294/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.102.27:57777/bin.sh id: auto-e0671f3ca77cec25811188044149a6286e92bf2d4749c13bf85ca84b5e5cadab status: experimental description: Detects traffic or activity related to http://42.85.102.27:57777/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.102.27:57777/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/mipsel.kok id: auto-1e9453cd7ef4e2098b755a29263e019d02ee333b81fb7882efcf0fc13330a7e8 status: experimental description: Detects traffic or activity related to http://91.92.241.10/mipsel.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/mipsel.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/x86_32.kokz id: auto-6d098c80361e85411e8a666d378b289be77a479e5527618b84aa6d4b708acd93 status: experimental description: Detects traffic or activity related to http://91.92.241.10/x86_32.kokz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/x86_32.kokz*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.113.48:46698/i id: auto-dc8dcb92106804f1031364f0c43fa92e035c37281145256c71a9e5c5fdd711f5 status: experimental description: Detects traffic or activity related to http://175.165.113.48:46698/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.113.48:46698/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.205.253.253:99/buding/dbghelp.dll id: auto-85b9cff098b8cae433eacbe1aee5f2a6f083b711c94dfbd2704b66cc3432455c status: experimental description: Detects traffic or activity related to http://103.205.253.253:99/buding/dbghelp.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.205.253.253:99/buding/dbghelp.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.65.123.45:40234/i id: auto-be2baddb81b5bc6838f02e3518ddcb26fd7c1b94bd568510196c56272b4e33f4 status: experimental description: Detects traffic or activity related to http://213.65.123.45:40234/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.65.123.45:40234/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.25.104.111:58201/bin.sh id: auto-86f5fe6b14d3e19cfdc73caf5a0f21eadac85a7cb60f8d7033a9689f7c668390 status: experimental description: Detects traffic or activity related to http://113.25.104.111:58201/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.25.104.111:58201/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.146.251:40347/i id: auto-ddf69ee8badfa5227774d554a228622e5f46176c5d0fcad6a1ce5315aa90f02f status: experimental description: Detects traffic or activity related to http://115.48.146.251:40347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.146.251:40347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.165.118:34679/i id: auto-dd30b83b98c6b12bc7eefb673fe5223fc0c52997807cb74c91ac2aaa9c834e6d status: experimental description: Detects traffic or activity related to http://117.204.165.118:34679/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.165.118:34679/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.13/mon.txt id: auto-0c704c0b90150200292b46896fd6728743f1afe4eaf54ea3d0157c3ece274e4c status: experimental description: Detects traffic or activity related to http://62.60.226.13/mon.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.13/mon.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.13/aa.zip id: auto-6a593ef43f31ed2eb54e3d3d081c06b11c71c45b2ddf726baca1e645a8a93a93 status: experimental description: Detects traffic or activity related to http://62.60.226.13/aa.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.13/aa.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.13/goog.txt id: auto-c66ae5f1678e75ff6afc9706f9a59fdb2dd049139d5af11604bee8596cf78a33 status: experimental description: Detects traffic or activity related to http://62.60.226.13/goog.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.13/goog.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.115.240:60198/bin.sh id: auto-3ef49a3df3402046725204329278bbb5f58d536fac6930c02128c7911cf62298 status: experimental description: Detects traffic or activity related to http://182.126.115.240:60198/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.115.240:60198/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/Package.rar id: auto-a264b7a6d6f6fb76f13a23ce955ec38a7fd02a3fdfc9e36737694c73662db294 status: experimental description: Detects traffic or activity related to http://62.60.226.224/Package.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/Package.rar*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/zz.zip id: auto-350779248cbd1146ad2a5847fdf3d00cd37eeb0bc81c0b3a26908dbd80863552 status: experimental description: Detects traffic or activity related to http://62.60.226.224/zz.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/zz.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/rare.zip id: auto-0bdc3782f33e5a5646b05f9fb70f6024241e50aa8bf9de176fa20eaaea8d0ce1 status: experimental description: Detects traffic or activity related to http://62.60.226.224/rare.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/rare.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/txt.txt id: auto-88ccc51be006fe0bc9bb6070d815183e09d44a5b10c82c0401b162e8f0b927fc status: experimental description: Detects traffic or activity related to http://62.60.226.224/txt.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/txt.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/olo.txt id: auto-ab5ee653998e17b4b36981087e4b93a8c634923a9a9bd88fa48cabb322ab54a0 status: experimental description: Detects traffic or activity related to http://62.60.226.224/olo.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/olo.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/g.txt id: auto-623b89dc1bdf240b1c8b09de324c4b64722fa1862c800b587509202c3dc6f934 status: experimental description: Detects traffic or activity related to http://62.60.226.224/g.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/g.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.224/bolo.txt id: auto-c60a28c43dc5eb47555d40b558059249ad8c973025daacf924443c62b7f8517d status: experimental description: Detects traffic or activity related to http://62.60.226.224/bolo.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.224/bolo.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.41.218:39845/i id: auto-a2be31a1c9f7e190739a1e09c52cac78d936239399728dd9fa5da24f86100701 status: experimental description: Detects traffic or activity related to http://182.121.41.218:39845/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.41.218:39845/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.192.207:36245/bin.sh id: auto-d47f41741487a721b489874b3f1b395c86130ef896901a3bf6e8279aa110ecbe status: experimental description: Detects traffic or activity related to http://124.94.192.207:36245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.192.207:36245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.44.23:35469/i id: auto-25861e7620dadfcd2c7fa234c21a7ff601e910a32491a40cbf9a65098ede4992 status: experimental description: Detects traffic or activity related to http://112.237.44.23:35469/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.44.23:35469/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/RECHNUNG_G0102.zip id: auto-1f3d47f92b20e0e866d26ff89426b894055543a3e14c3a23997d9c1bd112ea4b status: experimental description: Detects traffic or activity related to http://185.208.156.212/RECHNUNG_G0102.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/RECHNUNG_G0102.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.208.156.212/RECHNUNG_G0102.exe id: auto-99228bb14b8707a6fa63f1f573c8ea95f2d372833ef2d9a0d8ef8dce6c0fd38f status: experimental description: Detects traffic or activity related to http://185.208.156.212/RECHNUNG_G0102.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.208.156.212/RECHNUNG_G0102.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.239.239/aaa.zip id: auto-fd92fc7df20afe78ffda71fa9a0a079ad3e28f32833ce101e757a8cddcc93ee7 status: experimental description: Detects traffic or activity related to http://216.126.239.239/aaa.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.239.239/aaa.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.165.118:34679/bin.sh id: auto-d78b9cac2e4e3417dd4347f897510aa22d94abea1bae8740a7e9dd019c5a0f48 status: experimental description: Detects traffic or activity related to http://117.204.165.118:34679/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.165.118:34679/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.177.47:42265/i id: auto-88031dc042bdede85b250d44e9465c8102ee89e4c2863811372b58ab50d1b9f4 status: experimental description: Detects traffic or activity related to http://175.150.177.47:42265/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.177.47:42265/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.189.23:57159/i id: auto-73d1f31a3fba32be6c2b9aa98463a5649086154b4b360aed27b5e16c1cda5859 status: experimental description: Detects traffic or activity related to http://42.57.189.23:57159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.189.23:57159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.65.123.45:40234/bin.sh id: auto-9cdc5fc2a021fd4fb71bf4d51e13a52bfd1b76d0ae125dbee9c352b8c9981aa1 status: experimental description: Detects traffic or activity related to http://213.65.123.45:40234/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.65.123.45:40234/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.171.173:39708/bin.sh id: auto-43b3ce8d4e950861ba1ee39c72ae9e80de92517d30323e755c4efc527f886557 status: experimental description: Detects traffic or activity related to http://42.238.171.173:39708/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.171.173:39708/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.81.152.36:44398/i id: auto-73ce6838347067f2ccf0299f67149fb98c0b0e8da2ac9a73d420e8571918b722 status: experimental description: Detects traffic or activity related to http://39.81.152.36:44398/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.81.152.36:44398/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.146.251:40347/bin.sh id: auto-2d862edaf21aa4bfa07652bbf91ff56734aa854ad543a956814c3291938ceb93 status: experimental description: Detects traffic or activity related to http://115.48.146.251:40347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.146.251:40347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.164.13:37537/i id: auto-1b9c6fb3388c2124f6893ec7887f0f8894ffccf3224ef61503b631d4cf35b8f5 status: experimental description: Detects traffic or activity related to http://42.233.164.13:37537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.164.13:37537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.43.165:54104/i id: auto-a9ff4cbefa758460ceaa46028c558b5f0f0b367e5d33883f8fb6950c7e9f282c status: experimental description: Detects traffic or activity related to http://42.55.43.165:54104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.43.165:54104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.154.114:47877/i id: auto-59711da35e49393231124852dd82c920c613039de7d6a1d51f3e66b66c56e9f2 status: experimental description: Detects traffic or activity related to http://182.121.154.114:47877/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.154.114:47877/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/pAGaBiG.exe id: auto-d3ee944607af55ef9f1979bd605a5359806cca3c1710cf0ad102de5439f42166 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/pAGaBiG.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/pAGaBiG.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/arm.kok id: auto-5e91a80479e5694bc493259bb54cf98ce46a267b61b9d0ff83a34bda91905ef5 status: experimental description: Detects traffic or activity related to http://91.92.241.10/arm.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/arm.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.141.143:52964/i id: auto-97cb73a85e5861b3c57b345b73480d0439978df0494025027520309d89b41c37 status: experimental description: Detects traffic or activity related to http://42.180.141.143:52964/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.141.143:52964/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/mips.kok id: auto-34bb0af27e144d52e28a1ac8d5a901e1a8fd741258470322abbf45c939571f16 status: experimental description: Detects traffic or activity related to http://91.92.241.10/mips.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/mips.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/arm7.kok id: auto-fbb1c27fcd6f6c6fbdf82dbf74a41b00732df70a683ba04134b0fde6b76cc741 status: experimental description: Detects traffic or activity related to http://91.92.241.10/arm7.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/arm7.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/logic.sh id: auto-85d5ecb4f2d0fe4f77b270396276298105bf7d024da1ee8edea01dfc210ef5f6 status: experimental description: Detects traffic or activity related to http://91.92.241.10/logic.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/logic.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/x86_32.kok id: auto-48ba202b103d3809e24f6cc494c259e7e311af7559c38fb875679884379c2ff6 status: experimental description: Detects traffic or activity related to http://91.92.241.10/x86_32.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/x86_32.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/x86_64.kok id: auto-4e9a86be8c8111c9514484ea8af1c22beae9b3b0d2876c00a30f7afecf85eea3 status: experimental description: Detects traffic or activity related to http://91.92.241.10/x86_64.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/x86_64.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/arm6.kok id: auto-5cf0ed83007f47bf249fd2fbda99fb5022734221f69d30cd9e4320ac44b0e004 status: experimental description: Detects traffic or activity related to http://91.92.241.10/arm6.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/arm6.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/x86_64.kokz id: auto-c7cadc2d8eb92139ee42bb731b8d93a91ee69642269ae40c474af7a1862d70e8 status: experimental description: Detects traffic or activity related to http://91.92.241.10/x86_64.kokz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/x86_64.kokz*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/arm5.kok id: auto-88390caefbba558268f58d98a7df39f8d6f38b0ee48f2774f363389df74876f2 status: experimental description: Detects traffic or activity related to http://91.92.241.10/arm5.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/arm5.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.241.10/powerpc.kok id: auto-8e0dd46846f9d3cd778c79d0ad2c8d8deed2bfb11a27fc92ffd40eca21a89e9a status: experimental description: Detects traffic or activity related to http://91.92.241.10/powerpc.kok which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.241.10/powerpc.kok*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.148.52:53384/bin.sh id: auto-6d0ee91cb981e340122753a8da53334dfe2120c6716939f84ebcb47e2b53da1c status: experimental description: Detects traffic or activity related to http://42.235.148.52:53384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.148.52:53384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.81.152.36:44398/bin.sh id: auto-8c7a1013edcadefaf05faa13c0b823efc5a50595f48651b0d1344d92add093cd status: experimental description: Detects traffic or activity related to http://39.81.152.36:44398/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.81.152.36:44398/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.164.13:37537/bin.sh id: auto-3af037914d7f2208c92e526ec1284e81ef7e8cf710c3821e6368fb928709f0dd status: experimental description: Detects traffic or activity related to http://42.233.164.13:37537/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.164.13:37537/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.19.205.62:8081/script1.ps1 id: auto-7abf99df4f0c1648f9ca56f23e68e9d1d7bc649d766e5b4bee569de533f54962 status: experimental description: Detects traffic or activity related to http://162.19.205.62:8081/script1.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.19.205.62:8081/script1.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.19.205.62:8081/Loader.efi id: auto-881c51172e350cbb8ac1d385a08b42cc28ffb13f0d0550bbf1f712f728e37b49 status: experimental description: Detects traffic or activity related to http://162.19.205.62:8081/Loader.efi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.19.205.62:8081/Loader.efi*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.19.205.62:8081/EfiGuardDxe.efi id: auto-5599e1b721cc7d34154c9da72c3bc3132d8cf3eff5c853b545873107835fc47e status: experimental description: Detects traffic or activity related to http://162.19.205.62:8081/EfiGuardDxe.efi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.19.205.62:8081/EfiGuardDxe.efi*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.19.205.62:8081/uninstall.exe id: auto-b277e17b5b2f7ec510782019db05162aef006002b7d494450a2fe531d846ebf6 status: experimental description: Detects traffic or activity related to http://162.19.205.62:8081/uninstall.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.19.205.62:8081/uninstall.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.19.205.62:8081/Nidhogg.sys id: auto-036703f8556fe0bbda5d996c210694212716601070f23a5b9d8ac4c93d076294 status: experimental description: Detects traffic or activity related to http://162.19.205.62:8081/Nidhogg.sys which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.19.205.62:8081/Nidhogg.sys*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.19.205.62:8081/script.ps1 id: auto-47386296a49f6f5363e478c300e80a48f80a20688a659ef915896cb1f71e8be1 status: experimental description: Detects traffic or activity related to http://162.19.205.62:8081/script.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.19.205.62:8081/script.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/mips id: auto-21f8ff9d37289f97d9a471cbc4295c1179710739f8ea09fad05f72b2088bd1c3 status: experimental description: Detects traffic or activity related to http://103.116.52.219/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/jack5tr.sh id: auto-5091c728a5cdd07df0756daf4feeb26410861eb91160d643fb3a43bbffc445c6 status: experimental description: Detects traffic or activity related to http://103.116.52.219/jack5tr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/jack5tr.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/m68k id: auto-6bb912b4d790240994905ee3f78f3c0bdd3bc8905c1fa7016120e7ea4be33e5f status: experimental description: Detects traffic or activity related to http://103.116.52.219/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/x86 id: auto-87370f6ecd2ab97c5ef49b6b0974026dbdb8fb099e4dcbf7c4998e72443fc977 status: experimental description: Detects traffic or activity related to http://103.116.52.219/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/spc id: auto-906dc731e7ed4c5e6f4802837451fa5704a43fd46061e5d9e7e83a0e1b678b35 status: experimental description: Detects traffic or activity related to http://103.116.52.219/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/x86_64 id: auto-9f0ae15ce423542d6daa9370071fae885e0d031d2b6b5a0beef71cbe4781c049 status: experimental description: Detects traffic or activity related to http://103.116.52.219/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/sh4 id: auto-6e7b0ed6ffd13890b0be447823357d960b88c197c8a0605586ad379f73350d49 status: experimental description: Detects traffic or activity related to http://103.116.52.219/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/arm5 id: auto-1354210445d6c7ccc3b49c4c921af3cb46805413bc153525d743dca448b91100 status: experimental description: Detects traffic or activity related to http://103.116.52.219/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/arm6 id: auto-74f70a9bb0bd3289d27cec260859a17c0882d2be7c55af1d756e0066b63a3e76 status: experimental description: Detects traffic or activity related to http://103.116.52.219/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/mpsl id: auto-8daed2f979ef8e386a42d660300511fd11c61319f78ed5e5b07538a3edbc7b7c status: experimental description: Detects traffic or activity related to http://103.116.52.219/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/debug.dbg id: auto-92bb7f1acd03a0e807ca2fea00f4518d9ce498a6fbdc8d423d4cbaa0f6ec5bd3 status: experimental description: Detects traffic or activity related to http://103.116.52.219/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/ppc id: auto-381e9eed71c2f60487e8dc58b28f7336052c867032f4555a4408773bb05275fc status: experimental description: Detects traffic or activity related to http://103.116.52.219/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.86.163:34443/i id: auto-7a463b0b74bfd882e593f32901db58431b0b0ed42851ae3e37f2eaf3431a7a69 status: experimental description: Detects traffic or activity related to http://117.241.86.163:34443/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.86.163:34443/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.arm5 id: auto-c013323292e1610107174efa58a86f66d6619bd993f94f43c2db542d23b8ef62 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.x86 id: auto-94ab56cc83c751b425253ca22bfb40466e1458bd810a222968f50d39781919fa status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.sh4 id: auto-078ca2b48dcb8b0d334671f4be87eb27eb22e5c0121afe7196993fb363b58b3f status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.117/procesos.vbs id: auto-139fc664be533303ebedce37c252360b2d71bc3f3aa8b16a1885d891baabff2d status: experimental description: Detects traffic or activity related to http://91.92.243.117/procesos.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.117/procesos.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.117/SysTask.vbs id: auto-dd186669d26dfc8ab85f87516470565704c6e0358e6c4d7be1fbd1c3dcc34803 status: experimental description: Detects traffic or activity related to http://91.92.243.117/SysTask.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.117/SysTask.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.117/takdoom/takdoom/procesos.vbs id: auto-51b0b6c7b5a221b6d522f5f2c21f5f4a6f6e5f84658b412ce684853d196a8905 status: experimental description: Detects traffic or activity related to http://91.92.243.117/takdoom/takdoom/procesos.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.117/takdoom/takdoom/procesos.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.117/takdoom.rar id: auto-46ded09b4535d80310be538c36c02921f035fa2493ecab510290c4393cc3a189 status: experimental description: Detects traffic or activity related to http://91.92.243.117/takdoom.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.117/takdoom.rar*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.ppc id: auto-35dde0a7a7b6e1c83a25f35a5e71099f52648bce4f14035b02d997f1b4b77179 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.arm7 id: auto-4079079a2715a90573dfe9248347b655d0c31dd68e70b82338b21644bd3bc661 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.mpsl id: auto-3f3654d8cc138e3d7efbdd24f84d207cb26218d20712deda9aabe80682c104a3 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.arm id: auto-680d9d8c631ccc6e9905ae4c100023d8319b9df995c8cb0c593bedbb6d1ac02b status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.mips id: auto-53e315378238adf2a5c5e2d961958ef121f8c3679058953327aa41451b26f757 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.m68k id: auto-bf727581798b3cefe6570467f91e5d02a06414f93981bf3e5fc9be76be88b757 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.54.122.155/lmaoWTF/loligang.arm6 id: auto-a8a2425c0875d01b173ce9c7eece3c43e4c080d02211de786f4590490ce4ed61 status: experimental description: Detects traffic or activity related to http://38.54.122.155/lmaoWTF/loligang.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.54.122.155/lmaoWTF/loligang.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:41521/i id: auto-8e7808f1fd6874ed5bd968ff0142efc71d90dc6cda8379c096a3b81a4b81a79c status: experimental description: Detects traffic or activity related to http://110.39.249.174:41521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:41521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.108.135:56246/i id: auto-92a71cf48ada55686a02eacea5a8e71b94718d96c4ab56c67fd3a69e05169aee status: experimental description: Detects traffic or activity related to http://112.248.108.135:56246/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.108.135:56246/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.86.163:34443/bin.sh id: auto-990ec4e5b00a2232191eacf0a515777c9baf4af383ded62f92f3c3a378321082 status: experimental description: Detects traffic or activity related to http://117.241.86.163:34443/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.86.163:34443/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.96.56:56269/i id: auto-24387f2ae7ed646fcdaecde4038d0cb4f85ca94dff82a71d219c68a3a99adba9 status: experimental description: Detects traffic or activity related to http://60.18.96.56:56269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.96.56:56269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.176.34:54785/i id: auto-570a3e580e0d8fddf2bfaa5cdcfdc98be25510bc2b206c2c37198508c0c0787b status: experimental description: Detects traffic or activity related to http://115.55.176.34:54785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.176.34:54785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.80.61.172:47879/i id: auto-fe023f6ef68228ca3f8f3becea76b07daf782b2ec313a01243d19b4c9dcbf0e7 status: experimental description: Detects traffic or activity related to http://39.80.61.172:47879/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.80.61.172:47879/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.80.61.172:47879/bin.sh id: auto-4f60b10ff6c491ca0249a21fc8155278f31bf453850c46bdca34010532a1d5fa status: experimental description: Detects traffic or activity related to http://39.80.61.172:47879/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.80.61.172:47879/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.181:58394/bin.sh id: auto-bc5e96ac2b366b1fec0e5ede6f5fce56b8d53df5c6f3bcad8c59a36e93c6eea3 status: experimental description: Detects traffic or activity related to http://119.179.252.181:58394/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.181:58394/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.36.117:41086/bin.sh id: auto-2b02d35c8ec210571b9d3aed5d9c0addf934e54b794fb56aa24543925d053190 status: experimental description: Detects traffic or activity related to http://123.14.36.117:41086/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.36.117:41086/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.88.48:33874/i id: auto-b323641c4a317967f799d2c96ad808af1a0263436c4700dcf7f318518dcaa47c status: experimental description: Detects traffic or activity related to http://117.208.88.48:33874/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.88.48:33874/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.103.183:44938/i id: auto-23e9de8ee156f7853443abffd57151b7d4b7a0915470b21fa5bee3dc037e0335 status: experimental description: Detects traffic or activity related to http://112.248.103.183:44938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.103.183:44938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:41521/bin.sh id: auto-17514b75f5ee436669e51297e7eb618a10a4ab730440565d144d911b27bdcdf0 status: experimental description: Detects traffic or activity related to http://110.39.249.174:41521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:41521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7972805589/dVDwx0I.exe id: auto-ef7fb58fcc49095e67592e0174cb81a4c6f54f13b60e8987b09b390d689d9be4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7972805589/dVDwx0I.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7972805589/dVDwx0I.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.108.135:56246/bin.sh id: auto-9458fbd04a761df24fffe1fd97e293f1f00599985e190ce7227b6f267316e01b status: experimental description: Detects traffic or activity related to http://112.248.108.135:56246/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.108.135:56246/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.242.140:46849/i id: auto-245c3df82ae85b1e5230be22008d3db2ec3e2924879fb9cf35188f0daa315836 status: experimental description: Detects traffic or activity related to http://123.11.242.140:46849/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.242.140:46849/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/powerpc.uhavenobotsxd id: auto-60dd68064c1ddcffe3a3f3ce1ecacc758c695f130516d5166c8ac2db4f0f96ca status: experimental description: Detects traffic or activity related to http://194.26.192.202/powerpc.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/powerpc.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/arm.uhavenobotsxd id: auto-517135dc94d7d470328023ac53e7561f856b3dce73e71840578266ecf319fd27 status: experimental description: Detects traffic or activity related to http://194.26.192.202/arm.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/arm.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/x86_32.uhavenobotsxddd id: auto-0018bd043543a6ba8ce63c6d716d784f437411ddc033a728b341c97038142e47 status: experimental description: Detects traffic or activity related to http://194.26.192.202/x86_32.uhavenobotsxddd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/x86_32.uhavenobotsxddd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/arm7.uhavenobotsxd id: auto-90dca53f223d6e781759d3d4b7a571d0e55d34204f1454f2b6c7613fdbcb1562 status: experimental description: Detects traffic or activity related to http://194.26.192.202/arm7.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/arm7.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/arm5.uhavenobotsxd id: auto-ce202261a2c1a8d6a792bfb537bfd62af7ee47fcccf50c606abaa787b5b0e533 status: experimental description: Detects traffic or activity related to http://194.26.192.202/arm5.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/arm5.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/x86_64.uhavenobotsxd id: auto-8b3685284867c28d815f0234480af63262d9cb035388606bf14c98f5e42155b5 status: experimental description: Detects traffic or activity related to http://194.26.192.202/x86_64.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/x86_64.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/arm6.uhavenobotsxd id: auto-76de421c178bf432d0838d546a70bdec4c64839d206e0c6105a89766d999ca8b status: experimental description: Detects traffic or activity related to http://194.26.192.202/arm6.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/arm6.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/x86_32.uhavenobotsxd id: auto-cfd26e4bf2b21365532cdfcf39cccb2d4ad309ae3c0157eebd6a73a7539cb3b1 status: experimental description: Detects traffic or activity related to http://194.26.192.202/x86_32.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/x86_32.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/weball.sh id: auto-61f238feb8d3c5d3035d96f6a4ef587ed3d6ad3d20e35a6c0267eeaea0acf878 status: experimental description: Detects traffic or activity related to http://194.26.192.202/weball.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/weball.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/x86_64.uhavenobotsxddd id: auto-9cff3c048f1dd5d1bf7c3437771958022c8bc6f27e96c1ba17234218510713ad status: experimental description: Detects traffic or activity related to http://194.26.192.202/x86_64.uhavenobotsxddd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/x86_64.uhavenobotsxddd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/mips.uhavenobotsxd id: auto-d907535acb411a76331b94e336e4405614a571d977429239dc5a05f8beb047d2 status: experimental description: Detects traffic or activity related to http://194.26.192.202/mips.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/mips.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.26.192.202/mipsel.uhavenobotsxd id: auto-7f5fffbe380f79d36be324e324992480445844742dd1682649bae238435bbc3d status: experimental description: Detects traffic or activity related to http://194.26.192.202/mipsel.uhavenobotsxd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.26.192.202/mipsel.uhavenobotsxd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8575285307/s0NxxIO.exe id: auto-7427b4f01a815ddd4dd98e166eb9b3d9e75e4b917d3e4c275fd1e64c83e354d5 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8575285307/s0NxxIO.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8575285307/s0NxxIO.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.96.56:56269/bin.sh id: auto-9ad29ce113f4cff197fe9f07dc9ffd04c259b65d9a2203c0f8216d17a85b433d status: experimental description: Detects traffic or activity related to http://60.18.96.56:56269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.96.56:56269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.103.183:44938/bin.sh id: auto-bf8b8dfaff463a7567fb104f023894bde475705f5aaf30d46bef2c891c0a32b8 status: experimental description: Detects traffic or activity related to http://112.248.103.183:44938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.103.183:44938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.229.224:55481/i id: auto-1827141ae86259c59c53327580e9b94d208aec8e9938ea2e3e4083274ab1e5b4 status: experimental description: Detects traffic or activity related to http://125.47.229.224:55481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.229.224:55481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.56.87:39953/i id: auto-4f18b723b89e4eb7017457f7735a2f3b496bd7f5aeeecf206ec925d179993845 status: experimental description: Detects traffic or activity related to http://175.148.56.87:39953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.56.87:39953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5909640908/dVO3YBp.exe id: auto-57e7adc5538d9a2f1c8a98f0e393308f26dd81176257b5d856d2007ccb2687f3 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5909640908/dVO3YBp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5909640908/dVO3YBp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.176.34:54785/bin.sh id: auto-8ada95f60491ecf37f039218bbaa865e56ce854c223df54475ed212bec233493 status: experimental description: Detects traffic or activity related to http://115.55.176.34:54785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.176.34:54785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.224:41784/i id: auto-93c63783c73bee42ba0daed58e4a822eccae3c97683cb8177ed100dd85a1a408 status: experimental description: Detects traffic or activity related to http://110.37.121.224:41784/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.224:41784/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.229.208:45224/i id: auto-ab350cf38b541c869b978123df66c80ee3d48b33c7c56b3b28c6909a9d2ef0e9 status: experimental description: Detects traffic or activity related to http://42.7.229.208:45224/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.229.208:45224/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.56.87:39953/bin.sh id: auto-654a8d355430321edad0f652c3e5a2bf7e05a98842084867c85335ba03ee1b9c status: experimental description: Detects traffic or activity related to http://175.148.56.87:39953/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.56.87:39953/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.168.6:48484/i id: auto-39f4a8f3e9bb1339650149574f27cd821d9d289ed8e8ac5b9edd50890b0b3c77 status: experimental description: Detects traffic or activity related to http://123.5.168.6:48484/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.168.6:48484/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.227.222:37804/i id: auto-b72cccb1a70e25825631dcd434a2abfcc69c3b8ec392b7ada4527bf5c79347fd status: experimental description: Detects traffic or activity related to http://113.229.227.222:37804/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.227.222:37804/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.229.224:55481/bin.sh id: auto-8555a8be0d49c32362edf2eebc777a6fdf95c26baf1980f9f3b921852db3a88c status: experimental description: Detects traffic or activity related to http://125.47.229.224:55481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.229.224:55481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.235:52598/i id: auto-4ed025fa9e7a549d7d3ec49a8054f76d1ee16f613276e948c9204f91485d62ce status: experimental description: Detects traffic or activity related to http://221.15.4.235:52598/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.235:52598/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.8.128:34315/bin.sh id: auto-914164fbb6154d3390fd07b20485d6af3a2b022446d498ebe40b5a20828eb0b4 status: experimental description: Detects traffic or activity related to http://125.45.8.128:34315/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.8.128:34315/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.207.224:44750/i id: auto-2a3cd539d7fff242605010b0c4d565bdc088ae75c2ca204a1f59a970bf32237a status: experimental description: Detects traffic or activity related to http://115.55.207.224:44750/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.207.224:44750/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.202.141:55973/bin.sh id: auto-f2d60971f95c3b8705056c3c5879e290d0d412cc8808ec87773a23d61eca1f80 status: experimental description: Detects traffic or activity related to http://219.157.202.141:55973/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.202.141:55973/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6350135267/4Q5e0Y0.exe id: auto-353032fe4a06e37815decadd582af63d37527a6156f8af6391999d9351f13066 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6350135267/4Q5e0Y0.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6350135267/4Q5e0Y0.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.91.51:33028/i id: auto-bb38e2d6311cb15fbbcc89ccb04d9fb2353bb5d9a44a57dcf23db1e56b125c6c status: experimental description: Detects traffic or activity related to http://220.202.91.51:33028/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.91.51:33028/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.181.33:50931/i id: auto-95c393ad2bcfcf446dd337026b2064663ca1343bbdff71803a51cf1894cdc4a0 status: experimental description: Detects traffic or activity related to http://222.140.181.33:50931/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.181.33:50931/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.235:52598/bin.sh id: auto-defacfe741828a48b17fb0c5240e6ccb4c32eef18c77b3a693bbc987c7e2d15c status: experimental description: Detects traffic or activity related to http://221.15.4.235:52598/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.235:52598/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.172.213:45283/i id: auto-7c31756a86c053860787bbc6171c8574076b5e1cb0fd20be43684a80382fc392 status: experimental description: Detects traffic or activity related to http://117.196.172.213:45283/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.172.213:45283/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.207.224:44750/bin.sh id: auto-60241336efd3824c04f95047fc49b93ba5b00a9fab63b3b42bd525169e89ba85 status: experimental description: Detects traffic or activity related to http://115.55.207.224:44750/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.207.224:44750/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.62.106:34781/i id: auto-26af73b31a56f913235f84848ce50ed1e4f915a15150bffa7b6f88d56d27c00f status: experimental description: Detects traffic or activity related to http://123.188.62.106:34781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.62.106:34781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.229.208:45224/bin.sh id: auto-08d74dddc09d8ee0ddfd3551f4cb134b7c95ab4ebb3af090aba8bfdfb15a5e3b status: experimental description: Detects traffic or activity related to http://42.7.229.208:45224/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.229.208:45224/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.145.15:47704/i id: auto-4cfa5acb63a106cfb8d41d858acfbe2464baeca42be93b558541196c8a91c3ce status: experimental description: Detects traffic or activity related to http://115.62.145.15:47704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.145.15:47704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.145.15:47704/bin.sh id: auto-1aa2fbfeb75cbc7f1ffe0f60bfa4113bc478a47a7501c25c83e29bc4285bd831 status: experimental description: Detects traffic or activity related to http://115.62.145.15:47704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.145.15:47704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.105.213:57742/i id: auto-79476f5d02991048e257f8df7c5a6357d72d2428a15addee8c02106282d64811 status: experimental description: Detects traffic or activity related to http://182.121.105.213:57742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.105.213:57742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.172.213:45283/bin.sh id: auto-2ca10156ea3488cfd697ab004798a09d7e59401206509b84aa8d489ed3462686 status: experimental description: Detects traffic or activity related to http://117.196.172.213:45283/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.172.213:45283/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/arm id: auto-31793ad8b2659bcc8c3e708f621e7aee934185694633f2bb30c69fe2d74862da status: experimental description: Detects traffic or activity related to http://103.116.52.219/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.116.52.219/arm7 id: auto-2c352b8b09ed2b2ea4e0f0199e43ee68c52cde926454d7adccd1edc0b018eb8a status: experimental description: Detects traffic or activity related to http://103.116.52.219/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.116.52.219/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.53.110:57476/i id: auto-2864ada548058b17ab25ad7b60b10723d5733287e958368c8f80af9cd84f7f9a status: experimental description: Detects traffic or activity related to http://115.63.53.110:57476/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.53.110:57476/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.13.9:38444/i id: auto-d87e48d86acb5b03355c45ecc2e68a9fd281be524a74aa793d5e327eab1c7a65 status: experimental description: Detects traffic or activity related to http://61.176.13.9:38444/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.13.9:38444/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.64.254:51854/i id: auto-35c831c668192606ea73aa92ad313c4e1387975b6e86780d1ebc24d205a4b21c status: experimental description: Detects traffic or activity related to http://110.37.64.254:51854/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.64.254:51854/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.49.11:58271/i id: auto-d5819537835296c4101e2f130dc75e2429dcca9a34b2ad221585ddce17218a99 status: experimental description: Detects traffic or activity related to http://182.121.49.11:58271/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.49.11:58271/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.225.231.222:45947/Mozi.m id: auto-c8d19cfc4db5fd72a7dca8c7e5eac8759375c669874b3f28fd6814f95d1a01b6 status: experimental description: Detects traffic or activity related to http://88.225.231.222:45947/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.225.231.222:45947/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.189.248:50240/i id: auto-298f71b3e3c8ebad4c62b9f0aea5705eff21deb15e25bea88166ffce7c6988c1 status: experimental description: Detects traffic or activity related to http://120.28.189.248:50240/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.189.248:50240/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.183.113.18:42632/i id: auto-d20f409afa8d4ba206bbfef5dfb2e652d5665cc98b7636fccfa227a656c0c8eb status: experimental description: Detects traffic or activity related to http://59.183.113.18:42632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.183.113.18:42632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.149.58:38294/i id: auto-e9a9661803a57aa4c77088705ef84e9ea376020cb7c6baf43aab109533ce9a08 status: experimental description: Detects traffic or activity related to http://222.138.149.58:38294/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.149.58:38294/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.230.79:34841/i id: auto-36c72cfd6d29adb44352349857e23cfa19747f6c942a16da4ac81d31d6759830 status: experimental description: Detects traffic or activity related to http://125.43.230.79:34841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.230.79:34841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.101.138:42728/i id: auto-2aa0e3c8e09520a22af9131e60ba8dfcc3d0476fc46c205ae24d495acbcfc17a status: experimental description: Detects traffic or activity related to http://42.228.101.138:42728/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.101.138:42728/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.3.125:56899/i id: auto-e59fe0491f6b9d9c698a2f5f0a5ffcd6c5d304f3559a69a0cef7b2164407278d status: experimental description: Detects traffic or activity related to http://115.48.3.125:56899/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.3.125:56899/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.53.110:57476/bin.sh id: auto-e4080d576e16b14451eb0025cf5d0024840ae0e1915bb288e7b535413f46b7cd status: experimental description: Detects traffic or activity related to http://115.63.53.110:57476/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.53.110:57476/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.13.9:38444/bin.sh id: auto-bc936d8f39885511bc201eba20510d9e39dbcf057c6ab9d4187008686a96277c status: experimental description: Detects traffic or activity related to http://61.176.13.9:38444/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.13.9:38444/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.211.109:35502/bin.sh id: auto-61d0155c34b2e65ff351719629a3fc22e95e9365394add70c369a1d43997a35a status: experimental description: Detects traffic or activity related to http://110.38.211.109:35502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.211.109:35502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.3.125:56899/bin.sh id: auto-028440be3384acd5c11eb6876853ffeece6e858108ef5b89f92dafcc60ef58be status: experimental description: Detects traffic or activity related to http://115.48.3.125:56899/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.3.125:56899/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.239:36754/bin.sh id: auto-24777946077a351bd4b89958a51d7f40802e64efac36bfe716bed8fb9c64982e status: experimental description: Detects traffic or activity related to http://110.37.3.239:36754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.239:36754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.35.86:33815/i id: auto-9e2bd46fe0f7342f1d76f4397fc01b49a4b340d2f2a443abe7efee42150f97f0 status: experimental description: Detects traffic or activity related to http://39.74.35.86:33815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.35.86:33815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.237.255.184:22439/i id: auto-01f6aa6c647265c78b789829559d825abc5718fb001b5ca3932db9b98cd3d8c1 status: experimental description: Detects traffic or activity related to http://5.237.255.184:22439/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.237.255.184:22439/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.164.194.88:9896/i id: auto-5faca968a502440d331c7d6d7a64acf36654706ece9eb084cec97e599bbf7e87 status: experimental description: Detects traffic or activity related to http://213.164.194.88:9896/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.164.194.88:9896/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.222.151.167:40077/i id: auto-a64906237382aeba804b8af39f2ce32a3fd07662866dc14469f6cf842cb384cd status: experimental description: Detects traffic or activity related to http://89.222.151.167:40077/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.222.151.167:40077/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.201.182.164:29489/i id: auto-1b24a99ab23cd27dbdb65b031573237b99f3ac205031612fbfaaaca5db2e2083 status: experimental description: Detects traffic or activity related to http://5.201.182.164:29489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.201.182.164:29489/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.225.179.114:59283/i id: auto-3912ab4137e2b1da58e023057cbd8304027be708c7d2b08a6e41e69a0942294b status: experimental description: Detects traffic or activity related to http://212.225.179.114:59283/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.225.179.114:59283/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.50.99.87:9301/sshd id: auto-f1fc5ba5fb8f2519bc613e44ca35c0cf5ab55344d9137ac0791abbe39423af39 status: experimental description: Detects traffic or activity related to http://178.50.99.87:9301/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.50.99.87:9301/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.187.64.0:8082/sshd id: auto-6e3586c777c24f3bceba977fa776be5d228419e0c3a1933d1f833795052d80b8 status: experimental description: Detects traffic or activity related to http://113.187.64.0:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.187.64.0:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.225.62:2000/sshd id: auto-2d2f4d907fa8875237656e2d69ba8151b60d23d04d2db8424e1711c0f5284b95 status: experimental description: Detects traffic or activity related to http://117.242.225.62:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.225.62:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.130.197/sshd id: auto-f23fe1dcb992e744c0d4b7ddfd119b5909bec3f33d7fb3aa6fd1aa33fe244d45 status: experimental description: Detects traffic or activity related to http://83.224.130.197/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.130.197/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.161.123/sshd id: auto-e5c9bb2197897801ba00df74849f719fdab92b163e5f8eb0f96d74f69d9575ba status: experimental description: Detects traffic or activity related to http://83.224.161.123/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.161.123/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.69.66.82/sshd id: auto-f0827ccd2ab134225f2b4c1f2e5ab286105bbf7ff972c886d5d501777d42cd01 status: experimental description: Detects traffic or activity related to http://2.69.66.82/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.69.66.82/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.183.113.18:42632/bin.sh id: auto-bf83d24ab1a1e9a666dd9d66fce58c93cafa0408d07d063de9f71efd35837da7 status: experimental description: Detects traffic or activity related to http://59.183.113.18:42632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.183.113.18:42632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.200.162:47651/i id: auto-dcd6cf296bc748bd510cbbecf7c48e975bab17640b4bd7acaa7061205072ca7f status: experimental description: Detects traffic or activity related to http://115.49.200.162:47651/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.200.162:47651/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.200.47:52239/i id: auto-206b014f7054014229204a1fbc4e00b9394bafd9fcec1ec69a3d607fc017c0d2 status: experimental description: Detects traffic or activity related to http://123.10.200.47:52239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.200.47:52239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.135.239:38980/i id: auto-ffeceb6acce205e64aa2cb5bf3cef2ec0283ed68678cd8e81adf9ea1d7c91ea8 status: experimental description: Detects traffic or activity related to http://123.11.135.239:38980/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.135.239:38980/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.244.220:51913/i id: auto-3c708c97125a322b2347c6138b673f5a1361c53f95645dbec14d7b125b8c2e2b status: experimental description: Detects traffic or activity related to http://123.12.244.220:51913/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.244.220:51913/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.56.83:55136/i id: auto-e376085de3475198d7ce3437d3adf3c434eed0f6981a26423bec65552caf1009 status: experimental description: Detects traffic or activity related to http://125.40.56.83:55136/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.56.83:55136/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.135.239:38980/bin.sh id: auto-b18d187ea0da3df8e7f02e17ae28670b254959d0775c26e2100eafd3b030dcb6 status: experimental description: Detects traffic or activity related to http://123.11.135.239:38980/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.135.239:38980/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.56.83:55136/bin.sh id: auto-5f82e89177106c18148fb1dad4b787e84789949782d08136e2a59ece5acc4e7f status: experimental description: Detects traffic or activity related to http://125.40.56.83:55136/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.56.83:55136/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.33.79:39137/i id: auto-2b5f4a052e712174620c65be568e428f8fb3b655e9631da6ea751fa3dbee43bc status: experimental description: Detects traffic or activity related to http://125.44.33.79:39137/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.33.79:39137/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.244.220:51913/bin.sh id: auto-876fd72c1c9bb7e22b0d9fe61f568a4478be9c04dc12530b7958dd25d555fe06 status: experimental description: Detects traffic or activity related to http://123.12.244.220:51913/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.244.220:51913/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.35.86:33815/bin.sh id: auto-5712cfe9838521792ec03574b301279dffea3178d39c8cee1fb281a4464e5795 status: experimental description: Detects traffic or activity related to http://39.74.35.86:33815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.35.86:33815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.146:48667/i id: auto-533b8f4a2800f2272cb036a86cdfd2f417ab70c2fee5d69123fbf3ba72b6c9eb status: experimental description: Detects traffic or activity related to http://182.116.53.146:48667/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.146:48667/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.161.216:44056/i id: auto-7ac625016c6178b74eaa04e2dfc53989e6b98c1ffe0fe1aff3b764fc54a4a018 status: experimental description: Detects traffic or activity related to http://115.56.161.216:44056/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.161.216:44056/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.42.47:35846/bin.sh id: auto-c2780e8172dafd53573ed53efb6073eb2059915fd837dc962ada2de0a4f63d1b status: experimental description: Detects traffic or activity related to http://222.141.42.47:35846/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.42.47:35846/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.7.148:43043/i id: auto-5c479fcb793e25ea53f0f1610cd3b7399e74b1f6316eb7acf8c287ed39fbbadc status: experimental description: Detects traffic or activity related to http://222.137.7.148:43043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.7.148:43043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.231.238:46662/i id: auto-d3e3a176ce0f7ac8afeb1034f032abf9bfd3bd145f0d79ea0b68c91dc8f69671 status: experimental description: Detects traffic or activity related to http://219.155.231.238:46662/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.231.238:46662/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.49.22:45348/i id: auto-d10975b92d0f2bec9fbc86ea1de5e33c5767cec9682a95b07b781ce2dd77f518 status: experimental description: Detects traffic or activity related to http://115.55.49.22:45348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.49.22:45348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.86.128:59221/i id: auto-3d7a69b3147765d50e0ca4741928691b67ba221f4993da7be94d330b3ab00777 status: experimental description: Detects traffic or activity related to http://39.79.86.128:59221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.86.128:59221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.152.209:45119/i id: auto-687946f7b44f181dc2322babe4a5faa3bef10ba8f191d888a78d8211a017fca7 status: experimental description: Detects traffic or activity related to http://115.48.152.209:45119/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.152.209:45119/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.146:48667/bin.sh id: auto-849769843effa346c1b73454eba11d751d87e96fbf1545c43d8ba967ad81819b status: experimental description: Detects traffic or activity related to http://182.116.53.146:48667/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.146:48667/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.147.99:52464/bin.sh id: auto-7cd01e50012711571c653e434271f68e12c33135759c58ccff75284953d406ff status: experimental description: Detects traffic or activity related to http://59.88.147.99:52464/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.147.99:52464/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.198.228:32889/bin.sh id: auto-39906c8c6d1168a527c9d8a60bda4fdcec81d0468b96822b074b383fe0c7332b status: experimental description: Detects traffic or activity related to http://113.231.198.228:32889/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.198.228:32889/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.147.189:50005/bin.sh id: auto-d50b81dc4b4781b8bd519c05dbce6ae162aa96500050bb0272103afc5d273f81 status: experimental description: Detects traffic or activity related to http://59.88.147.189:50005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.147.189:50005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.178.205:40847/bin.sh id: auto-b7ac75b44675a3d7960a435d667345a010a54338033bfcab5525bb7cebb7fc3a status: experimental description: Detects traffic or activity related to http://27.215.178.205:40847/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.178.205:40847/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.161.216:44056/bin.sh id: auto-5d50c6ea6a81f47c7a2a40278fefb985250a6fc170b1ce399b1978c86510311d status: experimental description: Detects traffic or activity related to http://115.56.161.216:44056/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.161.216:44056/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.152.209:45119/bin.sh id: auto-35f6b401613fa7d3fc1daf5fd86e0dbe3cbab0b28409dac55332b6920593dc86 status: experimental description: Detects traffic or activity related to http://115.48.152.209:45119/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.152.209:45119/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.86.128:59221/bin.sh id: auto-33a2f5a18bdb4a0fbc0e89886934a105fd3f3853bd7ecb403b7d4f936fa435b3 status: experimental description: Detects traffic or activity related to http://39.79.86.128:59221/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.86.128:59221/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.75.192:54806/i id: auto-2acf478d86a22a4d64659b2469656d6044d176483b5e5f6a6476bbfcc9a01f84 status: experimental description: Detects traffic or activity related to http://219.155.75.192:54806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.75.192:54806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.67:53717/bin.sh id: auto-dfecc09c8d98934c17992c9fbbeab6df2d8a26b0a81a902719365cd7c8d8480b status: experimental description: Detects traffic or activity related to http://110.39.235.67:53717/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.67:53717/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.199.152:43774/i id: auto-04f08088cfb4a9c4a8fbbf29c929f17df9cc764ec4e2e85d0e02c317b8ec03cc status: experimental description: Detects traffic or activity related to http://125.46.199.152:43774/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.199.152:43774/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.7.148:43043/bin.sh id: auto-f39bf6c523cf953b545df0f22096b011242bfce84edd993df81ad1acb9da6d0e status: experimental description: Detects traffic or activity related to http://222.137.7.148:43043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.7.148:43043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.242.67:49553/i id: auto-4e93c6b1a1a3eb4fbb9a9aa15361a4e04e48dcaa6b4d2c33856b29f5cdef49b6 status: experimental description: Detects traffic or activity related to http://42.177.242.67:49553/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.242.67:49553/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.79.93:60344/bin.sh id: auto-996c471aebb10b07a4d75abd4fce0865780b0c0333d13a712ce6e5baece8045c status: experimental description: Detects traffic or activity related to http://60.23.79.93:60344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.79.93:60344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.220.69.49:59114/bin.sh id: auto-6e98f9e1e18dc37ec5842d489f88cecdfe75566549923e9f91fa66497184118e status: experimental description: Detects traffic or activity related to http://91.220.69.49:59114/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.220.69.49:59114/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.233.158:54743/i id: auto-017aa68c8477955f8ee5b94dcb0f3e28047f582b06c68336cbd6016283ceb1ed status: experimental description: Detects traffic or activity related to http://123.10.233.158:54743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.233.158:54743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.172:39032/bin.sh id: auto-0e49c1f5d37d0054b0fd5b6d3706ccc71f54368e926416822be371b454eadb92 status: experimental description: Detects traffic or activity related to http://219.156.62.172:39032/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.172:39032/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.176:60544/bin.sh id: auto-e72596784542bc17b7817eb9b2b88562903feae565c0627325a42df26e98faf7 status: experimental description: Detects traffic or activity related to http://110.36.15.176:60544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.176:60544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.59:53853/i id: auto-78e48aa03b773da029454f3f828baf7f4a555e0b7484e1fb2cee2c2626547528 status: experimental description: Detects traffic or activity related to http://221.15.5.59:53853/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.59:53853/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.242.67:49553/bin.sh id: auto-25bbd88d7b9f730637813bc6f3ef56efd22d50be79dac0d070f4e2256f49aa4c status: experimental description: Detects traffic or activity related to http://42.177.242.67:49553/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.242.67:49553/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.11.176:56886/i id: auto-6fa8d9f4adae3337fe489e97efe4c7960403e839d4606d9899252d54826db448 status: experimental description: Detects traffic or activity related to http://123.11.11.176:56886/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.11.176:56886/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.208.93:37632/i id: auto-25bc3937eb1dca2dab34667b7702757b698333598d9c6554e7443ee308699f1b status: experimental description: Detects traffic or activity related to http://119.186.208.93:37632/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.208.93:37632/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.253.34:39346/i id: auto-ea4715f7e94dea4f10f5a6aa4118e8d411c92c594e1baa9a14a6f8042ed13f9b status: experimental description: Detects traffic or activity related to http://222.141.253.34:39346/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.253.34:39346/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.230.89:45936/i id: auto-8ae76616ab0abada729d1c2925c8e1c7763febb65f4ad77e4ec0c30db4396bb4 status: experimental description: Detects traffic or activity related to http://125.41.230.89:45936/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.230.89:45936/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.233.158:54743/bin.sh id: auto-2f3b6a14976e7b7e41655b55735e5703d9eef3723fb03287e944f02ed1bdf6f8 status: experimental description: Detects traffic or activity related to http://123.10.233.158:54743/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.233.158:54743/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.101.175:55199/bin.sh id: auto-660fb0af5ff0a2cc5994f81a17da310e3d7393a1db37ec38fa3f7766dd283ac7 status: experimental description: Detects traffic or activity related to http://112.239.101.175:55199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.101.175:55199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.202.103:47713/i id: auto-550833c5e67b5f3b64806f613c72b31454e02c79ec0453423ebdbb04184891e0 status: experimental description: Detects traffic or activity related to http://42.6.202.103:47713/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.202.103:47713/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.232.105:35300/i id: auto-72f83195cfeb619cdd547e00eead68e2ccf34eae336b28520b3092d3fc50c3d2 status: experimental description: Detects traffic or activity related to http://115.49.232.105:35300/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.232.105:35300/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.196:55459/bin.sh id: auto-de7fd590f62468811272bf5bfe3e71afb74f18f6b82abfa210d4e2b81fbc5df7 status: experimental description: Detects traffic or activity related to http://110.36.0.196:55459/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.196:55459/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.253.34:39346/bin.sh id: auto-114c062e3355520dd30c038a56df2d53b6213f4c96b7b23da60d9cd99634d750 status: experimental description: Detects traffic or activity related to http://222.141.253.34:39346/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.253.34:39346/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.59:53853/bin.sh id: auto-96f92d45f77fa19036e83f7f23e3d186cd2eca0b6ffd588714e89b9b7d063e12 status: experimental description: Detects traffic or activity related to http://221.15.5.59:53853/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.59:53853/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.26.139:45395/i id: auto-b86ded8435f459b16e47ed57e49d550d215c6c16c11973160a925fe0c0c5525b status: experimental description: Detects traffic or activity related to http://182.113.26.139:45395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.26.139:45395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.230.89:45936/bin.sh id: auto-f4982e9b36340dc80e3952f745c6ebd9ad1f81b225da1cc3be5f799ed8e584ff status: experimental description: Detects traffic or activity related to http://125.41.230.89:45936/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.230.89:45936/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.186.208.93:37632/bin.sh id: auto-1035a883408fa0146076d176c6fecd5edd5be8d7622e001d116ab017d6c55062 status: experimental description: Detects traffic or activity related to http://119.186.208.93:37632/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.186.208.93:37632/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.245.13:46564/bin.sh id: auto-cf27eeb14058af84f38f24261bd3108772c9152a09632bd2ae4a69f09fd4f377 status: experimental description: Detects traffic or activity related to http://42.238.245.13:46564/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.245.13:46564/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.210.56:58883/i id: auto-5ae55dc3b07c03feb07129647236cd19776f1d2a25e26fc60f57c51c8906c146 status: experimental description: Detects traffic or activity related to http://117.215.210.56:58883/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.210.56:58883/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.82.165:41392/i id: auto-ba9cb781f20ef0b8b346093293eb5d1b942d2d3f79a1b509dc4e83b1b3d314c7 status: experimental description: Detects traffic or activity related to http://123.12.82.165:41392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.82.165:41392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.254.103:37332/i id: auto-c29523d4ac0daa9c91d0ae2c19065bbbd715395c839056ae5dc3646fd90cebc0 status: experimental description: Detects traffic or activity related to http://180.191.254.103:37332/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.254.103:37332/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.48.76:41284/bin.sh id: auto-655b3aa301f0af05eca0c8bf78507a13cb242f541be7f9dda0771b2eaafd0ddc status: experimental description: Detects traffic or activity related to http://42.179.48.76:41284/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.48.76:41284/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.232.105:35300/bin.sh id: auto-65dd5854be2272b0d5985f62ee859df847b26cae622eda94d171b729482c8941 status: experimental description: Detects traffic or activity related to http://115.49.232.105:35300/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.232.105:35300/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:49191/i id: auto-6ffafc26b9525fdea96b01b47ee583516812f0e942d24971f2d87af61cc5ec00 status: experimental description: Detects traffic or activity related to http://110.37.37.232:49191/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:49191/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.82.165:41392/bin.sh id: auto-4ebcdb2d5c9e0a1d41fd19e0338e5dda16d3cd5f46c1993063bd4882b4f58eb7 status: experimental description: Detects traffic or activity related to http://123.12.82.165:41392/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.82.165:41392/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.26.139:45395/bin.sh id: auto-a6ca34230a008b5ffe2a536978446db0ad7ae405b7a41d3d3e975b860cab10e0 status: experimental description: Detects traffic or activity related to http://182.113.26.139:45395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.26.139:45395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.166.31:57155/i id: auto-476bc20489bb49190eb821c76ae964d43f0ee8037debdfc2581caada075a1883 status: experimental description: Detects traffic or activity related to http://123.13.166.31:57155/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.166.31:57155/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.254.103:37332/bin.sh id: auto-8c23d1b4b9d8ac13ad6f8ed6d61b4f60314e64878c6590a2f05e15b8a9a86485 status: experimental description: Detects traffic or activity related to http://180.191.254.103:37332/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.254.103:37332/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5327590511/gE9YjL9.exe id: auto-7cd6d403b378bca612ed2ebe189ecd701161df7a6f3c18db777fdf92bd76c5d1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5327590511/gE9YjL9.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5327590511/gE9YjL9.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.166.31:57155/bin.sh id: auto-e3f6afb0ba982745c3e38d6183bb2e7116edfb2c13b2b11a3f58c46c2e0242fd status: experimental description: Detects traffic or activity related to http://123.13.166.31:57155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.166.31:57155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5750743047/99zGTvx.exe id: auto-3afc7b3b83df64b44d2b82b0c028ab2f3dbe3e40f77844edd2cd8cc803140a25 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5750743047/99zGTvx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5750743047/99zGTvx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.132.164:37456/i id: auto-a1a447e186491e1af2b43639cf05970344fdbc3591a668f1a5e92bab98e85367 status: experimental description: Detects traffic or activity related to http://175.148.132.164:37456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.132.164:37456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.153:35695/i id: auto-02e19719e184bc2443b384cc7ce920e63fe476778320dd1c6cb385c4c78c662a status: experimental description: Detects traffic or activity related to http://110.39.235.153:35695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.153:35695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.65.218:40585/i id: auto-c0de953076fccf7344fdbf31963de71c13a44df58f6231ef6a8aa7a842e6e5f0 status: experimental description: Detects traffic or activity related to http://125.45.65.218:40585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.65.218:40585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.96.177:57368/i id: auto-5265160e5e2a24fee4d4387bf474d498b4251452ed5712cdd97ddab24908ff36 status: experimental description: Detects traffic or activity related to http://123.11.96.177:57368/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.96.177:57368/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.66.249:51329/bin.sh id: auto-c522e9ea252cd8fd34d75b48879765cce46fd7fdd470c837eaf1c609a8ed25c8 status: experimental description: Detects traffic or activity related to http://222.139.66.249:51329/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.66.249:51329/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.38.20.114/maybe.exe id: auto-bbdee946b892ec6d08768ff62cc64c043b68fbd0746dcdea77a46af84ee7f807 status: experimental description: Detects traffic or activity related to http://45.38.20.114/maybe.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.38.20.114/maybe.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://65.87.7.44/update id: auto-6a4f24cacb0bce8578772eaa05ab21ee04d1e60268dcfa53923f0e39c47f49ec status: experimental description: Detects traffic or activity related to http://65.87.7.44/update which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://65.87.7.44/update*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://96.125.128.58:47967/i id: auto-33dc3586a2b27d68568c2e79a5a8c6d5d545d34f4ff3e21ee407d9c5c6e77b3a status: experimental description: Detects traffic or activity related to http://96.125.128.58:47967/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://96.125.128.58:47967/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.40.66.159:57353/i id: auto-0dc190727b2dfc8215be44825371665af3a5c9f267ccf3cee8efadbaa016210e status: experimental description: Detects traffic or activity related to http://106.40.66.159:57353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.40.66.159:57353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.153:35695/bin.sh id: auto-37e5c8a4120f3ed37f131aede5aa2972629fd25f8ab3ad70db8470bc8f55bb5e status: experimental description: Detects traffic or activity related to http://110.39.235.153:35695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.153:35695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.179.100:38537/bin.sh id: auto-09ea5d4a6632a4a2ed74e84a6599c9d881b82a05d409a3d01c4989e83b68287c status: experimental description: Detects traffic or activity related to http://27.215.179.100:38537/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.179.100:38537/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.65.218:40585/bin.sh id: auto-e552703e18f32faf8acb84d4ad03473b864531b5653d87d7f57f94f309109c8f status: experimental description: Detects traffic or activity related to http://125.45.65.218:40585/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.65.218:40585/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.102:52541/bin.sh id: auto-63eb30c5c497cb9bf12615d3713cbfeba35cde8031ed74b2264c3e9255c3e661 status: experimental description: Detects traffic or activity related to http://110.37.2.102:52541/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.102:52541/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://96.125.128.58:47967/bin.sh id: auto-4a19c08cb405bbdc2f84d60b99ae0dc74901771bdfd895787729b66220c45678 status: experimental description: Detects traffic or activity related to http://96.125.128.58:47967/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://96.125.128.58:47967/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.8.95:37504/i id: auto-646e41714dd4a3d7fd4bbce787f4e6be0173035fee4859348b767d88b62dc0e1 status: experimental description: Detects traffic or activity related to http://39.74.8.95:37504/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.8.95:37504/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.140.221:54657/i id: auto-29810723310f2a17fce830ef10fce4f13000bd627b732da78a9d56804e7aaa5a status: experimental description: Detects traffic or activity related to http://115.58.140.221:54657/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.140.221:54657/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.38.122:50350/bin.sh id: auto-e70cdb650e520a7c8acba9a04f47fc5b86624bdc22835dfdb56ec5c687a169cb status: experimental description: Detects traffic or activity related to http://42.52.38.122:50350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.38.122:50350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.151.224.253:43517/i id: auto-f1287c76f46548cd9cc59f82e7b9d4506225a4614d870a90fb023122662ba718 status: experimental description: Detects traffic or activity related to http://175.151.224.253:43517/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.151.224.253:43517/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.178.203:54661/bin.sh id: auto-c3259ad158d7b92cae4b4b9c8698cbec73a0897a516fc2eaa2836c73a402c8a4 status: experimental description: Detects traffic or activity related to http://222.127.178.203:54661/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.178.203:54661/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.135.173.254:38742/i id: auto-bd00c13893b78820d22c6f32b1c41521e64b0495271196facedd03b4bd8dbfc5 status: experimental description: Detects traffic or activity related to http://124.135.173.254:38742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.135.173.254:38742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.163:35199/bin.sh id: auto-84825e38d8ab9d2e15b58f1a6268f0779ef65e950e77f39e023cbc41a295928b status: experimental description: Detects traffic or activity related to http://110.39.228.163:35199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.163:35199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.8.95:37504/bin.sh id: auto-a9b28e5c04794213be939cc76de7c53c50c240d39917c01ea415d1ad9901d633 status: experimental description: Detects traffic or activity related to http://39.74.8.95:37504/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.8.95:37504/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.203.82:52322/bin.sh id: auto-5d5ee3bd1f714ed42925ebcc08ecd687960173616a1d41c14020c35ea3b7c8e0 status: experimental description: Detects traffic or activity related to http://123.11.203.82:52322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.203.82:52322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.119.1:44657/bin.sh id: auto-0b5e362bc51c081108b2dac0d3f882b4f584eedd28729a9f1762c3b152d04a9c status: experimental description: Detects traffic or activity related to http://222.138.119.1:44657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.119.1:44657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.140.221:54657/bin.sh id: auto-ff6850b72a85a8212ce0ab1ba79bf4593e2dd7bc49da9c417b6acfc5f0b0f975 status: experimental description: Detects traffic or activity related to http://115.58.140.221:54657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.140.221:54657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.41.166:42675/i id: auto-1ac9b0ddc0a0e9984a7bb374f0a1330a6a518b0d4858f8862b5d3a6566814a75 status: experimental description: Detects traffic or activity related to http://60.22.41.166:42675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.41.166:42675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.1.70:35835/i id: auto-d2a6369a4b33533d628270cf3db71c59209313c51ac5481b0ddaf335ce8a8d33 status: experimental description: Detects traffic or activity related to http://115.59.1.70:35835/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.1.70:35835/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:50855/i id: auto-f22c351e728ff3d126e8249e7d1ac56ed7dd95cd26bbd7d353efb4221cba43da status: experimental description: Detects traffic or activity related to http://110.37.110.217:50855/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:50855/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:60846/Mozi.m id: auto-82c05a6dd3c8b6ccb21461caf8a67298dd490ee62dc67ad958ba28a66f30f66f status: experimental description: Detects traffic or activity related to http://95.6.41.155:60846/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:60846/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.211.140:43979/i id: auto-21dc5aa781dca29b2dc853d5b284f8292fabb1d0bfeddfe134a458a966f8d3cf status: experimental description: Detects traffic or activity related to http://117.211.211.140:43979/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.211.140:43979/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.147.41.88:45690/Mozi.m id: auto-d8f4b757d268ca0cb4ccb42d00cf9d6d86433c22286921a00239a4a8a8a89c0a status: experimental description: Detects traffic or activity related to http://185.147.41.88:45690/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.147.41.88:45690/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:60846/bin.sh id: auto-34a7fc914bda720f13c5600c61d9e9abcc1e16fee7564b80a9b1ab10ad78232d status: experimental description: Detects traffic or activity related to http://95.6.41.155:60846/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:60846/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.42.47:35846/i id: auto-b0b235e2c0c2cc434e0c04885c849b20f33b8e1a2057b59d1a3c465c4d88a71f status: experimental description: Detects traffic or activity related to http://222.141.42.47:35846/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.42.47:35846/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.104.22.168:60621/Mozi.m id: auto-2ab61dfbe558a8ae376592df7d657d58c3c63fb092614704076d7ecd75afe807 status: experimental description: Detects traffic or activity related to http://95.104.22.168:60621/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.104.22.168:60621/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.246.101:36943/i id: auto-6d2bfdc90ba1011dc8c0a777ee3116f3bd6e2f21ff719351dd39de039d46ddc8 status: experimental description: Detects traffic or activity related to http://221.1.246.101:36943/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.246.101:36943/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.61.12:39997/i id: auto-f686f354b52b60c32752b1c5f3dd04fab162e287ee8347e32df798c028d0ede1 status: experimental description: Detects traffic or activity related to http://42.178.61.12:39997/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.61.12:39997/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.156.162:52925/i id: auto-370c9e7ae2c6b44ce53870e4e76ca0254c0e9b81fa805efe7f0ace857269b619 status: experimental description: Detects traffic or activity related to http://222.140.156.162:52925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.156.162:52925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:60846/Mozi.a id: auto-6bd3135230cf9b39f494ee1806a654c10f027b4a02852c102813bf3e4a7f0c30 status: experimental description: Detects traffic or activity related to http://95.6.41.155:60846/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:60846/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.220.193:44902/i id: auto-603780ef30a11a58a71d3b0d9d56db58b03982ce57f24d2cdb45028493cbfe0c status: experimental description: Detects traffic or activity related to http://42.229.220.193:44902/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.220.193:44902/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:60846/i id: auto-0eed567fc74932e47c37587d9919375cd3545d9b06b3082e77a5c850e2536a81 status: experimental description: Detects traffic or activity related to http://95.6.41.155:60846/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:60846/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.79.18:39476/i id: auto-24e6b6f3bc6cee6901ec22a2655d229c80168bbedfd3cd03e95bcea24976f517 status: experimental description: Detects traffic or activity related to http://115.63.79.18:39476/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.79.18:39476/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.22.219:43290/i id: auto-0331185039a7990947795472f775e78943dbf4baac05d8dfd0e682030f9ad72e status: experimental description: Detects traffic or activity related to http://115.52.22.219:43290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.22.219:43290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.3.117:35894/bin.sh id: auto-0a7afea5f5f6cc779d4b5ff9ab5e912e4b920409760bedd32951c4c8a1e19332 status: experimental description: Detects traffic or activity related to http://115.50.3.117:35894/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.3.117:35894/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.217:50855/bin.sh id: auto-df6d87bf08b2f367aab9a2296e4b6ea4349d08f11ebba36fdd0f87851582f73c status: experimental description: Detects traffic or activity related to http://110.37.110.217:50855/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.217:50855/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.41.166:42675/bin.sh id: auto-b4516df2d260409f2f5d9a6f946e23cb644cac8c2a70aaed07ee65dfcc561452 status: experimental description: Detects traffic or activity related to http://60.22.41.166:42675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.41.166:42675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.89.124:38061/i id: auto-ecbabd92a086279f8debe31426e4760179d8d94a7b877e0a38c9b39f68775118 status: experimental description: Detects traffic or activity related to http://220.202.89.124:38061/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.89.124:38061/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.1.70:35835/bin.sh id: auto-57c8d13f4f63dae1352504a3e242a1836291cee31ae6bac26d975ff7c07bdcb5 status: experimental description: Detects traffic or activity related to http://115.59.1.70:35835/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.1.70:35835/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.79.18:39476/bin.sh id: auto-c17dd3c895ddc412032f10d4f4167e93568b757ef1d13fb416f8914815e962d7 status: experimental description: Detects traffic or activity related to http://115.63.79.18:39476/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.79.18:39476/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.238.109.128:46544/i id: auto-da22a73ee90021266740a3f3ddce58ba4c3a36673c069bea3a3cccfa2473ec4f status: experimental description: Detects traffic or activity related to http://112.238.109.128:46544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.238.109.128:46544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.238.109.128:46544/bin.sh id: auto-891614ccbff74e7458d600ac7522af68b16b495db1573ab5d4816b6acd2f9f95 status: experimental description: Detects traffic or activity related to http://112.238.109.128:46544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.238.109.128:46544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.84.4:56508/i id: auto-5a81a1766345dabe8212fbf2c986f63f3715b098736d4cb253379a8c96295814 status: experimental description: Detects traffic or activity related to http://61.53.84.4:56508/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.84.4:56508/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.66.23:52597/i id: auto-18afdf27e852337656c1eff57b084b640722c7d77c62cac011e0eb7dcb99127b status: experimental description: Detects traffic or activity related to http://219.157.66.23:52597/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.66.23:52597/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.89.124:38061/bin.sh id: auto-ae148f19ae1051e5001e85cb2fe69194b157a6df708f98daa5d5704644454daa status: experimental description: Detects traffic or activity related to http://220.202.89.124:38061/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.89.124:38061/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.188.205:58644/i id: auto-e626073e65d0964d2524f0c53f84715d87f5b899647abf8bbf5b1d729b01160c status: experimental description: Detects traffic or activity related to http://113.229.188.205:58644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.188.205:58644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.233:45252/i id: auto-5a4a9dc52b7bd32fb9e7abd9246a40f45c5ee5b011780ed48d33345bd37d5c8c status: experimental description: Detects traffic or activity related to http://110.37.73.233:45252/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.233:45252/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.236.17/kmips id: auto-af3aacb16e937e9b781b933d2c04b2a4a44449e9d94583ae6b7a55fa5c876b2c status: experimental description: Detects traffic or activity related to http://45.90.236.17/kmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.236.17/kmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/armv4eb id: auto-c06aeb15e11b56c63e9d6be5b46901d828a76403b22ab317a79fdbfd195d6ca1 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/armv4eb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/armv4eb*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/armv4tl id: auto-cc1fe2344a5d09756f5af949e4b123cc8d2a24eff6a38d5de9726e075967e409 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/armv4tl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/armv4tl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.2.193.132:18956/bin.sh id: auto-def5d5b964e0afbae0301220c812ec53347b3c770dc98174a909ee56ec6b1630 status: experimental description: Detects traffic or activity related to http://120.2.193.132:18956/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.2.193.132:18956/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/arm7 id: auto-ffc4a271a62ca02f869fdb9f29848490b0950695527ad39d4d670d53766e6eec status: experimental description: Detects traffic or activity related to http://wok.gooning.su/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/mpsl id: auto-2eeeb14406332aa55d0d01e8ff88e8a9f4be913a5aeff128ecce898d03537a66 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.236.17/karm id: auto-23048daeb1651bc73a4ec55c19c2a9a4fabf6c7ebc8003464b5996ef9769c46f status: experimental description: Detects traffic or activity related to http://45.90.236.17/karm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.236.17/karm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/i486 id: auto-245ad858355ea843257ca266710cf122790cdb40ab7f78f5ba26592aae3c712a status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/mips64 id: auto-1a3121a4d9ce1d9deb6ee079cee46def00962e062daa0bf9f16f077a62c8b8db status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/i586 id: auto-1db1ada02f9254eb903340ce5ea66f3b27f6c969028c3f30cf5881f8e308b24e status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.236.17/kmpsl id: auto-e965b1377a02061e14791cf912f38036ad705f200b7cd6e60b63e9561b48363f status: experimental description: Detects traffic or activity related to http://45.90.236.17/kmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.236.17/kmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.90.236.17/karm7 id: auto-986946a7a750edc73ee286c7c20b57d4a074e0590e80540db31114a6e4c5da5b status: experimental description: Detects traffic or activity related to http://45.90.236.17/karm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.90.236.17/karm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/mips id: auto-ed94c3fa9335efe194c43dde88c8e62383c1c91b919a6b574ae62b482d4bb710 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/arm id: auto-ee08af2ab0414f8576d8a38a6cd6bb4fe533cf1c0e2c143433af0fb50fdfd84d status: experimental description: Detects traffic or activity related to http://wok.gooning.su/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/armv7l id: auto-f58502c8c2307978562a22b5100749d472dbef12fb1417c67e97ed5a6b992e8a status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/powerpc-440fp id: auto-7cebff70f34112f6db2a165f22f0c4f4ee420b300b6ae55c91e31483543c87d9 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/powerpc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/powerpc-440fp*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.67:53613/i id: auto-5c8a91a23ee894c30c8989ed3cd94550ed7300190732dae0d7be8c7ec7a9ba5d status: experimental description: Detects traffic or activity related to http://110.39.244.67:53613/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.67:53613/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.254:38005/bin.sh id: auto-1e68115d51372017c1552c9da47fd988e6f271d81882f2b90618532154484892 status: experimental description: Detects traffic or activity related to http://117.209.29.254:38005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.254:38005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.29.254:38005/i id: auto-2d0765c4a454f2f0e62c2863cfc0c144841793f769de04e6371b4d57e7688965 status: experimental description: Detects traffic or activity related to http://117.209.29.254:38005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.29.254:38005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.192.221:49674/i id: auto-4715284b2b3f32e7b65899910078a2ebd1a3ca3ca1a4b00d950af07be0ff3215 status: experimental description: Detects traffic or activity related to http://123.188.192.221:49674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.192.221:49674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.42.87:54318/i id: auto-e606a6b0621dbc88a86693a2bbfa90719ac6a2e0606e44aaa384aaf2ed7e59f0 status: experimental description: Detects traffic or activity related to http://42.227.42.87:54318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.42.87:54318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://211.93.92.243:41941/bin.sh id: auto-af37acf2d7a2cb589fe046a70746d720a57d3d825455f3fb3d4a22388ffd6f56 status: experimental description: Detects traffic or activity related to http://211.93.92.243:41941/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://211.93.92.243:41941/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.202.103:47713/bin.sh id: auto-b259a814a24ae9c62a86a488b2385bf3278b98a1c96b3cbd6b88aa904b914ba7 status: experimental description: Detects traffic or activity related to http://42.6.202.103:47713/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.202.103:47713/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.184.47:51727/bin.sh id: auto-ce6fa7c4fbf64e13ad653ba5c98d0742254c6e10f56b938ccacd2621b8fd0f0e status: experimental description: Detects traffic or activity related to http://119.117.184.47:51727/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.184.47:51727/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.93.235:40668/bin.sh id: auto-8e08a72e1e60caae5861bba9ecb7e6981e789aa99f254215076102b72fdf8dc6 status: experimental description: Detects traffic or activity related to http://222.137.93.235:40668/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.93.235:40668/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.190:56138/bin.sh id: auto-ec81784faa35410868fd2c4f0831d02f603874a90f06b64a211851edd2f1899d status: experimental description: Detects traffic or activity related to http://110.36.15.190:56138/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.190:56138/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.101.138:42728/bin.sh id: auto-7f081491904f031893ea07609f412fedf85f3f2443f17a56087ae92e427950be status: experimental description: Detects traffic or activity related to http://42.228.101.138:42728/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.101.138:42728/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.244.67:53613/bin.sh id: auto-378377cb1050c8dc1ce3254d1784d28d0d10b2524725ec1ec34d2e04ef79d24b status: experimental description: Detects traffic or activity related to http://110.39.244.67:53613/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.244.67:53613/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.239.105:35234/i id: auto-35fa8b3fc2e8cec420aef857302cb2c6a82eb9cf709ca2bc1c5e60030a4ba72b status: experimental description: Detects traffic or activity related to http://182.123.239.105:35234/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.239.105:35234/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.239.105:35234/bin.sh id: auto-09af4b51709ea52ed67018c7f35d4395b5db1094a25a88637b30075d5b76a54a status: experimental description: Detects traffic or activity related to http://182.123.239.105:35234/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.239.105:35234/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.42.87:54318/bin.sh id: auto-17417ff442974b65a81b86221b698be63208014d24ddf5356ec3237458182f10 status: experimental description: Detects traffic or activity related to http://42.227.42.87:54318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.42.87:54318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.193.63.208:43033/i id: auto-734d3bd16c7672daf331b6c6302722b5a38e8fad325c446177f9647289c8f542 status: experimental description: Detects traffic or activity related to http://104.193.63.208:43033/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.193.63.208:43033/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.159.173:39949/i id: auto-e8193d4bd73a771019aae443f0db7826decd86e7442fa85e1fff5bfbfa2d137a status: experimental description: Detects traffic or activity related to http://182.121.159.173:39949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.159.173:39949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.216.159:54161/i id: auto-ddc1a66ce3ae9e8ab0540876fb93fb411f9ef0b164cba715172b71d6d23611e8 status: experimental description: Detects traffic or activity related to http://42.7.216.159:54161/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.216.159:54161/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.71.227.180:42076/bin.sh id: auto-e4f9a62ba9b6b2ba1c79f4add8470ef00a1d9162d303fd70161d1f4fd06036ec status: experimental description: Detects traffic or activity related to http://39.71.227.180:42076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.71.227.180:42076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.211.109:35502/i id: auto-399ddce0057ffeee2302b13b057ebaa9cbf92a632c700112f42cc3ad2e90ba65 status: experimental description: Detects traffic or activity related to http://110.38.211.109:35502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.211.109:35502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.218.220:34649/i id: auto-54443844d3e99ebdf5507eb7e45c3217ca72948ca36ccf52163455505cc93c45 status: experimental description: Detects traffic or activity related to http://222.138.218.220:34649/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.218.220:34649/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.178.205:40847/i id: auto-018ae2468baad05286f3eb5ea6324d99a2a6b26b2be9da54959719b1a2a1bb1f status: experimental description: Detects traffic or activity related to http://27.215.178.205:40847/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.178.205:40847/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.43.46:35178/i id: auto-43adf1c41392b1fd8e8d8c29b45119c45de97d64ac6a1ed5b17b32ecf7df8fa9 status: experimental description: Detects traffic or activity related to http://42.230.43.46:35178/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.43.46:35178/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.81.28:57946/bin.sh id: auto-7b60f36bb0859dd0d80eb859cee14094a909330c0b5726c123166fb97e2ccc17 status: experimental description: Detects traffic or activity related to http://27.220.81.28:57946/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.81.28:57946/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.144.199:36625/bin.sh id: auto-98c3585d3373fdcbf5663aff119dc761a29d3a134bc62754078d111b8271ef08 status: experimental description: Detects traffic or activity related to http://222.137.144.199:36625/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.144.199:36625/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.2.121:42932/bin.sh id: auto-8875c10cdd2ea71c778a863c5b62b76a56ebcbad29bc92bb17b826a0aafcfca9 status: experimental description: Detects traffic or activity related to http://42.53.2.121:42932/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.2.121:42932/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.241.19:46206/i id: auto-a92009e75984dde3cf0fbec56e146545311c23232d1265786d7cefa5c5a8e2ba status: experimental description: Detects traffic or activity related to http://222.142.241.19:46206/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.241.19:46206/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.6.65:42556/bin.sh id: auto-db389b052a2fa01681176b4b015dfe1e0be42395347f68a90bf645b8a8fab840 status: experimental description: Detects traffic or activity related to http://123.188.6.65:42556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.6.65:42556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.66.23:52597/bin.sh id: auto-10d2066895223f4256dfa113a708537103cdaa41b80449e6f24a0cab16bbb6e7 status: experimental description: Detects traffic or activity related to http://219.157.66.23:52597/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.66.23:52597/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.223.49:59225/bin.sh id: auto-6c968b4aab092a11eca24593d1bd4503a6d70cadc2c2b260767e7310ed41fdae status: experimental description: Detects traffic or activity related to http://175.146.223.49:59225/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.223.49:59225/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:44510/i id: auto-f9bc469d1ec99eff21ea7758e5e502ad0377230f3642d422acf731ab9c0667a0 status: experimental description: Detects traffic or activity related to http://110.36.29.76:44510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:44510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.131.155.245:32798/bin.sh id: auto-9b6a4ab6e928ed89e21641bc56ef7a0c4ce5ec5bdd678d784581c8c88177c07b status: experimental description: Detects traffic or activity related to http://124.131.155.245:32798/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.131.155.245:32798/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.135.173.254:38742/bin.sh id: auto-d7262e070255ed14c2daf28f1f8769fedcd7d8a5d136219b99bf546ff0733868 status: experimental description: Detects traffic or activity related to http://124.135.173.254:38742/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.135.173.254:38742/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.252.162:46706/i id: auto-ef4df5b71d26f39df7fcbbaeb02385d8be261b694470ef62890bad8af6f5253a status: experimental description: Detects traffic or activity related to http://115.50.252.162:46706/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.252.162:46706/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.144.199:36625/i id: auto-3f8d654bf68fb45b62145fa3bcef175727cd3f72155d1b9c00738c39048a154b status: experimental description: Detects traffic or activity related to http://222.137.144.199:36625/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.144.199:36625/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.75:40847/i id: auto-9be3dfa63b09386ab491b7691521170883fb326b0c1eff577e6295c06631f22f status: experimental description: Detects traffic or activity related to http://123.5.159.75:40847/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.75:40847/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.103.0.93:59463/i id: auto-dba418792c9af730c3e2af482aa810624d936ad769cb39287ae80aad979c13de status: experimental description: Detects traffic or activity related to http://181.103.0.93:59463/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.103.0.93:59463/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.98.221:34147/i id: auto-2ce8850d1625f8dcbb721e57e2228a982a0bdb13b5a952b3d48f507ed87f2418 status: experimental description: Detects traffic or activity related to http://112.239.98.221:34147/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.98.221:34147/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.45.12:37252/bin.sh id: auto-88d148daab756474f93cbcdf0c70e133a5d06ba2e28fbf5981087658462689cd status: experimental description: Detects traffic or activity related to http://61.168.45.12:37252/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.45.12:37252/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.207.206:47908/bin.sh id: auto-3fefbfa66521965b4f5ee3ba73ff062c83115beac677af7390b512218733c6bd status: experimental description: Detects traffic or activity related to http://42.227.207.206:47908/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.207.206:47908/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.127.174:39068/bin.sh id: auto-2e13abbe2d09b61760ff2f3b4c9832bb43a2ba4a5924f1365539ff39b5ddfa44 status: experimental description: Detects traffic or activity related to http://182.126.127.174:39068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.127.174:39068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.233.58.217:54559/bin.sh id: auto-960d3cdd0b5299f1ce9a1fdaa67dd51bcc87634cd6e3c3b38f43d80185b1700f status: experimental description: Detects traffic or activity related to http://151.233.58.217:54559/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.233.58.217:54559/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.44.242.206:44973/i id: auto-6246e640be26461d4df7d4676e04fb4cfa93e5bd657c3b99072b3868f3018bbb status: experimental description: Detects traffic or activity related to http://117.44.242.206:44973/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.44.242.206:44973/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.159.173:39949/bin.sh id: auto-701019d0d9974b7c08ecac5c873b8ca65edc84766072a77c1a727e28da0a9239 status: experimental description: Detects traffic or activity related to http://182.121.159.173:39949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.159.173:39949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.195.31:59110/bin.sh id: auto-d75439379480a21496bf5076db6066d8e73557ee938e54c76d162ab12605ccdf status: experimental description: Detects traffic or activity related to http://42.7.195.31:59110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.195.31:59110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://211.93.92.243:41941/i id: auto-a1ccd88ac23bbc723f1e4839544261c73838214bdcca82fe7e63c82c7f1f0840 status: experimental description: Detects traffic or activity related to http://211.93.92.243:41941/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://211.93.92.243:41941/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.127.174:39068/i id: auto-8893173a4fa7380fc6483a4309d547a1b9bb872138f610b1b5d790dc8306b203 status: experimental description: Detects traffic or activity related to http://182.126.127.174:39068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.127.174:39068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.44.242.206:44973/bin.sh id: auto-09b45626d0a150f1f082c6b791a81a11ca886d938e52115d283be148f229ce88 status: experimental description: Detects traffic or activity related to http://117.44.242.206:44973/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.44.242.206:44973/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.88.205:43168/bin.sh id: auto-be6ea32590f27e0ca3898380cdc2b831f37f93cad689f4b10fe3eef1c881b5d0 status: experimental description: Detects traffic or activity related to http://59.95.88.205:43168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.88.205:43168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.64.224:51752/bin.sh id: auto-0bcfc0cc335fc74eb49677af4a0215e11ede89ae992593753f1f31ebda221baf status: experimental description: Detects traffic or activity related to http://58.47.64.224:51752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.64.224:51752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.45.12:37252/i id: auto-8056cdd5a5beafd97b45bbace705a69a0548a6746253ae4b556e460f64a30419 status: experimental description: Detects traffic or activity related to http://61.168.45.12:37252/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.45.12:37252/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.71.227.180:42076/i id: auto-9f6c67de040144f6ed631947021b8da6cea2e8e486722c0697b72a99b366f408 status: experimental description: Detects traffic or activity related to http://39.71.227.180:42076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.71.227.180:42076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.190:56138/i id: auto-96512e7cd3678c13c33ea0511e26278ec723836fc4eff01c9e1fd2325165d934 status: experimental description: Detects traffic or activity related to http://110.36.15.190:56138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.190:56138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.81.28:57946/i id: auto-e0413d34762a8046e1c3745ca2e4a56a4dab3642c586a664be7d096534d4e5cb status: experimental description: Detects traffic or activity related to http://27.220.81.28:57946/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.81.28:57946/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.216.159:54161/bin.sh id: auto-de5848a09b11d7ca78fd26e413e3205eba31476b09b86bd55ba5c1550e98153d status: experimental description: Detects traffic or activity related to http://42.7.216.159:54161/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.216.159:54161/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.15.104:47840/i id: auto-470a25df15a16f0ad2386f302441c14348b40d291f4a6beaaf72fb8561971e2f status: experimental description: Detects traffic or activity related to http://42.179.15.104:47840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.15.104:47840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.252.162:46706/bin.sh id: auto-fa7f724f0d2198b9646d90c34f36b73215b4ce12aa71a6b737d9d5f8e31c49e7 status: experimental description: Detects traffic or activity related to http://115.50.252.162:46706/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.252.162:46706/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.13.139:55544/bin.sh id: auto-0ffe84e4a53c1507c6c75e614c5e249357dcd53d7c53b1e4a770d14c7abe7eb3 status: experimental description: Detects traffic or activity related to http://115.61.13.139:55544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.13.139:55544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.13.139:55544/i id: auto-a114e2224f49204d71a001dae9e5326d9825b215a6cbba321d456da3a3158700 status: experimental description: Detects traffic or activity related to http://115.61.13.139:55544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.13.139:55544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.17.71:38588/i id: auto-607f0ba3df8f1bb5148aefc49d548cd063edaa897099508107fe6d5c572a11df status: experimental description: Detects traffic or activity related to http://42.230.17.71:38588/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.17.71:38588/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.17.71:38588/bin.sh id: auto-bc75e85bef7e26ff2117cef7501013d86eac9b4a7e3b89fe9055447cf6ac3f29 status: experimental description: Detects traffic or activity related to http://42.230.17.71:38588/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.17.71:38588/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.100.12:38937/bin.sh id: auto-afd686e473a7edd43997604abce370e3ff2affb641aaae16255a4f4327ed4afb status: experimental description: Detects traffic or activity related to http://61.52.100.12:38937/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.100.12:38937/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.100.12:38937/i id: auto-f7ef9f9d6ce616e932bd24f45091634abeb55130bd02923f27c90441fabb5d26 status: experimental description: Detects traffic or activity related to http://61.52.100.12:38937/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.100.12:38937/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.75:40847/bin.sh id: auto-a54c65b7039002c88812cd04b6165c914996e1755e254faa9060286062119d77 status: experimental description: Detects traffic or activity related to http://123.5.159.75:40847/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.75:40847/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.29.76:44510/bin.sh id: auto-33e08eaa5514d89a8043777893ecc67a005e8fda8cfa749da38c4ab264b5f5d7 status: experimental description: Detects traffic or activity related to http://110.36.29.76:44510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.29.76:44510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.207.206:47908/i id: auto-e98f77e55a5dafe57316ea27645990b113dfcc77b285558a36396b84a62f11cf status: experimental description: Detects traffic or activity related to http://42.227.207.206:47908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.207.206:47908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.225.35.215:46171/bin.sh id: auto-bdad3658f29ed629fc4e60e5e3ec141658f708c31be42ff3af20eff19fcb9d82 status: experimental description: Detects traffic or activity related to http://113.225.35.215:46171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.225.35.215:46171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.247.176.26:44712/bin.sh id: auto-25a856b1c6a396eac7af9eca32bc5e9e7fba4ae6fb6e18123dee7b7f1836f0bd status: experimental description: Detects traffic or activity related to http://182.247.176.26:44712/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.247.176.26:44712/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.192.207:36245/i id: auto-8c8351c786b02d9e2ceafab07ea67aa8f814e57a77c95df26d032d85778f24ce status: experimental description: Detects traffic or activity related to http://124.94.192.207:36245/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.192.207:36245/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.122.120:45299/bin.sh id: auto-f557dbf2be5ece0b3e116d962bd807e360527da006ac0c7e762f3c7565f8dd4d status: experimental description: Detects traffic or activity related to http://42.224.122.120:45299/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.122.120:45299/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.233.58.217:54559/i id: auto-551242cb9a95498db1bf4218d6a5f0ed535adfa4e99a948d4017a0d7abb6d114 status: experimental description: Detects traffic or activity related to http://151.233.58.217:54559/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.233.58.217:54559/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.164.59:36435/i id: auto-7dba2ee6683b250ac160fe0f7f7d4e51ca4541fb32ebee079348be4fe45d8659 status: experimental description: Detects traffic or activity related to http://117.205.164.59:36435/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.164.59:36435/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.100/arm5 id: auto-608a87377ae2b6c55e24b3cedb4d2a30b355c59e1bb9d894177b08213a9cdaed status: experimental description: Detects traffic or activity related to http://176.65.132.100/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.100/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.235.116.149/bins/camp.spc id: auto-31dbaa0f28c08b01e6e723c50fdb2c0ec3337002b31dfd57380d37d4e887b996 status: experimental description: Detects traffic or activity related to http://91.235.116.149/bins/camp.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.235.116.149/bins/camp.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.104.237:34496/i id: auto-f206a407eb8bc4346ffe619aa1dbcd3b949c8ddabe43225cdfa87801192999e2 status: experimental description: Detects traffic or activity related to http://58.47.104.237:34496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.104.237:34496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.192.32:40925/i id: auto-a0ca4c3a9ecade90b7cb33a022f5fc1ed6614d1ca40b3c56cc2d796101df7111 status: experimental description: Detects traffic or activity related to http://182.113.192.32:40925/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.192.32:40925/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.184.123:40318/bin.sh id: auto-f630614ab2570057b0ca505860d2fcd84ddaa9a4458e7f32cfcecb76c0ebb2ed status: experimental description: Detects traffic or activity related to http://221.14.184.123:40318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.184.123:40318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.242.239:38984/i id: auto-5e82a8d4d7a9187e7661667bbfdb55a542b0130b6281cde0697bbd90d8935d2a status: experimental description: Detects traffic or activity related to http://123.9.242.239:38984/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.242.239:38984/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.219.89:59039/i id: auto-6cd637316eb04c4e17f1b535e67fad8a22c7525f4d39c32e009cf914413f9ae4 status: experimental description: Detects traffic or activity related to http://42.226.219.89:59039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.219.89:59039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.242.140:46849/bin.sh id: auto-fa94dc5c559a42913634921c7383af002f0b5ef9d5023a22857a81786e44e1f0 status: experimental description: Detects traffic or activity related to http://123.11.242.140:46849/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.242.140:46849/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.241.147:51081/i id: auto-4141a82bf39e567d5ad076553fdf6405e3749307f70bad7b59731e2c265330d0 status: experimental description: Detects traffic or activity related to http://113.239.241.147:51081/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.241.147:51081/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.192.32:40925/bin.sh id: auto-5a82f241d6599eeb115ae677245f0b01ec5c98e7420189b5c12f6dc70f1cf4dd status: experimental description: Detects traffic or activity related to http://182.113.192.32:40925/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.192.32:40925/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.218.220:34649/bin.sh id: auto-12aca6810f75e93083ae07a276540caea3294a9969c7a54578b55b9bfafb93d1 status: experimental description: Detects traffic or activity related to http://222.138.218.220:34649/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.218.220:34649/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.163:35199/i id: auto-2318525e788c43daebda1f4e5500ace57e984b943f3e42223289a08f4ad3e86c status: experimental description: Detects traffic or activity related to http://110.39.228.163:35199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.163:35199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.242.239:38984/bin.sh id: auto-788886d554b590b553032597d10db1994d1e1af1d5df9cc59f341feb6cf919a7 status: experimental description: Detects traffic or activity related to http://123.9.242.239:38984/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.242.239:38984/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.195.251.16:35821/i id: auto-32b5ab0b15d8557f6966ae557673f159d0f728f96fb672eeb45e03dbc386de00 status: experimental description: Detects traffic or activity related to http://27.195.251.16:35821/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.195.251.16:35821/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.147:54595/i id: auto-598ee6b6911f1dc102944c2a5bd34a463cdbd69b2029e3eaff8b4d3dc94a102b status: experimental description: Detects traffic or activity related to http://110.39.246.147:54595/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.147:54595/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.16.150.88:52966/i id: auto-f734f789da5530c5ad52d33be709bb3d028f70cb5953fe1d2ef8479f2cbab5d9 status: experimental description: Detects traffic or activity related to http://60.16.150.88:52966/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.16.150.88:52966/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.241.147:51081/bin.sh id: auto-a7cb4c6a9f74063b58de484fddf014a7f3344702e126ec5232416c75c1618430 status: experimental description: Detects traffic or activity related to http://113.239.241.147:51081/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.241.147:51081/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vps2615877.fastwebserver.de/c.sh id: auto-0bf3b8426c1f8616743515a49cb4ad836b6b9b807fdf41b6e1cfcef4740689e2 status: experimental description: Detects traffic or activity related to http://vps2615877.fastwebserver.de/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vps2615877.fastwebserver.de/c.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vps2615877.fastwebserver.de/w.sh id: auto-1ae1b1bec0ad5e27709074060dda511166d9af22e0cd9541372ddb505ed16d9b status: experimental description: Detects traffic or activity related to http://vps2615877.fastwebserver.de/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vps2615877.fastwebserver.de/w.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://vps2615877.fastwebserver.de/wget.sh id: auto-5a625bde29d59b62d2d82c098d18219f91163f6a660cd84d41d73e63b8ebf550 status: experimental description: Detects traffic or activity related to http://vps2615877.fastwebserver.de/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://vps2615877.fastwebserver.de/wget.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.98.221:34147/bin.sh id: auto-d26ac452eb83f42e9552d9f381550a1f9df16d16e6b54384987bc1278e537b96 status: experimental description: Detects traffic or activity related to http://112.239.98.221:34147/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.98.221:34147/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.90.165:49483/i id: auto-2e541ffaf9ff8dfbace49e12f408e15dc424ef56a220137f2720f1489f836bf1 status: experimental description: Detects traffic or activity related to http://220.202.90.165:49483/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.90.165:49483/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.16.150.88:52966/bin.sh id: auto-d94c87a9feea2c91e341eed8527bf4e4f3b946300043a44027c4d000a93f890f status: experimental description: Detects traffic or activity related to http://60.16.150.88:52966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.16.150.88:52966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://170.0.60.61:43489/bin.sh id: auto-e5fa48cb58ffa70b05358549c56b74d6dfaa5d8e9d7e96de3123d3da9260a93e status: experimental description: Detects traffic or activity related to http://170.0.60.61:43489/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://170.0.60.61:43489/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.119.1:44657/i id: auto-8c4b467c17a9ba5461f84ff81edd6b8cdfa226d79d1db752d1f30a71cabb8129 status: experimental description: Detects traffic or activity related to http://222.138.119.1:44657/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.119.1:44657/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.69.113.141:42974/i id: auto-05510a522fa4b651488e4a3fb733643edd1f507414d579d1dd01e422634bbac3 status: experimental description: Detects traffic or activity related to http://78.69.113.141:42974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.69.113.141:42974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.115.68.35:53119/bin.sh id: auto-a7c5aaf784b920e0a450e08a106932c4b7f10b0ae5e8a56798143b57d9bb35c2 status: experimental description: Detects traffic or activity related to http://180.115.68.35:53119/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.115.68.35:53119/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.208.35:47879/i id: auto-4b9f4f9a92a2845900c8d696efbf6fc56d929607155dc20a4752e0324aa34002 status: experimental description: Detects traffic or activity related to http://175.149.208.35:47879/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.208.35:47879/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.241.244:48940/i id: auto-36e29af531fe461ddee56eff89d4116acbbbcb94e0ccd7935aa7dbda5c7bc234 status: experimental description: Detects traffic or activity related to http://110.39.241.244:48940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.241.244:48940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.42.33.175:57369/i id: auto-d4bf5a14734bd911b916b96186a238b2c944a42f52127b42e85679f5e00457aa status: experimental description: Detects traffic or activity related to http://125.42.33.175:57369/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.42.33.175:57369/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.106.132:45292/bin.sh id: auto-dbc9132c177f27c1728b610ba26c68d71c5df3ff17ae6be5e671319d7da94553 status: experimental description: Detects traffic or activity related to http://42.233.106.132:45292/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.106.132:45292/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.241.99:38701/i id: auto-3a5ad047b85ae2db85ab3b0178c93341fd02c9da52a031f34f0050bff4bf2521 status: experimental description: Detects traffic or activity related to http://182.121.241.99:38701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.241.99:38701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.83.55:56902/i id: auto-12bbcf6217fdf38fd90b3db62db4f25fe9ee51dfc4cee83d9072a2a64c4721e5 status: experimental description: Detects traffic or activity related to http://182.126.83.55:56902/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.83.55:56902/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.66.100:58235/i id: auto-6246d87393a5be6e0140cbdb6a1c1086a911b3dd7593efc371bda5c9f916fc29 status: experimental description: Detects traffic or activity related to http://42.235.66.100:58235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.66.100:58235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.33.79:39137/bin.sh id: auto-319adcdeaf695d0016c20637c2601b3fb44b2a71f673a60f4c9da528ba3a4ba6 status: experimental description: Detects traffic or activity related to http://125.44.33.79:39137/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.33.79:39137/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7044575709/BM3TfTV.exe id: auto-f428653564f65f7ff15123fbf436e34e6d1013c43619af9402f4ffe9edaa9e0e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7044575709/BM3TfTV.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7044575709/BM3TfTV.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.208.35:47879/bin.sh id: auto-cd26944f92967c884f6cd9cded965f2385c8f8c3f3f851e36cd2e3ed83a1e166 status: experimental description: Detects traffic or activity related to http://175.149.208.35:47879/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.208.35:47879/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/x id: auto-d7c65b37decf5504165444ea136c757d8f786b80880e965a00ef8785147b7a8c status: experimental description: Detects traffic or activity related to http://87.121.84.44/x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/x*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/x id: auto-f76d6cc66b0b384f8f8f8c57c7ffc64a4f74f425e64f6c3139fa6ee27cea4aef status: experimental description: Detects traffic or activity related to http://87.121.84.181/x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/x*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.11.176:56886/bin.sh id: auto-1457f3d6c1c0cffb5602f1e38a321e6613f16d34a8231cabd419c935756ad6c0 status: experimental description: Detects traffic or activity related to http://123.11.11.176:56886/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.11.176:56886/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.armv5l id: auto-24e55c41e67245d2559670d2e10ebf4bda2d8b501acc3d73f0f3b0ccf5f69b55 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.mips id: auto-3d5dd602f41479a916ef8a97ad9a76ee5ec7f886060b01f3c49b9415a451b030 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.aarch64 id: auto-ad3f58932fd139cbc98fbb88b13b42607e941c3b8f29f1d1f064db4d639b1e0c status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.armv6l id: auto-84b66575de0335b71894d4cb9b2bd134de1139626cbfc16a90d8b21cd355e282 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.83.55:56902/bin.sh id: auto-798405c62594b1f9a52c8a95fcf16715bb75f44b261b7d23c6ef675860bab597 status: experimental description: Detects traffic or activity related to http://182.126.83.55:56902/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.83.55:56902/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.armv7 id: auto-b24e48bfcb3a6fb5c40b5ab068c7cdce8ecbde560cbf4e4c909cf7e03592e9ac status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.armv7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.armv7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.armv5 id: auto-964d557e88517e1f90449219ff7fd5b9c8df3964d89644dbe90562bc49a8bbe6 status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.armv5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.armv5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.mips id: auto-1f1ad247a3bd10f59e9cb8d3902607fdc193762d255e482a95fdfd2ac850866e status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.mipsel id: auto-a2087086e5060c3384159e0c9d48727b48e1161ca18de89c417ffb33e0135ec9 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.x86_64 id: auto-f9b04d1f9fc919af153a176f2382ee15ccf3146353cd3ae52dbd1d072463fc4b status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.armv4l id: auto-63d425b4241392e19f5949987132eb554f6282735bb9cd1389ee571d5cabb599 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.sh4 id: auto-c25c74a81a236d2aeeb9e5d7a313d886ade3a3118bb2b7fc050201c6e7330763 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.m68k id: auto-79180201b04cad30825a1c20adaa010b9fe5aa80be4b8dbd931c8c43e313b598 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.arc id: auto-1953cbed860a282fe0d5434e766c0c33282210b7556e7b6673a376a260ab7fba status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.powerpc id: auto-0bed0205bc3d87fae16838e8dce418ae5298dcee3317ad8775979940604e7551 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.i486 id: auto-9d51d0f7613db49a9ea8d9d92ab26afb90a687b4a4bf6aeea874fd728c625a67 status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.armv7b id: auto-c8d03b38a28a3d8fbfc01cff20666a111448c052317828909371eb5c9d08d074 status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.armv7b which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.armv7b*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.x86 id: auto-70dca5ccbbc2c9605ecf02d920f7752245fbd7c6a07822d96290dd3795883f0a status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.x86_64 id: auto-5000f11c222fcbad4f6d2df6f5c9add5d55ce4a7c3828a754be6f31516b233c0 status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.aarch64 id: auto-825a46cf7ead8a4b2dd9cccb881cc74c773f5e427bdf9ddd6b1646ccd67974e2 status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.sparc id: auto-498eb4d4ad2345d4be6a28018db3dc9e147989b250982a8874432a535dd44e4b status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/cat.sh id: auto-5cb48e805b11966dd4239e13884e2d3a370b4f68817060c51ec7ea375482bedc status: experimental description: Detects traffic or activity related to http://87.121.84.11/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.mipsel id: auto-2e1f4655d4ed91bb0885891eb0a49e8c71f929acb9055080980e0e52ad0f805c status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.mipsrl id: auto-d2b70b953e5660adee1f2167718d67c519ef5589df0ab5b8401bda01ef08e006 status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.mipsrl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.mipsrl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.181/catgirl.armv6 id: auto-61bdf16fe5182ce79dc00ba2d059b3077001ac7f288f9042e93505660f7f539d status: experimental description: Detects traffic or activity related to http://87.121.84.181/catgirl.armv6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.181/catgirl.armv6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.11/iran.armv7l id: auto-b6378f661338ba81d6cf70d5825ea9055e4ef91861d75ed17fdd4ea7501e1a7f status: experimental description: Detects traffic or activity related to http://87.121.84.11/iran.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.11/iran.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.x86 id: auto-7e968109c9877ff1f74188617e14b37ba0b09b01815073dbd50a01af58fea250 status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.armv6 id: auto-77f947d3a4ace9daa5d2bec423a5b05b6b04f0fde6365a92264359cd9ab35d2e status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.armv6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.armv6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.armv7b id: auto-f65921478248fc08d66531d878568b4d30e10d575f85198f46a1796212a5f9aa status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.armv7b which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.armv7b*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.armv7 id: auto-03772802ac5d5a52685280eefe5efd26c1a7150e81f7dd802842ea5ee3c3b044 status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.armv7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.armv7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.aarch64 id: auto-f5f23d73532849387ef2c116078ee045fc5d7fa06b959d87395c83ddc2dca29d status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.mips id: auto-4efc3713dd58c5e050112eeb78024d42427ab80acb8256dfd741dd189cc457cb status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.x86_64 id: auto-bfe7db1c400cd0d180e558a11d53ab84f56b98d905bf9481ea39de36264f1eed status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.mipsel id: auto-286f3c474c6a36f44d6f18399ff2857a6f248ea2cd532281000fc4377ea16f9c status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.armv5 id: auto-78395c45d5a59c2f3faea12a2e2ec9219d7aefb00ac91a8864908313398281e2 status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.armv5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.armv5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.44/catgirl.mipsrl id: auto-6ef853648ec0452a3985d306bcb1d18b743d27380fb2241391c1cb20ba7bd0b0 status: experimental description: Detects traffic or activity related to http://87.121.84.44/catgirl.mipsrl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.44/catgirl.mipsrl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:44700/i id: auto-25ce6a4a9cc007b851639b30c5935078137b2912d6ffdc1cc386eb80b3a15dfe status: experimental description: Detects traffic or activity related to http://110.36.15.184:44700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:44700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.104.225:41917/i id: auto-d9faeada8ada92967c14cb05f71d1695c68a69d97907a2e7847e8415a8a8fe00 status: experimental description: Detects traffic or activity related to http://42.233.104.225:41917/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.104.225:41917/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.181.84:57692/i id: auto-27396cce040267a5cac11ca425770d8624c57cf5c5e28066a802f31027ced5c3 status: experimental description: Detects traffic or activity related to http://182.126.181.84:57692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.181.84:57692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.83.85:47579/bin.sh id: auto-be7d9cb6940ab7fd75af8ebb38be0b91d442b1c37d7341fd376df386af270604 status: experimental description: Detects traffic or activity related to http://61.53.83.85:47579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.83.85:47579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.62.164:32917/i id: auto-8c3dd7e3ab417733d7a410f704dc29d66b4ea9d6aff7d656d5b58f6cee22b705 status: experimental description: Detects traffic or activity related to http://27.202.62.164:32917/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.62.164:32917/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.87.57:38564/i id: auto-17679bf5f01b810a88bee1e4a876c5badee92732ce5133b9ce03397e2e3c8a2a status: experimental description: Detects traffic or activity related to http://175.165.87.57:38564/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.87.57:38564/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:44700/bin.sh id: auto-1e285df807c662d343e4a61b2bc6b495be8709a00cf4bf6ee43be674b16317ad status: experimental description: Detects traffic or activity related to http://110.36.15.184:44700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:44700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.181.84:57692/bin.sh id: auto-e90891597b44199250868de800470711747cb9a8ba4d8a33c7af1ea4a0ae1da0 status: experimental description: Detects traffic or activity related to http://182.126.181.84:57692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.181.84:57692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/yBs5ig1.exe id: auto-940191be6926fa5b68ac8fb4bc439db626c9b5491e85ea07137d619791eb25f6 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/yBs5ig1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/yBs5ig1.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.62.164:32917/bin.sh id: auto-563083262dd5068b45a73d1dfe140070f9acc6dcdbdd37b8531dd606b4d06cac status: experimental description: Detects traffic or activity related to http://27.202.62.164:32917/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.62.164:32917/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.7.92:58743/i id: auto-4c8073dd67d459c997c5ac4eb28640d57a57360810aec684aab98783f6831774 status: experimental description: Detects traffic or activity related to http://125.41.7.92:58743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.7.92:58743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.80.159:48145/bin.sh id: auto-bc5a5eb7dbbd8c8352afbb10b408a4c6a8b824a52b0bedb96b684049d5410f0e status: experimental description: Detects traffic or activity related to http://125.43.80.159:48145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.80.159:48145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.118.50:33818/bin.sh id: auto-fc0d64c9eff6f706b0e7ff7e5fc4a6ebcefe21ca1529a6045b9cc433f1698246 status: experimental description: Detects traffic or activity related to http://123.9.118.50:33818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.118.50:33818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.197.243:33875/i id: auto-e3c5aea7c13e472b5f9396ae40d32a288d7e78e420bd0ee32a4ff5972eca548a status: experimental description: Detects traffic or activity related to http://182.119.197.243:33875/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.197.243:33875/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.83.85:47579/i id: auto-9eff7fc19b9e0954f458558e5fd96fd1af6bac3cb89f860add4ac5df3e4e3975 status: experimental description: Detects traffic or activity related to http://61.53.83.85:47579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.83.85:47579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.11.62:37402/i id: auto-0711bf7b966a125e448e9d8dc26e73e693ab52d4b65d4bff30fbf84240e17286 status: experimental description: Detects traffic or activity related to http://123.11.11.62:37402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.11.62:37402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.188.22:48744/i id: auto-400853db3f1531a3439d1d94a4108c0bc967804e0a4c50267134db86c66c9ddd status: experimental description: Detects traffic or activity related to http://219.157.188.22:48744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.188.22:48744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.7.92:58743/bin.sh id: auto-540d856ec02671cbe01b6d20070793c958d84f4a19d5b7ce3dc895e35246bba5 status: experimental description: Detects traffic or activity related to http://125.41.7.92:58743/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.7.92:58743/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.197.102:52275/bin.sh id: auto-2ddde4afce1cbd69e3a6a3a97201db6db64fdda2bc66c7a20559c2d50b19e415 status: experimental description: Detects traffic or activity related to http://222.140.197.102:52275/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.197.102:52275/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.154.35.154/x86_64.uhavenobotsxddd id: auto-9adf6e41042ea13960474acb68ffaa3b7587105175e50110ae50034e067b0f8f status: experimental description: Detects traffic or activity related to http://94.154.35.154/x86_64.uhavenobotsxddd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.154.35.154/x86_64.uhavenobotsxddd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.154.35.154/x86_32.uhavenobotsxddd id: auto-814e1bbca726918b8fe4df61cebd5d5d38a3e9ac4d9fb71f6f6ddd0eb69c97a1 status: experimental description: Detects traffic or activity related to http://94.154.35.154/x86_32.uhavenobotsxddd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.154.35.154/x86_32.uhavenobotsxddd*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.172.122:41776/i id: auto-9ed88b27021922d50006df4a632c73d8b9fc0fa8c36b1e62c953b4eaa8d6f8f2 status: experimental description: Detects traffic or activity related to http://221.13.172.122:41776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.172.122:41776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.81.29:33334/i id: auto-c2e6a7f3462b76fe815e964e657d2d988c8c044d9ac10dec825daf927b951eb8 status: experimental description: Detects traffic or activity related to http://219.155.81.29:33334/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.81.29:33334/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.156.255:44403/i id: auto-f188ad69a4af6ad3d9e52da4541d6fce4df6850e2606a2c2d5c03a9094924001 status: experimental description: Detects traffic or activity related to http://123.5.156.255:44403/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.156.255:44403/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.31.207:38076/i id: auto-91cdf85e9eec62a8664fcce70c9c380dfa821d3a72f42d99e0be7f0c086789d6 status: experimental description: Detects traffic or activity related to http://123.13.31.207:38076/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.31.207:38076/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.51.95:49411/i id: auto-1f0f84e971431ace4a94ef1c97ab25f6c2c1b36e97af7ae284475fcaf229d7b4 status: experimental description: Detects traffic or activity related to http://123.8.51.95:49411/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.51.95:49411/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.51.95:49411/bin.sh id: auto-00c95edcebf25fa418b34e403c7496f34cbcd42c1716dc59afe754432c3db5c0 status: experimental description: Detects traffic or activity related to http://123.8.51.95:49411/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.51.95:49411/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.37.146:49542/bin.sh id: auto-fed2041e978c22e4d30e69a6a4e3d30d077e4748fee7de9feb5fee3a0083b1ab status: experimental description: Detects traffic or activity related to http://42.235.37.146:49542/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.37.146:49542/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.1.52:42751/i id: auto-54da0b216f4b4dd40955ff131ae2de7989008775f1fa96491fa48b75f224bd77 status: experimental description: Detects traffic or activity related to http://123.8.1.52:42751/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.1.52:42751/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.31.207:38076/bin.sh id: auto-96bdaa80e420413c7f8781d00371548d5248ba1638fa7e11c69fa3de5c2303f5 status: experimental description: Detects traffic or activity related to http://123.13.31.207:38076/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.31.207:38076/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.14.247:35108/i id: auto-1d28fc927374ffb6f04e0cd8ed4c87b53cfd2f1a5199a570394de4953f8e9b68 status: experimental description: Detects traffic or activity related to http://221.15.14.247:35108/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.14.247:35108/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.144.205:56309/i id: auto-ff699a62d99017b2f78e5ab54a52d1c2e8a67030439fbc152152aff3bd7cf599 status: experimental description: Detects traffic or activity related to http://115.48.144.205:56309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.144.205:56309/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.102.27:57777/i id: auto-b84d0f7fae819666ce6afc7731decd41b9b14be12aea1874832af72f7636a90f status: experimental description: Detects traffic or activity related to http://42.85.102.27:57777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.102.27:57777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.43.71:59423/i id: auto-c9e00b3ed9c45077138ada5fd19f7520b5efc7637d49936d30ca0a49917d08e7 status: experimental description: Detects traffic or activity related to http://115.55.43.71:59423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.43.71:59423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.9.51:49002/i id: auto-41f537e544a8a10cd5b475a0b21f9f9042b5019672342962f130c1b5fc3855b4 status: experimental description: Detects traffic or activity related to http://182.117.9.51:49002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.9.51:49002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.14.247:35108/bin.sh id: auto-98a2b3817a4dc3b9512215cb2a1f8137e6f74e192725549210c8aa55d6f7ca55 status: experimental description: Detects traffic or activity related to http://221.15.14.247:35108/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.14.247:35108/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.144.205:56309/bin.sh id: auto-067b89818413185d1105d048750effc75f93a08f858e77585ffe7e39fb5e0623 status: experimental description: Detects traffic or activity related to http://115.48.144.205:56309/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.144.205:56309/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.133.187:48589/i id: auto-c310f53ecee71ef0c1b7e75da96dc02b019ebfbedda42d7c0ab2f5e3569107a1 status: experimental description: Detects traffic or activity related to http://182.127.133.187:48589/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.133.187:48589/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.231.122:49164/i id: auto-01b0922ae8a43df6c4342f871f6aa4dace846b64a6922df1fc5c0f7183c74bb8 status: experimental description: Detects traffic or activity related to http://42.225.231.122:49164/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.231.122:49164/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.32.246:56382/bin.sh id: auto-de22b96417d83296f2118ea4fdd4d9362cb1060595e3a32f93c8ca9eca0dd7ed status: experimental description: Detects traffic or activity related to http://123.4.32.246:56382/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.32.246:56382/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/Ed02HQQ.exe id: auto-7a9f3cc576aa996e346aa8c3e564ae687ab9718eeff9abfa02c066425e48674c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/Ed02HQQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/Ed02HQQ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.225.61:51419/bin.sh id: auto-55dcfd47a211b46c7b4d5819575b8f4ce4ed56ee0e5880f84ee433ad6721aa86 status: experimental description: Detects traffic or activity related to http://182.119.225.61:51419/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.225.61:51419/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.107.23/vz.exe id: auto-0db41ddffb139fe409a84472dbdce2aaeb77706a2d37fc4c646568c20f44efab status: experimental description: Detects traffic or activity related to http://196.251.107.23/vz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.107.23/vz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.9.51:49002/bin.sh id: auto-230f1cf4b91e831d4702eb408559022a1177c6c00c01bc714f93d5fba0687afa status: experimental description: Detects traffic or activity related to http://182.117.9.51:49002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.9.51:49002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.176:60544/i id: auto-5be27c2c0f47908ec536baeb7e69103be212ddfcf134d91ce6b2fd40ae8b9655 status: experimental description: Detects traffic or activity related to http://110.36.15.176:60544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.176:60544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/unique1/random.exe id: auto-6391aba0e42ba75458c3680c6daa50603758743ef84208c66825336ed594ea79 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/unique1/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/unique1/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.114.18/nigga.sh id: auto-67b429e45dc690aad8de3adaddb1de0462d4503b88d1c638c39b6a88a4d30056 status: experimental description: Detects traffic or activity related to http://94.156.114.18/nigga.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.114.18/nigga.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.114.18/goon.sh id: auto-fdf1e7bbb90e005873d388a79f996a810c655753f8b50216243ec523d5e27170 status: experimental description: Detects traffic or activity related to http://94.156.114.18/goon.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.114.18/goon.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.132.221:49295/i id: auto-4ea3fd5132eb06a58ad55b97711793960be834a7150d9628a8f68b3b8d9f51f3 status: experimental description: Detects traffic or activity related to http://61.53.132.221:49295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.132.221:49295/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.0.6:35741/i id: auto-1058aac5470fccc8edece0f1f4490875cff47ace135935fae6198fbb94f6fff2 status: experimental description: Detects traffic or activity related to http://180.191.0.6:35741/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.0.6:35741/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomai686 id: auto-eb678d1827b0a20844afb9ad47645217f6bf72f7c0634da9ef749c121f51eea5 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomai686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomai686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.231.122:49164/bin.sh id: auto-11dff71c756a88dd9a5eb534d72c7a1465a5b72b58d9b938a6f5bfa292875a1f status: experimental description: Detects traffic or activity related to http://42.225.231.122:49164/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.231.122:49164/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomam68k id: auto-016409926d035aecea8b3012106a3482758763957c522f7c88cc4d231f0e715c status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomam68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomam68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomaarm6 id: auto-4d92298e00cb281c7f19528a63f6b129078fcf42593db9a7ac71d01feee327e1 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomaarm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomaarm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomaaarch64 id: auto-b7987463bdc5df311c883023be68d599994594f409e8519ce5973bdf977813d1 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomaaarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomaaarch64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomaarm id: auto-d9490e971ea6592255a98c32be4cc24c815260c34c6e7209383850be0a980ac5 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomaarm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomaarm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/1.sh id: auto-dff34cb7c6b339b63724e5d74ed74141f3fe6d50f9d5195280831ffcfab2055b status: experimental description: Detects traffic or activity related to http://45.92.29.74/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomai486 id: auto-15507f5667c79a692465c6b81afd1e9373850e1b9631897ce5e6422207631818 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomai486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomai486*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomaarm5 id: auto-786cb658969e98cb35af0286ac9027142873f5252ca08e853e545f33514be451 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomaarm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomaarm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomamips id: auto-9687ee32690da9e2af27cfa25b60261e40e2b48bdd7fb5fa1709210691037f3f status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomamips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomamips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/x86 id: auto-f067c7262b1ec011cba14fa512c2b6cd8932992867eb45b8649b0420d3604e48 status: experimental description: Detects traffic or activity related to http://45.92.29.74/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomaarm7 id: auto-57292091f9b48bcc5160a6860cd74883fd4a8bac532b7fb06d15ddc200179154 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomaarm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomaarm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomamipsel id: auto-3232888c6dc9b1c3cabccd3e3b6f224a71b9eb174b0fffccd85950267918e5b6 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomamipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomamipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.92.29.74/colomappc id: auto-f0d5091f6ba03660458217c4332d2738a1ea5e40f655ca6d0e5d3bef6de87cc1 status: experimental description: Detects traffic or activity related to http://45.92.29.74/colomappc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.92.29.74/colomappc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.154.218:60702/bin.sh id: auto-62661b69e1c5ec3664ff38471bad79532fabcb1ffa8a34a4504bef3f150a44a8 status: experimental description: Detects traffic or activity related to http://115.58.154.218:60702/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.154.218:60702/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/1.sh id: auto-c8c0011b26d0677f75d707d71705f076c383f0a2770ab3d337ebe3e763ceabd3 status: experimental description: Detects traffic or activity related to http://51.38.196.153/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.52.80:53297/i id: auto-e9a40823d5d3083b411b4174b76f78e694812a006500d300ab1dcb84c079c5c0 status: experimental description: Detects traffic or activity related to http://116.140.52.80:53297/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.52.80:53297/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.arm id: auto-b5c2534eec0d83325fd2433a8fd61b662d1ee10f0261a3f977a833630eb9541b status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.arm5n id: auto-a8be33e32577befce040f2cfa74877e033117a6fcd5b3adffcbc8d89b48c9078 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.arm5n*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.arm6 id: auto-da4ab05a9bf7937095437c6ab25de6b9824dbc610e6eeb4a7e5a5f3646d0b618 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.arm6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.arm5 id: auto-3f070dc320731956500140d06a9c9e59cf83222c705bdd7f84d8bcc6af4512d1 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.arm5*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.mpsl id: auto-787e78a89766846e83ccec7d072d73227dd7f50890d57deb18fd022b2111d163 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.m68k id: auto-c29824d3dae1f6a0251f0c7af04d41c9bfd7daf0fb2bb77b38898a96ac6c5a45 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.sh4 id: auto-681b536453a22bafa38a9eb28d9aa17253623323b1cb42df49c1bb3c179f5e22 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.arm id: auto-64f14a0faab5c783d974971da480478b242642c604ccda80bc35954d145e3f08 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.ppc id: auto-618f2a751abeb73b35bd8c4f5d7f162d15d87f3362f1954f45d25d9ec748725d status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.spc id: auto-0dfaa08630337c3f92306ae8f94f225485ee8ec76ccde3f3943b58bd7dc9a9ae status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.x86 id: auto-a9284af1a8b27349cec3e364b00eb765a6854044ffaf5516cab02369505030fd status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.sh4 id: auto-bcfe87dde6c68eae45872f9d953e37343ecccbc0d7805c140cd77c4fd9e9054d status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.arm7 id: auto-66b0798ed9a3c9d429f85f9827f279c10604a39075e220a1009850aad45a508a status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.arm id: auto-0dcbf0f7d93d892e4029091b87ca6b97e61b612c1522b12eac14ac7883b36f35 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.arm*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.spc id: auto-c0020d7dee572487b3f69b7a1a0de88e7a9f62798917bb2a87fe1ff56348e3f7 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.x86 id: auto-90bdeab7d7f4599a993ab3dbf7cec50ff2e26c66f5180522a717d56d26934ca2 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.mips id: auto-e13dabe693a0dc9c7d682f05444f4e4c0b6f0675569353f8220fe494e5f334c1 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.sh4 id: auto-efe1650ec9391f94d72aa9b2ca0331eb3eefe9c50cec01ff0074d7e0dfb837a2 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.mpsl id: auto-94d05c222cad70f05bb6aaf36b8a0689ce7b178172799274f0123962eecbbce4 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.mpsl id: auto-3f3082e92474d369d344ef55770f1dcfa1d9ad11d995eb4e3162b57152796113 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.mpsl*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.arm7 id: auto-393b462ea27e692b66474c3ce04f018f3092d747853601933f3d21f99b62a2bb status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.ppc id: auto-7ed43b86138129771b6c407660feff31c9bc4c17e2f36c28066d4136da36abf0 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.mips id: auto-aaad1daff515aecd3f078f77ad60413e32dac5b267bbe53e9a353514b03aa8ae status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.ppc id: auto-a177e8ac3cdc3c3ec9821788a61e705d523b859288eff32b03c33e8dcb45d3f6 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.ppc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.arm5n id: auto-e37cb670b9db1e005769897e83e1a99c67588d958d22a6f736413d0602b0c94a status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.arm5n*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.spc id: auto-aaf19fde6542b227997055dabb185e822b838d14c9c3b1e92bdb04bbcd786034 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.spc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.mips id: auto-7b48562f773d5c7599b347754817842eb3bdd30a7c1293d1691b434448c851da status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/mirai.m68k id: auto-b50eafe52b94ff0a1ea8f5175876dbfdda4203daab03bd9acc95cc9832503239 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/mirai.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/mirai.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/meerkat.arm7 id: auto-56773a7c086f1d294f8d4153f2b847d29451f473c1a8ea987b855faf3d9c0f8e status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/meerkat.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/meerkat.arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.m68k id: auto-1548a3ddb190a2caa7dfd9a81be8f4180e2e588d40032093145dd50454707e79 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.93.54.226/bins/miraint.x86 id: auto-65b237c91bfba22ef2232830269384fec73e9e7e9bfb9aa0bc0f7843de9c2719 status: experimental description: Detects traffic or activity related to http://103.93.54.226/bins/miraint.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.93.54.226/bins/miraint.x86*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.45.164:41070/i id: auto-f6bfcc04f7fa8ac41e07bd9dfdb2747285dae0cd87c8a3ffe550f6d45c1847cc status: experimental description: Detects traffic or activity related to http://42.230.45.164:41070/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.45.164:41070/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.157.221:41253/i id: auto-fe0d7cee081fba150214e02f464f48ab80e9d57a3d5a31e6ff68c21e0618fc86 status: experimental description: Detects traffic or activity related to http://123.132.157.221:41253/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.157.221:41253/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/bins.sh id: auto-68a02b305718b662c55e6facca0c37963a81d6d5849de3c649a851fd2a06bb17 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/bins.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/bins.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/armv4l id: auto-49637a116a029321add134857a9b360be5098e72089b2c0aebc43e1e02ebf93a status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/armv4l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/armv5l id: auto-9f9c846cfb14d9e63981170fed348bcf12102f7a0302bb4da69f3d76dfaafcff status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/armv5l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/m68k id: auto-6ca4e9ae91769e6509c20a18b05451eafc6cef65e5adda90d58780ae8bf62a37 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/m68k*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/armv6l id: auto-819bdffa1ff23812e85212e1cc36239552583ec1460979a94354186ad108917e status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/armv6l*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/i686 id: auto-367303fe7c87dc5ec8f154b17b200702a2fadfd0d3731222ae27f5fd3c147e37 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/i686*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/arm7 id: auto-80fa01aa3d35f1f3804504448fbe76c2e61631894f1b5b28b1e062fbee87c454 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/arm7*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/powerpc id: auto-11d11aad9faa1f1c7dc2b0eb643a14f6924726b7c9f607209b183e371886aaf5 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/powerpc*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/mipsel id: auto-1c4b1a5fa9ec40925b711ff5e78ab9aac7f0b14c6aa5c3e27eeca38549cb2a31 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/mipsel*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/sh4 id: auto-e648a7647e6f7bb85cc6869c0ff954e4aa3826dbe9b8227a0be374daef2dbba5 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/sh4*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/x86_64 id: auto-68f9a0f4e3bf3e89219b3769304ca9b04797a705de9a019d77a61ec8516a4b40 status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/x86_64*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.64.210.74/bins/mips id: auto-d9e50fdb3752e8c3191a5f59871149e5e13eb7680cadcb5073c218ad814924af status: experimental description: Detects traffic or activity related to http://212.64.210.74/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.64.210.74/bins/mips*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.151.75.192:58644/.i id: auto-d6b21d0cb439a6973b8dc7a146865a93ed46d6c3719852dcd579ce658fb621a9 status: experimental description: Detects traffic or activity related to http://223.151.75.192:58644/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.151.75.192:58644/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.247.88.96:56131/i id: auto-1a934d16195960845e1c918916eee5b5ce7d9cb2724c24645071ad6c6c82a921 status: experimental description: Detects traffic or activity related to http://77.247.88.96:56131/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.247.88.96:56131/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.132.221:49295/bin.sh id: auto-3309bb68647e0881344251546e718a6d930a0fba010ace38e338fefa6bc3b6f1 status: experimental description: Detects traffic or activity related to http://61.53.132.221:49295/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.132.221:49295/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.126.25.11/02.08.2022.exe id: auto-9a513f2d069db18fa3fc3b8091229c35400de66de2d5a5c7256e6c2092056fe3 status: experimental description: Detects traffic or activity related to http://101.126.25.11/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.126.25.11/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.126.75.125/02.08.2022.exe id: auto-7bce3cbdee14cb4aa4b863174cd2961d9a7b685b377ef75e080814e286db253a status: experimental description: Detects traffic or activity related to http://101.126.75.125/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.126.75.125/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.243.95.252:8088/02.08.2022.exe id: auto-770380d57a1b9de8e382262d5ea627eb16d759bb11f4f596d1ca9fa90b6f7ae5 status: experimental description: Detects traffic or activity related to http://151.243.95.252:8088/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.243.95.252:8088/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.94.235.58/02.08.2022.exe id: auto-efab1b36301e380258acfa2e36bfec0b270fe3c2829461d374a00640a3376434 status: experimental description: Detects traffic or activity related to http://154.94.235.58/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.94.235.58/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.12.85.86/02.08.2022.exe id: auto-bd377ada83d75abaec5e590df542ebae0b61a2224b667ee5631ca35705a644a9 status: experimental description: Detects traffic or activity related to http://198.12.85.86/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.12.85.86/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.109.61.156:5678/02.08.2022.exe id: auto-96436b85893bcafe8ee280fd14d0dc774be08d00b0034dfbc6fdd96f106c96a2 status: experimental description: Detects traffic or activity related to http://47.109.61.156:5678/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.109.61.156:5678/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.224.209.108:8888/02.08.2022.exe id: auto-90204f5b1603e3dd4be58991f90c32b068b9b478ed1e71adcdcda44af9c2b23b status: experimental description: Detects traffic or activity related to http://139.224.209.108:8888/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.224.209.108:8888/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.183.103.136:1099/i id: auto-eb3dcd97b3654aa94c9c592ac1e024d946ad00252bd357977683000db8ac1d91 status: experimental description: Detects traffic or activity related to http://2.183.103.136:1099/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.183.103.136:1099/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.187.64.0:8081/sshd id: auto-ecafe067b943b8784477d9e1dedc689071af4a87f8ef238f79c50e5639752550 status: experimental description: Detects traffic or activity related to http://113.187.64.0:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.187.64.0:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.237.233.138:60410/i id: auto-c5d6360f484cb83b9affc785de1c3bbe1a8ded8c94fef3d4402dc91b4c6c5df6 status: experimental description: Detects traffic or activity related to http://5.237.233.138:60410/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.237.233.138:60410/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.117.20.175:1201/i id: auto-50f4958809b8696c73d9a680a9566af7adb5dbe10a122b85ae6d9b43cb0f9d26 status: experimental description: Detects traffic or activity related to http://93.117.20.175:1201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.117.20.175:1201/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.172.139.91:8080/sshd id: auto-9359bc95d1ed3684cab442d7fa5a102797f19e59268fd19edd21c5b3e0fccbec status: experimental description: Detects traffic or activity related to http://152.172.139.91:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.172.139.91:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.30.156.8:8083/sshd id: auto-162917d3715c8b0ce540088935d55504b6df4ac4b7e67d21db9dbc7ead6526d5 status: experimental description: Detects traffic or activity related to http://188.30.156.8:8083/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.30.156.8:8083/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.196.103:2000/sshd id: auto-f0a4e2eb63103601d607fb9362077acb6f0493125ad9eed71cc358fcdb5809bb status: experimental description: Detects traffic or activity related to http://117.242.196.103:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.196.103:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.103.55.206:34969/i id: auto-8ce8e6aaebbb04e9095f67966c55c5760d98cf0d673c5cc481116fafd987aeb5 status: experimental description: Detects traffic or activity related to http://79.103.55.206:34969/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.103.55.206:34969/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.49.185.11:50005/sshd id: auto-31680d26aaff68fa21f8d513351ebb83452ad65d1c6f32e4f225149032884664 status: experimental description: Detects traffic or activity related to http://180.49.185.11:50005/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.49.185.11:50005/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.146.123.111:8143/i id: auto-f273fc7c38b858b3c4a1732093d9f2dabd385757e73d6f50fa98dc709f2397a4 status: experimental description: Detects traffic or activity related to http://121.146.123.111:8143/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.146.123.111:8143/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.228.191.162:27199/i id: auto-0692d9bde12f9f23ff6e4b852ca6b1c1f1fa18efc48ec3484a8c0fbe217b45b7 status: experimental description: Detects traffic or activity related to http://114.228.191.162:27199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.228.191.162:27199/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.185.244.136:8000/sshd id: auto-31bae26f8137a11807cf0ca32e900d96ec0d3c3bd38a8ad8e4e1610ed23fa750 status: experimental description: Detects traffic or activity related to http://183.185.244.136:8000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.185.244.136:8000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.131.200.170:1794/i id: auto-f225af50a78f7fe1e1a5a80ce703b3c14b48e12a295895f1da62a3016c8529e7 status: experimental description: Detects traffic or activity related to http://37.131.200.170:1794/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.131.200.170:1794/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.246.43.84:31908/i id: auto-6f61f1279318a9d80b8ecae57b9cef79846485f7097af51a198e8994e998032f status: experimental description: Detects traffic or activity related to http://222.246.43.84:31908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.246.43.84:31908/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.78.234.227:45174/i id: auto-968c11288fb97ea1e683c423613cabf93ac83cf3821a469ebdc0452da0de2021 status: experimental description: Detects traffic or activity related to http://115.78.234.227:45174/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.78.234.227:45174/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.171.103/sshd id: auto-372019207dceb7c7bcde3d1ad836b4104e5eb0b8611deddd59ddaaec7ff85cda status: experimental description: Detects traffic or activity related to http://91.80.171.103/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.171.103/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.115.143.75:19766/i id: auto-3c8ea282079a5e8725a9b172b72af51fde0d9e11f7ffc942109d013d7f0e5bbe status: experimental description: Detects traffic or activity related to http://58.115.143.75:19766/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.115.143.75:19766/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.195.26.115:46295/i id: auto-63c24b5f402d9cb12cf97f2a40ae4ac542bb799f3ca1e5b3ab6a25bfafb3ba5e status: experimental description: Detects traffic or activity related to http://175.195.26.115:46295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.195.26.115:46295/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.134.8.43:93/sshd id: auto-ec0afe293177aca95fd8346a4244a7ff22e52f228d570f8e48dbe1f6e8919188 status: experimental description: Detects traffic or activity related to http://188.134.8.43:93/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.134.8.43:93/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.249.107.216:1668/i id: auto-c89e9fefcb4dcea7928940cba75be62d2724136d14dd8d1df124abb0be361c78 status: experimental description: Detects traffic or activity related to http://14.249.107.216:1668/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.249.107.216:1668/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.189.243.7:8080/sshd id: auto-94a93d5901552d962c4a6cb356872c321b4dfe9c46f1c897667b04686b447b7b status: experimental description: Detects traffic or activity related to http://77.189.243.7:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.189.243.7:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.136.145.238:8214/sshd id: auto-097a27df5a876c3adc545a5a3c930ba9469fa46a9e172a4dbe286bebdc767864 status: experimental description: Detects traffic or activity related to http://2.136.145.238:8214/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.136.145.238:8214/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.168.247/sshd id: auto-d8774a9741207eeeb8613fa8298b69204774d081e44b0a0469559be8ec0e1cc1 status: experimental description: Detects traffic or activity related to http://83.224.168.247/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.168.247/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.151.191.123:60030/sshd id: auto-385279ed0b0bb105ce29b48c9429926cc67640afa7b114733369885d92e6e86c status: experimental description: Detects traffic or activity related to http://81.151.191.123:60030/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.151.191.123:60030/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.113.55.176:59974/i id: auto-a7a1fe79f0ad3f585a8296084f5cbc284abf9374ed7ad4d471738a4f4f31779c status: experimental description: Detects traffic or activity related to http://118.113.55.176:59974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.113.55.176:59974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.241.244:48940/bin.sh id: auto-c4f1b482da9f64e0be4787999b9b7f00df9d8ad08318dbbf3994690541a8dff7 status: experimental description: Detects traffic or activity related to http://110.39.241.244:48940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.241.244:48940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.45.164:41070/bin.sh id: auto-ecb67b294e6febad83f27dade4085f782772c94df5a76bd33ae6a9b959382078 status: experimental description: Detects traffic or activity related to http://42.230.45.164:41070/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.45.164:41070/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.35.4:52700/i id: auto-bc21646c0182f988877403702d548d7950bec8700b9b887659808ec4b9657400 status: experimental description: Detects traffic or activity related to http://115.50.35.4:52700/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.35.4:52700/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.212.26:43065/i id: auto-fcb35461a5200d4655c26af3bb28c67e00e3e59b6a8ef993e226d3b50bd6c8a0 status: experimental description: Detects traffic or activity related to http://115.50.212.26:43065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.212.26:43065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.140.52.80:53297/bin.sh id: auto-68c72360a45f67caf03861493ed2e01fc811e9e37593c963b290f93453476818 status: experimental description: Detects traffic or activity related to http://116.140.52.80:53297/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.140.52.80:53297/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.247.88.96:56131/bin.sh id: auto-6f1f487501ba20c2374fb658b6e783f09ee43f33d0a330b735df1d55d3608eef status: experimental description: Detects traffic or activity related to http://77.247.88.96:56131/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.247.88.96:56131/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:55173/i id: auto-1e0e485fcf3fbe26d01766ca84e7558f83d1f5964d2d92cc41bbc84fd612283f status: experimental description: Detects traffic or activity related to http://95.6.41.155:55173/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:55173/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.23.203:43521/i id: auto-471208465b99cccc572e20e5470c1eca0781b1eb6ad8f748621f90109a073976 status: experimental description: Detects traffic or activity related to http://222.136.23.203:43521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.23.203:43521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.103.76:41972/i id: auto-713116dd32228341a5e797afc5ad86578b6ec3394de1dd26505da220ebb122db status: experimental description: Detects traffic or activity related to http://219.156.103.76:41972/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.103.76:41972/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.35.4:52700/bin.sh id: auto-a7af8d383fb4a1e5704a66e578376e275b2394b4eb6d787beb29ca8d1eec8a5b status: experimental description: Detects traffic or activity related to http://115.50.35.4:52700/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.35.4:52700/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.113.55.176:59974/bin.sh id: auto-efc17a90ed89f2148f165bc9e5a32cf3935bfda58f16c840ee815fa4f57fe37a status: experimental description: Detects traffic or activity related to http://118.113.55.176:59974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.113.55.176:59974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7103746036/R0htEaS.exe id: auto-4ad4253b81f4e4faa3649b4a08a3479b51722891d4b0675735ecf7c4374c0d62 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7103746036/R0htEaS.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7103746036/R0htEaS.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.230.204:53058/i id: auto-8656971dc10e3efd8c8c9f479c0d4c78dd03d4347ae0a0c71cd8c642e7ba5aa6 status: experimental description: Detects traffic or activity related to http://115.49.230.204:53058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.230.204:53058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.203.229:58279/i id: auto-01dc5be26968909783da84f9468020a5a98659fa92cd91325c55b6a5dc05a597 status: experimental description: Detects traffic or activity related to http://117.242.203.229:58279/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.203.229:58279/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.120.182:40541/i id: auto-b4507ad297c2c34a3a1e0e35dba9409d9ea782efce287643620ef5e7a17f3bc5 status: experimental description: Detects traffic or activity related to http://110.37.120.182:40541/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.120.182:40541/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.233.147:39417/bin.sh id: auto-7ac4656e221b62c3bbc893793574227173eab58715177e4a602a51d9e0926290 status: experimental description: Detects traffic or activity related to http://42.234.233.147:39417/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.233.147:39417/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.221.32:35214/bin.sh id: auto-2cfa1596dd636466fa1a7318df6b34a91125134f6a37af45146f73ad2df9d6ba status: experimental description: Detects traffic or activity related to http://120.28.221.32:35214/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.221.32:35214/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.23.203:43521/bin.sh id: auto-4273fcc4c33d5db96b9cdfb5bd7e3ef7757104998069d646ab570336947e4952 status: experimental description: Detects traffic or activity related to http://222.136.23.203:43521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.23.203:43521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.153.138:38773/i id: auto-6fd49edc407302a0deaf5094aad28651b4ac7c231f211dada4880f2a3147c205 status: experimental description: Detects traffic or activity related to http://42.239.153.138:38773/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.153.138:38773/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.x86_32 id: auto-7a996389d48da839e37d3d75c457f4da4cc2d4c91b90ff6daa808611e4f48611 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.mipsl id: auto-a1919999cf10fb4cf95355f01e4b77e9fa98b2f8949f05805debfcc7019b5ad4 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.spc id: auto-7a3953586fc8d35315c48fdbadc44bc154943eddb8b06719503cbf48aaa24a11 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.mips id: auto-6d8e4d332d10f2264efadf5ca90c0bed5cfca2f3ff7835df8e90fb3a17ed8796 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.x86_64 id: auto-33b5ad7a88caa7921f4f26351417873a3c7e1bd68dced254b14d35e64c12af24 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.sh4 id: auto-c2fa859937666cf6bec15d6900f260a53511d7412f44dee7996b2492c9dea1fa status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.arm id: auto-25cfaa5c93b74afd52a3dfbf81aca870960bb6b015377a85a14bf8f9ec1c7be4 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.i686 id: auto-c3e648669a105a57305bb4b3c4a2a5a4720820b87d51e113641db7362a84a359 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.arm7 id: auto-7313c298ac20958668829a64ddcdc609b794d73ee295a3fa547d0fe7a47a1583 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.ppc id: auto-1cfbef01384be3a5b90535b6138648dd64b831b17603da3698283e7e29e108d8 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.arm6 id: auto-6b6b6dd3b00f89b43ddca359915765306a46e189e0efe547f56d6435633bc1f2 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.ppc440 id: auto-c80e36ab209568e2807749ad69fa17b3ef453e5a3a2650388dac576ed7dfbaa5 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.i486 id: auto-03b9fddc3e5bd4cf2567e25f51c240814eb8b2258ae4fac8ef29f405776c1617 status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.251.100.85/huhu/titanjr.arc id: auto-7f2c7aa34d51999add82872edfc6ceb1b0cf5c194b77612def1b952f61abe28b status: experimental description: Detects traffic or activity related to http://196.251.100.85/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.251.100.85/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.197.215:48934/i id: auto-ea5a85a8fe5e2d66454470d15f2989235faa1a838a2c2fb951dfff60854e0787 status: experimental description: Detects traffic or activity related to http://123.12.197.215:48934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.197.215:48934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.120.182:40541/bin.sh id: auto-e425d4fefee453db0e04aa1ed7c4f560a6e5e432b13ef390333f746cb479f6bd status: experimental description: Detects traffic or activity related to http://110.37.120.182:40541/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.120.182:40541/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.75.128:42337/i id: auto-f07963cc6f7d47dd25c580c5b8e3892fe5d3fc76666ded119072fb35f2fd5761 status: experimental description: Detects traffic or activity related to http://42.224.75.128:42337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.75.128:42337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.153.138:38773/bin.sh id: auto-7016eddaf7d5ada92ce081e54a71d34190564de9dbdb05103f040291372dc1c2 status: experimental description: Detects traffic or activity related to http://42.239.153.138:38773/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.153.138:38773/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.2.121:42932/i id: auto-1f2d6f68c4d6dd2ba9a13ff234b3281be1b787af924a78a131f451af2db85ca1 status: experimental description: Detects traffic or activity related to http://42.53.2.121:42932/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.2.121:42932/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.113.208:47205/i id: auto-bed6d37907b21939748c5a7ec3ae4351b9441f2399956b6f93675084678c8789 status: experimental description: Detects traffic or activity related to http://115.56.113.208:47205/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.113.208:47205/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.197.215:48934/bin.sh id: auto-ab3d69b8d1febf7dbbf1de8dd925b20796c831d56c9b943c4663009522caf56c status: experimental description: Detects traffic or activity related to http://123.12.197.215:48934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.197.215:48934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.159.180:58510/i id: auto-082e34b66a68059e3cef22efa0e0d799bc8a55a132553bd66e564ae90bf37eba status: experimental description: Detects traffic or activity related to http://222.140.159.180:58510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.159.180:58510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/380743829/idX6T6K.exe id: auto-5f1aef4de23b2fccfb8ef0f1dc831d9f7e90175744a2b9b0a721ae6d3c686457 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/380743829/idX6T6K.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/380743829/idX6T6K.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7453936223/5GFpJxh.exe id: auto-8440fbe0642204e5637f008e308ad86ee367d7b2c5f2d5faa86c40505592fd24 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7453936223/5GFpJxh.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7453936223/5GFpJxh.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.104.225:41917/bin.sh id: auto-5731cae060f5ea3308660ea529170dc105a965b73f3d37ea90654f7a2f02f197 status: experimental description: Detects traffic or activity related to http://42.233.104.225:41917/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.104.225:41917/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.32.198:36794/i id: auto-292af61a87fe19c0037026933a11ded39aded53486417a2c467ac91d33f09c86 status: experimental description: Detects traffic or activity related to http://125.43.32.198:36794/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.32.198:36794/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.206.221.122:54837/i id: auto-fc6bf8edb46953099f57a4b1c405a451bf22b015cc86ed8cda6a0ab39c114fa8 status: experimental description: Detects traffic or activity related to http://27.206.221.122:54837/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.206.221.122:54837/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.113.208:47205/bin.sh id: auto-5440095f7853b3d9433834065ab69cac849fe252d92930c5fc5bf51bc2e11120 status: experimental description: Detects traffic or activity related to http://115.56.113.208:47205/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.113.208:47205/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.159.180:58510/bin.sh id: auto-46480f51294eb0bba5c747051e38aa97da0aa124e3146b29429235acb5f901f3 status: experimental description: Detects traffic or activity related to http://222.140.159.180:58510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.159.180:58510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.90.165:49483/bin.sh id: auto-207668b11ef8cca9538587503b8e0cfeae2407bd04ab4b1016c9a6bb9ece40d0 status: experimental description: Detects traffic or activity related to http://220.202.90.165:49483/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.90.165:49483/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.206.221.122:54837/bin.sh id: auto-5282fe540c8b4340896ebf164ae61b7827d2c357e25ed3c5f6a3d18e3c49d7c1 status: experimental description: Detects traffic or activity related to http://27.206.221.122:54837/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.206.221.122:54837/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.99:35042/i id: auto-b5c3872895343d6dc23baeab6a8e08752cac5a4aa2f094ead670c280714f38a3 status: experimental description: Detects traffic or activity related to http://110.37.100.99:35042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.99:35042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.5.90:43936/bin.sh id: auto-34176360f2652968db62d66733686942d4fd87683a12f1601547073b521b0919 status: experimental description: Detects traffic or activity related to http://115.49.5.90:43936/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.5.90:43936/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.90.102:35859/i id: auto-26670b539bc2c05294c05ea3f1d6151705fc81c9e1d4cd6b45f9aa986ceb6b26 status: experimental description: Detects traffic or activity related to http://124.95.90.102:35859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.90.102:35859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.0.172:47732/i id: auto-c172ed2b83d140812489af1988555c526feec56d5ecadc5aa475bc5e7a0060d7 status: experimental description: Detects traffic or activity related to http://117.248.0.172:47732/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.0.172:47732/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.42.252:45960/i id: auto-be7e43f91c4172817990aa2c39e63bb0555dd3d9bffaa42776733dd6e271b6dd status: experimental description: Detects traffic or activity related to http://182.121.42.252:45960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.42.252:45960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.221.232:15628/i id: auto-21de9adb292965695daf687ebf82f17acf7501b3a4e74a030620a67f6db6cc61 status: experimental description: Detects traffic or activity related to http://221.13.221.232:15628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.221.232:15628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.217.144:36912/i id: auto-78cd0813b74f8f6563de01bcb8f07ad126f62b89f3877743d9a23d1158d39f54 status: experimental description: Detects traffic or activity related to http://27.207.217.144:36912/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.217.144:36912/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.253.111:36739/i id: auto-b01de9fc121994d304edafc5572c279bcf55eabf68c035083ec94b64fe6bca38 status: experimental description: Detects traffic or activity related to http://123.9.253.111:36739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.253.111:36739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.229.54:51570/i id: auto-b521f12d5b32d7a96feef7d549a45d5126a738de451dad7faaa0585f26f0aa81 status: experimental description: Detects traffic or activity related to http://85.12.229.54:51570/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.229.54:51570/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.99:35042/bin.sh id: auto-fbe135856c96a398a131a65f979a098d14eb63c91005c7476d156c7a10011699 status: experimental description: Detects traffic or activity related to http://110.37.100.99:35042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.99:35042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6691015685/sjWwQ01.exe id: auto-f78efbad827d4909f26df76fc339568dc0a56e8f77366525309b8d268063c20b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6691015685/sjWwQ01.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6691015685/sjWwQ01.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.217.11:43675/bin.sh id: auto-ce33f315fc030670aa7cde0ab25fc2e9ebd928f5024e318e3276c2473a52def2 status: experimental description: Detects traffic or activity related to http://110.38.217.11:43675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.217.11:43675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/1kQlGNR.exe id: auto-c8a357fc772284c4abcd78ba0fc6e1e8fcf9de937ceb6347cf8c91e016aaf2cb status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/1kQlGNR.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/1kQlGNR.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.204.147:40038/i id: auto-b5117c9c4df81e93f38af665bd7b7a0b73d24e1f193e04bafd84fd4cc305075f status: experimental description: Detects traffic or activity related to http://182.113.204.147:40038/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.204.147:40038/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.5.246:35176/i id: auto-8e6e61784f1e48f7490ba6452e7319f8588a067c3d0db54b825a37d1ff1a18c4 status: experimental description: Detects traffic or activity related to http://115.49.5.246:35176/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.5.246:35176/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.253.111:36739/bin.sh id: auto-0b55e1ca1de51099bf6ec4b2bf1bf78033695874813dcbeda947a623f8b74068 status: experimental description: Detects traffic or activity related to http://123.9.253.111:36739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.253.111:36739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.12.229.54:51570/bin.sh id: auto-3696eb46dfc0ddbada63d1fd0e2a2b7343979aa1b41e01bfab04a0b2591efb2d status: experimental description: Detects traffic or activity related to http://85.12.229.54:51570/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.12.229.54:51570/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.116.36:35153/i id: auto-c44b824890fecd90940524c252d0f7012495e3d26ec6abc3f7c17ed0aa6090e3 status: experimental description: Detects traffic or activity related to http://61.53.116.36:35153/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.116.36:35153/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.5.246:35176/bin.sh id: auto-3134a394182e1d240f8594d1e10c9dd42c0d13f805667dcd75cad7f4d821be21 status: experimental description: Detects traffic or activity related to http://115.49.5.246:35176/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.5.246:35176/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.111.11.171:11264/.i id: auto-c50fc2e351232a0df967fa205b4deba0e4a3a00f858fc8ddc0959b7150a62a91 status: experimental description: Detects traffic or activity related to http://116.111.11.171:11264/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.111.11.171:11264/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.145.109:52542/bin.sh id: auto-930fe170f17ccbfaf65786c9e891b8109f06626a88dee1d53449fb1c465b3cb9 status: experimental description: Detects traffic or activity related to http://125.43.145.109:52542/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.145.109:52542/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.152.242:55778/i id: auto-c07b2561522a824a7e4b391256216e8104ec91a9743df925468b6c19d1daefe2 status: experimental description: Detects traffic or activity related to http://182.127.152.242:55778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.152.242:55778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.81.254:50375/i id: auto-39cb4cd962ca3aab9b584d8924a0a34b5581116e624c8ab3107b8c5f54be3012 status: experimental description: Detects traffic or activity related to http://85.108.81.254:50375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.81.254:50375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.147:54595/bin.sh id: auto-743378fad7539da96e233a078af7892ec706e722de7efd5e176ce67d21fbf29b status: experimental description: Detects traffic or activity related to http://110.39.246.147:54595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.147:54595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.204.147:40038/bin.sh id: auto-348db9f88b7d6bcb3f1cb2cb219455f509b352073b145117f656bb94153898fe status: experimental description: Detects traffic or activity related to http://182.113.204.147:40038/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.204.147:40038/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5327590511/09K0YMJ.exe id: auto-67b104e41991357367a6f4cceff2cc7b2a0b9a4a2d2c63edefe0531966c01a5a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5327590511/09K0YMJ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5327590511/09K0YMJ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.116.36:35153/bin.sh id: auto-d0769ecb677b0b90cf660cb5386903127a19bb2e0d22ae439926a1a14a584754 status: experimental description: Detects traffic or activity related to http://61.53.116.36:35153/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.116.36:35153/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.152.242:55778/bin.sh id: auto-4f5ec0d617304beed9be032a0fe376d38bfa93b0e32b72cfc9670b08802bc71d status: experimental description: Detects traffic or activity related to http://182.127.152.242:55778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.152.242:55778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.108.81.254:50375/bin.sh id: auto-aca32d465799ad0abe153a8ff99d9324e8429cea3b7ac598c1fb3d344c775b7f status: experimental description: Detects traffic or activity related to http://85.108.81.254:50375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.108.81.254:50375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.6.41.155:55173/Mozi.m id: auto-edd3138b50c9d2aeaa4d2418e703020573ef5c78f5d568f478ae085a4584cc1d status: experimental description: Detects traffic or activity related to http://95.6.41.155:55173/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.6.41.155:55173/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.82.58:46127/i id: auto-d7ac7c1de5ada9ee95d08d4270c0906124eafc8e3643e85f52035e66ef92825c status: experimental description: Detects traffic or activity related to http://39.86.82.58:46127/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.82.58:46127/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.210.188:46412/i id: auto-d0ebb54ecc4b1d7477095781743f88e5369aca60d53b1efaeee7cb5fae148cb2 status: experimental description: Detects traffic or activity related to http://182.123.210.188:46412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.210.188:46412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.123.163:39826/bin.sh id: auto-e1b1a14b733db1d45cf52068cbd3f5d70c1b350de94ea88a62ff107289e70714 status: experimental description: Detects traffic or activity related to http://182.117.123.163:39826/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.123.163:39826/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.206/asdklfjasdlkfjasdklfdjasljkfdasjf/x86 id: auto-82489ea6aa81a6679d7df063a2e26e5b92e960a61da9b9f1ee3fea2c2251ed58 status: experimental description: Detects traffic or activity related to http://176.65.132.206/asdklfjasdlkfjasdklfdjasljkfdasjf/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.206/asdklfjasdlkfjasdklfdjasljkfdasjf/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.6.65:42556/i id: auto-82cb269399f96107c1d65427f7f371ea8c4138bba2522d047248f774d0421468 status: experimental description: Detects traffic or activity related to http://123.188.6.65:42556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.6.65:42556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.193.141.43:59810/i id: auto-4bfeca8a5da7e53b58948c0078efd1901552e5cc9a1a81b24e5aa04077c691ff status: experimental description: Detects traffic or activity related to http://117.193.141.43:59810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.193.141.43:59810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.164.42.134:53419/i id: auto-a0e2dfbbc23e2ef07dffcfdf0b29c92044a2b4cd036540815dc9b0ab476034a5 status: experimental description: Detects traffic or activity related to http://5.164.42.134:53419/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.164.42.134:53419/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.145.160:33153/i id: auto-1422ce2605faa0497a3cc3db66b247b232a8176ee28140b0235e3c1b24ec6003 status: experimental description: Detects traffic or activity related to http://125.40.145.160:33153/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.145.160:33153/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.106.66:36014/i id: auto-b852adbdb453d149dfd4a75e613b97e06648f663be6e60c124206d3525204b65 status: experimental description: Detects traffic or activity related to http://222.137.106.66:36014/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.106.66:36014/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.210.188:46412/bin.sh id: auto-712915b36bfad934266aaa3985c37af01741427a7c7a1f68dc4565d9c5f8841c status: experimental description: Detects traffic or activity related to http://182.123.210.188:46412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.210.188:46412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.241.19:46206/bin.sh id: auto-55d1f9c1f6ae228a842eed6698c6efb61acbe839c44f1c2bf5572b9304852da1 status: experimental description: Detects traffic or activity related to http://222.142.241.19:46206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.241.19:46206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.62.176:42738/i id: auto-ca9e4f6f7bb48b95ba7b382569bc915d1d83ead67ce01194189a46a1435dec04 status: experimental description: Detects traffic or activity related to http://221.15.62.176:42738/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.62.176:42738/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.22.219:43290/bin.sh id: auto-e24f13eddfb2ddda86b5201fa255fa4fd8de6e7ca6f662be4047bb3af9b7724d status: experimental description: Detects traffic or activity related to http://115.52.22.219:43290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.22.219:43290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.106.66:36014/bin.sh id: auto-04518d0604545403df130273010014fe9fddc8ffc4ec1350b488a08de6d18b99 status: experimental description: Detects traffic or activity related to http://222.137.106.66:36014/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.106.66:36014/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.145.160:33153/bin.sh id: auto-deb91e123eb038edcf2fec340c2f05f373351c84205e50aac12e1cf5baf8c9c7 status: experimental description: Detects traffic or activity related to http://125.40.145.160:33153/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.145.160:33153/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.218.168:34834/i id: auto-45e7f0a6bce20fe76b1c71bc6cdf4dd4beb651ef4c5a3b4f2a7adc69a2336014 status: experimental description: Detects traffic or activity related to http://219.157.218.168:34834/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.218.168:34834/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://75.20.188.106:41748/i id: auto-f8adbe0aa9691805603515596e1980f3d981dc808ac7fa40f1911af433b92169 status: experimental description: Detects traffic or activity related to http://75.20.188.106:41748/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://75.20.188.106:41748/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.182.147:50287/i id: auto-e55fd1dc6c58dca2d2f239f30570a4ad33fe7bfd0df99c7865f205dec9e5661a status: experimental description: Detects traffic or activity related to http://27.215.182.147:50287/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.182.147:50287/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.197.243:33875/bin.sh id: auto-18ddf2c2e5e4b0868f216a15ea26b676d96f61b29ac5e0b3ea9c747ecc0f80c5 status: experimental description: Detects traffic or activity related to http://182.119.197.243:33875/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.197.243:33875/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.182.147:50287/bin.sh id: auto-e4191715557baa163a207a3c3c95a9fb29b52c73b3cc3dad61b2f25ee3852d08 status: experimental description: Detects traffic or activity related to http://27.215.182.147:50287/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.182.147:50287/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.188:42969/i id: auto-b964381939dd93f68c56810edd10bef7f699586ff9168b2fe2e739eed0a1414f status: experimental description: Detects traffic or activity related to http://110.39.229.188:42969/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.188:42969/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:37704/i id: auto-df73366781106d119d75aa55b1bdc27451c131b5b8323c4808920ce4b3da7b00 status: experimental description: Detects traffic or activity related to http://110.36.0.116:37704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:37704/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.103.93:41312/i id: auto-3e53df955ab4988a4184574627f16cdc8ddc05fc73c09630fe3caec2e29d238c status: experimental description: Detects traffic or activity related to http://110.37.103.93:41312/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.103.93:41312/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.211:54827/i id: auto-fed0fd45216946829aa49529a53d93fca7891207747277a63a974babc3c958d6 status: experimental description: Detects traffic or activity related to http://110.37.0.211:54827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.211:54827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.119.50:39147/i id: auto-f758cfb6131e12cbc51da80ae792525931569aca8fd0e0709430986e92bb7ede status: experimental description: Detects traffic or activity related to http://222.138.119.50:39147/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.119.50:39147/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.42.252:45960/bin.sh id: auto-13c1a1d7fdb4ef8306ec1e66f4f389367704ea1a7d4a2193fec1d9f0ab3f18e9 status: experimental description: Detects traffic or activity related to http://182.121.42.252:45960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.42.252:45960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.214.81:51673/i id: auto-297d882a34dc05984829713b4770f429601238e91214c5cce2b0b2a394b8cd25 status: experimental description: Detects traffic or activity related to http://27.215.214.81:51673/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.214.81:51673/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.171.177.193:47822/i id: auto-4d99aa3d662201a26235289cd5c701e07dfe95007ebe1bde5646faf689ea667f status: experimental description: Detects traffic or activity related to http://45.171.177.193:47822/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.171.177.193:47822/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.26.38:48721/i id: auto-26a25f3548601f0ce3b2f5f83a57c3e89ba6ba7f247cdcfde2716f405d89bb77 status: experimental description: Detects traffic or activity related to http://125.43.26.38:48721/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.26.38:48721/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.103.93:41312/bin.sh id: auto-20da3487c92b420cb359af8e75309647050ce5576a74d216c3d468448249fa5e status: experimental description: Detects traffic or activity related to http://110.37.103.93:41312/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.103.93:41312/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.62.176:42738/bin.sh id: auto-e68e2f3bf0913e5205d44eec8f79a00c7fb8aa125fc6b4e72b2d774ad0e7e4bf status: experimental description: Detects traffic or activity related to http://221.15.62.176:42738/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.62.176:42738/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.211:54827/bin.sh id: auto-4a59f44fadb047caa649f1aa72fe9ad21908297d48e1b3393bf68745c9bdc54b status: experimental description: Detects traffic or activity related to http://110.37.0.211:54827/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.211:54827/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.205:54235/i id: auto-c9cfa2bd9edaa82d42fa79bba9e56e9d53dc61949dbbe1dec1337f91f176b87c status: experimental description: Detects traffic or activity related to http://110.37.18.205:54235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.205:54235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.158.180:39241/i id: auto-f1329da9f0a1efdde3edb36e32548d121bb96abb5fdedbd5c83ba00bfe953cd6 status: experimental description: Detects traffic or activity related to http://123.12.158.180:39241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.158.180:39241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.164.155:54752/i id: auto-2e6a4c992728913184beedf57465480f1ffc469e8daa6edde16b891d61184608 status: experimental description: Detects traffic or activity related to http://117.254.164.155:54752/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.164.155:54752/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.214.81:51673/bin.sh id: auto-3299b2f214b7aa45351f4506b325f15034fe3cc602bc1d2f6d9966a2a7b737c6 status: experimental description: Detects traffic or activity related to http://27.215.214.81:51673/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.214.81:51673/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.171.177.193:47822/bin.sh id: auto-5dfefef16cc0c44e2fc408863a1299b356102a2dd63f140c7e58aeb3b5e8f174 status: experimental description: Detects traffic or activity related to http://45.171.177.193:47822/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.171.177.193:47822/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.158.180:39241/bin.sh id: auto-7d38bc4e86f1474e4500a50497d9416ed6ff025116d0e9561b78a31d2f4b1c4e status: experimental description: Detects traffic or activity related to http://123.12.158.180:39241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.158.180:39241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.101.111:51424/i id: auto-66e419f65cd6d6b1f680e5cf911f966914ae17d6714064671ec495825f73c618 status: experimental description: Detects traffic or activity related to http://123.12.101.111:51424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.101.111:51424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.73.60.222:38198/i id: auto-664c54a868708df73b43ce95b3f3495d931de47d72c75a23e2f79b48422e7088 status: experimental description: Detects traffic or activity related to http://39.73.60.222:38198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.73.60.222:38198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.164.155:54752/bin.sh id: auto-0c6620a0fb030edbdc378a14b9f643ac52e36d0a0684a7af3c5c1cc9899cc4af status: experimental description: Detects traffic or activity related to http://117.254.164.155:54752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.164.155:54752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.20.151:49494/i id: auto-97a8a3ba3df1a14cd134be4b065412bc39a508c130b8acdff27a38c67e9720c9 status: experimental description: Detects traffic or activity related to http://42.177.20.151:49494/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.20.151:49494/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.227.57:55938/bin.sh id: auto-e123e660de9c2de005ab842382e23d2df8f6853dfb8e399609636f8266576e14 status: experimental description: Detects traffic or activity related to http://61.1.227.57:55938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.227.57:55938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.248.112:60915/bin.sh id: auto-72cd01dad97ff4a76a5653ddef22932e6eb7f45380156b6e98842c4e4cd16f58 status: experimental description: Detects traffic or activity related to http://59.97.248.112:60915/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.248.112:60915/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.32.246:56382/i id: auto-9173835c9ea25b2adb7f6505ae9038e2c4f9642b1728b477b07adf5065adb194 status: experimental description: Detects traffic or activity related to http://123.4.32.246:56382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.32.246:56382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.193.174:59147/i id: auto-ad4a11f4d6ce41de1fbc705a6ceb13ccffc04341c51b7dbbba4067b1ea2a9ecc status: experimental description: Detects traffic or activity related to http://61.52.193.174:59147/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.193.174:59147/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.52.220:60809/i id: auto-ffc1c4d0423994a6be1c8c6b3d55960d8aa0f339d3912b776493b07339486fc5 status: experimental description: Detects traffic or activity related to http://42.231.52.220:60809/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.52.220:60809/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.67.189:37586/i id: auto-b12aa6d67ac0a071a634bb126a7e3c128b1a4488edac657c18c54a3493c5d675 status: experimental description: Detects traffic or activity related to http://125.45.67.189:37586/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.67.189:37586/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.133.248:41648/i id: auto-62fa52364390a8f41f14873c87b82992a9ad05dbbe76621e75f569969a3908ac status: experimental description: Detects traffic or activity related to http://42.227.133.248:41648/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.133.248:41648/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.193.174:59147/bin.sh id: auto-14ae584635ec80accf3018b4ab646c8befec7aefaa5311276909af798d28ab20 status: experimental description: Detects traffic or activity related to http://61.52.193.174:59147/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.193.174:59147/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.243:44440/bin.sh id: auto-5fab3d5a96e118a666fa07ef4bd7a0efca4714c24b130494aefae14f5e066599 status: experimental description: Detects traffic or activity related to http://110.37.90.243:44440/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.243:44440/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.67.189:37586/bin.sh id: auto-1151f05c55c52eecab16bbe2ef1c31c53e1fc62347687750c3c9e5c805fe77e2 status: experimental description: Detects traffic or activity related to http://125.45.67.189:37586/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.67.189:37586/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.238:41250/bin.sh id: auto-55e27ac23c7b13ec84477bdf23a8a04277fc38559977eaca46a9791a257a168a status: experimental description: Detects traffic or activity related to http://219.155.210.238:41250/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.238:41250/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.12.119:41892/i id: auto-62feea5e77cf818630f6fcadca36d4132f9fd5f95ebcaf46d6cedc3465a87492 status: experimental description: Detects traffic or activity related to http://42.180.12.119:41892/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.12.119:41892/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.52.220:60809/bin.sh id: auto-cbd684b3780d5733cae5a730fb09781c6c09dc3e7ce5278d0479ba84902481f4 status: experimental description: Detects traffic or activity related to http://42.231.52.220:60809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.52.220:60809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.133.248:41648/bin.sh id: auto-a9412ad7ea502d423a50480c9c64335d2b8d1c24e96ee76d7d1247b49e98432e status: experimental description: Detects traffic or activity related to http://42.227.133.248:41648/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.133.248:41648/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.148.248:34176/i id: auto-5f80cdd163e9d8aa0a9329107e2260af7acae0f375387bf38dcf9f806216c413 status: experimental description: Detects traffic or activity related to http://113.236.148.248:34176/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.148.248:34176/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.174:39878/i id: auto-43ea00d467af3079ee7829a6e9f40044385c0650bb8df43e7d55507272bf4556 status: experimental description: Detects traffic or activity related to http://61.53.89.174:39878/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.174:39878/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.5.90:43936/i id: auto-55634919413b77155a6b75d5eaac2c0a69303f5693336c4884b73990f0af7ace status: experimental description: Detects traffic or activity related to http://115.49.5.90:43936/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.5.90:43936/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.101.111:51424/bin.sh id: auto-288d0f51b28a26f098fcc3bbd017defd8eb9bf9b637fc391d126733945d1edf1 status: experimental description: Detects traffic or activity related to http://123.12.101.111:51424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.101.111:51424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.244.24:48483/i id: auto-0cc4fda4c7bfc4f16d74593c4a940d093acb9037ef99eb23d3ee0a7b6ced2f07 status: experimental description: Detects traffic or activity related to http://182.118.244.24:48483/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.244.24:48483/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.78.249:43900/i id: auto-3ce18ac2d8146b3ccdb95124a3bc7dc95941da0690c78a4378aee40a036ce873 status: experimental description: Detects traffic or activity related to http://222.138.78.249:43900/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.78.249:43900/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.136.86.214:33370/bin.sh id: auto-77e0f458dda569dcdcee7d72092ab4ef4de9d07016a1b0fd88468ad4ae047cc9 status: experimental description: Detects traffic or activity related to http://61.136.86.214:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.136.86.214:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.8.106.26:43235/i id: auto-d83c04a0905e22b552a0214c7e6f07e571da7ef0749e73716c61dbecdbcc19ca status: experimental description: Detects traffic or activity related to http://27.8.106.26:43235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.8.106.26:43235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.129.16:36276/i id: auto-859865b6959c314d03afd2c465972a7bbac057fe0ba86fe640de8f215f0f0d65 status: experimental description: Detects traffic or activity related to http://123.8.129.16:36276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.129.16:36276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.147.100.200:59885/i id: auto-7c154b700c41c8a328b78e49d7405a15905f71e0293551a98a6d742c4115fc63 status: experimental description: Detects traffic or activity related to http://91.147.100.200:59885/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.147.100.200:59885/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:52195/i id: auto-3a651b8f6572afcf906d335fe75bc54c9611783e51ccd35966028aa90a822908 status: experimental description: Detects traffic or activity related to http://110.37.35.89:52195/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:52195/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.27.198:40312/i id: auto-0a01f6061776a5b977278d0493722098086a9a3a7d8cd01352cebc0a398a3e1a status: experimental description: Detects traffic or activity related to http://219.157.27.198:40312/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.27.198:40312/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.28.28:59225/i id: auto-1c30841e25a5aef9e246e2be656f4e97b9307364648ba839430baaaaed3b2b98 status: experimental description: Detects traffic or activity related to http://175.175.28.28:59225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.28.28:59225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.7.133:38145/i id: auto-4aa4e27a792b2e8e5d60a54bcc627cc46594eadd6693121fa66cf319f1558d83 status: experimental description: Detects traffic or activity related to http://182.119.7.133:38145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.7.133:38145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.86.82.58:46127/bin.sh id: auto-2bcf3532c3f7877c9313236160698b10ee84a0864a10338bb6f079d5b1bb5938 status: experimental description: Detects traffic or activity related to http://39.86.82.58:46127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.86.82.58:46127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.147.100.200:59885/bin.sh id: auto-e67be6009e7f7df11c3da4737b96492a7437444985086273c8a2b9004994e69c status: experimental description: Detects traffic or activity related to http://91.147.100.200:59885/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.147.100.200:59885/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.129.16:36276/bin.sh id: auto-2c8c026a1e6f5eb5188a60f74bb74fa8ba1b3f5e5559671f665bc5c8273fe7c9 status: experimental description: Detects traffic or activity related to http://123.8.129.16:36276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.129.16:36276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.148.248:34176/bin.sh id: auto-111a60cc7331237fe4c4d909e4a2598e9f9caae71da5708890f5e14147fd380e status: experimental description: Detects traffic or activity related to http://113.236.148.248:34176/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.148.248:34176/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.255.61:52547/i id: auto-e4f39c74a7d2af440c88603b63462b467a2d5f5ded58dc3136ebf2b89e4763fd status: experimental description: Detects traffic or activity related to http://182.114.255.61:52547/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.255.61:52547/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.8.106.26:43235/bin.sh id: auto-1fcb2e947197e814b923289f0921c1d2e1e14cd62a5eee137c9124e7818464e4 status: experimental description: Detects traffic or activity related to http://27.8.106.26:43235/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.8.106.26:43235/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.28.28:59225/bin.sh id: auto-023dd5d7280a16999876a6f6b3bd382154e7f75aa217ac7d2bd43295a112594a status: experimental description: Detects traffic or activity related to http://175.175.28.28:59225/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.28.28:59225/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.205:55000/bin.sh id: auto-ab67447b0a61dfc78f7fdf8454c97b81a0ca4657ffb4baabcec394a7bc5a901d status: experimental description: Detects traffic or activity related to http://110.36.0.205:55000/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.205:55000/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.89.174:39878/bin.sh id: auto-7ae702fc0ab6606400bbd8eb7419f13f958b15a5ca8c2f79ac030783995da2b0 status: experimental description: Detects traffic or activity related to http://61.53.89.174:39878/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.89.174:39878/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.49.202.139:33116/.i id: auto-002f5695fc58f28b4c6f931e035af6d4fcfb64871a493056e93a676c2524ddb6 status: experimental description: Detects traffic or activity related to http://14.49.202.139:33116/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.49.202.139:33116/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.80.180:40222/i id: auto-8542ff834031ba3d0293f9eb10ce65a9d03ec87e2c0b4d339cb54aa99c815318 status: experimental description: Detects traffic or activity related to http://110.37.80.180:40222/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.80.180:40222/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.73.60.222:38198/bin.sh id: auto-bb954d32124e877bf0f42efea511120e9c099a78d25c7e3ecd1443a04d366128 status: experimental description: Detects traffic or activity related to http://39.73.60.222:38198/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.73.60.222:38198/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.78.249:43900/bin.sh id: auto-31eb4dadaddd66f58d7ef278bc055c5899419d95861f82e4697d9195300247fe status: experimental description: Detects traffic or activity related to http://222.138.78.249:43900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.78.249:43900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.255.61:52547/bin.sh id: auto-7b25d0bfa63f4abcaf7fb52384603a7f74c961de286b0a9ba3470b5de0a95523 status: experimental description: Detects traffic or activity related to http://182.114.255.61:52547/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.255.61:52547/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.109.30:41075/i id: auto-30a832565882411a02f6434457d9a63bb06e92d3435169755d352099c19780f0 status: experimental description: Detects traffic or activity related to http://222.139.109.30:41075/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.109.30:41075/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.89.121:57359/i id: auto-9413810c7f63b0f6a6ef2b2f005e5701a780e1a8c4bf7cf479592fbb588dee87 status: experimental description: Detects traffic or activity related to http://42.59.89.121:57359/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.89.121:57359/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.45.95.254:53118/i id: auto-22135d1b2380a730ddccc2f2cf4a51c69545a9d6655ca4e624eb748f750af3c8 status: experimental description: Detects traffic or activity related to http://187.45.95.254:53118/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.45.95.254:53118/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.179.111:41148/bin.sh id: auto-cc864425fa6fb283f078e7c6d0645ae293f00294e45abe2029224a398432c269 status: experimental description: Detects traffic or activity related to http://123.12.179.111:41148/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.179.111:41148/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.48.76:41284/i id: auto-4ec95cc64ebcf5888dea96a65af08c5bdfd7f1c263937a04d8246ef53b4f3636 status: experimental description: Detects traffic or activity related to http://42.179.48.76:41284/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.48.76:41284/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.171.101:55481/i id: auto-c4ce1d4cc5e2d74f31b7854a626845add273be92aea4823d6d9824d63b536e3c status: experimental description: Detects traffic or activity related to http://115.55.171.101:55481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.171.101:55481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.113.21:51865/i id: auto-76641cd23038f62cd53993acfd4a8f18cb8051805a36c8706c311831ca70d11b status: experimental description: Detects traffic or activity related to http://115.57.113.21:51865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.113.21:51865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.175.181:55827/i id: auto-55a3c089b52b45f924fff1042d3c3823080c132998b417a9f1726a93d0db0dc4 status: experimental description: Detects traffic or activity related to http://117.205.175.181:55827/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.175.181:55827/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.123.163:39826/i id: auto-162ca613a3c543b42a331c5083ee560f4f493ccc0fde33e6655816f182bc3bb1 status: experimental description: Detects traffic or activity related to http://182.117.123.163:39826/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.123.163:39826/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.116.177.50:38035/i id: auto-0150a1df25e53d48e0c496553bb4be957696cb8b73099c92bc177316d7d21158 status: experimental description: Detects traffic or activity related to http://171.116.177.50:38035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.116.177.50:38035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.109.30:41075/bin.sh id: auto-6d88f5592c168be735bbc64a98f0867d7479c2376d9e4542d3b9df160cdda648 status: experimental description: Detects traffic or activity related to http://222.139.109.30:41075/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.109.30:41075/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.37.146:49542/i id: auto-42b75207aa5a5587a1ab6c0666c25c640fc5903221d370d1ed82e9f74a1e5153 status: experimental description: Detects traffic or activity related to http://42.235.37.146:49542/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.37.146:49542/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.53.136:46158/i id: auto-bed067d71e54b7c20a1828ed79ac1a77d06eadd6d5daeeb963f0d0064ef40124 status: experimental description: Detects traffic or activity related to http://219.156.53.136:46158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.53.136:46158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.113.21:51865/bin.sh id: auto-565ee7ff0dc7306aadb5d6390b2b8ab51f60cc6b2155922e96ca3040e1e2e7bd status: experimental description: Detects traffic or activity related to http://115.57.113.21:51865/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.113.21:51865/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.104.237:34496/bin.sh id: auto-a7031c1d6a60eeca76c1df23106ad42bb2721fa37c86e64a92b06ceee596ab63 status: experimental description: Detects traffic or activity related to http://58.47.104.237:34496/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.104.237:34496/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.171.101:55481/bin.sh id: auto-7546f35a03342e3d1b53d713f44a20e7a35ed20ad98dd4e263073b49a7358ccc status: experimental description: Detects traffic or activity related to http://115.55.171.101:55481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.171.101:55481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.242.81.130:39381/i id: auto-2ecaa34ec86e79cc903e5a1c40ffd121cbad3b43b7a1bde5e0e1e9d2264a78ae status: experimental description: Detects traffic or activity related to http://42.242.81.130:39381/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.242.81.130:39381/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.80.180:40222/bin.sh id: auto-21ad56a69773db456684f4347f6318c268fcc0d4462cf8254017e39f4acc1d03 status: experimental description: Detects traffic or activity related to http://110.37.80.180:40222/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.80.180:40222/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.175.181:55827/bin.sh id: auto-4cf0b54ca9cc650b2db062a961cadd358d617d1fb4af735af9dbcf6a50f03ee3 status: experimental description: Detects traffic or activity related to http://117.205.175.181:55827/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.175.181:55827/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.45.95.254:53118/bin.sh id: auto-7720712e68634f0ba975964f171df39097e86a8cb4d2490f9c19803db4f7ae23 status: experimental description: Detects traffic or activity related to http://187.45.95.254:53118/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.45.95.254:53118/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.92.78:42140/i id: auto-f2db1edd57440a461cfb2b67cc6d7403051b7bde0d686ccd87ed76bbf5a7fafa status: experimental description: Detects traffic or activity related to http://115.50.92.78:42140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.92.78:42140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.116.177.50:38035/bin.sh id: auto-e0697a3e583a8279177dcb9b349f45b03f56bca55fe1a916e43fddd5fe2388c7 status: experimental description: Detects traffic or activity related to http://171.116.177.50:38035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.116.177.50:38035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.169.107.17:48034/i id: auto-741b0f5fe22d8fc02367123452aba4580fda84d7e76c999d47271e22fc62a375 status: experimental description: Detects traffic or activity related to http://175.169.107.17:48034/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.169.107.17:48034/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.150:57510/bin.sh id: auto-b346a0a8e962b40c6f6fb8e2d9773f40c3b9d3ce9e5d00d5f3b8d5867a621ba8 status: experimental description: Detects traffic or activity related to http://61.53.126.150:57510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.150:57510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.187.239.145:54065/i id: auto-e0c57251f2ca9fb3b3f7b42af78ecbd6a776e9612a9a6e76821def39c9fa5b52 status: experimental description: Detects traffic or activity related to http://119.187.239.145:54065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.187.239.145:54065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.196.21:44599/i id: auto-a59326b0257b5e4fa036d95efd8dae3a287c7385cbb2ec02518c01c0a47d8bad status: experimental description: Detects traffic or activity related to http://42.227.196.21:44599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.196.21:44599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.235.27:38279/i id: auto-bdfdc473bea2643b915c94fba00a90b2e62251028d7fcd82206649c0e6f5d73f status: experimental description: Detects traffic or activity related to http://119.114.235.27:38279/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.235.27:38279/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.30.6:51240/i id: auto-aa07c40939db956673a150a34bce8fc295c86ebc738b17e78394af2cd93d19e9 status: experimental description: Detects traffic or activity related to http://42.231.30.6:51240/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.30.6:51240/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.179.228.89:52924/i id: auto-2c19ca44a40f74b3d962016a702b6d508f9428006273c6e0eb9642251e383391 status: experimental description: Detects traffic or activity related to http://123.179.228.89:52924/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.179.228.89:52924/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.235.27:38279/bin.sh id: auto-73442076dabd0bf76a90ee0a170168b23d5babf1978ebb113145eaf292bb1db2 status: experimental description: Detects traffic or activity related to http://119.114.235.27:38279/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.235.27:38279/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.86.216:36075/i id: auto-a7a338025ee0e1275fb9de0b77217395e3008c9348bbbeb19bf7f3f4740fa7e3 status: experimental description: Detects traffic or activity related to http://115.58.86.216:36075/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.86.216:36075/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.254:33110/i id: auto-4ae2b3552b9e2e6a055f00435cb669e272d14adfd9092accd1704caca6a8a098 status: experimental description: Detects traffic or activity related to http://110.39.237.254:33110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.254:33110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.92.78:42140/bin.sh id: auto-cf8fe4b59001834bdac15de86e3d8f7e759347d3d4c48d41b1a0b866331ff1dc status: experimental description: Detects traffic or activity related to http://115.50.92.78:42140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.92.78:42140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.179.228.89:52924/bin.sh id: auto-8b76ee87130000adf67c7603c3139b2ef3ed443e9c22a15fb639de55f44482c0 status: experimental description: Detects traffic or activity related to http://123.179.228.89:52924/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.179.228.89:52924/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.86.216:36075/bin.sh id: auto-918ac997bca75eccc2fe90b84802c713e4ad637db3df6b427211ab4b12be6b76 status: experimental description: Detects traffic or activity related to http://115.58.86.216:36075/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.86.216:36075/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.254:52652/i id: auto-9524a7f05f63c8525dabf321d065af03c768e4a15ba472cd750c93cbb9793c44 status: experimental description: Detects traffic or activity related to http://110.37.1.254:52652/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.254:52652/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.254:33110/bin.sh id: auto-d4d97c40341db9c471438666ae8ff387b6ecbba89f2caecfb2b5651466c84ec2 status: experimental description: Detects traffic or activity related to http://110.39.237.254:33110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.254:33110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.196.21:44599/bin.sh id: auto-8b0e8385d435cf92d87b2cad1bcfabb6500201ab9235058ef2dd88a2751ccf88 status: experimental description: Detects traffic or activity related to http://42.227.196.21:44599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.196.21:44599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.122.120:45299/i id: auto-f778b6ed9fbcafc908af55639d6bff9042ef3a1b029a8dc053e353cd46ecea23 status: experimental description: Detects traffic or activity related to http://42.224.122.120:45299/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.122.120:45299/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.53.37:58536/i id: auto-a8d5ca9d7d7607addccc5e619abba1b624061b7332a840ca6d9d9303cfc42564 status: experimental description: Detects traffic or activity related to http://59.184.53.37:58536/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.53.37:58536/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.46.151.13:39962/i id: auto-b0bc877977bbe6b087f33044fa97e24f8dd87d040fbb07c597531e527b7e9285 status: experimental description: Detects traffic or activity related to http://125.46.151.13:39962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.46.151.13:39962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.67.97:40143/i id: auto-a3269d579a83698362a03c324688a3c3d52a78181b18175814ea982da90698c7 status: experimental description: Detects traffic or activity related to http://59.182.67.97:40143/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.67.97:40143/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.254:52652/bin.sh id: auto-e87144673cbdaf6d5662569337801cf6a2ff46219c96fbbbb029b3ec92c5aa7d status: experimental description: Detects traffic or activity related to http://110.37.1.254:52652/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.254:52652/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.67.97:40143/bin.sh id: auto-97485cd1e0784d37331013462285c9c92b22cde403d339f303b6405b07095cac status: experimental description: Detects traffic or activity related to http://59.182.67.97:40143/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.67.97:40143/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.arm7 id: auto-bffe59fe041c48251ad4f4a27031eea0905e49104dbcfd0799c0d9dcacc37f59 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.arm5 id: auto-a9f622f34b4ba15a22aa894eadcc9afa706bae644856123c9fbe87afab7aa8a4 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.mips id: auto-66252a04f2788d00c2b52243c2af7594a0c06f7b8102c957059adbfb57c3890d status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.arm6 id: auto-e976c5b41df8d56b9984a3b2071e99387ce25be5a434d6be5a3c8c4c30419134 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.x86 id: auto-dbb1a52a25c1d3203b9aa686ba7afb3dcc1b1a321c633fd309fa4a7932cf5555 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.spc id: auto-efe4a15efeaa43e7059f39cd518ce9a4f74db89909171783715f20797f02289b status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.arm id: auto-e36b02779732575e124ff66198d10074110135add2275e883033a759aaa1ce2f status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.mpsl id: auto-57cc33bf697b657b8361fcd7a75fdc47aa802853498418c8da348ed61e3b9ad2 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.ppc id: auto-1f1e03ecacc8aa6777f317d20fa9afabbf59173bbf565ba284e3644f5fd7d916 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.m68k id: auto-797e0136605c69ad2850e3ac88a71f6aa2599a1be0eea0f8295507fc41ac9718 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.sh4 id: auto-517d952015fc36751b921ab628903cd2e515876e78d6c181720dd38184243925 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/bins/skid.arc id: auto-b4af3d1073b60e2cebfd467a40381ae3bdb8eb3ea6136270ae0afa453979d975 status: experimental description: Detects traffic or activity related to http://176.97.210.242/bins/skid.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/bins/skid.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.41.238:40726/i id: auto-687bf38e94a9c0d93fa4ca2154c2128f08a30e00c385bcc0224038ccf1f1f595 status: experimental description: Detects traffic or activity related to http://222.141.41.238:40726/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.41.238:40726/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.153.206:36239/i id: auto-3bf1bc8678c4694b2569cb650957d1f75a928c8ec37da69429eb935451ccda9e status: experimental description: Detects traffic or activity related to http://115.48.153.206:36239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.153.206:36239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.94.75:54002/i id: auto-78460476eb730950ae3662df046b08f156bf245ca5f785a7117f8f808ee00a1b status: experimental description: Detects traffic or activity related to http://117.215.94.75:54002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.94.75:54002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.62.233:60773/i id: auto-7248781db02f4b98b922ee39d653869e83343980c008d29ef47e88f9bfa63c53 status: experimental description: Detects traffic or activity related to http://42.177.62.233:60773/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.62.233:60773/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/mipseb id: auto-1ad6cdba85249d72528e85dddbf3dbba4c69a1ebd6210810da9475482080d0ec status: experimental description: Detects traffic or activity related to http://109.123.232.177/mipseb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/mipseb*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.243.151:37568/bin.sh id: auto-1621dbb25729079123e51cf759f11f2dc9abeb1f4f1caa00c1bdeaa251bb4c16 status: experimental description: Detects traffic or activity related to http://123.11.243.151:37568/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.243.151:37568/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.149.123:56490/i id: auto-6c9870f6d427510dfc1ee838ff6fe94caac992bfc6444af5f23ada0b0fe457a0 status: experimental description: Detects traffic or activity related to http://117.211.149.123:56490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.149.123:56490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.153.206:36239/bin.sh id: auto-b07020bd92ff1b716a5b8639f954cb81ae5390842d44d98a278e8cd4f445cc88 status: experimental description: Detects traffic or activity related to http://115.48.153.206:36239/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.153.206:36239/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.41.238:40726/bin.sh id: auto-59936aaff8086f4794a5c9f24eb59beba1703ca6c4ed8acc9eb41cf03dbb9164 status: experimental description: Detects traffic or activity related to http://222.141.41.238:40726/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.41.238:40726/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.94.75:54002/bin.sh id: auto-5f57d9e6daa793be854e88e2e15d7440f4663f21dabb92131754fbc872bc375f status: experimental description: Detects traffic or activity related to http://117.215.94.75:54002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.94.75:54002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.103.52:58590/bin.sh id: auto-c586f25b358f14354b166b1f75b0e626bd3bc3ccb8f358dff5c72fbc2659a2bf status: experimental description: Detects traffic or activity related to http://117.254.103.52:58590/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.103.52:58590/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.62.233:60773/bin.sh id: auto-1b9e1e264b77747d7b27e655657e28c89320f9bb1d3d33d861da87a007bf7e39 status: experimental description: Detects traffic or activity related to http://42.177.62.233:60773/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.62.233:60773/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.169.234.32:52068/i id: auto-888293015e1055bf6919361646dd14228cf134364bca78ecd818f270011b189d status: experimental description: Detects traffic or activity related to http://202.169.234.32:52068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.169.234.32:52068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.184.123:40318/i id: auto-fa8d6a120549a0d60153afb40bf07c0650a2d612655eaf5c23d734985fbdf47a status: experimental description: Detects traffic or activity related to http://221.14.184.123:40318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.184.123:40318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://valkas.top/EasyRide-v3.0.2.apk id: auto-5b056e66748387e3c6fac41f536c8f9ea841b011772174d05336012b8fc2354a status: experimental description: Detects traffic or activity related to https://valkas.top/EasyRide-v3.0.2.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://valkas.top/EasyRide-v3.0.2.apk*' condition: selection level: high tags: - attack.t1566 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.24.237.218/1.sh id: auto-2e1f11520630df8a2ca4afe08b90b635c2053bfa026e92a1d0d05c4de0f49dff status: experimental description: Detects traffic or activity related to http://195.24.237.218/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.24.237.218/1.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.242/part2.bin id: auto-e6443085a5678ad9c44ec92c2929ac6bdbddfd438aee1211d6cdb4f21afbfcf0 status: experimental description: Detects traffic or activity related to http://91.92.243.242/part2.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.242/part2.bin*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.243.242/part1.bin id: auto-cf2d1c1b1d7e3acc12040f74e517106e90ab048d97ae1100545633b38b0f6849 status: experimental description: Detects traffic or activity related to http://91.92.243.242/part1.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.243.242/part1.bin*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.16:47970/i id: auto-61611a23cf4eadac3c50536888f3922ac2c9008dac5313f3615f4499b5de2ccf status: experimental description: Detects traffic or activity related to http://110.37.76.16:47970/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.16:47970/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/cglr3434/depo1/raw/refs/heads/main/Chrome.apk id: auto-601de34eb5709dd4d61a159b047361b45e654b32bb71e85d1c58b800b9772353 status: experimental description: Detects traffic or activity related to https://github.com/cglr3434/depo1/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/cglr3434/depo1/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.92.243.117/SysTask.vbs id: auto-8791bdbd0f1bc142a07afafb5f1acf23801d1f66fe7b34b9363ca591fbb165c8 status: experimental description: Detects traffic or activity related to https://91.92.243.117/SysTask.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.92.243.117/SysTask.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/armv6 id: auto-aa0b3bb705babaeab56b37bd5ac99b8ad221158eade987d5f05841d239c2ae69 status: experimental description: Detects traffic or activity related to http://91.92.240.38/armv6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/armv6*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.92.243.117/takdoom.rar id: auto-509eea050efdf55fec2a64075275b92f964529f935243a8c82146581c58e20f6 status: experimental description: Detects traffic or activity related to https://91.92.243.117/takdoom.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.92.243.117/takdoom.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/bot id: auto-61033b7b98f0143c1779a40fc21747a9f3144b44395c4825a2137ea5d7e2ba05 status: experimental description: Detects traffic or activity related to http://91.92.240.38/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/bot*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/sh4 id: auto-53a658d76d872666fea73b002cad3b0aa985a519dc9187de6a9babf198a40b6b status: experimental description: Detects traffic or activity related to http://91.92.240.38/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/sh4*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.92.243.117/procesos.vbs id: auto-99bd9ed7b94acca8384644f3f75f4d7cbdbd47922ef37926823e8524085f8378 status: experimental description: Detects traffic or activity related to https://91.92.243.117/procesos.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.92.243.117/procesos.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.92.243.117/takdoom/takdoom/procesos.vbs id: auto-c9252d92df6795648b1de816e7f5e8a33223e3a61a07f244af8df88949622fd7 status: experimental description: Detects traffic or activity related to https://91.92.243.117/takdoom/takdoom/procesos.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.92.243.117/takdoom/takdoom/procesos.vbs*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/deploy.sh id: auto-7009cb40b83466df6144aa335cba4d2d15a7176ed97d64a0d0096c286ec6fe50 status: experimental description: Detects traffic or activity related to http://91.92.240.38/deploy.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/deploy.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/icons id: auto-07a1c88468deaad67dbd5e057f2ddcb2074d166d8d7d73045c29893b1fe82f43 status: experimental description: Detects traffic or activity related to http://158.94.208.27/icons which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/icons*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/deploy-proxyware.sh id: auto-457423a28216fb638cf550ba3023e4c998111945f1e7181e9de5b54c34d463f8 status: experimental description: Detects traffic or activity related to http://91.92.240.38/deploy-proxyware.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/deploy-proxyware.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.35.204:50609/i id: auto-d0274819316aab86524b7095c5dfae9c9530ffee47da0d5bab8d50119b088075 status: experimental description: Detects traffic or activity related to http://182.127.35.204:50609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.35.204:50609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.124.45:46340/i id: auto-bd90a370fccfde17284ebe9cc5c3ade65c76f6cd0383a811700d361c56cbcfe6 status: experimental description: Detects traffic or activity related to http://182.126.124.45:46340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.124.45:46340/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.76.16:47970/bin.sh id: auto-826a4d28fbb9af1f760c7a0cc742d678e7e035bacf43457ba989e11e5e213aac status: experimental description: Detects traffic or activity related to http://110.37.76.16:47970/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.76.16:47970/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.255.127:37158/i id: auto-5dfc5812496572dde830499a417d407884e69554c16b89e410db80ead978a3de status: experimental description: Detects traffic or activity related to http://218.60.255.127:37158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.255.127:37158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.103.200:44762/i id: auto-75d1f3391fc2622427550f2b8dcf16a54a76cd45032a003a79633afac224777f status: experimental description: Detects traffic or activity related to http://117.254.103.200:44762/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.103.200:44762/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:37704/bin.sh id: auto-76afaf0e8396e9e0d6b38976047f7173e430118579944396f93488767afcc033 status: experimental description: Detects traffic or activity related to http://110.36.0.116:37704/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:37704/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.109.46:45288/bin.sh id: auto-e1a8204f64db11456b7dad60a018badce67f84a8ce69275d86a1d2f95ee4c276 status: experimental description: Detects traffic or activity related to http://113.229.109.46:45288/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.109.46:45288/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.97.210.242/wc.sh id: auto-43e6e00808f474bc38bcb087772772e5be0e4e63087b4c32d9dadd8479ac493a status: experimental description: Detects traffic or activity related to http://176.97.210.242/wc.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.97.210.242/wc.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.4:43196/i id: auto-3cd266a9119747643b3c9e01dd83d429980db2e144397c2cf87e20118bb695f7 status: experimental description: Detects traffic or activity related to http://110.37.38.4:43196/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.4:43196/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.35.204:50609/bin.sh id: auto-7a96edd47fef2adc5a4c9b5b578a7b7425dae158b1547c908b27d67749c0d8a6 status: experimental description: Detects traffic or activity related to http://182.127.35.204:50609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.35.204:50609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.232.223:41239/i id: auto-602b4f8335f16c4d13c6c8787f7b4edf92c934ed90aaa5608a625cfa07f6bc35 status: experimental description: Detects traffic or activity related to http://42.234.232.223:41239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.232.223:41239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.129:43110/i id: auto-8f75b1982938918c9382a0ee005309345c66051dbe2c7be75cd8dd855cfaa393 status: experimental description: Detects traffic or activity related to http://110.36.0.129:43110/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.129:43110/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.129:43110/bin.sh id: auto-b8b73ea93985423e36dba3eeab57bb72bcd990a97baffa5cd21abee05228ec58 status: experimental description: Detects traffic or activity related to http://110.36.0.129:43110/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.129:43110/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.254.103.200:44762/bin.sh id: auto-cb398b2f4ba74bb7a7ba2ca19f8064e0205f0ec30fa7998edc5e5ab0d53933c5 status: experimental description: Detects traffic or activity related to http://117.254.103.200:44762/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.254.103.200:44762/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5750743047/2leTGv5.exe id: auto-ff22ff8f8bd584690d1f5969ea82ed25b82ec0a1988becd904dc02a5d47751d6 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5750743047/2leTGv5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5750743047/2leTGv5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.255.127:37158/bin.sh id: auto-01ebda69a016498e03ee532750619b4303b4d8be62b704ace181e5f37d350d8a status: experimental description: Detects traffic or activity related to http://218.60.255.127:37158/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.255.127:37158/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.224:54668/i id: auto-c8c8a1ce9ce09ff0802c0830fa3ecc6afd219c1c0c448d6b0e9ab9697a37b4ce status: experimental description: Detects traffic or activity related to http://110.37.121.224:54668/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.224:54668/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:57600/i id: auto-ba30781bdec78ece36ef77eef3fdc329884282a1310d7ee1b6e4a39fe6bc0004 status: experimental description: Detects traffic or activity related to http://110.37.37.232:57600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:57600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.255.210.242:45640/.i id: auto-4746e2f4be6d3ac3e1f8a6f5130ed23e114ceceeb155c1bfac020b090ce4d137 status: experimental description: Detects traffic or activity related to http://37.255.210.242:45640/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.255.210.242:45640/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.92:48094/i id: auto-ed5526356300fbbd8eae38ec166c56c2832804af03371e150f722b562462482a status: experimental description: Detects traffic or activity related to http://221.15.4.92:48094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.92:48094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.175.144:40049/bin.sh id: auto-821f295b22490ddc63074394e7a5e26a5fbd5816f7191cef9dd0b358144350df status: experimental description: Detects traffic or activity related to http://117.212.175.144:40049/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.175.144:40049/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.36.205:36705/i id: auto-2dc772e30d4a03a913e0cbbc2d3844179224940ace348cc5f4b5f0305d68b38b status: experimental description: Detects traffic or activity related to http://42.228.36.205:36705/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.36.205:36705/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.4.92:48094/bin.sh id: auto-933baea0c732fc3feb62fcfba69ff0a0ab322b9e1ef20791edd0bea1cf3eb3fd status: experimental description: Detects traffic or activity related to http://221.15.4.92:48094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.4.92:48094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.252.181:58394/i id: auto-eb328e14c626a4c36d6e3a4dcb5f61170ac09c8e54c7c8d0705526e28c03d4bd status: experimental description: Detects traffic or activity related to http://119.179.252.181:58394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.252.181:58394/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.151.240:49861/i id: auto-33209d06f7eeb545d8c5769ff963bb7d152ff348921bdcc01575ca646cd1fe7a status: experimental description: Detects traffic or activity related to http://42.58.151.240:49861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.151.240:49861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.43.51:56404/i id: auto-b009845575148228a245f2e4ece8d1234df0121d38aa521764e3655147e5278e status: experimental description: Detects traffic or activity related to http://61.52.43.51:56404/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.43.51:56404/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.240.16:42341/i id: auto-c8972cd777a833d864961f7b11ad8938639017d5ea6d6738cea0c95d2f829365 status: experimental description: Detects traffic or activity related to http://125.44.240.16:42341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.240.16:42341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.114.38:33757/i id: auto-ecbd806f0fcf4c90d9e6a8ec9cf47b66c70dbe4b7afec4fd121918de647412bb status: experimental description: Detects traffic or activity related to http://59.98.114.38:33757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.114.38:33757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.206.188.13:35365/bin.sh id: auto-5f111d79b24d881c2601dfad07817e81a9ed82e41173a878a71d29fdab836ba2 status: experimental description: Detects traffic or activity related to http://27.206.188.13:35365/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.206.188.13:35365/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.103.76:41972/bin.sh id: auto-7b35aad050f0adeecb5b33e226cdc0dc9fee76de272808302f1a82cb969850a0 status: experimental description: Detects traffic or activity related to http://219.156.103.76:41972/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.103.76:41972/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.127.192:55666/i id: auto-8736689a262207e61e13d2ce1a431ff0e426047d1f8ed62711b455396ea8f6c8 status: experimental description: Detects traffic or activity related to http://113.236.127.192:55666/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.127.192:55666/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.172.122:41776/bin.sh id: auto-e9cceb66b573af041c44f5f183d91d0c252255c9a54d3f1281a5adbb51bb3c8e status: experimental description: Detects traffic or activity related to http://221.13.172.122:41776/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.172.122:41776/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.240.16:42341/bin.sh id: auto-79f40cdce768a579fb38255059cffd6ecda27d5698450e2f5cb43b32f2046561 status: experimental description: Detects traffic or activity related to http://125.44.240.16:42341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.240.16:42341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.145.153:48491/i id: auto-718c2bf5c883751c95a48d361e8f68c836c7d66ab82207e317c531d36ad64936 status: experimental description: Detects traffic or activity related to http://117.211.145.153:48491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.145.153:48491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.211.145.153:48491/bin.sh id: auto-c88e8fb1303fe3f3952f3e490526b280295d62ef15f12703c41040893f88e30f status: experimental description: Detects traffic or activity related to http://117.211.145.153:48491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.211.145.153:48491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.4.4:36434/bin.sh id: auto-d85b46d3dc80a34fb14f5dde256860f0b758351306a34fe04f4bd4438cfd3fae status: experimental description: Detects traffic or activity related to http://117.209.4.4:36434/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.4.4:36434/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.114.38:33757/bin.sh id: auto-6de162bd993ccf75c91eda24b08c5260ce770f9e9090e60899b3610ae50d800b status: experimental description: Detects traffic or activity related to http://59.98.114.38:33757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.114.38:33757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.92.49:47732/i id: auto-f95f99ace17f2b7491080dedfb33fec039567a299d3b330e750fa8db53d0b5bd status: experimental description: Detects traffic or activity related to http://125.43.92.49:47732/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.92.49:47732/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.76.216:48269/i id: auto-b1449a3af09c14a6229fe8de08114b043654eb9dd16d982cd8fcb157b77692f2 status: experimental description: Detects traffic or activity related to http://222.137.76.216:48269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.76.216:48269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.208.1.179:48870/bin.sh id: auto-f961821a658ab4eaf19fa74d44f9474ab265bec3bcb1522d9d519646874d9572 status: experimental description: Detects traffic or activity related to http://31.208.1.179:48870/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.208.1.179:48870/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.75.128:42337/bin.sh id: auto-780c7504f0b16893fcff95ecbdc3803fc3a27c8a9f79266441572db5756e0764 status: experimental description: Detects traffic or activity related to http://42.224.75.128:42337/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.75.128:42337/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.221.238:33992/i id: auto-8f40bbd7506d5d5a97631fed31c1473a5d8a8a17bcd7503d8807ae0abdf2f865 status: experimental description: Detects traffic or activity related to http://42.57.221.238:33992/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.221.238:33992/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.229.60.159:58639/i id: auto-57947502b349edcbe9ef3629339fa9979877c985500ebc3007cfd13096e3d48d status: experimental description: Detects traffic or activity related to http://81.229.60.159:58639/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.229.60.159:58639/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.232.91:38384/i id: auto-01fd5ffd9e039c74aa181ebf44bebe72750603bc2c74c09aa889bdda4c8cb7ae status: experimental description: Detects traffic or activity related to http://42.228.232.91:38384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.232.91:38384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.193.142:34876/i id: auto-d77f0897ff591345468da6c963072aa70320f7a611d3bf020b4f9cc69f74b775 status: experimental description: Detects traffic or activity related to http://59.98.193.142:34876/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.193.142:34876/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.162.199:45939/bin.sh id: auto-97a9614a2a05fe22f6e12053a4a561d0c017a09070e30fd2c8e18b9f79f66252 status: experimental description: Detects traffic or activity related to http://115.54.162.199:45939/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.162.199:45939/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.191:40007/i id: auto-fb2c477cbcb267e11887c8f588cabf838347d6eccde380502f2348e7687d705b status: experimental description: Detects traffic or activity related to http://110.36.0.191:40007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.191:40007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.91.81:57155/i id: auto-bb6857b9da2129dfb8670f6492b27d1efebbe45027eef40e5733da09d0c0f5d9 status: experimental description: Detects traffic or activity related to http://42.231.91.81:57155/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.91.81:57155/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://barrel-horseracing.com/p.txt id: auto-7c7f6a1fc725094bdd9de4d9d0dbca207afa517d981f084130f54c8ca48fe55f status: experimental description: Detects traffic or activity related to http://barrel-horseracing.com/p.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://barrel-horseracing.com/p.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.160.56.117/p.txt id: auto-d8e02522be23db4ee86e89dbfb258fdc18b09a5547a1a234e10c13cc4875ae5c status: experimental description: Detects traffic or activity related to http://23.160.56.117/p.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.160.56.117/p.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.92.49:47732/bin.sh id: auto-855e464d81f4b1d489e556f65b4882d2e5e49bb72ca4a54e5b27c1d205d57183 status: experimental description: Detects traffic or activity related to http://125.43.92.49:47732/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.92.49:47732/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.231.107:43315/bin.sh id: auto-fed66bb14dd6fd98b13a044b1473aaeeded08f368416e21ff7747e5f06c60211 status: experimental description: Detects traffic or activity related to http://115.59.231.107:43315/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.231.107:43315/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.60.229:46188/i id: auto-e2b05e3a3b0756cfada9a0c144048101e9067f26789e3c56c2a2b35c7630c049 status: experimental description: Detects traffic or activity related to http://125.47.60.229:46188/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.60.229:46188/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.225.35.215:46171/i id: auto-d15c4bcdcac74f660654fcd422b8afc9d50a2e634e952027e7ec19c33ea7caa4 status: experimental description: Detects traffic or activity related to http://113.225.35.215:46171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.225.35.215:46171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.209.207:52105/i id: auto-9ff9e6e1dc404354ba631661641bd71644eb8e5321341a36485ce8ae5e8d7801 status: experimental description: Detects traffic or activity related to http://115.62.209.207:52105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.209.207:52105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.209.207:52105/bin.sh id: auto-496cd3dd0b6ae43debfc32ae0d5e6017b12dc70a3fad450c4a3d424e0a298fb8 status: experimental description: Detects traffic or activity related to http://115.62.209.207:52105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.209.207:52105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.98.193.142:34876/bin.sh id: auto-b7826a08b7abd0e346661cfad255f94d0b7010fde8f76e506eb11fd92675f0fa status: experimental description: Detects traffic or activity related to http://59.98.193.142:34876/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.98.193.142:34876/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.164.101:56821/i id: auto-70608af9dcbc3752096da41079fdb1606c823f8e60a3068e9f60f51321797589 status: experimental description: Detects traffic or activity related to http://42.229.164.101:56821/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.164.101:56821/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/ilIVj5u.exe id: auto-d382c59bcb48cdd47642d66aaa6c31343eba370f033c5bc45c4b9e84d629643b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/ilIVj5u.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/ilIVj5u.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.169.234.32:52068/bin.sh id: auto-8acd300b507f013ca8e125dde0c5a54d13d2970a5dcbec0de960d72c073eccdf status: experimental description: Detects traffic or activity related to http://202.169.234.32:52068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.169.234.32:52068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.252.178:53074/i id: auto-c23cde5f03fc5b4e941b45d580a843eb59b4e4f54c4ceb67c1f2a4e3606c5b23 status: experimental description: Detects traffic or activity related to http://123.14.252.178:53074/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.252.178:53074/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.91.81:57155/bin.sh id: auto-3a16355c770245f4240de4d9ffc11be25c4c6766ed614cec1225e4352c0213df status: experimental description: Detects traffic or activity related to http://42.231.91.81:57155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.91.81:57155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.36.117:41086/i id: auto-ebb81e574e22b502e5030b8fe2696b0e9d84f3a682f054f8e51cb35c311aef72 status: experimental description: Detects traffic or activity related to http://123.14.36.117:41086/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.36.117:41086/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.232.91:38384/bin.sh id: auto-c9584927b0024327bd98c607e40cb563d581ad9447c15aea7722fab9713dec8c status: experimental description: Detects traffic or activity related to http://42.228.232.91:38384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.232.91:38384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.200:58892/bin.sh id: auto-5edfb3501caee6ba3599146c5957e920f2d5139f8b649dfb166042b9b2fd1120 status: experimental description: Detects traffic or activity related to http://110.37.97.200:58892/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.200:58892/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.94.220.75:41544/bin.sh id: auto-f3d2476cd8fba7b7638ea26bedb38f5d9de763e2497e7b244a22002c9f46125e status: experimental description: Detects traffic or activity related to http://181.94.220.75:41544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.94.220.75:41544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.76.216:48269/bin.sh id: auto-47f0d973127aea4873d41fb82b5c954338d8464da1f9ddff447d7a7308e84ff1 status: experimental description: Detects traffic or activity related to http://222.137.76.216:48269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.76.216:48269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.60.229:46188/bin.sh id: auto-7441b77bcbecb375c525c3e03e75da79d3524f57d53c01118e318714da7f941f status: experimental description: Detects traffic or activity related to http://125.47.60.229:46188/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.60.229:46188/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.134.84:48994/i id: auto-cdb21773e4bd43526dcae549587c06f690abf9f176169e07ae76fe4985440220 status: experimental description: Detects traffic or activity related to http://222.140.134.84:48994/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.134.84:48994/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.247.136:45112/i id: auto-86c107e5d2016ab991e4bdb3df4523cfd6890879dbb8734a99e3ffcfed647f21 status: experimental description: Detects traffic or activity related to http://119.116.247.136:45112/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.247.136:45112/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.52:54505/bin.sh id: auto-ca66b9b59a6e1e544ef5f444d3269934ff1ea7c024f0f1e306f904de058724ab status: experimental description: Detects traffic or activity related to http://117.209.89.52:54505/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.52:54505/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.229.164.101:56821/bin.sh id: auto-6a024717b113cb2ecacce607ee7d20f819ff86772cbb4dc1807323872ecfd33a status: experimental description: Detects traffic or activity related to http://42.229.164.101:56821/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.229.164.101:56821/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.67.156:41501/bin.sh id: auto-dd739389519d87de441ca4fd5ec4861dd919b8c6bfd7842f493d6654d5407c75 status: experimental description: Detects traffic or activity related to http://42.180.67.156:41501/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.67.156:41501/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.252.178:53074/bin.sh id: auto-9486ba40dc9df4c3d8023a3329e0183e6a5761bd52d6dbf1479171fe2bf7e067 status: experimental description: Detects traffic or activity related to http://123.14.252.178:53074/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.252.178:53074/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.189.114:34690/i id: auto-abdde4838230a65ac5690e84edf9f2f2e5b515013a38fd28458c6d4538d6a121 status: experimental description: Detects traffic or activity related to http://42.224.189.114:34690/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.189.114:34690/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.189.114:34690/bin.sh id: auto-32b9f1d5e00cd20cefd58d950a53a8f902d56b630dde3e0654d74a73e74b671c status: experimental description: Detects traffic or activity related to http://42.224.189.114:34690/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.189.114:34690/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.48.138.96:51729/i id: auto-5686a9fa8750e022f301427d33aabd25adc41240dbd12aaecbf617feb4612d2c status: experimental description: Detects traffic or activity related to http://37.48.138.96:51729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.48.138.96:51729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.196.60:47260/bin.sh id: auto-20de52e7eb047782c633d12c4ca32b423d7a22f8c91a5696b8c7aecff9474293 status: experimental description: Detects traffic or activity related to http://182.123.196.60:47260/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.196.60:47260/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.192.212:51396/i id: auto-ba07dd4071a51fa201888e0488b995c7ef5ab7635efd31acc3b3605e545d61d0 status: experimental description: Detects traffic or activity related to http://115.55.192.212:51396/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.192.212:51396/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.162.199:45939/i id: auto-8777d8449769fa0290d338c27a47d0407d9048e84e5c6ded90701b3a576ecd09 status: experimental description: Detects traffic or activity related to http://115.54.162.199:45939/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.162.199:45939/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.218:43237/bin.sh id: auto-a5852817aa4f5b27f9451da4f3a4fe1cc38c2828a0bb1aadfe4315facacd7365 status: experimental description: Detects traffic or activity related to http://110.37.90.218:43237/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.218:43237/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.86:35480/i id: auto-294ea451cfa41cfb995285bc293d1f5a4ea3dc479b4d857a0a27877d56a74310 status: experimental description: Detects traffic or activity related to http://110.39.225.86:35480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.86:35480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.69.75:40472/i id: auto-22d10b98016249a8be0669b09b1f76cf325d58d288ef10dedcde124e33d294b0 status: experimental description: Detects traffic or activity related to http://115.50.69.75:40472/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.69.75:40472/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.192.212:51396/bin.sh id: auto-c57b4630b1e24cdb77abb39226bff8b1b67ac0293769a9a6618111aa694300e8 status: experimental description: Detects traffic or activity related to http://115.55.192.212:51396/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.192.212:51396/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.27.160:44503/i id: auto-f8dd01cc7935f6597946f8c83276532f3023a4b0661c8e21983d919b06993d12 status: experimental description: Detects traffic or activity related to http://42.230.27.160:44503/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.27.160:44503/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:56188/i id: auto-b62b79c35991b63806f6ebc1453d2c08e677482c28a422b91837949f2a0df3bf status: experimental description: Detects traffic or activity related to http://110.37.52.120:56188/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:56188/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.81.86:54514/i id: auto-e913962fd7778320ff6343f9a470452d30a22b306451eb46ec402654b670835d status: experimental description: Detects traffic or activity related to http://113.237.81.86:54514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.81.86:54514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.86:35480/bin.sh id: auto-54bed366c36b91af54981e0aed4f592b5726c5295eca952f0c33788d99843105 status: experimental description: Detects traffic or activity related to http://110.39.225.86:35480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.86:35480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.105.67:33068/bin.sh id: auto-1850dce99b218f4f8990c417ca3f5a96bec8a5244c6c865783d6e920a4a5299f status: experimental description: Detects traffic or activity related to http://222.137.105.67:33068/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.105.67:33068/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.69.75:40472/bin.sh id: auto-f62309326eee6da4e1a6d9617e9676702f3481c6994397abc3dc2b242ab11b38 status: experimental description: Detects traffic or activity related to http://115.50.69.75:40472/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.69.75:40472/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.27.160:44503/bin.sh id: auto-794eec5ad3dd43cdf19c21b2168de57c31461cdeefbb429a451f53a14cd7a613 status: experimental description: Detects traffic or activity related to http://42.230.27.160:44503/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.27.160:44503/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.148.196:56126/bin.sh id: auto-a9e2304ff8aa08319280099fe865219689565e5067a6f2a490271d62a716c8e3 status: experimental description: Detects traffic or activity related to http://42.224.148.196:56126/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.148.196:56126/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.52.120:56188/bin.sh id: auto-54de3573e0b4b3991b5cc287db8860a51884186c5cabba554bbec74942f9d6f9 status: experimental description: Detects traffic or activity related to http://110.37.52.120:56188/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.52.120:56188/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.61.185:40072/i id: auto-dac80293f8c44eae2986b1e9bd641336b2b9bc3554b58d39960b235d734acb45 status: experimental description: Detects traffic or activity related to http://42.86.61.185:40072/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.61.185:40072/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.84.20:40916/i id: auto-b5b701c86df2a3ee67144f8e6fae782c78ba3b8e3e25220940b868dda75b2630 status: experimental description: Detects traffic or activity related to http://110.37.84.20:40916/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.84.20:40916/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.10.79:60633/bin.sh id: auto-21a604ac729340e99db030353c5c4b2592aab96caedaf4c82ef5c94f0b57d44e status: experimental description: Detects traffic or activity related to http://113.238.10.79:60633/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.10.79:60633/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.76.200:49482/i id: auto-b02c37d38277052ef3e4d12411eac25380acd50a8c91a476676be3fe3035db19 status: experimental description: Detects traffic or activity related to http://59.94.76.200:49482/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.76.200:49482/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.84.20:40916/bin.sh id: auto-c03ec5551abcaa68555f1925eb676ed53c754026a96130f215edc49388ab9409 status: experimental description: Detects traffic or activity related to http://110.37.84.20:40916/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.84.20:40916/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.88.45:37678/i id: auto-3da46e1223cac37f4c67a5cccd1aaf4805c275ab8d572cea82376222942e8a45 status: experimental description: Detects traffic or activity related to http://115.50.88.45:37678/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.88.45:37678/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.215.63:34322/i id: auto-b09b827193403d460c4b46866def59e22ac64298b2c56f0a6030cd7908d99833 status: experimental description: Detects traffic or activity related to http://117.215.215.63:34322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.215.63:34322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.4:43196/bin.sh id: auto-803b39d320d627fa92094d8698e6e4cbe9235c3aadee67cc0e298fcb810f1582 status: experimental description: Detects traffic or activity related to http://110.37.38.4:43196/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.4:43196/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.48.118:49720/i id: auto-f9c666cabdb5941f6923cd3849fdc7ee2372033637a655068a0de2094a61c547 status: experimental description: Detects traffic or activity related to http://115.57.48.118:49720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.48.118:49720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.66.224:42800/i id: auto-b5e391ce123438f6ab42e0d6560af6e8b7cd65a7c16e71bc8c3da7951a9c45b1 status: experimental description: Detects traffic or activity related to http://117.206.66.224:42800/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.66.224:42800/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.76.200:49482/bin.sh id: auto-1491b4d2dcf54e39a14dd970ad8d8c53d183b41affbae6f598ba20db44b73bec status: experimental description: Detects traffic or activity related to http://59.94.76.200:49482/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.76.200:49482/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.162.114:33456/bin.sh id: auto-dddd2ffa26579896e9d8d3bfb0645d37612f49a21387e0ba2bf75b2cd5cc74e0 status: experimental description: Detects traffic or activity related to http://182.119.162.114:33456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.162.114:33456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.215.63:34322/bin.sh id: auto-27cb6729fecdc2f2a523a73b57915e192cb98d80bbbc11e39c28bc25f963f097 status: experimental description: Detects traffic or activity related to http://117.215.215.63:34322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.215.63:34322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.66.224:42800/bin.sh id: auto-0932a91086351e8cc85b71305fbce62d1b41242debcf2d01562eed118b9b60df status: experimental description: Detects traffic or activity related to http://117.206.66.224:42800/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.66.224:42800/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.201.144:59833/i id: auto-8daba73c45ae6790da3a2a1fa0bd962d09853f4d6f6e1ee3f1fe4bca2ed9d111 status: experimental description: Detects traffic or activity related to http://110.38.201.144:59833/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.201.144:59833/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.110.32.134:40118/i id: auto-a7485589c13f0d680b2023a8baa760a50581aed3a9124dbccf1193bf1c387c52 status: experimental description: Detects traffic or activity related to http://201.110.32.134:40118/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.110.32.134:40118/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.156.17:42047/i id: auto-d6d55ce46c6428119d90c3259cd3f94a2f220fac38968fc1917ae716f612dc5d status: experimental description: Detects traffic or activity related to http://175.165.156.17:42047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.156.17:42047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.143.176:46347/i id: auto-ab41e11f75b31eaed3e7d0c4cc0d897a1246f1b7dea8e56489d55cdea9c52867 status: experimental description: Detects traffic or activity related to http://123.4.143.176:46347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.143.176:46347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.88.45:37678/bin.sh id: auto-4d9f32e2b67c9edfdd4a34b31d0787004af43cc7d43dd4a83259e93aa29ce36a status: experimental description: Detects traffic or activity related to http://115.50.88.45:37678/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.88.45:37678/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.88:40521/bin.sh id: auto-45af7c076d18a53d000f8c47fbc954fbc902b5a9a43e76b094e54607deaf1ee0 status: experimental description: Detects traffic or activity related to http://117.209.91.88:40521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.88:40521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.110.32.134:40118/bin.sh id: auto-a0dddac874b9fabb44ab057cf039c2ef886fd0cede64e1d7526f9a627ee9d990 status: experimental description: Detects traffic or activity related to http://201.110.32.134:40118/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.110.32.134:40118/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.143.176:46347/bin.sh id: auto-d5daf24eec1725b57653c54380ec34b9cbb442d97359a1f0c52234adb097981c status: experimental description: Detects traffic or activity related to http://123.4.143.176:46347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.143.176:46347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.6.166:43506/i id: auto-3b594a411df7e3cff53a1cf423370805713ae5d3c2fc9b53bca3cad22e00230a status: experimental description: Detects traffic or activity related to http://123.129.6.166:43506/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.6.166:43506/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.189.143:36806/bin.sh id: auto-911d29051beb99a167ea555c1ea828e63afd68bdcba2731c0725e9f98c93966b status: experimental description: Detects traffic or activity related to http://219.156.189.143:36806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.189.143:36806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.115.140.204:23261/i id: auto-ea6355ba2a29f8d8f34ca246ccb6e7e3e27e74de43385a2af7351ae99b238c53 status: experimental description: Detects traffic or activity related to http://188.115.140.204:23261/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.115.140.204:23261/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.29.50.238:35534/i id: auto-56a5b00ac0d1938309e92829596bac46964d53c2576c59d1316a3801277cff6d status: experimental description: Detects traffic or activity related to http://78.29.50.238:35534/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.29.50.238:35534/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.0.121:60806/i id: auto-c7acb4ac8c7a3786d1751fc5c9d8167f6e9e46d996cd4ad5c33627ea2b0afd8e status: experimental description: Detects traffic or activity related to http://115.49.0.121:60806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.0.121:60806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.23.17:46127/i id: auto-92351e86c8f328f4656b251fa52af2c0b9e898243b593278cc21e1eb2037df93 status: experimental description: Detects traffic or activity related to http://110.37.23.17:46127/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.23.17:46127/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.148.50:58709/bin.sh id: auto-9b9dff2976407840dd0cd5f65c82408f1837ab3ec5bee6adadd3cac207388e94 status: experimental description: Detects traffic or activity related to http://42.224.148.50:58709/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.148.50:58709/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.155.194:52291/i id: auto-3ad88d9d65deb7219f4d2641fb6ab688e4a763aa12b4fc11803f3dc619288714 status: experimental description: Detects traffic or activity related to http://123.8.155.194:52291/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.155.194:52291/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.187.120:47306/i id: auto-04dec2583d2aa8ee2bf468d70d5c35c97d5a13b76a98f6a99a4adb69600bbb8e status: experimental description: Detects traffic or activity related to http://222.140.187.120:47306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.187.120:47306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.107.121:56802/i id: auto-1d4433108da3d9b91d242887645408a7d09e45ef6174c3a0bafd3efedc4f7336 status: experimental description: Detects traffic or activity related to http://222.137.107.121:56802/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.107.121:56802/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/bpmrtYP.exe id: auto-79f0182a00024c9c55d669424b48912f73070c69221609865524e9a3bcf24059 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/bpmrtYP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/bpmrtYP.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.115.140.204:23261/bin.sh id: auto-f05fd8cae6a0d2bf09e1437575fa1bc0fb7757314d45ad67be3bd21e43c0bb59 status: experimental description: Detects traffic or activity related to http://188.115.140.204:23261/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.115.140.204:23261/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.29.50.238:35534/bin.sh id: auto-b2165a0d622cfdc3d1b030965d88a95e7e5d1cd28234b92442867f124a6e67b9 status: experimental description: Detects traffic or activity related to http://78.29.50.238:35534/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.29.50.238:35534/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.7.133:38145/bin.sh id: auto-bf9db629378f018d571f3844da0de4a0e52fbabddf4d8c09324097960343b23d status: experimental description: Detects traffic or activity related to http://182.119.7.133:38145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.7.133:38145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.155.194:52291/bin.sh id: auto-5ad2bf5bb06d5dc5d527b7bc67231150c68585dc4e006f5d84cf24c1c9f05e99 status: experimental description: Detects traffic or activity related to http://123.8.155.194:52291/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.155.194:52291/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.113.10:38676/i id: auto-3b9712c112aaa54ff65157d4e6bd7f9660597a2fddac46ce21ba6b1b0f3d66cc status: experimental description: Detects traffic or activity related to http://112.239.113.10:38676/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.113.10:38676/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.107.121:56802/bin.sh id: auto-d6a8c6e7d0d88fd184dcf5003a694092574d712c9cbaa9acc3a375702b5f170f status: experimental description: Detects traffic or activity related to http://222.137.107.121:56802/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.107.121:56802/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.218.244:47129/i id: auto-95d5a5caedb62a8a3128c8645120865bb6e2f7b130f1836ec4d18708c85d5082 status: experimental description: Detects traffic or activity related to http://42.228.218.244:47129/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.218.244:47129/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.30.91:44821/i id: auto-3797c35eb5e4f8dd60eb3f632f35b268f6b1da1e9c32f1135ae451e9cc34f8c0 status: experimental description: Detects traffic or activity related to http://42.176.30.91:44821/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.30.91:44821/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.113.10:38676/bin.sh id: auto-9080064b7957988e360a2d26dcfda34143ad96d853cf1f2a07de3e65cb386724 status: experimental description: Detects traffic or activity related to http://112.239.113.10:38676/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.113.10:38676/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://114.227.191.105:51250/.i id: auto-c96ae321dce61add0732bc444bf37135a6632930dc02a88ef8ad03bf70591595 status: experimental description: Detects traffic or activity related to http://114.227.191.105:51250/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://114.227.191.105:51250/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.98/Evel id: auto-89514815a62e01ec7f814847ff0fbfcd085828ef55f00b2b82a12083a8e91932 status: experimental description: Detects traffic or activity related to http://176.65.132.98/Evel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.98/Evel*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.44.112:50714/i id: auto-7a0506a6d8c7f5a12b502c54761f926e67470ec72d2f05a6d7021fd666807de8 status: experimental description: Detects traffic or activity related to http://222.136.44.112:50714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.44.112:50714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.119.137:41715/i id: auto-947a19c9980882533783abab478bfca3c25a167cb0417ec067340b9597bf2e21 status: experimental description: Detects traffic or activity related to http://123.9.119.137:41715/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.119.137:41715/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.58.35:42644/i id: auto-ce5376991293f7a0d7a69bb8ed3415cdd08dde622331ff8051e70402f4eed0e4 status: experimental description: Detects traffic or activity related to http://117.215.58.35:42644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.58.35:42644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.70.13.127:41938/i id: auto-f62a1223e82ce4018a9b47bff2def509f26e4e5b332cef94a812deda738bc8ae status: experimental description: Detects traffic or activity related to http://111.70.13.127:41938/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.70.13.127:41938/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.30.91:44821/bin.sh id: auto-692d3b4bdb49c968edac858035cfa8143c1a5396bb87b9ceb247773db7d1c526 status: experimental description: Detects traffic or activity related to http://42.176.30.91:44821/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.30.91:44821/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.234.69:53388/i id: auto-a22d18b095c14fd8a327b9491e922b7de5a664c0ce70ac9b5bcb51ba7a4899a2 status: experimental description: Detects traffic or activity related to http://182.113.234.69:53388/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.234.69:53388/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.2.239:36065/i id: auto-81c1125a1274aaae7e8b4f9bfe7676d33332bea3a44220fe66b9141d41b9eba1 status: experimental description: Detects traffic or activity related to http://61.52.2.239:36065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.2.239:36065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.226.197:47573/i id: auto-5ee05d9c52ecad47b23256cf860d54667c7cf8aeefdec87588310037ee211ed5 status: experimental description: Detects traffic or activity related to http://125.43.226.197:47573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.226.197:47573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.103:39127/i id: auto-7e002e6e1d0a83eb137297fe30a2e076fc9ad07662dec81da371c705dcfd5646 status: experimental description: Detects traffic or activity related to http://117.209.89.103:39127/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.103:39127/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.44.112:50714/bin.sh id: auto-4666faf8f438e9c71954727b9e6c413c24cac80e06dfba42e4d18f8fe55f15a4 status: experimental description: Detects traffic or activity related to http://222.136.44.112:50714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.44.112:50714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.70.13.127:41938/bin.sh id: auto-1d29656aec86c4f9ae9221602d804ee72fe1f8065731e4535c2c01a237e6c27c status: experimental description: Detects traffic or activity related to http://111.70.13.127:41938/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.70.13.127:41938/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.73.15:36690/i id: auto-73124b0d95a57c3c4380e18a76643827cc82e0ed5586ed494e8c9b81e908af77 status: experimental description: Detects traffic or activity related to http://125.40.73.15:36690/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.73.15:36690/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.2.239:36065/bin.sh id: auto-8879ceb112ccdb0558523438d3cf34cd76bf9093c8912e2dedbe41dda989ac39 status: experimental description: Detects traffic or activity related to http://61.52.2.239:36065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.2.239:36065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.226.197:47573/bin.sh id: auto-5a80cc8f3e28ca60745aded10f5278aab898fc55ceb0dfbb2bd48e1b6b54337c status: experimental description: Detects traffic or activity related to http://125.43.226.197:47573/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.226.197:47573/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.119.137:41715/bin.sh id: auto-0a62856827376ed2b1485e64b69d5829755c40e07a630774a361b3bc808bc627 status: experimental description: Detects traffic or activity related to http://123.9.119.137:41715/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.119.137:41715/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.103:39127/bin.sh id: auto-8c9d4ae812b7ca310dab2b8e187fed73414a9a226bfae949fe6d90c3dcdf1293 status: experimental description: Detects traffic or activity related to http://117.209.89.103:39127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.103:39127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/armv7l id: auto-e5ed3b3745c4fd51d6dd82eb3f84a5131b7a47a08ea8e44c47f9f6e57d8b2e2f status: experimental description: Detects traffic or activity related to http://185.121.14.176/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/x86 id: auto-6eb0467b9e6f8d08a212e9bb9c324c46fd70b6b81e58242ef1ffe084fdfb88ae status: experimental description: Detects traffic or activity related to http://185.121.14.176/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/mipsle id: auto-833f03dc9d6b94e879786bc6146d631c4a167d98925297f2960a0eeac8ae9c81 status: experimental description: Detects traffic or activity related to http://185.121.14.176/mipsle which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/mipsle*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/s390x id: auto-ecdf960e3bf8ccb660ab522a188ca99ffd2eeacce04ce5316d6a3890529c091a status: experimental description: Detects traffic or activity related to http://185.121.14.176/s390x which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/s390x*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/bot.arm id: auto-46a712670e4e7cfd3610d09cf8a0a1db84582226a0b2a8faa1b8dc447d62a0da status: experimental description: Detects traffic or activity related to http://185.121.14.176/bot.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/bot.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/arm7 id: auto-62bf9dd125dd0556b5ec005252db692e312d514e8533421d52c1069e08d4ded7 status: experimental description: Detects traffic or activity related to http://185.121.14.176/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/mips64 id: auto-76e4118275382c5bc3142a5f3785a77439bd8bb7a57f0ec3a937ed888abf41b5 status: experimental description: Detects traffic or activity related to http://185.121.14.176/mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/mips id: auto-9a67e133fb93feab8c8f27d6bfd9b6ebd1d9cc4876e58c3a939f96db8f9ca9ff status: experimental description: Detects traffic or activity related to http://185.121.14.176/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/mips64le id: auto-9b35e5650f31e5875f5882f2ca38ad25ec365523bc5390e2954f2c26afb1686a status: experimental description: Detects traffic or activity related to http://185.121.14.176/mips64le which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/mips64le*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/i586 id: auto-27f1156fd9a3353a1fa52f734b71acc4f9e4b1d6407f52fb6a5dec037c455124 status: experimental description: Detects traffic or activity related to http://185.121.14.176/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/ppc id: auto-8fdb8de724ef24cd73925cd8f95c0f60e6b0a300c9631d69cd4f42b373640bab status: experimental description: Detects traffic or activity related to http://185.121.14.176/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.121.14.176/x86_64 id: auto-bedd5d17f121e5bb9a762d18b968bc34170b202bba0a7e4c304c5624f40f2b09 status: experimental description: Detects traffic or activity related to http://185.121.14.176/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.121.14.176/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.148:42960/bin.sh id: auto-6db88f24553009d3617115dc249a00c931f3365a8ee434ac3375f79c6ab1069f status: experimental description: Detects traffic or activity related to http://59.96.136.148:42960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.148:42960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.234.69:53388/bin.sh id: auto-cbd55bc269caa75fa70acefd00039feb5401598c8a2ae117daf9704144d2b3f7 status: experimental description: Detects traffic or activity related to http://182.113.234.69:53388/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.234.69:53388/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.133.94.243:58848/i id: auto-c6da539ce4f33aa1e0bf5b4c9171163d69c18345ade16f3d218a74eb04af93a3 status: experimental description: Detects traffic or activity related to http://124.133.94.243:58848/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.133.94.243:58848/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/946643047/VP0xbEC.exe id: auto-ef577509671b2dc4b258c5e4283d82b0681bb55a21a79266a7296f8b5d6a53cb status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/946643047/VP0xbEC.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/946643047/VP0xbEC.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.133.94.243:58848/bin.sh id: auto-6ff9caf69c7b47f809c4771cb481fd808bebd7d446af88ffa31d693173c596a8 status: experimental description: Detects traffic or activity related to http://124.133.94.243:58848/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.133.94.243:58848/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.221.32:45313/bin.sh id: auto-7e1693de612b435c5cae91e431107ef751490e003d20f49ea09f4869858cce7c status: experimental description: Detects traffic or activity related to http://120.28.221.32:45313/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.221.32:45313/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.14.59:37198/bin.sh id: auto-d8cf73ee72aa569870407c34410ebf887b43aab7b4005b8262f946a5a82165b4 status: experimental description: Detects traffic or activity related to http://221.15.14.59:37198/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.14.59:37198/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/Photo.scr id: auto-f9f408d17ccf08dd0a0a7711c92c993e2cef1d7d96a0971843dddb5baf86a2e3 status: experimental description: Detects traffic or activity related to http://184.145.10.220/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.168.10.70:59985/bin.sh id: auto-3c53e6c3f7851bf18d03b8097fd621fd2be81db2bec58859e6a00e0a5eae36f3 status: experimental description: Detects traffic or activity related to http://108.168.10.70:59985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.168.10.70:59985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:53545/i id: auto-388123359eff27723900bdc48e7fb1be455ed6876994c7dcf4aedd8ae662f813 status: experimental description: Detects traffic or activity related to http://173.28.101.7:53545/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:53545/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://173.28.101.7:53545/bin.sh id: auto-969900ad9bc326309d01b1702c3e6c9579979939b9e29aab74bab90b7fc95ddb status: experimental description: Detects traffic or activity related to http://173.28.101.7:53545/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://173.28.101.7:53545/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.204.110:48530/i id: auto-d0fe75816a22afacbfce919cb5b4bc7d7f4ffef4f3a139e97f2b038ec870f65c status: experimental description: Detects traffic or activity related to http://42.52.204.110:48530/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.204.110:48530/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.196.60:47260/i id: auto-07e7338e3b84f2527fe698128b993ade1ef3077d09fed205a7e3f3ca9a0a87c9 status: experimental description: Detects traffic or activity related to http://182.123.196.60:47260/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.196.60:47260/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.21.169:37141/bin.sh id: auto-9653926ecd5a3433cfa6a4845d298c1c2b3ae5de6e8b53f0665e09e35bcfc846 status: experimental description: Detects traffic or activity related to http://182.116.21.169:37141/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.21.169:37141/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.73.15:36690/bin.sh id: auto-a760e6e6a40954e41e7ade975b4f425fc532f3f3d526951bfd023c382c210115 status: experimental description: Detects traffic or activity related to http://125.40.73.15:36690/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.73.15:36690/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.69.76:53480/i id: auto-f5355a26fd2de77f7cf6748508dd79619f440251ed9436c94a2f8e08747e1f21 status: experimental description: Detects traffic or activity related to http://110.37.69.76:53480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.69.76:53480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.222.159:50460/i id: auto-1f2071084c0dd02c669e0740b02bc1eefb783f61fdeef96ad2431a6afcde9391 status: experimental description: Detects traffic or activity related to http://110.38.222.159:50460/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.222.159:50460/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.91.19.138:54120/i id: auto-065cf687169a3ab9ba3607cc7b88a85bf7d96bc48f6141b1c5eb481629915f53 status: experimental description: Detects traffic or activity related to http://218.91.19.138:54120/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.91.19.138:54120/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.217.144:36912/bin.sh id: auto-f2d202e830bcdf7becd02d1cf6e0b1cb5207f60fed8b99cc30e08b70e95265fd status: experimental description: Detects traffic or activity related to http://27.207.217.144:36912/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.217.144:36912/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.135.190:42142/i id: auto-82a7acb8b1247f310decd8daa5cac3b3165e21965582f2afe81376d8d137cc98 status: experimental description: Detects traffic or activity related to http://112.198.135.190:42142/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.135.190:42142/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.15.28:47781/i id: auto-52a909dc772777744d1d80837ebfd3e1650ff45c1322693b4fb3bbec46988af3 status: experimental description: Detects traffic or activity related to http://59.89.15.28:47781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.15.28:47781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5900855435/eNLe4nm.exe id: auto-e6d4cd67fe4479f9538fe7481d87a1438a2f6fc078e002299261b467a2f2d0dd status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5900855435/eNLe4nm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5900855435/eNLe4nm.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.218:43237/i id: auto-89dc9ade036dded89af1aa80f912dc0277001f37ad81cffde1a677ab3442d862 status: experimental description: Detects traffic or activity related to http://110.37.90.218:43237/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.218:43237/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.91.19.138:54120/bin.sh id: auto-2b57f2d619d18b9d1b86efed4fdf8e2035e7cd521596f6f69e40edd5adf072d0 status: experimental description: Detects traffic or activity related to http://218.91.19.138:54120/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.91.19.138:54120/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.222.159:50460/bin.sh id: auto-65186831da0de891f2cbf52f12debdf2748d3946a944b40328e4fba1a0d4736d status: experimental description: Detects traffic or activity related to http://110.38.222.159:50460/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.222.159:50460/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.48/dlr.arm5 id: auto-22357fd42e7cfb5db5f691db0156afac9737008b1217afbdb8e14b2ccba63bb7 status: experimental description: Detects traffic or activity related to http://130.12.180.48/dlr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.48/dlr.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.48/dlr.arm4 id: auto-089128044655d0d262f234496211b593e17182e34e400530431a87d4e7f1055d status: experimental description: Detects traffic or activity related to http://130.12.180.48/dlr.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.48/dlr.arm4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.48/dlr.mpsl id: auto-4cffa296f99634b6ff93ec0746ac40322af42c345a26f2105da19b915b2fda4a status: experimental description: Detects traffic or activity related to http://130.12.180.48/dlr.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.48/dlr.mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.48/dlr.mips id: auto-54ef8294548f0dbe52e1dbc3a58e33732922154afb2cf8fff12c1a086b65f417 status: experimental description: Detects traffic or activity related to http://130.12.180.48/dlr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.48/dlr.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/arm4 id: auto-5a1c84cfcc241515d434718e45b1b979991d45f884ad763f5edf17bbef6aeef0 status: experimental description: Detects traffic or activity related to http://109.123.232.177/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/arm4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.64/vv id: auto-14b345f28bfd6490f46f3e4e4fb631fb7a90a57802a92efcf0f307f79898845f status: experimental description: Detects traffic or activity related to http://130.12.180.64/vv which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.64/vv*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/massload id: auto-b8e92f657d94e8881d5ce8fa40c0ba51a3f8fd836ed914b8ca5bda4b1e105fdf status: experimental description: Detects traffic or activity related to http://109.123.232.177/massload which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/massload*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/mips id: auto-7e1208ab7e9faad7c00ebc98ea91ee028f21370ed1757d7bb2e6942a688f9fc6 status: experimental description: Detects traffic or activity related to http://109.123.232.177/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/arc id: auto-1ed932cbf24e6d17b0cf57738a99e99ab0138003b7d45d6a2207846b2bfcde9b status: experimental description: Detects traffic or activity related to http://109.123.232.177/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/arm5 id: auto-48f5cfa86f15c68a331b234ef4fb35b8ff663c26d61ba6c420dc8a9cc7099beb status: experimental description: Detects traffic or activity related to http://109.123.232.177/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/mpsl id: auto-f71f93ca10f8146f4f97845b5ee0d67678d47811b334488a6afad2546836bd56 status: experimental description: Detects traffic or activity related to http://109.123.232.177/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/mipsel id: auto-290daf0a4487d194dae69b6adc23cfff9f8bbf0f088daf71b6520ef788513252 status: experimental description: Detects traffic or activity related to http://109.123.232.177/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/mipsel*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/gpon.sh id: auto-e15b41c1571f1ad8572fec361f82e95e02ec5d22bb52f0ea4124b0ce8114c9ff status: experimental description: Detects traffic or activity related to http://130.12.180.126/gpon.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/gpon.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.126/dev.sh id: auto-e7736153e5f0e14bab9b656ca06db4c00d19cadc235df9884427c7e9e404d0ac status: experimental description: Detects traffic or activity related to http://130.12.180.126/dev.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.126/dev.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.15.28:47781/bin.sh id: auto-c1ee73b4d50552ce47ce3ed6329cbf68f810cbd46c695db1a22f95249616b619 status: experimental description: Detects traffic or activity related to http://59.89.15.28:47781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.15.28:47781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.dbg id: auto-745c6b1cba5cc63a5f5270d03b379de1f8ca2cf25987d45f234ffc29540e84a1 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.dbg*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.ppc id: auto-5e86a8492a333f833c4fb62e77e37f15df78bef8fa88ee40507f032667b3081a status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.i686 id: auto-d3c246541cd6bad9d04ddf1a2b4eacbfe833951a5bddc94b42b14aff893fdce8 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.arm7 id: auto-b5f06849e2175a189977174c2e82e8c302fb2b2dda1e6a61008ab07ba72a7eb7 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.mips id: auto-6f21c9f298f2ee75c95cd1ea9eedc4c7ff02149efab8db75b6bd1b6e9f594962 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.m68k id: auto-e4f88161aa8cb37b75666e9f2b8c59b76011fa55ebb85ad917f294f6709e9161 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.arm6 id: auto-53586bf2302f0764076ec5b6162dd1bdacebf075562171e5b7c1290123511226 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.arc id: auto-183a46d78a2925b73292246e2ee102825e1008415eb80148bd8b9c326f5779f5 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.i486 id: auto-6bbee8163457f22da5571d2edec8edcff390aac7701f195ef9e15642f0f8ae0c status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.x86_64 id: auto-e73e909e23453c64e8f66b5a08c29cbf87d6b0bbc4e5f0d3d5b14d1b12a36290 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.arm5 id: auto-3afd8a43b16ee64cbeb4f7151ed3f2ab5bad39e290163e0af6fa71fefcced48c status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.sh4 id: auto-f167261f58fcc108cafff8986e671594beb2f83f0fb7e3a48c9d506e9e93a91e status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.mpsl id: auto-cddfee08cb4c28d450a8b29275bd1d45271c928271dd2a996daf93ab2abc2e69 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.ppc440fp id: auto-719c1bc66b73a8074a479a16f4f9260ba8c223a7bd1de529c3d4349c06151d8a status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.ppc440fp*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.spc id: auto-c22b75cd146f68487b09f4eb886ecbaf91f49456be9290ed1b600c5029a2b3f3 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.x86 id: auto-ec28f832d8e75f1455045ae038cc9894d78e7d149539ead5d59c09f5bdd79afe status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/no_killer/goon.arm4 id: auto-0dd81a20af0e08e1d6f06520485114eb2d2bb126ea935d596741bc9070ffc9bc status: experimental description: Detects traffic or activity related to http://wok.gooning.su/no_killer/goon.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/no_killer/goon.arm4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.arm7 id: auto-634e6ba10964bd57680d2e3fdea89638b922a0fea75f081cd40c880c1bcb87b2 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.mpsl id: auto-2d3bc5e3e08189ababc1e0994b2f479d506f2d6e79b9177d89a7e444f8e16117 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.mpsl*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.mips id: auto-1382966a5a1a5b33b33e8bc5933716343817d558cf6bf5177bdde7791a345b5b status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.mips*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.dbg id: auto-cb786b355496e694338e7a56888c5e0ca11e77ad50dd58bb48a599033f3a7a45 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.dbg*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.m68k id: auto-07fb287ebf720170b0619853dcd7e9a7e8a9cce3f714f9ee2e665f3c9466365f status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.m68k*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.i686 id: auto-2497ccb122fd952e28fbd29b44c8e94c9f82c44ee2562922768642e4af935f35 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.i686*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.ppc440fp id: auto-3a15628d6f1d8100d0e8305eb85e709a944b55d70bdc85dee67139352cc2d2fe status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.ppc440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.ppc440fp*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.i486 id: auto-773b0ab6816442327f5304b8c5562af3f66d052346ffec367c4160f4ac20db28 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.i486*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.arm6 id: auto-c7ee04383d9d024cc4d197226ae006c0416b6e8bfc65186fa7278ff771d33b18 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.arm6*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.spc id: auto-84e613c11422a9b757a2d87e1eeee0c300ebb7822891772f7bdd8135feb3db7c status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.spc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.arm4 id: auto-c19d10b90f560fd8f9fccda92f32e9b2f24fe41b4cab6436b1a89791bcbc9eeb status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.arm4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.sh4 id: auto-99042e6e7c3809f5d05ba939e1c76747e2bcb93b972e5b15b572ad983b4f798b status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.sh4*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.x86 id: auto-190a312e30e5b4eaf410a55d1070081c890a482b7dc70802a7aed46acc0a0ef0 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.x86*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.arc id: auto-066c90296a564a3f56fdaf46c43a396de44599df4bf88706fc4d15d4d918ec83 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.arc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.ppc id: auto-1d629013a75d29ee51efb4edfbbd1b1da0f5ddca533c65b3ef235a04d066fc03 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.ppc*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.x86_64 id: auto-c6d5a9bd9288602dc770b8404b75f336fd44b9e00ae0959dbc8019cdd7c47b9d status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.41.201/no_killer/goon.arm5 id: auto-e46f3f85380aefb4269bd9c9d70469aa87e71bba472fcd1f3bac04a69386de53 status: experimental description: Detects traffic or activity related to http://185.196.41.201/no_killer/goon.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.41.201/no_killer/goon.arm5*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.180.147:54830/i id: auto-e6028f7acfa53c13b132db98df7db47f7541d7e6b83f9b089323aca5bf3af95c status: experimental description: Detects traffic or activity related to http://115.57.180.147:54830/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.180.147:54830/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/ppx86_32 id: auto-3e2d544a1347eb53c766d6faf2bb1b9cb360fd4875eece255376d92329dc7f79 status: experimental description: Detects traffic or activity related to http://158.94.208.27/ppx86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/ppx86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/px86_32 id: auto-eebef93fc6e2d9ece5c204e8b54d195beabff41fbfd9b349f05ce2a852495289 status: experimental description: Detects traffic or activity related to http://158.94.208.27/px86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/px86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/8UsAA id: auto-31de2668dca5993f633f7d5a69ed733ec406d009c61292c6b606384a0d5e6947 status: experimental description: Detects traffic or activity related to http://158.94.208.27/8UsAA which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/8UsAA*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/hikkk.sh id: auto-94d35596e1fa0c0623c3332bf94cc498685df804bdf0ea1b3288fa2dc812b705 status: experimental description: Detects traffic or activity related to http://158.94.208.27/hikkk.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/hikkk.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/ppx86_64 id: auto-a0a0013ed8929f8b14ad21bcd6396b7b82ef3f8c2b2c2fd1e3e9126e647ba35e status: experimental description: Detects traffic or activity related to http://158.94.208.27/ppx86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/ppx86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/dick.sh id: auto-0b0849512226460fc58534c8b0343270deae7142fd8d6d97401cc00b0f670a70 status: experimental description: Detects traffic or activity related to http://158.94.208.27/dick.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/dick.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.233.149:36636/bin.sh id: auto-2d68620bfb69c24a2b78c6115621cbcb4daccca708788e4208d28cb215e0fe60 status: experimental description: Detects traffic or activity related to http://60.23.233.149:36636/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.233.149:36636/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/aarch64 id: auto-c8947e24135ad81d0141e0572a1861eed694c341ccecffab953eea7f088b2bc7 status: experimental description: Detects traffic or activity related to http://109.123.232.177/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/aarch64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/tplink.sh id: auto-cee95bddcf815e59b8f78efbc0c6c812837fda7842c2a68df4395f027a089c23 status: experimental description: Detects traffic or activity related to http://109.123.232.177/tplink.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/tplink.sh*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/arm id: auto-5268672fa88a5ab9d9cac0f23bd56cd64101391bced2b5278fdaba5a20c808a0 status: experimental description: Detects traffic or activity related to http://109.123.232.177/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/arm*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/arm7 id: auto-426929eb5ab79de55be18bb3052b5cc3a5c24874fd754baecdfd682f1ec2ad5b status: experimental description: Detects traffic or activity related to http://109.123.232.177/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/arm7*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/o id: auto-65f10e28f1f3454585df6bb6b1bc8a5af1ac480e16b6480afeee08b18de6ea5c status: experimental description: Detects traffic or activity related to http://109.123.232.177/o which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/o*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://109.123.232.177/x86_64 id: auto-a0652163c455fcfbface9d012426ed6a76b79fe431ceb83e6b3983a17d42fff8 status: experimental description: Detects traffic or activity related to http://109.123.232.177/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://109.123.232.177/x86_64*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.213.55:56421/i id: auto-97b553f4b8cc403258e0195b9423bab8431bfdfc2c72c300aa945fee03ed34a2 status: experimental description: Detects traffic or activity related to http://27.215.213.55:56421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.213.55:56421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.105.67:33068/i id: auto-5cee23ba5aa2188c793bd30c506c3de665aaf7d7bf9b7102b9aacda73953545f status: experimental description: Detects traffic or activity related to http://222.137.105.67:33068/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.105.67:33068/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.54.167:54641/i id: auto-e09602b611969fc334c51846297f90f921e962d40321f08acd415d57a2ea7bd3 status: experimental description: Detects traffic or activity related to http://115.55.54.167:54641/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.54.167:54641/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.62:33578/i id: auto-9edfd050d7cda2ca08ffcf6ce413d617e030c9d43ebd7753ed260c22de9e44a6 status: experimental description: Detects traffic or activity related to http://125.41.6.62:33578/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.62:33578/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.197.102:52275/i id: auto-c8cc29c5d2cea980a6e17258529cc5e005ad9777ef5625097dde18f80285034a status: experimental description: Detects traffic or activity related to http://222.140.197.102:52275/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.197.102:52275/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.59:39782/i id: auto-90a7406cf06798dcac289b3555b69e0de1480c5a78eb3058bacb13ca5a51d473 status: experimental description: Detects traffic or activity related to http://110.37.90.59:39782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.59:39782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.196.82:56424/i id: auto-07abc6a242dfcddc9aed028221ff18eec2bd155c80e346c0c32a9f2b59af74f5 status: experimental description: Detects traffic or activity related to http://222.139.196.82:56424/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.196.82:56424/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.25.78:35635/i id: auto-36a99dc7e5103bd61bd9c124d9942f01aad98af1ff8768818ae8bf6e000bed36 status: experimental description: Detects traffic or activity related to http://219.157.25.78:35635/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.25.78:35635/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.109.208.158:59376/i id: auto-3cd34dcc8461af64603f841f7f500ef76944551d2c4af037138f83c4f64e4ea9 status: experimental description: Detects traffic or activity related to http://119.109.208.158:59376/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.109.208.158:59376/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.92.130.154:52646/bin.sh id: auto-143b5885f35a325bb76796575eb3a601f62338d6d5b3160cfd94050ccaf9c139 status: experimental description: Detects traffic or activity related to http://23.92.130.154:52646/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.92.130.154:52646/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.213.55:56421/bin.sh id: auto-19a1e491436634bd8a1cc42af31a5423dc55f602d7cc58534607c86d24e3ac94 status: experimental description: Detects traffic or activity related to http://27.215.213.55:56421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.213.55:56421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.54.167:54641/bin.sh id: auto-2083f4ff2d4eaf5eb101285243d9d38c32ccca380441cea3260251a04ee6861c status: experimental description: Detects traffic or activity related to http://115.55.54.167:54641/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.54.167:54641/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.127.113:46695/i id: auto-ba59b085425ad8da04b6172e727b5a8a710f458a9ed6a6587b3e91abc2c5ebdd status: experimental description: Detects traffic or activity related to http://182.126.127.113:46695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.127.113:46695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.196.82:56424/bin.sh id: auto-17a4137adbd33296b30d5eab2e147c81973aa188ff051142493066d554022d95 status: experimental description: Detects traffic or activity related to http://222.139.196.82:56424/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.196.82:56424/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.143:40147/bin.sh id: auto-c953458c740bfc9195e7fdec56b82970007c2a62e944721947cd5f542c76df64 status: experimental description: Detects traffic or activity related to http://110.36.0.143:40147/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.143:40147/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.109.208.158:59376/bin.sh id: auto-4d51ed2b979c71a863e282d4eba989040bc0ee11147fb30cf8a1692f80f65fda status: experimental description: Detects traffic or activity related to http://119.109.208.158:59376/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.109.208.158:59376/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.26.180:33179/bin.sh id: auto-0cbcff468394697f34a1d64afcf066c6a5a4c08c85bd140c020cbdaaf37a0897 status: experimental description: Detects traffic or activity related to http://117.221.26.180:33179/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.26.180:33179/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.167.31.143:42573/i id: auto-f281ac6a3e9c5c47426d8121765bba4234ca2a82c6beabdf881840f3dac9fb3f status: experimental description: Detects traffic or activity related to http://119.167.31.143:42573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.167.31.143:42573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.187.159:59753/i id: auto-4794888970aee4140c0b1c91a3c131aee39c47c3bc67f794b4b8bbc49661c0e0 status: experimental description: Detects traffic or activity related to http://42.87.187.159:59753/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.187.159:59753/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.167.31.143:42573/bin.sh id: auto-e879516e77da4d7d8ec8017278dd4b0d8e7eb9a8b2db5f03345c7cf0ac8a871e status: experimental description: Detects traffic or activity related to http://119.167.31.143:42573/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.167.31.143:42573/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.19:36595/bin.sh id: auto-af2cebc21ba74de51120cdc165ba666dbe017cf3761fba08827f7eec30044455 status: experimental description: Detects traffic or activity related to http://59.97.176.19:36595/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.19:36595/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.127.113:46695/bin.sh id: auto-f795dc559d4345c346b122d2d1635ec459f6eb3025fdcfe774a0a5b7b7f443c7 status: experimental description: Detects traffic or activity related to http://182.126.127.113:46695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.127.113:46695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.59:39782/bin.sh id: auto-9f0e81cebace068f8ef7c7baf6c80436906b3e8c57d97245370a103cebbbdb5e status: experimental description: Detects traffic or activity related to http://110.37.90.59:39782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.59:39782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.12.124:39675/i id: auto-9ac948c038e8539f6448c458d65fa4e7309628add8d0b1f8d0364bf646244ecb status: experimental description: Detects traffic or activity related to http://123.188.12.124:39675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.12.124:39675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.187.159:59753/bin.sh id: auto-6f6132f6ad4c6743561cc83444e86006c2925a73308eedc6c3a72088abf7c992 status: experimental description: Detects traffic or activity related to http://42.87.187.159:59753/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.187.159:59753/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/ryYw9LW.exe id: auto-68e26d74d3b22cd7b6f84b5762bfc623331c5782a8b731ad7464a5faf672f680 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/ryYw9LW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/ryYw9LW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.254.180:50860/i id: auto-7b97e3dabfcf6c0e7823e0104f010aaeacdf12c521feef36f48c01fef316a288 status: experimental description: Detects traffic or activity related to http://182.122.254.180:50860/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.254.180:50860/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.153.196.82:58416/i id: auto-92edadbe91244fed8a2fb75b22078dbe64cfdbc48134d8635b6fe676ee30669c status: experimental description: Detects traffic or activity related to http://27.153.196.82:58416/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.153.196.82:58416/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.204:42227/i id: auto-e69c6c8acf1ee9c706a027e5d2db644fa9052fafa1d3bffac0e82cd3f1573601 status: experimental description: Detects traffic or activity related to http://59.97.251.204:42227/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.204:42227/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.39.238:57911/i id: auto-a8d45ad01fa5d39b773dd49031142ae1f32239efbd41693670b8d241f7a75292 status: experimental description: Detects traffic or activity related to http://119.116.39.238:57911/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.39.238:57911/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hotel-access4812.com/Documents/lol.lnk id: auto-603baf714f00bb83af4ea794b2d0c8613e7b39639a0c414182d842a8d1617b80 status: experimental description: Detects traffic or activity related to https://hotel-access4812.com/Documents/lol.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hotel-access4812.com/Documents/lol.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://complaint-forms.com/Documents/CBE%20Notice.lnk id: auto-9b5fd326f51919a8fcf83d38fc629e2dcabf9fab0a65fe4c8ca2855756f839cf status: experimental description: Detects traffic or activity related to https://complaint-forms.com/Documents/CBE%20Notice.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://complaint-forms.com/Documents/CBE%20Notice.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bikolsa.com/Documents/CBE%20Notice.lnk id: auto-1c5fdcd711c01423c170f2975131c4cd0d7711d90ef28e8961986863151d9203 status: experimental description: Detects traffic or activity related to https://bikolsa.com/Documents/CBE%20Notice.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bikolsa.com/Documents/CBE%20Notice.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://complaint-forms.com/Documents/cbe1.pdf.lnk id: auto-b9ff73f74a7b4715542cd7e9b879a5f94843bc1b4104d1d2655f29cd703c4469 status: experimental description: Detects traffic or activity related to https://complaint-forms.com/Documents/cbe1.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://complaint-forms.com/Documents/cbe1.pdf.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://complaint-forms.com/Documents/lol.lnk id: auto-795f2520e7b55769146130cff29681fff8be1bc032525a85ebe5c1f5a797a485 status: experimental description: Detects traffic or activity related to https://complaint-forms.com/Documents/lol.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://complaint-forms.com/Documents/lol.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bikolsa.com/Documents/lol.lnk id: auto-d3811e33078a95c148ad8c1ce28609b2e2b9cb62e4140ead300bec86b4ba5bad status: experimental description: Detects traffic or activity related to http://bikolsa.com/Documents/lol.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bikolsa.com/Documents/lol.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bikolsa.com/Documents/CBE%20Notice.lnk id: auto-869e5bcfa50353b870104c3c14c7122f5d22d02695ba68a5daccc1179cf9861e status: experimental description: Detects traffic or activity related to http://bikolsa.com/Documents/CBE%20Notice.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bikolsa.com/Documents/CBE%20Notice.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bikolsa.com/Documents/cbe1.pdf.lnk id: auto-999db55fab0888d70789b789c498416e0a1b395bf09108d5ac15e7445ac99452 status: experimental description: Detects traffic or activity related to https://bikolsa.com/Documents/cbe1.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bikolsa.com/Documents/cbe1.pdf.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bikolsa.com/Documents/cbe1.pdf.lnk id: auto-68266a8e94d0191e019d5bc9aec65d04155b6655641fb454a0bfbbcafb5c2588 status: experimental description: Detects traffic or activity related to http://bikolsa.com/Documents/cbe1.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bikolsa.com/Documents/cbe1.pdf.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hotel-access4812.com/Documents/CBE%20Notice.lnk id: auto-e10023e45f5ccfb00064b628a23d34295b60f6b7dab3f34518ed8f6d177f4813 status: experimental description: Detects traffic or activity related to https://hotel-access4812.com/Documents/CBE%20Notice.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hotel-access4812.com/Documents/CBE%20Notice.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hotel-access4812.com/Documents/cbe1.pdf.lnk id: auto-0e781279559ebf6365b19948cdf6b65b99d5abbf72153b1ae3665a9808a35874 status: experimental description: Detects traffic or activity related to https://hotel-access4812.com/Documents/cbe1.pdf.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hotel-access4812.com/Documents/cbe1.pdf.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bikolsa.com/Documents/lol.lnk id: auto-3e7ec1ac786e898d79986e04bf660f7c1886febf9039670f11c6cf75b6bb4849 status: experimental description: Detects traffic or activity related to https://bikolsa.com/Documents/lol.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bikolsa.com/Documents/lol.lnk*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.189.143:36806/i id: auto-d830cd5ff2913d42b0914def80a68af5144ba6f390be3cc7e73c903598978f81 status: experimental description: Detects traffic or activity related to http://219.156.189.143:36806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.189.143:36806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5367965558/AGbfIlQ.exe id: auto-293680d59a6024b53e0accb52c8f2c64c4b2b15dd5c62939591ca8bff0ae42e9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5367965558/AGbfIlQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5367965558/AGbfIlQ.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/qhuyUg1.msi id: auto-f04fabe8c760cebcdaf3911dc3e83d4c67128dd787762318ddc8e37e709c26c9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/qhuyUg1.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/qhuyUg1.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.25.160:59598/i id: auto-700f46a5cc6bfc5d9c4b93d881b0403023c9153a9a673003ec56ce04426d54fc status: experimental description: Detects traffic or activity related to http://115.52.25.160:59598/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.25.160:59598/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.251.204:42227/bin.sh id: auto-2e7b7d1ac2d18a62e4c3eb93df6760b96ac55c78e5d04168d2961df20ac7e46f status: experimental description: Detects traffic or activity related to http://59.97.251.204:42227/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.251.204:42227/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.153.196.82:58416/bin.sh id: auto-731b4f24495be84c7f707ef84947a8e1396070a7355a67697c355ce765ed1337 status: experimental description: Detects traffic or activity related to http://27.153.196.82:58416/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.153.196.82:58416/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.194.119:57517/i id: auto-8c17d042f5db86f1d7fbe703701b78c98197ac6d01a2fdb32d0f67cc770a8823 status: experimental description: Detects traffic or activity related to http://221.15.194.119:57517/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.194.119:57517/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.254.180:50860/bin.sh id: auto-3e3f7cca5959b4036ab13069c1c82d6518e18c1a799bb1af73ea3718af330670 status: experimental description: Detects traffic or activity related to http://182.122.254.180:50860/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.254.180:50860/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.57.71:51334/i id: auto-214fab68bc2f9342afbd2e9b8d712dd83ef866e5f24d096c6164db43e9261300 status: experimental description: Detects traffic or activity related to http://110.37.57.71:51334/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.57.71:51334/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.39.238:57911/bin.sh id: auto-8bbbfc1201928caa6c284c1ac4e6d5103edfc3163193bc4294222fb21d352f9c status: experimental description: Detects traffic or activity related to http://119.116.39.238:57911/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.39.238:57911/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.25.160:59598/bin.sh id: auto-a494139e14cb9a4e0bcd217125fc0fb621c751078b268fcf18e3427ef3893036 status: experimental description: Detects traffic or activity related to http://115.52.25.160:59598/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.25.160:59598/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.75.206:51950/i id: auto-fd112b1e27f7a8ea52e329a692ff8fd6b47cfa42e0a97b3a06d299b462a23a61 status: experimental description: Detects traffic or activity related to http://61.53.75.206:51950/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.75.206:51950/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.215.161:47005/i id: auto-e1a6c8bcafd3c9f3d578e04ca08956615042d36534993c3d9afde671d39eb2c5 status: experimental description: Detects traffic or activity related to http://120.84.215.161:47005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.215.161:47005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.62.82:38340/i id: auto-f1512710e164169f058d27a78de45ae3b8802f22e6dbdc3276fe996e6a87dc9d status: experimental description: Detects traffic or activity related to http://182.119.62.82:38340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.62.82:38340/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.215.161:47005/bin.sh id: auto-f2992d222720722a9be45f2bce79c88580f96803e0d9eaa92729f789b03697e8 status: experimental description: Detects traffic or activity related to http://120.84.215.161:47005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.215.161:47005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.38.237:35602/bin.sh id: auto-e1345c2ff1fb6b97b052286c3b9f5892e24a69fb2ba04a1dbeb12ae63cf6d8fc status: experimental description: Detects traffic or activity related to http://117.244.38.237:35602/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.38.237:35602/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.62.82:38340/bin.sh id: auto-d886858fe3ddddac25e5de190d00ad6ad54ea0fbb1b0513c951eac9bc2b3555c status: experimental description: Detects traffic or activity related to http://182.119.62.82:38340/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.62.82:38340/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.47.26/info.zip id: auto-08cf738f4884372ab7ed0e0f434be1d73cf17706de2e3fcdfa3b9558e3bb9699 status: experimental description: Detects traffic or activity related to http://37.84.47.26/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.47.26/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.84.47.26/photo.scr id: auto-ed6e11dc5840f2d46c7ed22f043327856f37050ed76b6eb4634dfbcd2eb34ea5 status: experimental description: Detects traffic or activity related to http://37.84.47.26/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.84.47.26/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.14.73:56897/i id: auto-df80dc27b4727195295f53959f6a7768491ebcfa7c4b84453d7412a5b68eaf41 status: experimental description: Detects traffic or activity related to http://42.238.14.73:56897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.14.73:56897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.194.119:57517/bin.sh id: auto-0662903401d7e0b470944e12b7a187c5528c9e697b84fc4f24b957fbfeff9db4 status: experimental description: Detects traffic or activity related to http://221.15.194.119:57517/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.194.119:57517/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7449711934/qhuyUg1.exe id: auto-f135a4d237b5bfad8b8cd6d723efb6f9927ca79557c211c210459ee0a4d711c2 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7449711934/qhuyUg1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7449711934/qhuyUg1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.136.0:57216/i id: auto-55c2bcaf84c89e2028ba2b2068a72217a40511e50560e4e2e98317446e1b042d status: experimental description: Detects traffic or activity related to http://61.3.136.0:57216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.136.0:57216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.32.198:36794/bin.sh id: auto-73c36033e5655a132a83dd8746f625474b0665bd73245d8f43e15874edd8f8e6 status: experimental description: Detects traffic or activity related to http://125.43.32.198:36794/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.32.198:36794/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.75.206:51950/bin.sh id: auto-e514230bd8ecc385733682633934d149c1ac48c60681b10dfbba0efeeef99c4e status: experimental description: Detects traffic or activity related to http://61.53.75.206:51950/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.75.206:51950/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.240.245:41492/i id: auto-8aa55a885bf30880d136209ff4c8b1ca5ed24ef33786fa6b80840cd8564e79a2 status: experimental description: Detects traffic or activity related to http://222.142.240.245:41492/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.240.245:41492/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.122.12.254:50567/i id: auto-f2cfaacfe6149b4f9c99cfcef273013dbbc020df1a345855c3ae3bafcc2f079b status: experimental description: Detects traffic or activity related to http://46.122.12.254:50567/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.122.12.254:50567/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.83.30.67/photo.scr id: auto-034eaea8c902cff5f5c1cfbbe1fdb7a977a4c58bd59c5a684efb85db7f964c44 status: experimental description: Detects traffic or activity related to http://37.83.30.67/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.83.30.67/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.152.195/video.scr id: auto-a0e5b8b475d7737e3f88a395cd502afa513cd976b4d139e08dc0219eb5d1788f status: experimental description: Detects traffic or activity related to http://37.82.152.195/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.152.195/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.88.185/photo.scr id: auto-cf2553ce8794d7b3436f93d79051699e47e1462c924be6d7bd092d6ad2ff1089 status: experimental description: Detects traffic or activity related to http://37.82.88.185/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.88.185/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.216.199/video.scr id: auto-5846f39e86e6f13c4a36c411fff38a2593267d9486f0018e837a542d2dc5900c status: experimental description: Detects traffic or activity related to http://37.80.216.199/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.216.199/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.216.199/av.scr id: auto-dc387fd6247c8ab1f92f4bd9f65f9ec7910190ffdf4d031a087f30901d1b63b9 status: experimental description: Detects traffic or activity related to http://37.80.216.199/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.216.199/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.10.129/photo.scr id: auto-e34f29be7385f1b19adb04cc6ea5330b25310d3b599e8176ee10b9c71190019b status: experimental description: Detects traffic or activity related to http://37.82.10.129/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.10.129/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/av.scr id: auto-577a073fbd2f18e85cae929036e81e69eace0c4ac8aafdb0fb343f5e3b23791e status: experimental description: Detects traffic or activity related to http://189.157.143.224/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/video.scr id: auto-12cab986883fb94a83626881a5534576a1a34ef694dee454d6eaf504482d6c7b status: experimental description: Detects traffic or activity related to http://189.157.143.224/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/photo.scr id: auto-58b6a1f13cf8722ae9e40535448c4a8e0b0734fd50598c29275956ac09322fe0 status: experimental description: Detects traffic or activity related to http://189.157.143.224/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.64.82/video.scr id: auto-b674532b92b715dbdc92b37729edd23f6d31941171c970d941b363a752fe823f status: experimental description: Detects traffic or activity related to http://149.210.64.82/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.64.82/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.64.82/photo.scr id: auto-dc21f5662fa66c2deffc9950d2a6f0235243e4777336ba87f73213986d651a23 status: experimental description: Detects traffic or activity related to http://149.210.64.82/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.64.82/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.83.30.67/info.zip id: auto-2050b881b16bb993d25e741fd30b0ba58c7ee593f9916debbf37be699c2cf00f status: experimental description: Detects traffic or activity related to http://37.83.30.67/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.83.30.67/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.152.195/photo.scr id: auto-823f6c85e03a9d90f4c216d81a02d425d400607e6fb745b667418811abc3911d status: experimental description: Detects traffic or activity related to http://37.82.152.195/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.152.195/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.82.152.195/info.zip id: auto-c4ca3f7829247780c8805f68ef8be9c1186b188dffa558860788817390360bd1 status: experimental description: Detects traffic or activity related to http://37.82.152.195/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.82.152.195/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/video.scr id: auto-e3905e5085dcef74e2cc74e9981618122fd9f1dd478d486a500dbefb70a4d1ed status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/av.scr id: auto-1dd73914c41df73a889ffb3ed8301288445044b0399a2b4f0164bf106faec496 status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.32.76/info.zip id: auto-484dc4df5c713e8c5c0547465fd4a16db9e2cdfdae709c309366e0ea2bf7401a status: experimental description: Detects traffic or activity related to http://37.80.32.76/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.32.76/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/info.zip id: auto-3553ee7c2796a19c67e8c9958b9edfc18e576f3f9e64366515a15b0d19e16397 status: experimental description: Detects traffic or activity related to http://189.157.143.224/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/photo.scr id: auto-1de184ecc8a9aeec77918e041b66dcb7577a7642f78ee2fb2910d18e89540dd3 status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/1/Video.scr id: auto-5c924e018697174ee5fe50078827a97652299b49dbfed821eecd13af164881b0 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/photo.scr id: auto-28543970c5c7ab15d3c8a6de6803ccd38b2b8c26fec5aa4fee5143444a948dbd status: experimental description: Detects traffic or activity related to http://179.89.221.120/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213:5000/photo.scr id: auto-17e1164bdc5b30ad30e538acaddb873700d15c7cd03dc7b7e95f6ac9ff32fa24 status: experimental description: Detects traffic or activity related to http://202.68.234.213:5000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213:5000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/video.scr id: auto-41d1c406ac8b4f8e23de96d2e34a9b7c15039e66af8f3795c2f1cf279152e885 status: experimental description: Detects traffic or activity related to http://1.52.196.251/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.252.109:41799/av.scr id: auto-e1ebeab2b939ea2c57288b9500776e54d2f80f059876808d3097e870e974fb9b status: experimental description: Detects traffic or activity related to http://177.212.252.109:41799/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.252.109:41799/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/info.zip id: auto-abf785db7d4c5fe95032f35cfa21bf77e7654e6d4c6f2b2eea5ca2159e06774e status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/video.scr id: auto-69504ed9c545422c76d30438c2458fa277d0682f2ca9a8413a07231f6c8d8856 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/av.scr id: auto-36a34651c95669383f5c15a9d326bb275d103efaaafeed0ef215c1048e953925 status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/info.zip id: auto-fb11b1efc561db3fc9a8e402ab2cfb1a0a5d883c53e4d9aa03237b7ab2de09e4 status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/photo.scr id: auto-096cbf49009d69dedc94573ed8d6a4d3a6023734ab1e0ed619a3dc1378d4587b status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/video.scr id: auto-fc52eefb4b29ac609c77cb6f10b4ea6e261543049f8b7f5d0888b7a53d63944a status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213:5000/video.scr id: auto-40290b2b9567666f65b1762c22b1adb90303707ae44d1770c68d9204427f4209 status: experimental description: Detects traffic or activity related to http://202.68.234.213:5000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213:5000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/info.zip id: auto-506ac41237653ee21a3bcf0d1d4284dbba272fdb6e34675930717166c4812ac6 status: experimental description: Detects traffic or activity related to http://179.89.221.120/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/av.scr id: auto-dac6a52d658807cbcf2cfae3e1138c142eed12a5070516688c3ae4729eea75f1 status: experimental description: Detects traffic or activity related to http://191.25.216.214/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.64.82/av.scr id: auto-a19eb62cd20a83ffb03de3fedb0757b081b8e2ba0f48c1fee599c2e3d77ec8cf status: experimental description: Detects traffic or activity related to http://149.210.64.82/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.64.82/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/photo.scr id: auto-98041861856bcc06b19315b078c9a29bbf860c0b1805504714fe1402db12f069 status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/photo.scr id: auto-09f49fda2d75fd8c7caea18f13111f27177b808da44f3df1ab570012e70e6ba4 status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/av.scr id: auto-302a7b90d6420b603a66bbbed73765804fdccfe22200a1a4328f03553143de66 status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/info.zip id: auto-0b1eb423a78c5c8ad63f71a4a5a23ec2327fa843bf02da485a2826dce8d65c03 status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/av.scr id: auto-1b0edc367647bf8219a5ca0de758f95a374e95063ee2221cc37df63b646181b2 status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/photo.lnk id: auto-2d2af3fc89072f3693005f82c4851fae9e2783af9944cbf691434636d22e33fd status: experimental description: Detects traffic or activity related to http://191.25.216.214/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/av.lnk id: auto-10a98d4864af59a0a2ef1a5aec0d682e453adac04ca0bb561915ac393d9ce699 status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.216.199/info.zip id: auto-59aa35870b071cdae1e53a866bf176b257bd6e3f1be47db0e9913f64a8c7b74d status: experimental description: Detects traffic or activity related to http://37.80.216.199/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.216.199/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/video.scr id: auto-8089042faa42ffbe7517150d4cd67de6bba26c6b0236769d1ded608f3f672d9a status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/av.scr id: auto-5f0226c050d46025c4c1592096d0140d9378400d8daddde4694c5e8ec7ea70e9 status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/photo.scr id: auto-92e8ff4327917f119e67440b42ebb78eb9c6d42dd32394d54afa0d4af1ed040a status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/info.zip id: auto-83cf716983306e47b52ae1838d147ba8f7986bed42ebf358985be417c9b967bc status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://113.22.16.48/info.zip id: auto-45b7719369d5eb316dec3139fbd4c82dcf764b5ecb29939cec95ad0a6d6528f2 status: experimental description: Detects traffic or activity related to https://113.22.16.48/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://113.22.16.48/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/av.scr id: auto-8bdea7a065c63e547afe590204d85ef0ba46b98750cb86d62552001c703d7976 status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/photo.lnk id: auto-67e947496f8a022affee4e00eb983f526fadfdd947fa9dedad9ccc8d0cc39f88 status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/av.lnk id: auto-db3f0b930c1bb5e9c4a6dd477cd2eb40ad73cd293bc38a700dc7f5255245d13f status: experimental description: Detects traffic or activity related to http://184.145.10.220/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/av.scr id: auto-efd15d9eb7cb665ea8aefde41ab12efa73e50f27084f545cbd2022fa977935e9 status: experimental description: Detects traffic or activity related to http://187.213.130.221/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/video.lnk id: auto-2f44b948a2413893c250445ca5acec157a1a4803e5f3c29a5f52c62ac9d4fc42 status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/video.lnk id: auto-e63bc3fe344272694ac325e3962a282ba40143aeac85615d77a515cb972692fd status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/av.scr id: auto-2c1ed663edc45da8eecefc9e58b62c75f1894283cfbba312043aec6119558521 status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.252.109:41799/video.scr id: auto-732bc9af2082523930e8a4ca030b268f072cbfcdc2575322a06faffe2ccf04b2 status: experimental description: Detects traffic or activity related to http://177.212.252.109:41799/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.252.109:41799/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.32.106.206:8602/info.zip id: auto-a4550bcfc0ba9618e82dc74f9d94a048affb0fadb463ac4313ed0210c66cba62 status: experimental description: Detects traffic or activity related to http://14.32.106.206:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.32.106.206:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/video.lnk id: auto-9e90df4f7fd7c74762d40fffc89898ea5415039e1212073bc505ddd88a263ce1 status: experimental description: Detects traffic or activity related to http://187.213.130.221/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/av.lnk id: auto-4fd990df05943ae5383d9c7110fcf4bae4b9abeb24e43fb7b24b95c5d8c83ba0 status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/photo.scr id: auto-b093416ce3a8a17e7aa2b09a77f3bc88c8b9ba88a9310f5900735180f8df5aed status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/photo.lnk id: auto-2fb024fec39f17aef090b7822e721cc9cb15043fd8ee1233446eec9c729da170 status: experimental description: Detects traffic or activity related to http://1.52.196.251/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.252.109:41799/info.zip id: auto-14bf92390c1772109a83a340b6eaf560196bf769a19c16c569c4f3e9fa2eee8d status: experimental description: Detects traffic or activity related to http://177.212.252.109:41799/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.252.109:41799/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/video.lnk id: auto-4d986e1183b3b5291f7761da1822361b673abde2f253df9a297da6ab0e8a7696 status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.71.110.163:8080/video.scr id: auto-efe109e284eeceec1fbf23922a77c29253c868c39c8110397ac1530707ea541f status: experimental description: Detects traffic or activity related to http://118.71.110.163:8080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.71.110.163:8080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/video.lnk id: auto-e0ae3fe37e39d812a936870b289d66419f0d44bc1834971ece011cabc68dfb7f status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/video.lnk id: auto-7c21c20392d174910bf640475f5b7eab2d68af786be677d26b6dc4fb6e76b79c status: experimental description: Detects traffic or activity related to http://45.240.237.56/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/av.scr id: auto-5faf052149382365e89db8506a90ea65e16c412f5febda5299d4254196ca0538 status: experimental description: Detects traffic or activity related to http://184.145.10.220/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/av.scr id: auto-3f5a212631b0b24beba205a517527ee219355bef398778a2cc4f8d20c0ce490d status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/video.scr id: auto-0cd068cd2010a22061c3eea8cf7115405eeb01d4f9befc13291ee995e9e7da06 status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/photo.scr id: auto-4cea649ac8229927f87b2f40c6aed7ad34f3eed0e20abc837075ae6eb82ea9f4 status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/info.zip id: auto-1cbba28e87eaf368632b8d4441f7e6b90d508d0e252a48c7b3880f869be0fb24 status: experimental description: Detects traffic or activity related to http://191.25.216.214/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.252.109:41799/photo.lnk id: auto-1174a92169cc8f5575439a12656c02816c3540305162ccc62f6c6d37d3aad27e status: experimental description: Detects traffic or activity related to http://177.212.252.109:41799/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.252.109:41799/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/photo.lnk id: auto-6a2aa7c0e20f3b53df31f13435b430ef3ed642f1986072220a68a585abff7615 status: experimental description: Detects traffic or activity related to http://189.157.143.224/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/video.scr id: auto-2af76c47dc101b621c2a8d65a3480e9a2fedd0def2d2901dc1bc8cb4b0c00a3a status: experimental description: Detects traffic or activity related to http://187.213.130.221/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213:5000/photo.lnk id: auto-5c6fbceae746414423812828101d7e37a385742541451c7ddbd42b4b6e659ab2 status: experimental description: Detects traffic or activity related to http://202.68.234.213:5000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213:5000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/video.lnk id: auto-8bc39f964b33df984880bc578daed5e01ec4ff324a79d3fb771aa7488923a02c status: experimental description: Detects traffic or activity related to http://1.52.196.251/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/av.scr id: auto-2737e1b30e55a5d561c9ce46a678372d443487005c585f3102f9b7a92b2fb902 status: experimental description: Detects traffic or activity related to http://179.89.221.120/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/av.scr id: auto-b6635f4cb2c20493ad7541ffebb1af74ac47efaa5ee593bdb81722aad68e50a4 status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://203.137.101.146/info.zip id: auto-bd051f6003b75025283e1a78a845aae6ce50fb0b4956fcaf289482214c1c28b4 status: experimental description: Detects traffic or activity related to http://203.137.101.146/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://203.137.101.146/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/video.scr id: auto-2e721b2e9cc93f160d99a7209e697d732f19f3b95d695f76d78b1df23d6dd553 status: experimental description: Detects traffic or activity related to http://184.145.10.220/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.71.110.163:8080/info.zip id: auto-367033aeb77115512b8f7cebfb57d085f4d40ef93784858b3f8757e10203ad35 status: experimental description: Detects traffic or activity related to http://118.71.110.163:8080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.71.110.163:8080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.83.36.59/photo.scr id: auto-65eed1e5ae27296073146d26d3cc5ee023aa68299c01723ae4ece5763beabbbb status: experimental description: Detects traffic or activity related to http://37.83.36.59/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.83.36.59/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/av.lnk id: auto-24aad3fdf69c7b0f8580c8fed364bc66de8469399ca71e6f645e24c40b727d62 status: experimental description: Detects traffic or activity related to http://189.157.143.224/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.115.179.188/photo.lnk id: auto-493fc99506789720543df1eec127f396340e44372bc76c133a09f8e187bd724c status: experimental description: Detects traffic or activity related to http://187.115.179.188/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.115.179.188/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/av.scr id: auto-d6db4fdfab6e57523ff795d0210ccc82ec777ee87f056d1db56024b78233c335 status: experimental description: Detects traffic or activity related to http://45.240.237.56/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/photo.scr id: auto-9aa474752b287cf6091c5810a954cbdba7dd5ccbac9657c02aec1900307e8972 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/photo.lnk id: auto-0511e604f2a28bec3cffe6b8d315659034a195068a377a268454c7bed00f0899 status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/video.lnk id: auto-d1af4a5901a55a7f810b2a254a989889f92403f2bed257ddd00d9a9fc7da3778 status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/video.lnk id: auto-52b3abf5e19aadf6e288a65f3be493b800853bae3506628b01e2987ad0a35f83 status: experimental description: Detects traffic or activity related to http://179.89.221.120/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/photo.lnk id: auto-6a8b3d19b53099d4d642b12e1cc0c79f848cce2388ab337338bedf0791d7ce4a status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/av.scr id: auto-71817a3c28d0b1db0587e5cd10455ed99d1df12240429469b2afd37375f04e88 status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.216.199/photo.scr id: auto-f6847e74cb7c34167198d9aff93e93bdb058f4af41e7b3b6937cb38cdecc7d96 status: experimental description: Detects traffic or activity related to http://37.80.216.199/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.216.199/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://203.137.101.146/info.zip id: auto-728ccb0c9c944d3627201970eb1d1c1618f1fcff05276a03c1acc630070a00e5 status: experimental description: Detects traffic or activity related to https://203.137.101.146/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://203.137.101.146/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/av.scr id: auto-1ed77d76f923ced639ff43bd0a30fdbef667c8a379881207bfcd70ba0b2d1fb9 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/video.lnk id: auto-789d15e63d6ea5ad590e688ef3257fc4ea1b97c482692c051714603bf19bd576 status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/photo.lnk id: auto-b957514b3a3f5c596b77e5d37754649320eb3403f979fc5f463791e60f4c95d1 status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/video.scr id: auto-366a920439e2b419b5b3d553b88c9cf8bd9ac3425bd0637502dfdb54bcf815cb status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/photo.lnk id: auto-dbd4179685e379abbdf50db50dcd0497add2faccf2f759ce254d1d69cf7a5cf3 status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/photo.scr id: auto-6b56c5d36ed7ed6dcdb59cf8eacb49ed8a38c8df474d93616187af07bcf994de status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/photo.lnk id: auto-00027736963a6f44d103693e37fd94ce1d7e0a9fbf7410bdca6ecdf220c95184 status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://93.215.23.87/info.zip id: auto-eb2cbbb4f3d10a162a27edbd13ac7f7a225dfb88f6dc62db1a5e35a76dcc0411 status: experimental description: Detects traffic or activity related to https://93.215.23.87/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://93.215.23.87/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/av.scr id: auto-2e63b43e0cf9a502a6ce27f0b37dbf206048fb7eef8613284ddbcdc5b740fe00 status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/photo.lnk id: auto-ef16ebd0ddf18a0152aac3cb07c5626e3424813e2db97198fd5d1d394cc5c202 status: experimental description: Detects traffic or activity related to http://45.240.237.56/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/photo.lnk id: auto-1938bbe984dbe03c214f5488e2b5bc28f42d9a2b65229aeb120177573343f8d1 status: experimental description: Detects traffic or activity related to http://184.145.10.220/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.7.177/av.lnk id: auto-b5cc2f90fe96120b6ed40192d6f5c68ae6a83708f750f5823724b6ad5c74f91a status: experimental description: Detects traffic or activity related to http://37.81.7.177/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.7.177/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/av.lnk id: auto-8e64b5534963abf8011e17092de21efde827a2ccabcd2d2b903fce3edafb225f status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.216.199/photo.lnk id: auto-633298f39cb77a4e3c40ce2923214be98d1a8ebd986e32867387660b89fddea4 status: experimental description: Detects traffic or activity related to http://37.80.216.199/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.216.199/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.64.82/video.lnk id: auto-8cb78eff63c693c86e9f30c6303402700683ab614906a1d8aa5f994eecbcb0b9 status: experimental description: Detects traffic or activity related to http://149.210.64.82/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.64.82/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/video.scr id: auto-2dac622d9e6632bc3024284727d22e57b15d48e373c414357b8cac9cda673877 status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/av.lnk id: auto-661027b63990b2c92e19b123519e796bd1d7a2fb5dbfe270ed9e3ecefebe0e3f status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/info.zip id: auto-d29658ff590166fcf16c0a15f30a4854afe1cdbc2f00a2e96e5c91b82da993eb status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/photo.lnk id: auto-1a248f4d1382320a04b9ee270fe385347137975310ebf23419599899362afde1 status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/info.zip id: auto-36383e2a0f51d56df6cafcef16d4c27131ed383ddd99541b39911d9ff7888d6c status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/photo.scr id: auto-55d4cc3a8a62047427c21fb410ecd285d4f4ade3319549f91f35133cd4eb66ca status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/info.zip id: auto-2d84702f0ac9888cd195e1599ab3b0612d29ef7e99bbba510319599dd9d5d5c8 status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213/photo.scr id: auto-9637b9ff79373eb7a67e80f0cef928f830fe2229adc59671e7b55fad5a6359d9 status: experimental description: Detects traffic or activity related to http://202.68.234.213/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/photo.lnk id: auto-a4d1eb0852edda9bcdd7cdc5af9d88cf0a04b0d6962f5ab3649a8c03a1c78885 status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://189.157.143.224/video.lnk id: auto-8192c9dcb384e8fa88b156b770d9bfc278142f6078ad4fe12b138d03bf305293 status: experimental description: Detects traffic or activity related to http://189.157.143.224/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://189.157.143.224/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/video.lnk id: auto-0aff3aa5ef629a4f09af7ca4ea5ac177355ebc5bf72d057fb74e64fc979c2af9 status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.83.36.59/info.zip id: auto-5387e7b646658717aecc1aff3a60cda3c3f0ccd6d539928b04ed1135bb401dc7 status: experimental description: Detects traffic or activity related to http://37.83.36.59/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.83.36.59/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.252.109:41799/av.lnk id: auto-7d79d0d637403860347bc70077c505eefc1203fc7d251893a1d1aa8a5b8d95bb status: experimental description: Detects traffic or activity related to http://177.212.252.109:41799/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.252.109:41799/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.80.216.199/video.lnk id: auto-3d5badebbe408657da2800231d2c454c17dcaf0572ba1793864604ce5bd052fe status: experimental description: Detects traffic or activity related to http://37.80.216.199/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.80.216.199/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.36.139/video.lnk id: auto-cdc32200c1ddef56c5c750dfb42fae4592d5b9dfe4db21db16cc68fa6c2c2bcd status: experimental description: Detects traffic or activity related to http://138.188.36.139/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.36.139/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/video.scr id: auto-904cdbf3970c9cc49927abd999598b661d70b475dab01b87179d6307d7618ea0 status: experimental description: Detects traffic or activity related to http://45.240.237.56/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/photo.scr id: auto-31c8cad4bd7e36d6ee7d7c59be6befc1a3c0257fc9d60b938be7f6d89fea116a status: experimental description: Detects traffic or activity related to http://45.240.237.56/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/info.zip id: auto-c30a5fdc9dd5ad57066e2664a884f0a262b90f646f1eea0de0de8dccef41e0b0 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/video.scr id: auto-def1839e6c729005c96f55d75333a0812151ec97642b0a77d51168cf5488023a status: experimental description: Detects traffic or activity related to http://179.89.221.120/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/info.zip id: auto-532fae8c2f78f4628fd280e95be080c6d24a4479bab9bebbf62d122845bafba1 status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.44.55/video.lnk id: auto-2cfb0ab5501f1ae0ddeb416219203c6eb08613a9d5ae5941470293e860ff44ed status: experimental description: Detects traffic or activity related to http://138.188.44.55/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.44.55/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/video.lnk id: auto-7710aa5f2d0571cfa5abad056d2a50d3ec1ac1dd256e2f6f26ade0f3e0a973e0 status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/av.lnk id: auto-7e1f459c7e4ed9ad76b9bed088b94c13ea657a31543cc38f1d3b6914daba3cdf status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.115.179.188/av.lnk id: auto-7292c249df99b749c3b6e294c923ae9aac039482a1d03cfbebd21f795adcce24 status: experimental description: Detects traffic or activity related to http://187.115.179.188/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.115.179.188/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/av.lnk id: auto-6fb89e0194bcbd17c687d3a20986a0af048b8f70c07e9f17485bec4a7fff3412 status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/video.lnk id: auto-f2b7ef0fa0e592002d7221c21b016a65bdb6e0e98de8918db0d9466b2b3aeb86 status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/video.scr id: auto-84a0ee6858c56f71c3ae7349c39e64fc589e26d1848fb7c7c3d8414bf7042c60 status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/photo.lnk id: auto-5fde89e7802d205c35f7eddfe30fab044f1d01ffcb38b484a1dfb2cb0a01c269 status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.64.82/av.lnk id: auto-ca7872c6eb68e280b01ed24417de7115c56748c046bb28e08863171e6ffcd4bf status: experimental description: Detects traffic or activity related to http://149.210.64.82/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.64.82/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/photo.scr id: auto-6f376f5b9c10acf037dbe4c5b2a9cf1a0793de62949602543bdd1bb4f829b724 status: experimental description: Detects traffic or activity related to http://191.25.216.214/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/video.scr id: auto-f6eb2702ab9f44520c94b8aa7553cae03424e1517571cac30362e8fa5deca0ef status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213:5000/av.scr id: auto-384d6dcb36f7cd71c46871a876105e22fb45965d882cd4cf0c37744c5107d7e3 status: experimental description: Detects traffic or activity related to http://202.68.234.213:5000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213:5000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.81.7.177/photo.lnk id: auto-cab549b95fa712633c359378209eb325b4c471470974392d83d16c88caae938f status: experimental description: Detects traffic or activity related to http://37.81.7.177/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.81.7.177/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.166.27.211:8602/info.zip id: auto-715a1288cb7dfe19fc73a1ce834e58b240f83433717632cafdaffe2b9fe2f70b status: experimental description: Detects traffic or activity related to http://121.166.27.211:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.166.27.211:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213:5000/av.lnk id: auto-d244dca3c9407af7a60375849faf9294cd04aa3c2cd0b10cf81f12b715ebbcd1 status: experimental description: Detects traffic or activity related to http://202.68.234.213:5000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213:5000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/photo.scr id: auto-e8e805a79ccda874d9fb81a041af0d951f66c887d9a3045b9d3b116f03eb5a86 status: experimental description: Detects traffic or activity related to http://1.52.196.251/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/info.zip id: auto-1d1ccd7a450bbbfd0d43b8b03ac5e871371119076c6ebf1f1b5da1f71c58ce3e status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/photo.lnk id: auto-8763dfecd520fd90479092cc25a7fe5f57e42c5b32c34f28ac486ad7013b32fb status: experimental description: Detects traffic or activity related to http://179.89.221.120/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/av.scr id: auto-0a72b985af12332b880b9b68cb65df1fc564621fd32ff464d383eb627b14d3a4 status: experimental description: Detects traffic or activity related to http://1.52.196.251/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/av.scr id: auto-6a1c58ce0e574f00e22c291123c728d715af65638a64148e84f86ff57a02ab9a status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/info.zip id: auto-509e82478c757828b6b3366122ba92976cb71c9eaeb76a110755fb5be1841d31 status: experimental description: Detects traffic or activity related to http://1.52.196.251/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.154.94.114:3389/video.scr id: auto-dd5cdb513a98307ed127168502cc653bc0945811a52489c6a573f5d55d617c67 status: experimental description: Detects traffic or activity related to http://27.154.94.114:3389/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.154.94.114:3389/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/photo.lnk id: auto-e3dcd34a10690d7bd8aeb2ff62702a3e39b59037ea799dc5ae1e5d1c858bb58c status: experimental description: Detects traffic or activity related to http://187.213.130.221/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/video.scr id: auto-b3eb796a6bd4dd1f73ba4b4bc0343e0d123ab39a67a89a149aaa717e06bbcab1 status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/photo.lnk id: auto-7dec7174936e13e03dbfd8ef023219a76d057edeb117c2b69d0124a365dfc6c6 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/video.lnk id: auto-1045d4d2dd7e79361fe3eba99dcd3d8e844ce0c5dfd9f7ca6bca9542ec515dd7 status: experimental description: Detects traffic or activity related to http://191.25.216.214/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/video.lnk id: auto-63ad407166685db506851ae2a08b202f7a97b7e5090f53719b0b98aad6ec61ba status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/video.lnk id: auto-f3bddc830281a093d7234a282665c8ddab4de4264a0ba4d7b2241d407325c36e status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.71.110.163:8080/photo.scr id: auto-6177bb791bfe071cc186a42b0b568e9fe3230f0bf8d100123e4cf7feaab85907 status: experimental description: Detects traffic or activity related to http://118.71.110.163:8080/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.71.110.163:8080/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/photo.scr id: auto-7812b445e59e6393e36530a15a5d15985fc0c84421c767008b60a20eb6dbd2ec status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/av.scr id: auto-7d6f8db95dff0af7f8dce47bce89bfee93766da4afaaad8d2f686beba8073a2f status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.115.179.188/av.scr id: auto-48b2551be960cbe224b5e995df93795e721f51733b38755f933c7edc0c7261d4 status: experimental description: Detects traffic or activity related to http://187.115.179.188/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.115.179.188/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.71.110.163:8080/av.scr id: auto-fb3db8c8d785677250ea814f90cb3c9b580d499aa3948a05e05bd540856bfc4a status: experimental description: Detects traffic or activity related to http://118.71.110.163:8080/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.71.110.163:8080/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/info.zip id: auto-3eac62ba7e1b6c80311760b88dff9579f2815f63ed5c1c4c27a94f5cc05161b8 status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/info.zip id: auto-38b95824fa86e6fca5530e100721b11883818b45b9415827a4b82eaeb6550f2c status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/av.scr id: auto-87204388944f3bed1e038ab80b1cfb3fbc2db0dab6b873894ab720d1bbb91639 status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/av.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/av.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/av.lnk id: auto-b58d1d2fba24209e1ea64098bdac54b4d3852e6bd4b77da842ab8824363a3e77 status: experimental description: Detects traffic or activity related to http://191.25.216.214/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/video.scr id: auto-b2550dce2c8ea1713d3a6b3512676e114b73769498b40b7e5f57fcb12ea594a6 status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/video.scr id: auto-e5edb07e2f8e3beeecc03ab60c8e444efe66c19af3f41e2f00a52e4ea3efb12f status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://191.25.216.214/video.scr id: auto-518bd1f06cb430ad3ff73d81de35def56238fa1df0a2b1df4783614c90fb832a status: experimental description: Detects traffic or activity related to http://191.25.216.214/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://191.25.216.214/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.115.179.188/video.scr id: auto-938b33b722af6aa92195833ade01bc173930b96229e59e5c6e019137798ad05f status: experimental description: Detects traffic or activity related to http://187.115.179.188/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.115.179.188/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.217.41.123:41798/photo.scr id: auto-bacb8d126ffbdb0faa9914506e8d67162cd9d0c19ee21d28ef7f093b63b629d4 status: experimental description: Detects traffic or activity related to http://115.217.41.123:41798/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.217.41.123:41798/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/video.scr id: auto-f162dc0561a33b786224726757ef2068151ee78ef890d2142299cabf8207072a status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.122.174.233:3389/video.scr id: auto-450cce199df7d5bf4fa554bcd4e6bc16b7ad2d64c0aa7a83e97058b69f45bd49 status: experimental description: Detects traffic or activity related to http://106.122.174.233:3389/video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.122.174.233:3389/video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://149.210.64.82/photo.lnk id: auto-fa6689b2af04449de65cec15f88ac1393643e9bf43e64a2f3be03b44525cf35d status: experimental description: Detects traffic or activity related to http://149.210.64.82/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://149.210.64.82/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/photo.scr id: auto-7d0905c5c330a2170e0ba5a79353f718a62e3fe04f92e6fc562d00c2d0395a6b status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/photo.scr id: auto-bcef0684fed1118e000aeb8c5f40b693ac25bedd54d56fbcf5dd4bcef0a13302 status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/av.lnk id: auto-6dbae2e391b538ab3c9b94371eb41d6d67c7575cb3a0b8278cdd3329a36ab617 status: experimental description: Detects traffic or activity related to http://45.240.237.56/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/av.lnk id: auto-1b327e68f18e28a3239c2d46044a9f2765836a318f6831547b2561fdd880a2b3 status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/video.lnk id: auto-4268e37d8c712dc9008d800d736e9e3a1132f869241659db1662ce08fe2aae4c status: experimental description: Detects traffic or activity related to http://184.145.10.220/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/info.zip id: auto-c17e98bb5caeaaf06b6dfd2690953373ccf963cad0eee6af51dd269fab225355 status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.85.229.198:81/info.zip id: auto-59c01a410eeed1e2acfcf32189472991c548334a88c008ac044a1c410b9fd68c status: experimental description: Detects traffic or activity related to http://218.85.229.198:81/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.85.229.198:81/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.42.72.125:41799/av.lnk id: auto-4c34950930894270555ba598f7c37fe7e039c454a6dd8e26fb24ee6c3186e20c status: experimental description: Detects traffic or activity related to http://177.42.72.125:41799/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.42.72.125:41799/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.44.55/av.lnk id: auto-cad29deeae6843c06d4287c4cf597de23d9bb9b207aa488a65884938c03c8109 status: experimental description: Detects traffic or activity related to http://138.188.44.55/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.44.55/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/photo.scr id: auto-d80297f7a350b2f4df2743239b8b9a143f4b09d37068e1512e5c7869ef2d104f status: experimental description: Detects traffic or activity related to http://187.213.130.221/photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.71.110.163:8080/av.lnk id: auto-ceeddf9a42451ee61b74b72494b4e239ca65595ad4d603bd96f54d8f571eb040 status: experimental description: Detects traffic or activity related to http://118.71.110.163:8080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.71.110.163:8080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251/av.lnk id: auto-d1dfd069b36eb173d8f4dcb738bc2228d0b10a8b86ad474367e869086255ae63 status: experimental description: Detects traffic or activity related to http://1.52.196.251/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.164.206.156:90/info.zip id: auto-3a8f8bffd7bd703672f0aa876527af0e8e8a0c6552a4470723d4d18bd9d2c382 status: experimental description: Detects traffic or activity related to http://221.164.206.156:90/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.164.206.156:90/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.33.14.160:8602/info.zip id: auto-3b6766b999d706f69169e45483a727a990b309ab46cc230586acac75e7fd2518 status: experimental description: Detects traffic or activity related to http://14.33.14.160:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.33.14.160:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/info.zip id: auto-eaf6b56115c11745f8f76f9e4e597e00ebf6cfeec55b2b4df3d1fedcd12fc4f1 status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.145.10.220/info.zip id: auto-2a52e7bdc2a12560fda1771f046122779be726e9810a201420b3d6bc7acad87f status: experimental description: Detects traffic or activity related to http://184.145.10.220/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.145.10.220/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.53.123.70:8602/info.zip id: auto-651dca3277e262ce1a25dd917af4fd8b1489ef1d805e44f938ad51d3008349f9 status: experimental description: Detects traffic or activity related to http://14.53.123.70:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.53.123.70:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.68.234.213:5000/video.lnk id: auto-4ff401274f2db2a7f5bab0b138d6c1d69c060f90127077997f7fdff74ba5f110 status: experimental description: Detects traffic or activity related to http://202.68.234.213:5000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.68.234.213:5000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/info.zip id: auto-8600648e36607ea28e29cae77e659b5301fea55f8bdde28f00f12e99fe371be6 status: experimental description: Detects traffic or activity related to http://187.213.130.221/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.115.179.188/info.zip id: auto-a4eb79d7547ac4615bcf1f7ea9051bd90e76e0cfa1db83454df0079effde8ceb status: experimental description: Detects traffic or activity related to http://187.115.179.188/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.115.179.188/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.240.237.56/info.zip id: auto-c2dc8bbc73e8b778d03b493b5e16f4f05084e1a7097ea25483cf6a86b2bb0a14 status: experimental description: Detects traffic or activity related to http://45.240.237.56/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.240.237.56/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.89.221.120/av.lnk id: auto-6b069178bb6ab69b61e8b6171c4149cd9624e9cf6940ad6df06226b74ee3d30a status: experimental description: Detects traffic or activity related to http://179.89.221.120/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.89.221.120/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://177.212.252.109:41799/video.lnk id: auto-09ce42f90335d652b942c5273fea6712d49a22d0ad362ca5394b3313f8c85b5a status: experimental description: Detects traffic or activity related to http://177.212.252.109:41799/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://177.212.252.109:41799/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://140.224.26.112:8088/av.lnk id: auto-8195cff0b79796100ddbdb5d1c5b00b2f349b98ece75bac57d6eba4e0b8adceb status: experimental description: Detects traffic or activity related to http://140.224.26.112:8088/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://140.224.26.112:8088/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/av.lnk id: auto-62f4db1d16be3af708ab74ae6bb99ba5f3e2094a46e8acce00d6135b6d92612d status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/av.lnk id: auto-b830e71bfa43641501ef1802eaa82ee5460e2dbf4d68db973cdb05fc889e6a86 status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.44.55/photo.lnk id: auto-0a6611766ecbd69a1d62a155c05f1528cc8d6253bef711c54a38fd55a2fc2d51 status: experimental description: Detects traffic or activity related to http://138.188.44.55/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.44.55/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.215.23.87/info.zip id: auto-8b4286e535f6e5749b734fc9b4a562eb6996ddaaef3b00b35f68c35de9a1611a status: experimental description: Detects traffic or activity related to http://93.215.23.87/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.215.23.87/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.59.99.143:9090/photo.lnk id: auto-9e6e244df7c90854ae069dc99f4b3eac6380d948846dca74533b74ded193d0ad status: experimental description: Detects traffic or activity related to http://187.59.99.143:9090/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.59.99.143:9090/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/video.lnk id: auto-ad71ef15445052a4346ccbd46463329fbaf9194d09e1595e5053199f703db5b2 status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.115.179.188/video.lnk id: auto-af1ca73b39385905769c7f7a4da1f0df34ba5e7fb5b2c065ae25625a03dd9b01 status: experimental description: Detects traffic or activity related to http://187.115.179.188/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.115.179.188/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.16.137.81:1000/photo.lnk id: auto-ed8f9b4331f3efd410f731cce6a5806b2dba87b9a37d4a68bb443b301dbe673b status: experimental description: Detects traffic or activity related to http://123.16.137.81:1000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.16.137.81:1000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.64.147.12:81/av.lnk id: auto-ed8939ef00f602ea7b64bf8d5becee58c601923b8edeee5c7a1b2870d747c51b status: experimental description: Detects traffic or activity related to http://218.64.147.12:81/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.64.147.12:81/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.1.222:8081/video.lnk id: auto-842450e98e487c48bafcb644d4452f2b3f4fec6f4c90a44f4e58b98098f7cdff status: experimental description: Detects traffic or activity related to http://187.213.1.222:8081/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.1.222:8081/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.44.185.140:8602/info.zip id: auto-4a269564eefd248a3f97c076ee131df4492a5f8776751740e2c356b877dd2a3f status: experimental description: Detects traffic or activity related to http://116.44.185.140:8602/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.44.185.140:8602/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://187.213.130.221/av.lnk id: auto-5f5028fbb2ca1f5c015c4dc00137098c10c0ed72fa980f7e207668f846438bdb status: experimental description: Detects traffic or activity related to http://187.213.130.221/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://187.213.130.221/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.71.110.163:8080/video.lnk id: auto-6ed33e46847de204c85e0631a0e4077b1f4cc83db4c58d7d1e05532856f00b72 status: experimental description: Detects traffic or activity related to http://118.71.110.163:8080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.71.110.163:8080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.43.88.50:9000/photo.lnk id: auto-6679ccb173f3b5aed7b201e38b1881c17ab6ceaf2e225ed959ab01758044acf3 status: experimental description: Detects traffic or activity related to http://120.43.88.50:9000/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.43.88.50:9000/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.81.113.254:9000/av.lnk id: auto-ace61c455b1149117b822907647c7fc29eed1f02c1a33a9454cb4497eb7a19e5 status: experimental description: Detects traffic or activity related to http://110.81.113.254:9000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.81.113.254:9000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/av.lnk id: auto-92450db8b4921b49b7265f8a86125d13573be07570fefeb0f3c335ee119969c9 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.48.27.29:8080/photo.lnk id: auto-2f62efe26edff9c4159aef8cb4123c8a02c41a5fa3bc52f6645683c4d50832a9 status: experimental description: Detects traffic or activity related to http://116.48.27.29:8080/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.48.27.29:8080/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.24.153.17:9000/video.lnk id: auto-81f54d3f1a7b09c6d2347d27f9021efc45be6c47cba17cdd0f45cb3b71fd7073 status: experimental description: Detects traffic or activity related to http://117.24.153.17:9000/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.24.153.17:9000/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.36.139/av.lnk id: auto-965ce6dd706b4506d9090ae8df504caf0e170b90c5438ade7a5ec534788c2d8b status: experimental description: Detects traffic or activity related to http://138.188.36.139/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.36.139/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.188.36.139/photo.lnk id: auto-5e1d1a6f21096f3b083e9a329084457dcfdad2345cef53400f85facaab0f3512 status: experimental description: Detects traffic or activity related to http://138.188.36.139/photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.188.36.139/photo.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/av.lnk id: auto-5eb95acdaa4678186034e1b6646c801bdd6fc9a91fbf5fa57d16ce7f32fee056 status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/av.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/av.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.52.196.251:8080/video.lnk id: auto-2581ef95e3708fea8cfb29a6cadc07e5368633f9e445aca9e0a14bc06002659c status: experimental description: Detects traffic or activity related to http://1.52.196.251:8080/video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.52.196.251:8080/video.lnk*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.76.63.7/raw/phantom.exe id: auto-99b96fd384dce40f6ebbc21045877ff8927280f5260b4c099875928728321851 status: experimental description: Detects traffic or activity related to http://79.76.63.7/raw/phantom.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.76.63.7/raw/phantom.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://getvelocity.lol/assets/erto3e4rortoergn.exe id: auto-79023386e31f69482d2b3940c6d62e1540e700fc6d82db5017766604c72ba753 status: experimental description: Detects traffic or activity related to https://getvelocity.lol/assets/erto3e4rortoergn.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://getvelocity.lol/assets/erto3e4rortoergn.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://r2.e-z.host/c2422dfd-041b-412c-9f09-459556a0eeef/dbxguowt.exe id: auto-5f583217de19d191250677b8daebf21c12d4e87e781aabaf5d4e213eaab714dc status: experimental description: Detects traffic or activity related to https://r2.e-z.host/c2422dfd-041b-412c-9f09-459556a0eeef/dbxguowt.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://r2.e-z.host/c2422dfd-041b-412c-9f09-459556a0eeef/dbxguowt.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.177.26.171/most/lada.exe id: auto-b81783dae3041fc2ce8e66b21246d68c00ae5ebd3d15d244125101dd4add91b3 status: experimental description: Detects traffic or activity related to http://192.177.26.171/most/lada.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.177.26.171/most/lada.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.106.24:47042/i id: auto-07df7315da4bafdf3f044abe097acb5b45e505b5801228362d764430c5dcdd02 status: experimental description: Detects traffic or activity related to http://61.53.106.24:47042/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.106.24:47042/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.206.188.13:35365/i id: auto-6c56f33ef410bc92758fa18bdc3c316d1135b5dbba853c1dc6ac5dfadbbb3000 status: experimental description: Detects traffic or activity related to http://27.206.188.13:35365/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.206.188.13:35365/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.136.0:57216/bin.sh id: auto-49d23df96e84b2a601697c070b0f27036f14f800bc9f623925372691d6b740f7 status: experimental description: Detects traffic or activity related to http://61.3.136.0:57216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.136.0:57216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5917492177/Z9AUqKz.exe id: auto-16b030c4ac2b60e1e457891295601e92d9e5e4f136e175c8f2082f3e6532c47c status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5917492177/Z9AUqKz.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5917492177/Z9AUqKz.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.106.24:47042/bin.sh id: auto-b1c57412df2b5d0ddae038ef1c95cbb16ed68e73e9a0cd8b9a0741a772952608 status: experimental description: Detects traffic or activity related to http://61.53.106.24:47042/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.106.24:47042/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.180.144:52756/i id: auto-253d599e4a2e7bf00e9b13002af4cfe75bd7a0a3021272369c0677b63108c275 status: experimental description: Detects traffic or activity related to http://42.177.180.144:52756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.180.144:52756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.0.6:35741/bin.sh id: auto-95a519e769bd82ac5e4327472541ff6e5ea34a8dad14e9afef5de12abcd90e10 status: experimental description: Detects traffic or activity related to http://180.191.0.6:35741/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.0.6:35741/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://76.72.238.134:51433/i id: auto-5295caed03f56e8b7eadc95d2442d4e0c80c388d50cf64a3d063940f8ccec76f status: experimental description: Detects traffic or activity related to http://76.72.238.134:51433/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://76.72.238.134:51433/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.225.179.114:59283/.i id: auto-df1e13bfa26a65f69299a1d02c332b4bcdb8146cedb00c770f3ef6277eb9e12a status: experimental description: Detects traffic or activity related to http://212.225.179.114:59283/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.225.179.114:59283/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7380423702/mzaYZgq.exe id: auto-608130765ba834749572f461c40ae27d517c03aebcdda145676b1b6b97a07b2f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7380423702/mzaYZgq.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7380423702/mzaYZgq.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/most/random.exe id: auto-d9c0deaba0346b68e2efe04e16ef0af9517ba4d09be149e420b5a1b642d7c2ea status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/most/random.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/most/random.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://76.72.238.134:51433/bin.sh id: auto-87e71315db1a3a2915ad480dff54d35a3c32e43b32f488482ed500aa10aac230 status: experimental description: Detects traffic or activity related to http://76.72.238.134:51433/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://76.72.238.134:51433/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.38.122:50350/i id: auto-383cf3f02d7a86a8f107632b546105e1d948583be48060427ee2f3a7f5da6aff status: experimental description: Detects traffic or activity related to http://42.52.38.122:50350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.38.122:50350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.219.177:44871/i id: auto-9eff31622200cbbf6f5de8589ec48a451cb87a9d79ad384b9b366c3fdf158a98 status: experimental description: Detects traffic or activity related to http://182.112.219.177:44871/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.219.177:44871/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.83.32:49862/bin.sh id: auto-0159365113a0dbd75518f708fffefa2d81e75debfea1475b96619c8029a68570 status: experimental description: Detects traffic or activity related to http://175.165.83.32:49862/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.83.32:49862/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.14.73:56897/bin.sh id: auto-2e12087421d4312784813ef44fccba8e3590b834548aeabb094fddaf6ab643bc status: experimental description: Detects traffic or activity related to http://42.238.14.73:56897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.14.73:56897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.187.239.145:54065/bin.sh id: auto-088e798cb51d0d8b3d6b77e67e505f7a9a04a20259f8fcf4761d9343ca7e9932 status: experimental description: Detects traffic or activity related to http://119.187.239.145:54065/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.187.239.145:54065/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.188.200:54806/i id: auto-0feb9e5c39a9ef56e89f16ea0eda978f2ffee3a2cc23b4df9245757c98ad8184 status: experimental description: Detects traffic or activity related to http://123.14.188.200:54806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.188.200:54806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.212.143:50523/i id: auto-75b092e0233478c7a9854c2df4c5c34c0f72ff5c4f0b418801118856f0b15664 status: experimental description: Detects traffic or activity related to http://182.114.212.143:50523/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.212.143:50523/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.156.17:42047/bin.sh id: auto-5626b3b6976fc0ad816134ef2a01e031dfe5984cc7edb5708d66e41895d5caef status: experimental description: Detects traffic or activity related to http://175.165.156.17:42047/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.156.17:42047/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.193.47:56781/bin.sh id: auto-cb1e4d73cc584e5488af4729cfe0310ea421fbac87cad7651f97f988765b3c9e status: experimental description: Detects traffic or activity related to http://182.114.193.47:56781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.193.47:56781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.248.4:55555/i id: auto-09cb75e2fbce0e27b2f6167ff5696ca92de387f3fac5946c64c4fc5684199fd7 status: experimental description: Detects traffic or activity related to http://219.155.248.4:55555/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.248.4:55555/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.142.240.245:41492/bin.sh id: auto-648719e245649bed668f7819d5720ec80d0ded96b94d99d267802f5be3b644a0 status: experimental description: Detects traffic or activity related to http://222.142.240.245:41492/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.142.240.245:41492/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.219.177:44871/bin.sh id: auto-475c9164c6cded9023bce5357ceb09c1ae7b6c6c50c39b15be2fe2127ad94a18 status: experimental description: Detects traffic or activity related to http://182.112.219.177:44871/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.219.177:44871/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.27.77:42418/i id: auto-eaeb644a7cd7c41add177b77761174a7ed94616c98f321a79c7d9d78c00c4740 status: experimental description: Detects traffic or activity related to http://222.137.27.77:42418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.27.77:42418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.43.46:35178/bin.sh id: auto-618fb5d04cd873c9624318b6f5bbbad54b9f5025d88501b34d60d67bc9703527 status: experimental description: Detects traffic or activity related to http://42.230.43.46:35178/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.43.46:35178/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.21.169:37141/i id: auto-397b3af08807d496aec5efdb77aa805f9f13fc4f4db1a3b10bdc2db77093c2b6 status: experimental description: Detects traffic or activity related to http://182.116.21.169:37141/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.21.169:37141/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.27.77:42418/bin.sh id: auto-7559277d19c07747a5f630d273a914fe157bc85f5e39dc3f152547318026a6a7 status: experimental description: Detects traffic or activity related to http://222.137.27.77:42418/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.27.77:42418/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.13.158.127:5506/ny.vbs id: auto-cf30d6230ec67948c6aa3cd7f5b7831b00558105ae3d3559c1758e317dd35de6 status: experimental description: Detects traffic or activity related to http://198.13.158.127:5506/ny.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.13.158.127:5506/ny.vbs*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://geeconglobal.com/CLOUDFLARE id: auto-83d0260b2c9b01f5346cae70116039b66639ffda1bbbb2a57252727b9fbcb9a5 status: experimental description: Detects traffic or activity related to https://geeconglobal.com/CLOUDFLARE which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://geeconglobal.com/CLOUDFLARE*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://142.93.179.103:8081/ id: auto-c546adb39fb902e39f3889bfcb6a8bd53585d2d8f34ef85a595d37db35d08787 status: experimental description: Detects traffic or activity related to https://142.93.179.103:8081/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://142.93.179.103:8081/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://157.230.254.1/ id: auto-5088e5844027dcdef926bf355ad98ae1b6e266897e02e668896b282aff95d665 status: experimental description: Detects traffic or activity related to http://157.230.254.1/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://157.230.254.1/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.241.42.40/ id: auto-71f473f8689e4c1368860c364d0d2218814fe0339042f8daeaee24c164c0baf9 status: experimental description: Detects traffic or activity related to http://103.241.42.40/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.241.42.40/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://162.215.130.152/ id: auto-9c2bc306fb6a5e1e1c6c23a9831f0322a5a2e4f7d69af6a27ebeffdebcba6186 status: experimental description: Detects traffic or activity related to https://162.215.130.152/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://162.215.130.152/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://152.44.39.12/ id: auto-bfe4b85d5d2e86dc10c75cbd546c324a690774cf5dd3901187977c31e6785bb7 status: experimental description: Detects traffic or activity related to https://152.44.39.12/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://152.44.39.12/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://165.22.255.138/ id: auto-862075289d903bd76490e53cfd319f983ebb4125e5f3dad64499f33e24593631 status: experimental description: Detects traffic or activity related to https://165.22.255.138/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://165.22.255.138/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52.21.159.183/ id: auto-4b078192ed26dd56d24e0e1189172825f0e8678a1ca4167cc6ddb6416f70ea59 status: experimental description: Detects traffic or activity related to https://52.21.159.183/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52.21.159.183/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://72.167.140.158/ id: auto-d37f86c38e22f1820cb1765dda448dc2e80fa845decada2ba4670cacf817ec41 status: experimental description: Detects traffic or activity related to https://72.167.140.158/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://72.167.140.158/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.62.59.160:8080/ id: auto-c8e4b1b670cd8f8f5ee0a988073cc02e3d99ac057dba0481fb2340b6ab6dd09a status: experimental description: Detects traffic or activity related to http://72.62.59.160:8080/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.62.59.160:8080/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://159.223.160.166/ id: auto-fd68c0142d273a8bbd1eaddb64b42b66757e525b72d82293117b759edbfb5292 status: experimental description: Detects traffic or activity related to https://159.223.160.166/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://159.223.160.166/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.160.27.36/ id: auto-7c010ba384ed2a8d3bfcd80320d73d448f8dc004d0c519a77d3ed9c5a81fb493 status: experimental description: Detects traffic or activity related to http://217.160.27.36/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.160.27.36/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://46.4.194.54/ id: auto-8a3d126b66204b1ee98353527c8d529364ec97e277ab3d6049db6fa0bfae987f status: experimental description: Detects traffic or activity related to https://46.4.194.54/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://46.4.194.54/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://102.206.27.46/ id: auto-d462255eaf0dc9bb92f0b8cd36c3d2c45ee01a3eacd7ef118f5c1dd026edaee4 status: experimental description: Detects traffic or activity related to https://102.206.27.46/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://102.206.27.46/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://18.222.4.143/ id: auto-a83551e76e74ac5c9168976ae486772cc947d2cfac381a2b861633354d2c42be status: experimental description: Detects traffic or activity related to https://18.222.4.143/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://18.222.4.143/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.39.32.101/ id: auto-53d85a118b678f77d7d509fa1615fc0dc78451c8ccf1403b83c227dfc2c2a07a status: experimental description: Detects traffic or activity related to http://66.39.32.101/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.39.32.101/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.233.119.235/ id: auto-5b435e5b83f2b284398e53eb359d491fa352928eca6046c8b95bb72b250c19aa status: experimental description: Detects traffic or activity related to https://13.233.119.235/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.233.119.235/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://183.181.96.178/ id: auto-173c70df774a24332b38c4feec61f8e3767d3ce0c7041b956ad89cb925d3ce0b status: experimental description: Detects traffic or activity related to https://183.181.96.178/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://183.181.96.178/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://148.72.247.154/ id: auto-ea37a82ebc67c137f0a2e3c006a4c21ed8742d34c53b1afb99d5d4a1105aadc3 status: experimental description: Detects traffic or activity related to https://148.72.247.154/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://148.72.247.154/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://89.37.214.212/ id: auto-b40e2dd6b49ecf5fef20d6967e50555f9580ee648a88fadc7865f28fa96c282d status: experimental description: Detects traffic or activity related to https://89.37.214.212/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://89.37.214.212/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://77.120.165.2/ id: auto-bc951b2381732963f643fa5c6675f99f5d300d44037c3b3f7b218ebcd5d897ff status: experimental description: Detects traffic or activity related to https://77.120.165.2/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://77.120.165.2/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://132.148.78.83:444/ id: auto-2d916588aa0e33c86ec17de71c7eaf0da249318fb5087b86cac708f00a9ac8c1 status: experimental description: Detects traffic or activity related to https://132.148.78.83:444/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://132.148.78.83:444/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.159.11.216/ id: auto-57bc0451e311ee9b0a95fd480721f7a9499118cfa429a7a70fb74408eb24ce89 status: experimental description: Detects traffic or activity related to http://178.159.11.216/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.159.11.216/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://174.142.195.203:444/ id: auto-e3e36f470f54538b72497dc099c2a357bc8b4ab6f3486e3b98120852100d5ba4 status: experimental description: Detects traffic or activity related to https://174.142.195.203:444/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://174.142.195.203:444/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.121.34.146/ id: auto-fd4eb7590fe678cf70490121ced7a32df87ed7374616a7fe37812f1b99b1d198 status: experimental description: Detects traffic or activity related to http://91.121.34.146/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.121.34.146/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://66.39.17.31/ id: auto-e3bfd6eedaba3b051ce13c9f737b08aea074db0d101a6843e2c800808ce2457b status: experimental description: Detects traffic or activity related to https://66.39.17.31/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://66.39.17.31/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.199.33.111/ id: auto-8e6ceb0e1308f198339767601b74b675192e7ecd6e402746faddb236073559ac status: experimental description: Detects traffic or activity related to http://213.199.33.111/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.199.33.111/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.197.49.130:8080/ id: auto-c433dcaa6758cd5184b1ff4d87bc659ce413088dd2d8e7fa78b5e1abb0f9a399 status: experimental description: Detects traffic or activity related to http://138.197.49.130:8080/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.197.49.130:8080/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://173.255.252.25/ id: auto-1fe40b5329df4c3ef613c5a6e926c8591a35e7f89af83bc8edffbba249a8432b status: experimental description: Detects traffic or activity related to https://173.255.252.25/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://173.255.252.25/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.199.222.6/ id: auto-e498c55daeb9a335dff4cfb8b08d60a3a0dbc732269922fdc4c74b19f8bf8c8b status: experimental description: Detects traffic or activity related to http://138.199.222.6/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.199.222.6/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://178.159.11.216/ id: auto-90017aea859a31fe4c7e6f3b66196f2c13c8c6405c2e0e3c485cc0139e82788b status: experimental description: Detects traffic or activity related to https://178.159.11.216/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://178.159.11.216/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://18.222.166.74/ id: auto-c18be90a74fc5e3e7e79ce408d7e7777202d6e7921832b94e18ad5cf760ff341 status: experimental description: Detects traffic or activity related to http://18.222.166.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://18.222.166.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://52.40.97.75/ id: auto-6ff4a8d7b01825e387d7016c4b9a29ed31055293da6f2cfda61f82e73cb3add0 status: experimental description: Detects traffic or activity related to http://52.40.97.75/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://52.40.97.75/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.92.158.250/ id: auto-c4c9a229fbed67d8960c7400bbef53906048b2b453c98e341c448b064bfb3ae5 status: experimental description: Detects traffic or activity related to http://190.92.158.250/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.92.158.250/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.71.235.243/ id: auto-0d15051b7ffc13e88ee61f20236401d5f9b0676fd2342b98d5d3be27f97f3146 status: experimental description: Detects traffic or activity related to https://3.71.235.243/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.71.235.243/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7103746036/LcNPLLW.exe id: auto-5d00cb36e86dba6544417d82f8b86ceaa9436864cadd9ee092d50d2d41e7e2db status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7103746036/LcNPLLW.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7103746036/LcNPLLW.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://54.173.170.130/ id: auto-81e01feb62b51e3b42950bc8b69708d055c506269bd50ccf2ab0a74c91696a2c status: experimental description: Detects traffic or activity related to https://54.173.170.130/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://54.173.170.130/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://169.50.189.146/ id: auto-590e11b7badea2359f0cc509cfcf84376e213e6abfeba579da5e257e50c9291d status: experimental description: Detects traffic or activity related to https://169.50.189.146/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://169.50.189.146/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52.76.43.213/ id: auto-47c3b5f006e437dcc4d5ede6885fafb54a9eedea1c7c5421bdac9c9afdea0ca1 status: experimental description: Detects traffic or activity related to https://52.76.43.213/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52.76.43.213/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://138.199.222.6/ id: auto-3c8cab6bf6108b3ffe4d7e5dffcf5d41311684b9f787eefa72dc3f8bcb0c4800 status: experimental description: Detects traffic or activity related to https://138.199.222.6/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://138.199.222.6/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://216.92.32.98/ id: auto-5d81c629baa365105233f09576f6136a7aac78b9bee628d256bacd9c328bf0df status: experimental description: Detects traffic or activity related to https://216.92.32.98/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://216.92.32.98/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.147.204.35/ id: auto-cba72cc953cef13f8f88f801024c9ff7ab350f9754fe62aa75f6dda22c9ecd9e status: experimental description: Detects traffic or activity related to http://31.147.204.35/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.147.204.35/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://84.16.239.214/ id: auto-f29cc17d003cc2f031fab68036b0ff155a83a57e578899d6e45d3fb454b20578 status: experimental description: Detects traffic or activity related to https://84.16.239.214/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://84.16.239.214/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://104.199.248.167/ id: auto-955a57f867e9e14d16769eab126cb1c2d1b61ac65fafb3ab221c16d261bf1e46 status: experimental description: Detects traffic or activity related to https://104.199.248.167/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://104.199.248.167/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://74.207.236.7/ id: auto-cb8f2309cdf41d06fa271742159f4bc9c1d5eb9f0606db5a3d707124ca0e2617 status: experimental description: Detects traffic or activity related to https://74.207.236.7/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://74.207.236.7/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.76.63.6/ id: auto-f295c56366bbedf567fc2792b6ed57e02de9d17ef27bbd5e12a666e64e8e99c8 status: experimental description: Detects traffic or activity related to https://45.76.63.6/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.76.63.6/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://64.227.129.58:8083/ id: auto-17fa7c3c6929996c8e70f5f2b6b850ffe9e63add6ac40389c72018ba5d640cab status: experimental description: Detects traffic or activity related to http://64.227.129.58:8083/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://64.227.129.58:8083/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.198.135.70/ id: auto-3be2cb849887e4aaa5f069067e26d6dec6bf2f631aad960570c4ba0c3f4549b1 status: experimental description: Detects traffic or activity related to http://143.198.135.70/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.198.135.70/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://199.168.184.115/ id: auto-fb42b53498fb7ccf4b75d7bb7ac3592ee3044fdf872a53763b2c16ceacf457ab status: experimental description: Detects traffic or activity related to https://199.168.184.115/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://199.168.184.115/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://98.70.13.131/ id: auto-da102add911e5fd6671d4f8cbb6eaeceaa3c180a1a970e8b208343ddac9cf703 status: experimental description: Detects traffic or activity related to http://98.70.13.131/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://98.70.13.131/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.198.73.49/ id: auto-9d849fd26d48f7e156f80133e507ffe742cdd06fe8e1e35525bea5ea4ee02cfc status: experimental description: Detects traffic or activity related to http://143.198.73.49/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.198.73.49/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://176.57.70.199/ id: auto-2a55a60a0856d4ec043ebdeca8e872dff1a63b7f2522ada7ea54c856aad1228e status: experimental description: Detects traffic or activity related to https://176.57.70.199/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://176.57.70.199/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.111.134.202/ id: auto-9cadc2f4137927651a3b80f9e614a87c51aadcaa945fbae39581dc591acb8171 status: experimental description: Detects traffic or activity related to http://89.111.134.202/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.111.134.202/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://167.99.0.131:4011/ id: auto-48059c0a9c43083f351a3df4d5b2db4950483f041a5e39d1cb02531422aae15f status: experimental description: Detects traffic or activity related to https://167.99.0.131:4011/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://167.99.0.131:4011/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://202.74.75.181/ id: auto-0a8db92cfb8ed3370ac1db0a15a4803002309d486b04b692f1b626c9c7c57ac8 status: experimental description: Detects traffic or activity related to https://202.74.75.181/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://202.74.75.181/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.14.240.188/ id: auto-b0d895dd1978b003a871dad34794d4dc0ad0d28b974df0716a0cc3e11814b338 status: experimental description: Detects traffic or activity related to https://3.14.240.188/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.14.240.188/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.120.165.2/ id: auto-77861aff93d9e5f99a0d0e4ddadb0b4c9dedc8cde75216b90a49a4d8c8490f72 status: experimental description: Detects traffic or activity related to http://77.120.165.2/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.120.165.2/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.213.189.252/ id: auto-356e81a0acac2bc267b2fee9241460ec6948169b597ae2ddb96ddf0f8fe4b478 status: experimental description: Detects traffic or activity related to https://13.213.189.252/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.213.189.252/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://44.203.141.243/ id: auto-b2b0fa705196fd56a4ccf525b92fddffc849ecce75d0fef5812b5a564539dd1f status: experimental description: Detects traffic or activity related to https://44.203.141.243/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://44.203.141.243/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://52.192.160.71/ id: auto-dd5e225c6223cd012e378ec206f88f99525c6378bb7924f2edf8a51bfbd8d5ba status: experimental description: Detects traffic or activity related to http://52.192.160.71/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://52.192.160.71/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://159.223.94.233/ id: auto-f9b692447b1f9ca58d00df2fe0953f11e12c73db5856e4a97927059c8fce04fd status: experimental description: Detects traffic or activity related to https://159.223.94.233/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://159.223.94.233/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://74.208.210.81/ id: auto-ece6cc6f14d9ff89eb2c8413839efc0f0e1ba391ac1c224eaa7dff4e2b6737b2 status: experimental description: Detects traffic or activity related to https://74.208.210.81/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://74.208.210.81/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://165.73.81.241:9809/ id: auto-7d49660ec6bae1e3a2c5432462ef3aee4466e4366987467eeaf140d4ef78bf85 status: experimental description: Detects traffic or activity related to https://165.73.81.241:9809/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://165.73.81.241:9809/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.79.216.201/ id: auto-d605a7f3078ac60f09a3b992f753bce26ca4b092bf08f541eb015f0618baf107 status: experimental description: Detects traffic or activity related to http://45.79.216.201/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.79.216.201/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://49.13.228.105/ id: auto-f8e602f34e3687e5a285014f8688b7be683f07b0bb6ac18f3033a0c67845b6d2 status: experimental description: Detects traffic or activity related to https://49.13.228.105/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://49.13.228.105/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52.23.9.8/ id: auto-3eead1e96ab2292e6686f7a8f10e0d8b0be3145c53efabc8721bd36e727110f8 status: experimental description: Detects traffic or activity related to https://52.23.9.8/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52.23.9.8/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://152.42.225.73/ id: auto-32d4e9f06366fc010b4f22656f8515fed8c90ddd63c35382f0e8291e8679fc23 status: experimental description: Detects traffic or activity related to http://152.42.225.73/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://152.42.225.73/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.99.0.131:3011/ id: auto-b3c85ade8e2af5fc1963489d60884cc85b2b513050a5e14b71fcb572cd7f211f status: experimental description: Detects traffic or activity related to http://167.99.0.131:3011/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.99.0.131:3011/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://213.111.148.241/ id: auto-cfecae85e344ea4cb4f12035cc803dc7c346066390814f699241f876f483ea9e status: experimental description: Detects traffic or activity related to https://213.111.148.241/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://213.111.148.241/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.91.87.184/ id: auto-289e1c0cdc8eca344e552b696c154be9d2b34cdcc61059852c0ba6db110915b8 status: experimental description: Detects traffic or activity related to http://198.91.87.184/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.91.87.184/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://18.222.4.143/ id: auto-ae4ee353b3c4e4613995027e6d4c50df797b367632127f9ac25843b25a65b444 status: experimental description: Detects traffic or activity related to http://18.222.4.143/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://18.222.4.143/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://142.93.179.103:8080/ id: auto-1e2e08b0546df5dbe154bf695cd085931fd50c783eaae11dfc33df76ea472ace status: experimental description: Detects traffic or activity related to http://142.93.179.103:8080/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://142.93.179.103:8080/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://44.221.166.160/ id: auto-da664cb35aca9a38c25a2465d5e2f14e5502b290e1418d659b0d88d0d36ffb86 status: experimental description: Detects traffic or activity related to http://44.221.166.160/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://44.221.166.160/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://199.168.184.115/ id: auto-c9373820ba8ba808f135c87c7316aa512687b1688508b2ea6345d0b5c145ef4e status: experimental description: Detects traffic or activity related to http://199.168.184.115/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://199.168.184.115/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://143.110.235.189/ id: auto-501e04360a303ee74dffbddbbaed8c12f492b207e62de1f1a2bd0575073dbf7a status: experimental description: Detects traffic or activity related to https://143.110.235.189/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://143.110.235.189/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.48.143.20/ id: auto-cc0e14b19c715891b5a0c7145688940a476de2b5e9ef2c6cf658dce959470e27 status: experimental description: Detects traffic or activity related to http://69.48.143.20/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.48.143.20/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://103.26.141.6/ id: auto-08e1519f6bb8ef3e349390c3bc54f3987f044d8ae7b0677718eaf2929d8727d2 status: experimental description: Detects traffic or activity related to https://103.26.141.6/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://103.26.141.6/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.179.231.237/ id: auto-6f36268304480e343d267bd20708c57a3c2be6b7d43b0c543849f19d74c298dc status: experimental description: Detects traffic or activity related to http://108.179.231.237/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.179.231.237/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://143.198.135.70/ id: auto-cd2b647b478f9d737df57e8b44de045acad1bb0d9348ac5bb8ce62353ea12111 status: experimental description: Detects traffic or activity related to https://143.198.135.70/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://143.198.135.70/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.143.145.55/ id: auto-7ff851d8f0d9eca9180479442d95ccc1e8174b3d69c19fb828e21eaed6130ed3 status: experimental description: Detects traffic or activity related to https://3.143.145.55/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.143.145.55/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.18.128.17/ id: auto-b4775bb2821e94d50a3cc94750362acd9435308f6158397096d6f1ce0f74f3df status: experimental description: Detects traffic or activity related to https://3.18.128.17/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.18.128.17/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://118.139.167.36/ id: auto-25c537e9b23e1c91c8272783ee92fc9895376eb9f81e9793e9f6a4d3fd505c01 status: experimental description: Detects traffic or activity related to https://118.139.167.36/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://118.139.167.36/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://85.235.145.247/ id: auto-f71273278ce07460a865069e18abc9ad8b5d1db44acea0f9c271e4029c398189 status: experimental description: Detects traffic or activity related to https://85.235.145.247/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://85.235.145.247/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://44.200.11.23/ id: auto-d972ebf4c7978818bcebdfc0445d5cccbac1792daf228565a9eca42549a16d9e status: experimental description: Detects traffic or activity related to http://44.200.11.23/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://44.200.11.23/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://18.176.47.246/ id: auto-10f497db0a81f55e3d05c49814a556bd32c82b2339d41fbef5771e055fd740c0 status: experimental description: Detects traffic or activity related to https://18.176.47.246/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://18.176.47.246/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://176.57.70.199:8443/ id: auto-1adfc50744297b49d685c1e2185011b57580cfb7b1a29509db72ca0473b842e9 status: experimental description: Detects traffic or activity related to https://176.57.70.199:8443/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://176.57.70.199:8443/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.174.173.32/ id: auto-9f35ca3a014e3602ac95246c201b7179e8ce086b76ec5288d32941fe90f0f7da status: experimental description: Detects traffic or activity related to https://185.174.173.32/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.174.173.32/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://54.76.13.162/ id: auto-68c7c2d4d29da92a04cf19214e07376820e2fe969f32f37552a2659ffa1b9f9b status: experimental description: Detects traffic or activity related to https://54.76.13.162/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://54.76.13.162/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.121.34.146/ id: auto-d3457de9d307164e4f6af773ed87a46ad6b433b1d94c893d41825b647d0b15e6 status: experimental description: Detects traffic or activity related to https://91.121.34.146/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.121.34.146/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://192.241.158.165/ id: auto-f170669d0e0d3e85ae711bb3a751fcc5a128a78a9a0fc6e4d2a23160ee9ac2c6 status: experimental description: Detects traffic or activity related to https://192.241.158.165/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://192.241.158.165/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://92.205.227.106/ id: auto-566e7e859101f25bdb913e76127ff01eae20e9c0961004564149c7595ce13196 status: experimental description: Detects traffic or activity related to https://92.205.227.106/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://92.205.227.106/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://4.227.186.5/ id: auto-2c852eeefba76cadd7746f7c07132144cc03996de986a42aa1d26af953aff21a status: experimental description: Detects traffic or activity related to https://4.227.186.5/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://4.227.186.5/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://34.23.45.74/ id: auto-9d2f8b9e7b24de02b89441e569f712e041eb2a08cbf555a29a247fe5562e99cf status: experimental description: Detects traffic or activity related to https://34.23.45.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://34.23.45.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://159.89.93.96/ id: auto-faa36418979eb28afd3c41739233d4973d3002f2941fa83f3ab842ee7250fa3b status: experimental description: Detects traffic or activity related to https://159.89.93.96/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://159.89.93.96/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.89.99.22:8080/ id: auto-b7760222fbca444e98dacaba39ed65f8a5c5c1b26d4d7b87cd5386f30e79e73b status: experimental description: Detects traffic or activity related to http://198.89.99.22:8080/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.89.99.22:8080/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://15.236.37.248/ id: auto-d8b7721813d01d2fc3a08962bcf6df289222e3d80513a52474d7de250799c12c status: experimental description: Detects traffic or activity related to http://15.236.37.248/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://15.236.37.248/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://172.233.144.238/ id: auto-e17c658a07a84ba0f19e7c9f72b928d5354164e356da2d73efef0532025e4d3c status: experimental description: Detects traffic or activity related to https://172.233.144.238/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://172.233.144.238/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://173.231.199.178/ id: auto-7808a8b92f40583b2595d3ec18092789f3336051457f84583c9da19638fc6e5f status: experimental description: Detects traffic or activity related to https://173.231.199.178/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://173.231.199.178/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://161.35.17.65/ id: auto-39278c694f981ca863a14218216e16c8bb23eb28ff0c5cd3b784a17f6d6ba381 status: experimental description: Detects traffic or activity related to https://161.35.17.65/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://161.35.17.65/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://138.197.49.130:8081/ id: auto-98830f29d732eebc24535f92eb344be382f2c3e03b725807b965a5ab27eab200 status: experimental description: Detects traffic or activity related to https://138.197.49.130:8081/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://138.197.49.130:8081/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://44.221.166.160/ id: auto-42fb6a005426516a8623a393f7dd20d265404273986355e473363cf4e67ef94b status: experimental description: Detects traffic or activity related to https://44.221.166.160/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://44.221.166.160/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://18.217.254.255/ id: auto-fbf5051a7be8f5dc57e58d696911540935b2d87b090cf6874a5a1ed02f04a273 status: experimental description: Detects traffic or activity related to http://18.217.254.255/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://18.217.254.255/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://134.209.209.26/ id: auto-6a945024a15758f5f261d39479a39a23337c7d85ab2907b88e442b2ec648a344 status: experimental description: Detects traffic or activity related to https://134.209.209.26/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://134.209.209.26/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52.192.160.71/ id: auto-0acfb37b1f3839407ee15cbef1f62bd9483a7b5419fdd90484c5821744afc7d1 status: experimental description: Detects traffic or activity related to https://52.192.160.71/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52.192.160.71/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.53.69.246/ id: auto-f2ea141e7d376fb7d58603165175a836d121f8833039ef81b56d75b1100eaebb status: experimental description: Detects traffic or activity related to http://92.53.69.246/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.53.69.246/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.154.5.83:9092/ id: auto-13c46fd4400aa52dcac9a2294155bd705fbe1c44c2ecd21361e26eb829d27f20 status: experimental description: Detects traffic or activity related to http://202.154.5.83:9092/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.154.5.83:9092/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://92.53.69.246/ id: auto-61a699ba5459538d7c3b09e20fa626f138af3618a5439040fcd07e92f91a1009 status: experimental description: Detects traffic or activity related to https://92.53.69.246/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://92.53.69.246/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://158.69.62.153/ id: auto-eda749628408191b963b0f06df8bbb7050ef1b6c578073c9086c0eae569a5eac status: experimental description: Detects traffic or activity related to https://158.69.62.153/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://158.69.62.153/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://3.14.240.188/ id: auto-7c5bfb6a632ff997ad523945f188f5d4849d02a69b243d1510159273e1ecda27 status: experimental description: Detects traffic or activity related to http://3.14.240.188/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://3.14.240.188/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://37.27.187.213/ id: auto-4c1fb953e713aedfc32603e98b878ef5e382221b66c1225fefcd6dab98883cf8 status: experimental description: Detects traffic or activity related to https://37.27.187.213/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://37.27.187.213/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://188.166.162.138/ id: auto-5f4df5566d170212ff0b0c3caca69fec4f1e66e6a7889300ab7f882d9c21de44 status: experimental description: Detects traffic or activity related to https://188.166.162.138/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://188.166.162.138/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://152.42.225.73/ id: auto-114e156bc935832b47c13bb8c393b174b72e801993921b0d82fa44f5f159bc99 status: experimental description: Detects traffic or activity related to https://152.42.225.73/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://152.42.225.73/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.181.96.178/ id: auto-49e55ef7aea1829e42b5ce44a86dbd361241902f77dc88fde0f0bbf741058fe7 status: experimental description: Detects traffic or activity related to http://183.181.96.178/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.181.96.178/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://3.34.125.22/ id: auto-518fec8b14e683e714caea2e41c7a317349e894cf9fbf83b535a768dc354c433 status: experimental description: Detects traffic or activity related to http://3.34.125.22/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://3.34.125.22/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.116.193.105/ id: auto-1cafe2e206cb14f0ec490fa6d4c6d08be336cb1499f1d3647084cef46091a556 status: experimental description: Detects traffic or activity related to http://185.116.193.105/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.116.193.105/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.35.214.173/ id: auto-883ee4bd1895251cfcb05da13bf57bb54915327e672c76ffe6288a210928e817 status: experimental description: Detects traffic or activity related to https://3.35.214.173/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.35.214.173/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://74.48.114.55/ id: auto-26ad0d2d58265ed751dc074aa54186071f148ae462197a9890fc203e26f92b16 status: experimental description: Detects traffic or activity related to https://74.48.114.55/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://74.48.114.55/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://65.49.82.3/ id: auto-ec7d5f74399c47c4d7fc959f2dc5d67060874867162343493d26df77ef711d22 status: experimental description: Detects traffic or activity related to http://65.49.82.3/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://65.49.82.3/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.223.94.233/ id: auto-2746a38e64282da4920096e7aebaf6846bbd881afd6ea9828bc0bcf503571364 status: experimental description: Detects traffic or activity related to http://159.223.94.233/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.223.94.233/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.35.124.133/ id: auto-3b269176851cb36a571628e0bc80c899a0c18acb796529bfb17445c6edb265b2 status: experimental description: Detects traffic or activity related to http://5.35.124.133/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.35.124.133/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.130.229.174/ id: auto-311517da43326860b60a16920de82d884eae6287ce4c5d6328e6d0fbdebbb5e8 status: experimental description: Detects traffic or activity related to https://94.130.229.174/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.130.229.174/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.4.65.177/ id: auto-eda651bcac4a4d08ff49d94ece7e1ee3e918bdf39d13e659e9e82766fb44fefe status: experimental description: Detects traffic or activity related to https://185.4.65.177/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.4.65.177/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.199.248.167/ id: auto-fa650eb6beb35a5e047eab89e52f51a18c9f225578d147c135edf4e15b38ce39 status: experimental description: Detects traffic or activity related to http://104.199.248.167/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.199.248.167/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://144.208.73.31/ id: auto-037f6fe1deba5ab1a7496f9b292372a93abbd19ff4136e4a7fea9d3d319f99ea status: experimental description: Detects traffic or activity related to https://144.208.73.31/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://144.208.73.31/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://112.220.72.117/ id: auto-822a7d64f3e1dc05649e62934cb94d8c4810c6c37be115c5ed418a7efc3ea9d7 status: experimental description: Detects traffic or activity related to https://112.220.72.117/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://112.220.72.117/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://18.217.254.255/ id: auto-aa75829c0dd896a77bbf3e0507505898f86b6363adb1385999f9f3acc9486b42 status: experimental description: Detects traffic or activity related to https://18.217.254.255/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://18.217.254.255/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://3.35.214.173/ id: auto-c1ce2c449318b2d3caa0805f8b911082609d79d98113a412d643283ce76731b3 status: experimental description: Detects traffic or activity related to http://3.35.214.173/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://3.35.214.173/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://54.197.245.249/ id: auto-c9a69ae33c01e35bf4841ebd370365397a4cb8484f49e69ff3a22a3c561841cf status: experimental description: Detects traffic or activity related to https://54.197.245.249/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://54.197.245.249/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.73.81.241:9808/ id: auto-dc3a8cbc768d3db6c91b241dcadd4f5bcb98ae1e910f62a5b5576dd2c3d74e6d status: experimental description: Detects traffic or activity related to http://165.73.81.241:9808/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.73.81.241:9808/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://98.70.13.131/ id: auto-76ca13a2b2dd7ed4e59c385e80d5d98207b8d839facfc72015758d180a0bd4ef status: experimental description: Detects traffic or activity related to https://98.70.13.131/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://98.70.13.131/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://52.76.43.213/ id: auto-8c2850369da9d69cd157ea56f7493288ab1d6fabedd7f04685b63049bfd5d54e status: experimental description: Detects traffic or activity related to http://52.76.43.213/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://52.76.43.213/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://208.109.244.121/ id: auto-ceb540aae40ed94e65fefe3bb3e7f02f655c3d1f1cbd0029e2a0489734529313 status: experimental description: Detects traffic or activity related to https://208.109.244.121/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://208.109.244.121/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://165.22.182.5/ id: auto-d1bd8d40d074dc6b693387fe50fe50407e0910822523a5b2426ce6118bdb0140 status: experimental description: Detects traffic or activity related to https://165.22.182.5/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://165.22.182.5/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://184.73.130.151/ id: auto-eba9a9c48101c0ba29a9401c2e4fa9cdf844ba6520f35218f87d2958c55f4c8d status: experimental description: Detects traffic or activity related to https://184.73.130.151/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://184.73.130.151/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://3.18.128.17/ id: auto-3cb3ee9db05450ae66f55754a69efa43b0d3c315f1e280d6fa0a74892ec5c726 status: experimental description: Detects traffic or activity related to http://3.18.128.17/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://3.18.128.17/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://54.197.245.249/ id: auto-a7f893fa36f8b678771bc756497cf25dff6cb002e5533b47b86f7f5416b9943a status: experimental description: Detects traffic or activity related to http://54.197.245.249/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://54.197.245.249/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://198.199.84.181/ id: auto-36ba3c2ed98ad98b632157f311f1cd6d996fbab161521e303621984383edec8d status: experimental description: Detects traffic or activity related to https://198.199.84.181/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://198.199.84.181/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5.63.157.201/ id: auto-31ad28310746d9b5a71737f60ab0b41c85393a56164e66f16819a58d85029e70 status: experimental description: Detects traffic or activity related to https://5.63.157.201/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5.63.157.201/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.80.0.36/ id: auto-614c67ac5ba560e8fdde6d4f4c2a81731e01b255f1faf7ef80e9b16949ea32c4 status: experimental description: Detects traffic or activity related to https://185.80.0.36/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.80.0.36/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.218.57.74/ id: auto-0e876ace7d3813869d8cc91363702fe1ad329abb79e72c8fb5056bdc6e08c7b6 status: experimental description: Detects traffic or activity related to https://13.218.57.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.218.57.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://184.73.130.151/ id: auto-573c9118230b2e6181ece7af24e6fbe73a546498c4fbc68f31995d5510e828a0 status: experimental description: Detects traffic or activity related to http://184.73.130.151/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://184.73.130.151/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.88.29.170/ id: auto-b8468e83b9557fcdd7364eb74d47c2d76bca98cdf1c48bbaf869883445a630a7 status: experimental description: Detects traffic or activity related to https://185.88.29.170/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.88.29.170/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.7.124.197/ id: auto-357da9502a681996b8aae33b0bf7500d14dd21d16ce475262fe99d27a9d2e842 status: experimental description: Detects traffic or activity related to http://198.7.124.197/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.7.124.197/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.51.48.11/ id: auto-93243148417302fa85c6a02ca0eb185312ee622ad637bcd1075e72013a4998fd status: experimental description: Detects traffic or activity related to http://169.51.48.11/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.51.48.11/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.58.101.213/ id: auto-c6819bf873f478338dec8ab2f9294719591e1bce1a6b18c1efae7967bd59d460 status: experimental description: Detects traffic or activity related to https://13.58.101.213/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.58.101.213/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://159.223.105.127/ id: auto-7e9f8ec571069805777fa00455824130f5545a033a4a5adb7997597c3338fbcf status: experimental description: Detects traffic or activity related to https://159.223.105.127/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://159.223.105.127/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52.40.97.75/ id: auto-24c84ad0698b7bd2d995dc88f301b183483ee737e96a774ceb10cec0dc6d1ef8 status: experimental description: Detects traffic or activity related to https://52.40.97.75/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52.40.97.75/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://125.253.125.72/ id: auto-72ef1e117cc43f29de2df4053f5dd16e31185faa8daf3d84cbdf532b765c6129 status: experimental description: Detects traffic or activity related to https://125.253.125.72/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://125.253.125.72/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://198.91.87.184/ id: auto-4f551826fc7b9152803c3dab563148b2ba6ab26ecbb6caa86486badfdf6cf414 status: experimental description: Detects traffic or activity related to https://198.91.87.184/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://198.91.87.184/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://18.233.234.27/ id: auto-fa10db2312b32d04d4443be0ad253efc0c574c8cd037b120c1ef99ee37c90592 status: experimental description: Detects traffic or activity related to http://18.233.234.27/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://18.233.234.27/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.57.33.115/ id: auto-0c693f5025b5ed33efc60819152c86a8a10599820f8fdbc162cdc0fe94d4c1c4 status: experimental description: Detects traffic or activity related to http://193.57.33.115/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.57.33.115/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://103.241.42.40/ id: auto-7229b6dbbd7e1e7770c6e760f64e83342cc9688ebc9c409b59aca9d801d61c01 status: experimental description: Detects traffic or activity related to https://103.241.42.40/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://103.241.42.40/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://133.242.169.121/ id: auto-92a6be7a55c1198987bb74eaa04fec6efee47fa6b7ad6caef262bf0ffadea4b4 status: experimental description: Detects traffic or activity related to https://133.242.169.121/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://133.242.169.121/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://54.39.68.142/ id: auto-34d4fb7750dd316be268374c05dcec961021946830a190f92299900b3433110c status: experimental description: Detects traffic or activity related to https://54.39.68.142/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://54.39.68.142/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.113.8.105/ id: auto-6559c25b592dca689b7decc59d5b2f917a9f309a971f111e57d53272d7a62d4d status: experimental description: Detects traffic or activity related to https://13.113.8.105/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.113.8.105/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.253.125.72/ id: auto-57319ae87fef346ecd6d8d619e2f04fde5d39c5d18f51e2ea10a3993f5a80a55 status: experimental description: Detects traffic or activity related to http://125.253.125.72/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.253.125.72/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://102.206.27.46/ id: auto-39517815019be96b12187fec67ef3e211337d47ed351f894c477d2dc25a9d9e3 status: experimental description: Detects traffic or activity related to http://102.206.27.46/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://102.206.27.46/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.250.2.244/ id: auto-872410bcf95b7b86f80225b4eb54535e1c433e9678022eac14aea8c7a5370fff status: experimental description: Detects traffic or activity related to http://209.250.2.244/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.250.2.244/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://44.200.11.23/ id: auto-8225748688783a8b81c2cf70b8ae39eb46ecbeccad2e862bbb3e20b25767429a status: experimental description: Detects traffic or activity related to https://44.200.11.23/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://44.200.11.23/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://144.22.251.16/ id: auto-fd3ed245c2fbc585beca0b7d136774569af7f53cc09c4d775728376f0864454c status: experimental description: Detects traffic or activity related to https://144.22.251.16/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://144.22.251.16/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://190.92.158.250/ id: auto-893bf7e27ebba5da221e865dd3b08f98f1ff8dd4d00e9678417454f400cba468 status: experimental description: Detects traffic or activity related to https://190.92.158.250/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://190.92.158.250/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://194.233.68.134:8085/ id: auto-f0440bdfa9a2b36362d2b8fcc6f357048851e83bd13152c1908d95a2411e14d2 status: experimental description: Detects traffic or activity related to http://194.233.68.134:8085/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://194.233.68.134:8085/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://132.148.78.83/ id: auto-6485d4890bd2fc176c126a2d46a73b1a0b75ba01a096a41cfa97bd3f014e871c status: experimental description: Detects traffic or activity related to https://132.148.78.83/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://132.148.78.83/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://13.218.57.74/ id: auto-c4e5b27a8f12310e35b88b13d057ba6ac8a7e69e648df664a1e28fc7068d671e status: experimental description: Detects traffic or activity related to http://13.218.57.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://13.218.57.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.220.72.117/ id: auto-3514b76da22238efdff66df19251a39e22b2a009685485727b391490bfd75263 status: experimental description: Detects traffic or activity related to http://112.220.72.117/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.220.72.117/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://20.92.160.27/ id: auto-9501a249b761fae47fad9713fcf8cd66b982bca948aea143c5cd51d8971dcb0a status: experimental description: Detects traffic or activity related to https://20.92.160.27/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://20.92.160.27/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.79.216.201/ id: auto-96b335001503e90a912f08371d53e5df11206ad6e8f581ed8abdf256cece1204 status: experimental description: Detects traffic or activity related to https://45.79.216.201/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.79.216.201/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://88.198.19.78/ id: auto-a9792987c7661ed59663916d17c1857b16791872f00e9366e0aa4a5794a447f7 status: experimental description: Detects traffic or activity related to https://88.198.19.78/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://88.198.19.78/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://116.118.47.149/ id: auto-eaf378a86d11c3f39d6839c907b4100e27d6a0b9b6fabcaa8c671460b3041ddc status: experimental description: Detects traffic or activity related to https://116.118.47.149/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://116.118.47.149/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.69.137.15/ id: auto-6c67a32c3e115cf33bb5d8483a4837e5e3360fc965d1867773c83058374963b6 status: experimental description: Detects traffic or activity related to http://158.69.137.15/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.69.137.15/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://201.182.25.51/ id: auto-5e9cf1dafebc417f8423f9163c1cb4c5b408dc7b1d7f3d0368773556f77dae75 status: experimental description: Detects traffic or activity related to https://201.182.25.51/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://201.182.25.51/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52.16.112.136/ id: auto-96baaf8fced1b84df689f441ab1f04f244a24502c87b286a15b8ec5672d53f7c status: experimental description: Detects traffic or activity related to https://52.16.112.136/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52.16.112.136/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://77.246.147.92/ id: auto-69fbcddfaf0200f9d9a2f8d6e87448f9694641da75c67b65d87989cd0b1d5601 status: experimental description: Detects traffic or activity related to https://77.246.147.92/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://77.246.147.92/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://167.71.110.80/ id: auto-798091f1c1fae02fdb537f2c5f197469b0ab3c96051c6fe7e81387a543030d16 status: experimental description: Detects traffic or activity related to https://167.71.110.80/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://167.71.110.80/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://147.135.254.49:32788/ id: auto-6a9c75e388c2c7eb46c66ce2590cfd43775c09c7d9d5f8c59f3648c567ec7e4e status: experimental description: Detects traffic or activity related to http://147.135.254.49:32788/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://147.135.254.49:32788/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://13.58.101.213/ id: auto-e6c73d10c394067b59e5d9b03ebbfef3338f014207922144902edf0f035464b4 status: experimental description: Detects traffic or activity related to http://13.58.101.213/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://13.58.101.213/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.23.45.74/ id: auto-1edbb989cea4748114e4f38162bce0255f3aed690d2cc6bdf0a2209f19bcd01b status: experimental description: Detects traffic or activity related to http://34.23.45.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.23.45.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.235.145.247/ id: auto-fc36a721661787aff0ba21a2f580366e4dc81ea09edd23a71cb599d6c7b9d623 status: experimental description: Detects traffic or activity related to http://85.235.145.247/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.235.145.247/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://108.61.166.232/ id: auto-5c6c9877411e487de10360d75def27e4e4828e8eae1b8d3b74723b6d8ba7c5a9 status: experimental description: Detects traffic or activity related to https://108.61.166.232/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://108.61.166.232/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://207.154.204.54/ id: auto-4de3ac7be3317c35900cf983533c7b311cd85e9f960dee8ce86c0194f6784de8 status: experimental description: Detects traffic or activity related to https://207.154.204.54/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://207.154.204.54/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://157.66.26.233/ id: auto-a2a4e227ce35b51b5fd7809581c7e3cdfa8c679851bc2e3330f7a003c762f527 status: experimental description: Detects traffic or activity related to https://157.66.26.233/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://157.66.26.233/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://157.230.192.229/ id: auto-bdfa51a925b37cbc5692a814d9fb160932ea6caf6b5337d39925a1bc893b6ccb status: experimental description: Detects traffic or activity related to http://157.230.192.229/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://157.230.192.229/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://74.48.108.236/ id: auto-ceb42b2e6bb710b5defd423192490ffcb47f135b116b90e524f3a534b9936525 status: experimental description: Detects traffic or activity related to https://74.48.108.236/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://74.48.108.236/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://209.250.2.244/ id: auto-d0d5b213dd426d626cefe90718c65da97d3927a2194eeabb15b030fda9c80d21 status: experimental description: Detects traffic or activity related to https://209.250.2.244/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://209.250.2.244/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://31.147.204.35/ id: auto-e0556a6b845f1f646030cbc257c242e2c5b8e4fac4bd13e314cf18e6961f2027 status: experimental description: Detects traffic or activity related to https://31.147.204.35/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://31.147.204.35/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.77.254.180/ id: auto-65f135c68e4e519bcd01a5a2e8cd890449b31e8b4961b1c9ab8053f178c376a5 status: experimental description: Detects traffic or activity related to https://45.77.254.180/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.77.254.180/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.207.236.7/ id: auto-0a7978c4145b088e08ab5a4dba99522e737f9d36bf80a05e9de20137210e3c95 status: experimental description: Detects traffic or activity related to http://74.207.236.7/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.207.236.7/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.115.32.233/ id: auto-fd26248f2ec90edb6922d88de93e55ee9bc9e08ef83cfef4e82598c77b088875 status: experimental description: Detects traffic or activity related to https://13.115.32.233/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.115.32.233/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://216.172.170.236/ id: auto-6e9e7dfe68d6a500b0bcf3b2b67c2bf2b0a887037722bc15c83577e1be80e813 status: experimental description: Detects traffic or activity related to https://216.172.170.236/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://216.172.170.236/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://150.95.27.35/ id: auto-5fee32afb33e61bbdcefaa166a6ef500a11815fd6dd228b1094e432c2876e7bd status: experimental description: Detects traffic or activity related to http://150.95.27.35/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://150.95.27.35/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://150.95.27.35/ id: auto-fd61b4ab6b1c65c9cc77ec2cc7f2e24ce41845f9c18b378107667aa757fb3378 status: experimental description: Detects traffic or activity related to https://150.95.27.35/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://150.95.27.35/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://66.29.142.147/ id: auto-2c2a733a93db002952b9d5b4bfcca2fc5616c38839051d29f50fc39f75a02c1c status: experimental description: Detects traffic or activity related to https://66.29.142.147/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://66.29.142.147/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://174.142.195.203/ id: auto-e1b6ccb5ab3b91d6462d2c8e43775eee2afc1939e0c634f3fa2d1b21414f9b04 status: experimental description: Detects traffic or activity related to https://174.142.195.203/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://174.142.195.203/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://173.231.196.249/ id: auto-a82f931c4c19773d623c05608027ed068cfc947eebb3d30672ef54a9dbffb2a5 status: experimental description: Detects traffic or activity related to https://173.231.196.249/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://173.231.196.249/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.142.195.203:444/ id: auto-6e1681c037ec00c2a8550ac7c0ef984319ad0904d0e98e23e67cc1c5bbfa5f63 status: experimental description: Detects traffic or activity related to http://174.142.195.203:444/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.142.195.203:444/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://162.215.130.152/ id: auto-9314ce6ebb9c96090425409a01a507bf00725fc29848ced4770c930251ebaf56 status: experimental description: Detects traffic or activity related to http://162.215.130.152/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://162.215.130.152/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.214.192.4/ id: auto-8eff92e945679fb12485ff6931f9336ace1f4980b287d870ae84267e4f0bf600 status: experimental description: Detects traffic or activity related to https://185.214.192.4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.214.192.4/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.4.194.54/ id: auto-4822b75b181e7892370faea827040a247bd5720a2e95ab78775681bff99ac715 status: experimental description: Detects traffic or activity related to http://46.4.194.54/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.4.194.54/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://43.135.162.33/ id: auto-1e8a297352fe2647c2c5d3fee277248359d9ade8da5ec80aa824b18e2cbb600b status: experimental description: Detects traffic or activity related to https://43.135.162.33/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://43.135.162.33/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://18.176.47.246/ id: auto-96485f4c917a1565680f06acee59725411efbcd2014fbbf78f6ee3667ac04e9c status: experimental description: Detects traffic or activity related to http://18.176.47.246/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://18.176.47.246/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://96.125.189.7/ id: auto-3924d32318122cc14fda8ec2329940885693528246890225969582f2e99a5ba6 status: experimental description: Detects traffic or activity related to http://96.125.189.7/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://96.125.189.7/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.141.75.29/ id: auto-f10015817811cd698cf8a37205ce243e23832ad1bc55831248a9a017e6dc2cf5 status: experimental description: Detects traffic or activity related to https://3.141.75.29/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.141.75.29/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://18.190.162.121/ id: auto-3c3528d7ce465b540f098ede148a935cbf9f8860844b6d96d7cd5622a303d3a2 status: experimental description: Detects traffic or activity related to https://18.190.162.121/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://18.190.162.121/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://35.154.224.78/ id: auto-7e1647576416db29c4ee034732084d25daa7f98cea19287343e761a6ff42e637 status: experimental description: Detects traffic or activity related to https://35.154.224.78/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://35.154.224.78/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.48.108.236/ id: auto-0005d5015ed1b5e3087899e971479ccc61cb9a29f592ca09bc43f36961371656 status: experimental description: Detects traffic or activity related to http://74.48.108.236/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.48.108.236/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://44.208.147.17/ id: auto-500d50ad71e29598f5d9080ebf86cdf106aefc0fe837526c5cbfa435c57dd259 status: experimental description: Detects traffic or activity related to https://44.208.147.17/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://44.208.147.17/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://213.159.30.38/ id: auto-95e4f3dfc2709ff7cc71d6f93677bdafa4b63989f489a58f1a424f3f631ada2a status: experimental description: Detects traffic or activity related to https://213.159.30.38/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://213.159.30.38/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.154.194.17/ id: auto-a8fe1b5825ef82ebb77368a803ae904479cb6fd6aebd7df81c6ce5d556d7fa7e status: experimental description: Detects traffic or activity related to http://95.154.194.17/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.154.194.17/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://95.154.194.17/ id: auto-42fb62777ce718048bdb80a8b40aa7d062a3741aacc19c8994749847d9ee6cf4 status: experimental description: Detects traffic or activity related to https://95.154.194.17/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://95.154.194.17/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://66.39.143.145/ id: auto-69c07edc9f431c0679176d8fd61ddf99321675ebdb2e0d1fe6013d2e90e3fd0f status: experimental description: Detects traffic or activity related to https://66.39.143.145/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://66.39.143.145/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://192.155.93.247:3101/ id: auto-a36058629380b503042e6ba6741c4aedfd7e267175884344120fb7a330f72fb2 status: experimental description: Detects traffic or activity related to http://192.155.93.247:3101/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://192.155.93.247:3101/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.99.59.46/ id: auto-f2fd9290ae53ca3b3212d97dd4979cbb4ded186fdd8ba9476c66e0b532844d00 status: experimental description: Detects traffic or activity related to https://91.99.59.46/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.99.59.46/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.116.193.105/ id: auto-7186cdd33114e8fc081c641225a1b0e7d07014e9520e6c93826a8096e67e0c59 status: experimental description: Detects traffic or activity related to https://185.116.193.105/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.116.193.105/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://35.75.68.158/ id: auto-a126cc4b7fed8102a1913aefcd0c15abe7c10e1542eca10cd8fa4f2f59785fba status: experimental description: Detects traffic or activity related to https://35.75.68.158/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://35.75.68.158/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://35.226.92.8/ id: auto-b7727fb793f82014cdbeb5f2c43264566795420a8f4c8dc3711352b6f39543c0 status: experimental description: Detects traffic or activity related to https://35.226.92.8/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://35.226.92.8/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://18.233.234.27/ id: auto-1a1d0fff0d0c45920dc3f9efbf7ef940a47fe10666607414a16554ea43d8bf02 status: experimental description: Detects traffic or activity related to https://18.233.234.27/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://18.233.234.27/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://153.127.50.236/ id: auto-5d1c14f9a5f19d907758e1705608c46277efc27f0ea04ef6d131a9cebca57591 status: experimental description: Detects traffic or activity related to https://153.127.50.236/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://153.127.50.236/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://69.57.163.151/ id: auto-94802ee20ee9fb5311c33801cde46ca81dd00378cbb97cac18fa86475b6f8de1 status: experimental description: Detects traffic or activity related to https://69.57.163.151/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://69.57.163.151/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://52.23.9.8/ id: auto-be409e05971a78d812504829e85b82d3bf788a487c5df8c451c1f4dfa415ba34 status: experimental description: Detects traffic or activity related to http://52.23.9.8/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://52.23.9.8/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://162.55.94.68/ id: auto-3b24b7d7a93084e8e014fabe0be9c617301d7e120e67805d8b357e4d1707ac54 status: experimental description: Detects traffic or activity related to https://162.55.94.68/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://162.55.94.68/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.4.64.128/ id: auto-629ae85efd8f7ea0aa033b286fdfee63a6ccd176da5c02d0e086fec1c17d0112 status: experimental description: Detects traffic or activity related to https://185.4.64.128/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.4.64.128/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.109.216.74/ id: auto-c0237aa64dae1e70dd2fc625930fd6cfeb4e7a06f323a00e6cef0446c515c548 status: experimental description: Detects traffic or activity related to http://185.109.216.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.109.216.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://164.160.41.10/ id: auto-4621be0b437faf5db05071109b46e64a3acb9505077e208d0feccdc4b6b2fedf status: experimental description: Detects traffic or activity related to http://164.160.41.10/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://164.160.41.10/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.57.70.199/ id: auto-ca647147ad7174ef34a80a4f1afa7ba7ac6fe9f100e53db1ca8cc19884a53ee2 status: experimental description: Detects traffic or activity related to http://176.57.70.199/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.57.70.199/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://45.79.202.83/ id: auto-86cdf2a87b89ae00b275a091ca1f9b25902bb753264a298a22435076927b0395 status: experimental description: Detects traffic or activity related to https://45.79.202.83/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://45.79.202.83/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://172.232.114.51/ id: auto-59f55d49af1cbbde2f467718c161a053fa03775f389195e067273d2e4acb723d status: experimental description: Detects traffic or activity related to https://172.232.114.51/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://172.232.114.51/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://78.46.240.128/ id: auto-e65e4a2fb6ff2993eae1d392614a905203cd5b840cd1e17b592751abe9a6b59f status: experimental description: Detects traffic or activity related to https://78.46.240.128/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://78.46.240.128/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://91.134.176.227/ id: auto-39235866444a9a6a1d0483dd7d3c61420ccfe5dfbb92cced1ef0d4be1f3d5d77 status: experimental description: Detects traffic or activity related to https://91.134.176.227/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://91.134.176.227/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.4.64.128/ id: auto-317384ceef6cc9de51670124bd647e3e61268228721adfeebe7c2eb37392db89 status: experimental description: Detects traffic or activity related to http://185.4.64.128/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.4.64.128/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://213.199.33.111/ id: auto-c0574e1c5a8ddddd77e3ef8faad871818b4f7c63977be7e081f4b54c33a1850b status: experimental description: Detects traffic or activity related to https://213.199.33.111/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://213.199.33.111/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://178.210.83.9/ id: auto-1d7e8dbd982c7f203983d9590bddf03eeee14dc8e282beb596e9582e968acaad status: experimental description: Detects traffic or activity related to https://178.210.83.9/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://178.210.83.9/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://169.51.48.11/ id: auto-eceadbaff403257c726ff70bb45655e7b498e577e1fcc0740f6cfe0313db01b8 status: experimental description: Detects traffic or activity related to https://169.51.48.11/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://169.51.48.11/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://216.119.126.23/ id: auto-10a16a40ee5ab602c46211c8915fb171810f94946007567a549b35bbdfee9cbc status: experimental description: Detects traffic or activity related to https://216.119.126.23/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://216.119.126.23/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://104.219.248.200/ id: auto-3a2fe76663854d37ec6473dd020185502c6106df0922090382c552d5f0d7f6a7 status: experimental description: Detects traffic or activity related to https://104.219.248.200/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://104.219.248.200/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://207.154.204.54/ id: auto-f2704aae4d010176c9e6edf1658145e81bf48f9db7dde2e976f0cbcaa11da7d1 status: experimental description: Detects traffic or activity related to http://207.154.204.54/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://207.154.204.54/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://74.50.99.45:8443/ id: auto-4917ced83114e57a111c46aa4aedcb930af9e388fa373848f8655a4fadd67cec status: experimental description: Detects traffic or activity related to https://74.50.99.45:8443/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://74.50.99.45:8443/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://64.32.48.49/ id: auto-a41e688caf14590d32c3b7cf8779c25e85e453b2993c25c3752a399329134935 status: experimental description: Detects traffic or activity related to https://64.32.48.49/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://64.32.48.49/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://96.125.189.7/ id: auto-3e151fc6fe1fbe8057571a1f0c0ce569c388ff46d7b2e2e172ad70446b584832 status: experimental description: Detects traffic or activity related to https://96.125.189.7/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://96.125.189.7/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://159.89.93.96/ id: auto-8e0430631a734a0761e64400103c53eab9033042e9927bc4852842f9ba8f0142 status: experimental description: Detects traffic or activity related to http://159.89.93.96/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://159.89.93.96/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5.35.90.28/ id: auto-a47e7731dcf99d86ca69d0ecb32738fff53f51c458d301712f06794378b11f05 status: experimental description: Detects traffic or activity related to https://5.35.90.28/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5.35.90.28/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://13.213.189.252/ id: auto-997321720606ecba9c2526edca9c49df5c042068411df011b9fa8661f568e13f status: experimental description: Detects traffic or activity related to http://13.213.189.252/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://13.213.189.252/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://72.167.134.175/ id: auto-b670e95c05e8b6fc30143c3f257f39086ee8de91f7b74548e5749c723f5d0d84 status: experimental description: Detects traffic or activity related to https://72.167.134.175/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://72.167.134.175/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://208.109.244.121:8000/ id: auto-61732b01b2cd1c5e284b08127a4115c516db14134f1e370d7d9fb5a855ae7c20 status: experimental description: Detects traffic or activity related to http://208.109.244.121:8000/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://208.109.244.121:8000/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://164.160.41.10/ id: auto-e4911d628c1f4d9b00d26ebceb01c1e7f23ea977291991e6dc01b4812e95109c status: experimental description: Detects traffic or activity related to https://164.160.41.10/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://164.160.41.10/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://162.240.31.67/ id: auto-9e673ca90330483144a0314d347d6904a0ba9c6b85dde7d4687496ac2d6ca481 status: experimental description: Detects traffic or activity related to https://162.240.31.67/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://162.240.31.67/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://185.109.216.74/ id: auto-66057ee55d0b0f1c74105ac541b9a14f1c98dd9cedc0ec1cc8e9780a1bf642d3 status: experimental description: Detects traffic or activity related to https://185.109.216.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://185.109.216.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://77.240.38.12/ id: auto-b909d19f6366a62d3eddabc29fd91f37e4115bb4345a8670ce6dab0d15fa1897 status: experimental description: Detects traffic or activity related to https://77.240.38.12/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://77.240.38.12/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://72.62.59.160/ id: auto-6950bbb972b4b9b4b13f860fc7da3fe01ee36048588e4e77a7723b9dd8b8c7fc status: experimental description: Detects traffic or activity related to https://72.62.59.160/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://72.62.59.160/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.214.192.4/ id: auto-b7588b909adb65e6ce7467777d729a28f135ad8eaa8271f8dc0afa69edb023c2 status: experimental description: Detects traffic or activity related to http://185.214.192.4/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.214.192.4/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://169.50.189.146/ id: auto-8de10f6e377d7a5b0f6826a77d9d8a06d3bafed231262eea9516a708c29e1223 status: experimental description: Detects traffic or activity related to http://169.50.189.146/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://169.50.189.146/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.39.79.68/ id: auto-d6692091370ff70bd1e331cf69065e319961402797fe5e03bb2bc0af3a49bff8 status: experimental description: Detects traffic or activity related to http://66.39.79.68/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.39.79.68/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.61.166.232/ id: auto-1437ae7657ecd5f19277a7a99f4a8578fdd105977c5f8b39f4140c22fc5ce40f status: experimental description: Detects traffic or activity related to http://108.61.166.232/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.61.166.232/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.189.119.125/ id: auto-64296efbe757629e0d29deb2e8b683fe9606721e51bd9df3479bea872a2f50aa status: experimental description: Detects traffic or activity related to http://91.189.119.125/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.189.119.125/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://148.113.205.94/ id: auto-dd3b7bf70947b13a0ad3c71747c05dd365c093fd45b8219ea12c4301bffb6334 status: experimental description: Detects traffic or activity related to https://148.113.205.94/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://148.113.205.94/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://153.127.50.236/ id: auto-2bd9fe7d9bde4b9378cbfd07f2907836cce8ac1ce22a1a1c5e6135c2fd9916e0 status: experimental description: Detects traffic or activity related to http://153.127.50.236/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://153.127.50.236/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://158.69.137.15/ id: auto-62fcb95be735f4ee98f909400dfcf37c8fc0bfa73cd6a7c9b53e0c90ecb7ad40 status: experimental description: Detects traffic or activity related to https://158.69.137.15/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://158.69.137.15/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://18.222.166.74/ id: auto-e23dfe885f65f3870216ca984bc62caf191172b61909268faf5bb8eaaced304d status: experimental description: Detects traffic or activity related to https://18.222.166.74/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://18.222.166.74/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.16.239.214/ id: auto-d66b04c12e089756aa0af09bd33db212f8b2e632084bbf7a18eca3428d2e49be status: experimental description: Detects traffic or activity related to http://84.16.239.214/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.16.239.214/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://198.7.124.197/ id: auto-6e9e07b459d266db4055262d0455c5869aa3601d10a76e2b1b4e1713b7d53e6f status: experimental description: Detects traffic or activity related to https://198.7.124.197/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://198.7.124.197/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://44.208.147.17/ id: auto-9738550a2ea1668d67f5253ddf06f6c6ff151e89f7a3dd29ba7a00c336ae1e91 status: experimental description: Detects traffic or activity related to http://44.208.147.17/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://44.208.147.17/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.119.126.23/ id: auto-d8228fc2cdf276f511c44fdd123d487bf196a1be4d23a29fe2bbe352b351c771 status: experimental description: Detects traffic or activity related to http://216.119.126.23/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.119.126.23/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.102.103/ id: auto-80375e273a7fccbbeaceddc637ad1ca75449857538568cdde1eb301e679fb61e status: experimental description: Detects traffic or activity related to http://134.209.102.103/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.102.103/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.57.70.199:8080/ id: auto-9350b401b2b6135a68482d87bfc1a06a32f5d4ecb1dd829ace00f8156dbd6409 status: experimental description: Detects traffic or activity related to http://176.57.70.199:8080/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.57.70.199:8080/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.248.4:55555/bin.sh id: auto-1251d8a6eaaa416f15e4c0893324e17f82f912eda5915ddf2a29fb30a3ab881d status: experimental description: Detects traffic or activity related to http://219.155.248.4:55555/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.248.4:55555/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/powerpc id: auto-37a60fe0d75e793684ddc6ce1d648b9055d83780d86c81cebfa1dd60883b7295 status: experimental description: Detects traffic or activity related to http://91.92.240.38/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/mipsel id: auto-cff6c8c4bbc440fadac3fc6ebe21d070f55cc3727a7cc108c92be11277fcbc45 status: experimental description: Detects traffic or activity related to http://91.92.240.38/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/mips id: auto-225806f195442b15a09a9a4828e7b56cd09533e50ab85dc3a48c011ba9a9ec24 status: experimental description: Detects traffic or activity related to http://91.92.240.38/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/armv7l id: auto-fe655cd3a82ef88d22ad5b384686b02ffb152b458302c951f612bfafcf19257a status: experimental description: Detects traffic or activity related to http://91.92.240.38/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/arm id: auto-d0e0f4795ac40ed2df9140a19683dbde10bb990cad1e0b9fb41a8d3a57a501e0 status: experimental description: Detects traffic or activity related to http://91.92.240.38/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/m68k id: auto-69a61235bddf5f5ee01d5c1dc3693fcb357411225a46a1f9ed9dd1e51712eb9e status: experimental description: Detects traffic or activity related to http://91.92.240.38/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/i686 id: auto-973788a3cc6aa0492d74fb8cf2cec5112bc289c5e0c0d9f68ae71f537c745953 status: experimental description: Detects traffic or activity related to http://91.92.240.38/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/aarch64 id: auto-328c76ea56cfdb8df772efeda7d04159b5135d2878330229d17bfec402eb1bd0 status: experimental description: Detects traffic or activity related to http://91.92.240.38/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.92.240.38/x86_64 id: auto-537cce93c7acc3325328a5d069e397836fdf577662abff1cf097d3ed7c83d45d status: experimental description: Detects traffic or activity related to http://91.92.240.38/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.92.240.38/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://13.58.223.243/ id: auto-18c68393e9ac350a4ecd1dd4fb03c49b641ebe25505a13265be04b4db3e8074e status: experimental description: Detects traffic or activity related to https://13.58.223.243/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://13.58.223.243/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://206.189.58.84/ id: auto-97518b739d6cc68f4599c47d72399859831d622d99d7ce921410858f67ef7faa status: experimental description: Detects traffic or activity related to https://206.189.58.84/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://206.189.58.84/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://34.102.40.229/ id: auto-85db34fd4a1c20ee9e15fef21f5f002af38d551d32d61c5328187bd623cc4fae status: experimental description: Detects traffic or activity related to http://34.102.40.229/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://34.102.40.229/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.229.85.197/ id: auto-879b0ddd119ee3e19ac229e5843692b513936bd5b1099cc7d77db86ba96dfe47 status: experimental description: Detects traffic or activity related to http://83.229.85.197/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.229.85.197/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://34.102.40.229/ id: auto-565d78b9c1da930446523905e7a21c4a8b932032cf8c4e8a3939bfd2d74223cd status: experimental description: Detects traffic or activity related to https://34.102.40.229/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://34.102.40.229/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://199.38.100.9/ id: auto-d59c30ab08137c2eaf279b5fe6288e025a2d4540b8fa43d0315fe94464262bdd status: experimental description: Detects traffic or activity related to https://199.38.100.9/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://199.38.100.9/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://199.38.100.9/ id: auto-d424d1af346b3ec1652b1ebaf71af6b8bc125491c261a12eb8203e472fb99f49 status: experimental description: Detects traffic or activity related to http://199.38.100.9/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://199.38.100.9/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5.161.219.211/ id: auto-109090732ac1c6b2dd4c11afa4ec5b7f8f8c46af09a7c9725d8174381274664f status: experimental description: Detects traffic or activity related to https://5.161.219.211/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5.161.219.211/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://82.146.58.204/ id: auto-f9103658ac038fe0540561d4566e278922b2d720c0556eb372c1a07c9d8bf818 status: experimental description: Detects traffic or activity related to https://82.146.58.204/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://82.146.58.204/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://103.112.244.68/ id: auto-c3907a302a87e9c8573f784d5d79467bd80f9bd5ef123255cf148d1e05c046ee status: experimental description: Detects traffic or activity related to https://103.112.244.68/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://103.112.244.68/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://38.91.107.72/ id: auto-1972e8a6b9000bd0de9100d6b4e709aea2d5ef02c9b42dd1a915376dcbdc9c13 status: experimental description: Detects traffic or activity related to https://38.91.107.72/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://38.91.107.72/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://13.58.223.243/ id: auto-48fb18399710bcec1152c1255fcdd0b15e4b35b121ed023b582e39c8f603a220 status: experimental description: Detects traffic or activity related to http://13.58.223.243/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://13.58.223.243/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.146.58.204/ id: auto-895786368b4b3e4a3e3cf09a949259f7d1eaf4a1df208a441e231b2bdd05bb1a status: experimental description: Detects traffic or activity related to http://82.146.58.204/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.146.58.204/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://69.164.207.137/ id: auto-d8ba13bd625c9fe97ff91b88625cd0332983ec502d670ea02ba1321fd74f8dc9 status: experimental description: Detects traffic or activity related to https://69.164.207.137/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://69.164.207.137/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://31.57.135.163/ id: auto-98326550f26fbbdef1d933937003d8a59a370cbc0eb93c6b84edd22319b89089 status: experimental description: Detects traffic or activity related to https://31.57.135.163/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://31.57.135.163/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://18.176.75.171/ id: auto-a59fd727cab19cd4899f9ec965feed1be8697ab4f4d76962716ce96bcfadcdd6 status: experimental description: Detects traffic or activity related to http://18.176.75.171/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://18.176.75.171/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.97.186.206/ id: auto-4e3ba002af5c8207298074f2d4cb602f37967f86da9484eaf4618d429d4cf1de status: experimental description: Detects traffic or activity related to http://31.97.186.206/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.97.186.206/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://159.203.9.141/ id: auto-fff80f70fb88c5de5399c0788dcfb716dc74d687fb04e26293923338d3e7958d status: experimental description: Detects traffic or activity related to https://159.203.9.141/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://159.203.9.141/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://180.149.198.22/ id: auto-bc225543447c355ddc35dd0cc122f3764be5e1ae141e164e246f24c3cb8cbb79 status: experimental description: Detects traffic or activity related to https://180.149.198.22/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://180.149.198.22/*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/parm4 id: auto-7ee549c2c5c558f1ef4f08d0b15c05e9bca258a4c2f2faba69ce36d39601bf2e status: experimental description: Detects traffic or activity related to http://158.94.208.27/parm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/parm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/bins/px86_64 id: auto-9b470e8e66d0989f8866ec71b2a5aa1d2c3ca04dd86adcc8f63e2d79b94753c1 status: experimental description: Detects traffic or activity related to http://158.94.208.27/bins/px86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/bins/px86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/bins/pm58k id: auto-bace34d5659aac0f188a8e3b6c4fa5e9674d0683837a495021208a6dba08ed3c status: experimental description: Detects traffic or activity related to http://158.94.208.27/bins/pm58k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/bins/pm58k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.arm4 id: auto-4632140c7f68776b9a1e3f0284c47387e56bf020dc9bc7b4f73b790bc9b361fd status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/bins/pi686 id: auto-9eb337465badf08451ea693678f9e2b7e5a3ee6666010482917f44c5e112ad0e status: experimental description: Detects traffic or activity related to http://158.94.208.27/bins/pi686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/bins/pi686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/8UsA.sh id: auto-c4a38f4e47d4b69fc331c1d7cb35b82161333e0e8d33ea9e527d140cf122ada2 status: experimental description: Detects traffic or activity related to http://158.94.208.27/8UsA.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/8UsA.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/jewn.sh id: auto-d5caf18261019bf9326192df2328ab1dfceabe9b756fb7533bc0eb67132ed069 status: experimental description: Detects traffic or activity related to http://143.20.185.78/jewn.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/jewn.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.ppc id: auto-8aad6313c5d371fd903f7f6c6b5d4ccdacfc38fa310d44fba7cd8834306beed8 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/x86.sh id: auto-aa44646deca425b31afb788fd23bed860e762e3fec1345fdd1ce2dd287389bc5 status: experimental description: Detects traffic or activity related to http://158.94.208.27/x86.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/x86.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.sh4 id: auto-53f82b72a361aff651f72baad90d1f08db541ab0fc2fa77526464f76a70d35fa status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.arm6 id: auto-625a49978c96f9627c88717bd2c9f92ca79c9c13d78f7226decb1886a5368e23 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.x86 id: auto-e6f2a569c4bbb98ea4f01c886b9c3994b8a2258546e4499c6fa57f1c76e2b1fa status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.arm5 id: auto-9f552a2c03b67c15d5bc047f0bec31245cd9d0e6e323ec8ab3f888f5bd60b2ba status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.spc id: auto-9e3449a0adcd7327f5c10aaf748565e9868206bded803a807f377ec3554a79bc status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.arm7 id: auto-4a8e2a4c440928dc1a0b15e5b8bae97d084c84e688008e01f6b8002ca6b68443 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.arm id: auto-b0d1fb2ff9edded6bf1932cb8040e4a9c25af0586db51d705f91b83a0cb70af2 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.mips id: auto-a41cca0313c3efa4d294b10a7842b58a64b0a2b031523d107ef7e6663355c676 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.mpsl id: auto-322e23881d7762fa015ea98087a5c2da4d0a57db5a9824ce61e5d3ba009d5ba2 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jew.m68k id: auto-ffc8106cfeace940fa15296c8b048f99a3ca7d49f8ba418c34bb390541b73841 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jew.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jew.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.44.62:39199/i id: auto-e4fa59f0ab9bb4c4577a9e9be4ffa3d8c2a98e711f5e8ae116e45937b0260cc5 status: experimental description: Detects traffic or activity related to http://119.117.44.62:39199/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.44.62:39199/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.127/exp.sh id: auto-49601a60298e689dc1866ef6b9b88c7ffbc8aa710ddd39568bac4ed49168ce57 status: experimental description: Detects traffic or activity related to http://130.12.180.127/exp.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.127/exp.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.127/n.sh id: auto-aed00029ea379c358eb7580aa504c4a63d994f4424447b0fed8dc40f2df96a79 status: experimental description: Detects traffic or activity related to http://130.12.180.127/n.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.127/n.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.111.150:33865/i id: auto-5ebc2c7babd9c3b1a995423751c6d6e521b1706282f2e361d748bb09116c5087 status: experimental description: Detects traffic or activity related to http://175.149.111.150:33865/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.111.150:33865/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/px86_64 id: auto-c1692cf52d555f3a94244270eeab6caa9c7b46eec611b9dd0df41ab492486c3e status: experimental description: Detects traffic or activity related to http://158.94.208.27/px86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/px86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/parms id: auto-f5565de728aea1fd757e2140f15bcf3a21a45510627b08db3d85675fe268a41d status: experimental description: Detects traffic or activity related to http://158.94.208.27/parms which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/parms*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/pnpc id: auto-1f6052f79a59e9cab2b0a99f3e8c86829e9498c1bc2d276a1524e5cdefae54ca status: experimental description: Detects traffic or activity related to http://158.94.208.27/pnpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/pnpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.ppc id: auto-848214db5275fbe7fc7c59af0e4b74dcae2ba7b47ad968099ef9aaf5f0c69854 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.sh4 id: auto-98212e21bd049731866393ef587c46db0107c758f80ad1dcfd6f16957c106fa5 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.spc id: auto-de4d0ec6ae92d6e72939c013c1c91c262646602d9e30c903db359fb9f4d47b2f status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.arm7 id: auto-ecee225b5a5af66f4e1bff8956d9cb3450775711bb993c5b444dbdaa28891219 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.arm5 id: auto-313766efa20a0af5e614d5d78d2641bfcff7c8fa84a53d87a5dac4ea1dbe87c8 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.mips id: auto-9429c4a089318e4a566e21ae86430192db94df44bb705f6259aa2bbefb029697 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.arm6 id: auto-a6841606ce559f5dfd9ee4680c74e1f2bcdf4208a7bb078a6723a15c08f0ef01 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.m68k id: auto-8c2204886e00f0933da9dc4c7faa958016d9dd61244f2654b7f9f507e4285677 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.mpsl id: auto-dbb5e983c3147d6dd6ef7986ef4c03527aa92f4b885986ffacd45324079c1836 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.x86_64 id: auto-66b195a5f0a7e12ed443c710a8cd41812007efba9f199f10994890925e4a5294 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.163.89:57983/i id: auto-b7b2d07b4eee90e54306273f0d74d1d697f9ee25e7e9dd4a174e72a80870172c status: experimental description: Detects traffic or activity related to http://182.123.163.89:57983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.163.89:57983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.252.68:57573/i id: auto-75ce7d4881da2380147769879ab838069d69e8476793aa0cd4d9ba19bd8abb32 status: experimental description: Detects traffic or activity related to http://182.121.252.68:57573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.252.68:57573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.79.85.69:7223/i id: auto-e1c979df36d9bae878e19057fcc5fe89f4f43bafaac1985b72f4f12eb54ce69c status: experimental description: Detects traffic or activity related to http://181.79.85.69:7223/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.79.85.69:7223/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.44.62:39199/bin.sh id: auto-3a65ff1425657afc1b2a2d81e8eccb3415a529e024a907c5ef77b36a1d68d3f0 status: experimental description: Detects traffic or activity related to http://119.117.44.62:39199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.44.62:39199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.199:50620/bin.sh id: auto-57df081cf3f19fdb2ff2cf5356b6955727b17d6b01623bddc128536022c6fb8a status: experimental description: Detects traffic or activity related to http://110.37.35.199:50620/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.199:50620/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mhw.codes/check id: auto-f14dc4715916ebfb5b2c9dd20b30812e15bbc008359409ee9d56aa7753f68e54 status: experimental description: Detects traffic or activity related to https://mhw.codes/check which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mhw.codes/check*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.237.15.69:3389/shell.ps1 id: auto-231873da0fe8d7bdc33ee217d6b8dd9852a1ca390a3885ab6247644dbc9432f1 status: experimental description: Detects traffic or activity related to http://47.237.15.69:3389/shell.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.237.15.69:3389/shell.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.243.151:37568/i id: auto-85c811956104aec648aa892edbd295f6a396ed2e4a001eaaaa6f2bb528f8d8bd status: experimental description: Detects traffic or activity related to http://123.11.243.151:37568/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.243.151:37568/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/i1.txt id: auto-9804579ae89a183f7c0e0faed91c44cd08cac827291385df5e5692047d3ee522 status: experimental description: Detects traffic or activity related to http://69.5.189.129/i1.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/i1.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/i1.exe id: auto-d7171193cdef095e70c6aafea0ebfe54883bf12b8f905efc455954391895cc80 status: experimental description: Detects traffic or activity related to http://69.5.189.129/i1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/i1.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.79.85.69:7223/bin.sh id: auto-88ead150673070d59e3be66cc83dc84e7dad83b9c17072bb2b1cde02e9886998 status: experimental description: Detects traffic or activity related to http://181.79.85.69:7223/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.79.85.69:7223/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.253.224:37604/i id: auto-945826b9e31b9388ded9bda28ae7e922ad42a295996289268acdfca1e0556441 status: experimental description: Detects traffic or activity related to http://119.179.253.224:37604/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.253.224:37604/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.171.140.176:8080/service-S3xNq id: auto-208e440623e9f470b7c9494c33108ce2c0a85df8baaeb73cdc5d9aeb51466497 status: experimental description: Detects traffic or activity related to http://62.171.140.176:8080/service-S3xNq which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.171.140.176:8080/service-S3xNq*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.171.140.176:8080/service-S3xNqH id: auto-7872c9c9bebae31d8de18fa8324ff4b46091525515212112ecb1e26808984c64 status: experimental description: Detects traffic or activity related to http://62.171.140.176:8080/service-S3xNqH which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.171.140.176:8080/service-S3xNqH*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.65.112:43861/bin.sh id: auto-c0779baeb5b88c8fa47a9795d719ab9f3807d4bfd77375d207b2c8e2035df09f status: experimental description: Detects traffic or activity related to http://59.89.65.112:43861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.65.112:43861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.178.112:8443/sda1/GOT/Photo.lnk id: auto-8c302bb4fc70f6a1c7a525c9aeca607bb4055728314f9b9e3290bc69c2d86364 status: experimental description: Detects traffic or activity related to https://94.166.178.112:8443/sda1/GOT/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.178.112:8443/sda1/GOT/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.178.112:8443/sda1/GOT/AV.scr id: auto-4c0d04cae282ee49e427d765a59181e5df59c1e94889fc9b464efb30d65ee6e5 status: experimental description: Detects traffic or activity related to https://94.166.178.112:8443/sda1/GOT/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.178.112:8443/sda1/GOT/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.178.112:8443/sda1/GOT/Video.scr id: auto-4029cf4f25fe12c861184aa1097cf0dae1a98739d1545c45a69a19b31a205ac9 status: experimental description: Detects traffic or activity related to https://94.166.178.112:8443/sda1/GOT/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.178.112:8443/sda1/GOT/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.178.112:8443/sda1/GOT/Photo.scr id: auto-91329b3e03b6e00eb4383db562867fc4b3a3de96a567ffc12a9fd07716f67df6 status: experimental description: Detects traffic or activity related to https://94.166.178.112:8443/sda1/GOT/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.178.112:8443/sda1/GOT/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.178.112:8443/sda1/GOT/AV.lnk id: auto-d50d6b5609a821bf82b95ca5a21a82463e0a3007467a86133470d05a0690465e status: experimental description: Detects traffic or activity related to https://94.166.178.112:8443/sda1/GOT/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.178.112:8443/sda1/GOT/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.166.178.112:8443/sda1/GOT/Video.lnk id: auto-c0a1293a4deed19ff8e7988fd398e0c66eb84a0745e7b0559aefc7b9bf2726eb status: experimental description: Detects traffic or activity related to https://94.166.178.112:8443/sda1/GOT/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.166.178.112:8443/sda1/GOT/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.186.156:47195/i id: auto-e11d808ee859ad605d19da4baca0cdf8a210984b41da1fed23b5e40e75806a8f status: experimental description: Detects traffic or activity related to http://115.56.186.156:47195/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.186.156:47195/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/user/0/primary/Photo.lnk id: auto-68b0e9e9b9560da0494a214cf67662c4434e905b394789204443b686ac5a9008 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/user/0/primary/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/user/0/primary/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/user/0/primary/Video.scr id: auto-14e21c85c0ed0de7ac8b48dae723b93b37ab5550dfb893732f136b5ea68b3b6c status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/user/0/primary/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/user/0/primary/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/user/0/primary/AV.lnk id: auto-0dadb267330ddfbad88d16d4d6cea5e05e1e9c63bdf26cf2b109db416ed38509 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/user/0/primary/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/user/0/primary/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/user/0/primary/Photo.scr id: auto-0cfac2286383b0204470afc55a4808efc9b20a9487c2657ff015dff3d03d607c status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/user/0/primary/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/user/0/primary/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/user/0/primary/AV.scr id: auto-c8d7abede99dc0d77a617589a07c411947605bb8e59641bb0bba74d0bc759684 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/user/0/primary/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/user/0/primary/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://93.103.89.76:8802/user/0/primary/Video.lnk id: auto-6d696c0eebba2804b4f9be8217f26a3e8071244fce1b8e63034aaa929a2a0fc8 status: experimental description: Detects traffic or activity related to http://93.103.89.76:8802/user/0/primary/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://93.103.89.76:8802/user/0/primary/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.2.121:8443/sda1/AV.lnk id: auto-d8b4eb1949913e6860950119220512669131d6341dafdaaa3cf183ef6c1c9fd5 status: experimental description: Detects traffic or activity related to https://151.16.2.121:8443/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.2.121:8443/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.2.121:8443/sda1/Photo.lnk id: auto-ca070ac2ca6c255f6f2e60122a00d289e6be5ea4ef5d8fef24c523823c1901db status: experimental description: Detects traffic or activity related to https://151.16.2.121:8443/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.2.121:8443/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.2.121:8443/sda1/Photo.scr id: auto-bbb91f209752d5fb4ebb2fdf873ae003498193f0e3d0392c1b12d4fbb79e4091 status: experimental description: Detects traffic or activity related to https://151.16.2.121:8443/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.2.121:8443/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.2.121:8443/sda1/AV.scr id: auto-efa13ccad39b1ff33461d9543dfc21793cf72488221aa7180bc83fb4319f2653 status: experimental description: Detects traffic or activity related to https://151.16.2.121:8443/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.2.121:8443/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.2.121:8443/sda1/Video.scr id: auto-4f5e619f69a6b67e081a204bd88b330f53008f2743c785b58b94cfbe1e620465 status: experimental description: Detects traffic or activity related to https://151.16.2.121:8443/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.2.121:8443/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://151.16.2.121:8443/sda1/Video.lnk id: auto-b032a5fbd056d8ef33a6d03199b383e468e832f62d7b4e5ec2be0b04e127ed9d status: experimental description: Detects traffic or activity related to https://151.16.2.121:8443/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://151.16.2.121:8443/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.47.209:53859/i id: auto-eab144aa66d4a4593d128d8cf5b3caa4e3f5c4d52b53b3eb93892987e4a59f96 status: experimental description: Detects traffic or activity related to http://60.161.47.209:53859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.47.209:53859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://43.199.34.191:8000/ep id: auto-8cfa83406599a8ac7aa46605a4b4027931416300153392a62752a7d06510cc26 status: experimental description: Detects traffic or activity related to http://43.199.34.191:8000/ep which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://43.199.34.191:8000/ep*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.182.18:47354/i id: auto-4018b2fc440e04b6ffb84598e57e85bdeecfd75cff8b53c2407e20ca4572862e status: experimental description: Detects traffic or activity related to http://42.53.182.18:47354/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.182.18:47354/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.199.150:34015/i id: auto-f3775382de615f20c7fe556f3b81991eb5e1f0928380e53fc24250eaf09d266d status: experimental description: Detects traffic or activity related to http://123.9.199.150:34015/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.199.150:34015/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.47.209:53859/bin.sh id: auto-49bd0ef9c98fe0917c13dd950542c3f971eb7b8d08187a2d68ce889f4eb6044a status: experimental description: Detects traffic or activity related to http://60.161.47.209:53859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.47.209:53859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.115.34.131/MicrosoftEdgePro.exe id: auto-9e103513e15bde61d22b7d655d770a83eb2b0439de42c33c5faefa527a482528 status: experimental description: Detects traffic or activity related to http://185.115.34.131/MicrosoftEdgePro.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.115.34.131/MicrosoftEdgePro.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.115.34.131/XClient.exe id: auto-70af37944e34df8f0e591ad5dad50d49bd4efef4880f87f55b6d972a52254711 status: experimental description: Detects traffic or activity related to http://185.115.34.131/XClient.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.115.34.131/XClient.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.6.62:33578/bin.sh id: auto-b4c9e28ab44304f573e788f18c0faa65e83e8bd15e7c39eb83948b4a06bd163e status: experimental description: Detects traffic or activity related to http://125.41.6.62:33578/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.6.62:33578/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.154.35.73/cap.ps1 id: auto-470dd1010325533cbe6439f605ad592882244b866fb00a915f63db53e32539cc status: experimental description: Detects traffic or activity related to https://94.154.35.73/cap.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.154.35.73/cap.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.154.35.73/msgbox.txt id: auto-b75f6173066b0fefb0e23bde132e0c957c76bd5a397e705a3a6f48f98704f56f status: experimental description: Detects traffic or activity related to https://94.154.35.73/msgbox.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.154.35.73/msgbox.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.154.35.73/1.vb id: auto-99e479219db0b880ddefb1ccb4c38f97e9f9feed76a0eee6d0fa449163c9654d status: experimental description: Detects traffic or activity related to https://94.154.35.73/1.vb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.154.35.73/1.vb*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.154.35.73/script.vbs id: auto-41c7f76c1fe55cd07d115c98fc9bb21f373b4917e7333dd31c6d1a7e1a046dd4 status: experimental description: Detects traffic or activity related to https://94.154.35.73/script.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.154.35.73/script.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://94.154.35.73/secret_bytes.txt id: auto-24172f3fdaf7e41110711422005f0dbbf277f002cf2fa3f59fdd78bc53978541 status: experimental description: Detects traffic or activity related to https://94.154.35.73/secret_bytes.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://94.154.35.73/secret_bytes.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.93.209:41647/bin.sh id: auto-3522ce5eb996bd3c60155c46d386ed47975317a396301ae2ab67ad55b33aebcf status: experimental description: Detects traffic or activity related to http://117.209.93.209:41647/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.93.209:41647/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.180.147:54830/bin.sh id: auto-a4ed1b4dce630bb08c0b4079222f366e0222e87aa6c2a85db89ca02ee1614799 status: experimental description: Detects traffic or activity related to http://115.57.180.147:54830/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.180.147:54830/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.156.159:43031/i id: auto-08e4e6f318a80e90c6a5dabe136e068f8c9eb37af1da04019246333af305f648 status: experimental description: Detects traffic or activity related to http://123.14.156.159:43031/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.156.159:43031/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.53.182.18:47354/bin.sh id: auto-47b449f256fe99678e036c0f50bf078df3ca5f50f65a962410c88cbfb95e4d20 status: experimental description: Detects traffic or activity related to http://42.53.182.18:47354/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.53.182.18:47354/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.11.194:43661/i id: auto-d071d08e93350f4358aff3b945e6720fffb557e6cf26318dca62b0529857ccd8 status: experimental description: Detects traffic or activity related to http://196.190.11.194:43661/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.11.194:43661/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.156.159:43031/bin.sh id: auto-20bc4dc60e26073f7da88220507ab9c263cedffd4ecbfe4984f91ab0a75c7e96 status: experimental description: Detects traffic or activity related to http://123.14.156.159:43031/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.156.159:43031/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.26.251:49372/i id: auto-982e20e78aa7ad549fc43dceb538699bf0ea1b7930430c3b098bd71b4e2ad417 status: experimental description: Detects traffic or activity related to http://124.95.26.251:49372/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.26.251:49372/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.192.43:57787/bin.sh id: auto-8e3d413164ef8d2fbec3a5cd77f18e95194bed883450826e17a81395a3d17127 status: experimental description: Detects traffic or activity related to http://120.61.192.43:57787/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.192.43:57787/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/w.sh id: auto-8ae99c9db79dd39c78c8c7e88d02895e8897cea78d92c435c6e9797b9986a421 status: experimental description: Detects traffic or activity related to http://158.94.208.27/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/wget.sh id: auto-e20b394670d41b64f04a9d4074f8ab8b61b06198a0d4befb658ed56492c31899 status: experimental description: Detects traffic or activity related to http://158.94.208.27/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://158.94.208.27/c.sh id: auto-055e88faa289633af787ee5a1f2e0cc74e3e0a682f06183433ecab1008aa7ddb status: experimental description: Detects traffic or activity related to http://158.94.208.27/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://158.94.208.27/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.74.247:34005/i id: auto-2d2114fab9166eb164202dbbb32bef702d1b382eb478f00fb43e57e413df3aef status: experimental description: Detects traffic or activity related to http://123.11.74.247:34005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.74.247:34005/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.222.255:49975/bin.sh id: auto-8753bd037cac0764578af628ee70fc3ccf61d17a08b510c822b9c359d1280db8 status: experimental description: Detects traffic or activity related to http://115.55.222.255:49975/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.222.255:49975/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/parm6 id: auto-48b1cb1c6af7b0c60c24c8754b3ab45b6a4c76d529b307f81b35dd36bd711490 status: experimental description: Detects traffic or activity related to http://178.16.53.211/parm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/parm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/parm7 id: auto-f813fe634c65d8cf89216b39a6b67f27f4fcaf2c1b87dddb4540c4494e8edb09 status: experimental description: Detects traffic or activity related to http://178.16.53.211/parm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/parm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/pmpsl id: auto-20b5fe745f0242f2cb2f221b025ad1166581c2c8d7496dd3b541046173aea0de status: experimental description: Detects traffic or activity related to http://178.16.53.211/pmpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/pmpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/px86 id: auto-442ac90e16e6752c86ab80f97434632842adbb36ab32838e1c86f475604288b5 status: experimental description: Detects traffic or activity related to http://178.16.53.211/px86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/px86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/parm id: auto-09c1314df11a9b1d8a27ac21efa604635c18e5f67d7b1f0e4031b672cc3f5c21 status: experimental description: Detects traffic or activity related to http://178.16.53.211/parm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/parm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/parm5 id: auto-96845f7bf073dc7a8db2e1a68dd51f57014c171e8ef6a65371793cfb66d76317 status: experimental description: Detects traffic or activity related to http://178.16.53.211/parm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/parm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/psh4 id: auto-bfafa5340c12deabd3d6c69ed6573d61ea0b16c95c72333c3be578377090c961 status: experimental description: Detects traffic or activity related to http://178.16.53.211/psh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/psh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/pm68k id: auto-032eddf10781aa36a15b1cbfe9b6c20d784127b53285f754924c23468c17b460 status: experimental description: Detects traffic or activity related to http://178.16.53.211/pm68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/pm68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/pppc id: auto-d846239577d262fa1c4968d374ad35036d5004db47ba15e2cccc2d0c67cabdbd status: experimental description: Detects traffic or activity related to http://178.16.53.211/pppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/pppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/pspc id: auto-97fef43e722360f3b879a31a100dcae8992aca7abb1342a53e489bd9c03a982c status: experimental description: Detects traffic or activity related to http://178.16.53.211/pspc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/pspc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/px86_64 id: auto-99d0c5d823aecd76b453c11e2cf906c0de54125d2043e6bb555bdd2d5f155f8c status: experimental description: Detects traffic or activity related to http://178.16.53.211/px86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/px86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.16.53.211/pmips id: auto-a135048d6df8c8034e5e3204368c475d5ccb60e7fac26b6748994f3d190470e9 status: experimental description: Detects traffic or activity related to http://178.16.53.211/pmips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.16.53.211/pmips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.104.64:57159/i id: auto-8abf52d7560fd718bb060111e7e4667bb98b7d991d27331350ee2abaf95ac637 status: experimental description: Detects traffic or activity related to http://175.149.104.64:57159/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.104.64:57159/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.218.244:47129/bin.sh id: auto-6bc5d2bf07e5380a3ba8273a6e4f9e7bd1338df043db81ca0678d5fed7d24318 status: experimental description: Detects traffic or activity related to http://42.228.218.244:47129/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.218.244:47129/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.176.83:34016/i id: auto-6c8cf7316d1ca8ced8e88cccdb21fda0fbf800f28809b2e82dbdb872c6a21f52 status: experimental description: Detects traffic or activity related to http://117.216.176.83:34016/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.176.83:34016/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.74.247:34005/bin.sh id: auto-01512f818526fe9653469d0141d850769c2753a313ebd819be612337070e1110 status: experimental description: Detects traffic or activity related to http://123.11.74.247:34005/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.74.247:34005/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.36.246:33631/i id: auto-abc96cfbfa18bd4cedfc80c8fa18cb9075b84ce4e4e7b4ef1bb5e45402e15f80 status: experimental description: Detects traffic or activity related to http://222.141.36.246:33631/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.36.246:33631/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.249.118:54526/bin.sh id: auto-7e89ddcedb4eb51b62e5c79b5828c930b9073926efbc0418f577ba80b1a20e1a status: experimental description: Detects traffic or activity related to http://175.147.249.118:54526/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.249.118:54526/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.139.180:35531/bin.sh id: auto-c9f3aaca1a028ee92c4037fa6819b86c9f1faa3444f9c44d4b5df4ebf94d747a status: experimental description: Detects traffic or activity related to http://61.168.139.180:35531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.139.180:35531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.216.176.83:34016/bin.sh id: auto-601c3687a95985ff8633b00293493f820f5e299e02cd53e788bd12763a59d485 status: experimental description: Detects traffic or activity related to http://117.216.176.83:34016/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.216.176.83:34016/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.186.156:47195/bin.sh id: auto-3f7929315073f82d21d9329fa75c698e3577924b9c12a76e6291a09005f3fb0b status: experimental description: Detects traffic or activity related to http://115.56.186.156:47195/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.186.156:47195/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.94.254:55269/i id: auto-5bac1501a206d6481021893b2e2134d05d1d09e88db7c72feb9e5d0f0c15f897 status: experimental description: Detects traffic or activity related to http://125.43.94.254:55269/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.94.254:55269/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.36.246:33631/bin.sh id: auto-e199061cf306e72af1e15e2b37fa1d9e7f103104afb74b61d4aa462a6f1c720a status: experimental description: Detects traffic or activity related to http://222.141.36.246:33631/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.36.246:33631/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.110.78.21:31577/i id: auto-d514a55b2e02b3a1336e9a30604ee2019105a6e6bc0556633d8d2334a2e0aa78 status: experimental description: Detects traffic or activity related to http://213.110.78.21:31577/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.110.78.21:31577/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.94.254:55269/bin.sh id: auto-520b90be106b2dac343de13ffe565066f2e2bb4616332742e8f14cadbcc32f4d status: experimental description: Detects traffic or activity related to http://125.43.94.254:55269/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.94.254:55269/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.247.176.130:44712/bin.sh id: auto-f09f13ed14aeb4d0958623e832e4b23655932577a65f4f38cefb06b2743781c7 status: experimental description: Detects traffic or activity related to http://182.247.176.130:44712/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.247.176.130:44712/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.110.78.21:31577/bin.sh id: auto-6382f49a4d7bb612eb006e9cc5239665d4664d90fbd98683d2bbcebdbc706e35 status: experimental description: Detects traffic or activity related to http://213.110.78.21:31577/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.110.78.21:31577/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.16:53268/i id: auto-cfe8fdaa27e818c63e0382cb865d4afb3df8cc761caf685caf14e6d399f4e21d status: experimental description: Detects traffic or activity related to http://110.39.237.16:53268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.16:53268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.mpsl id: auto-587c069029a591e5f5594893df72d23c130654bcaad3be994001364204ed7338 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.x86 id: auto-8aa08ad68136569031fa3579b6b061863e47ede191e928978964d44bb4821164 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.ppc id: auto-9e77cb68d9c8b7cbb1e88a5a1c548d4911609b4c13c82eb50be60b6ea92f962d status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.arm id: auto-064af2bdc04591299a501634d44c6e84e4879b080b05c66326a7555e52590381 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.arm6 id: auto-f96044963138de513ceeccfe8e91c4d51c1c1826abf95187fbd4a104d1ea945f status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.arm5 id: auto-a6e5bac6c11e6d6fb46a68bd6ba8ccd5df1a5ecc4aff5a5e243c7dafa04ebd7a status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.mips id: auto-514c4ac1b871d3628c91741ae7165cfaed2f7241956f9b723d4839fc2324e246 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.spc id: auto-6acb7577b86f373d4d5c869f995d6d2441667702fd0bd74def9a38239896cc58 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.m68k id: auto-c36cba36695186b9664f131128ddd3026ab944655f8a906c1ee6224ad9a3738c status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.i686 id: auto-4c82e43278fe98fd18ac48e6d37c8f5ebf5f45122a89e0f381b96e0138d2d167 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.sh4 id: auto-e2df0f64eb2361552251b7c4aa0d42d64a12e1b8731822d0dffab799e228dfac status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.x86_64 id: auto-08bfd6ac1214f2fc73fae3df7ff5e04f6b46a2f059a250aad86d3f6f52f495d8 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.106.58:47164/i id: auto-f5a2c23102cab19eed50ee42d928b6abb55c07f85927b971d9ecbc662ec64be9 status: experimental description: Detects traffic or activity related to http://116.138.106.58:47164/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.106.58:47164/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.i468 id: auto-ee80f4427aa9acad2a7588934d4e8b5c9bc899ce93c4102e337fb47b2b24f255 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.spc id: auto-e6e62bf186e577cf653b02a48fcc2fe9385c42e82d9c20df48ad444dac7cdddd status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arc id: auto-9c02cff941684cbf878a6ae6b28ae6ea6fd2adba959238b8b990f0c79f58bc73 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.x86_64 id: auto-a4010a398cf40d159b3829520a393b2f3577a8f7f73608c71b7211b7ddbecaa9 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.spc id: auto-6bfb62a0419f210d0238007ff5555699c1d6ec1d0770265c62877bf876e577ac status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.mips id: auto-fc404689614430456d0395b248a45a0ddbd470a22042ead4d3aa395fbf64bbf3 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.ppc id: auto-55a385c370721270f8c35a6c3104d856835aa6955e00400ac477c0f747fbeedb status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i468 id: auto-d1e9bfa872df50ebb2c0433a6e53d4ee4deef1773662c7316f027f371edc27bb status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.x86 id: auto-f79eeddb1579c902199c386d44cb9afb1855b73bc512a1b46dc4af179d3f9bec status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.arc id: auto-e27ab09ff3cb15deea03e42ac8c533e9a691a9365f0908b7d1151725c6d6e42f status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://216.126.227.101/mamakmukekkontol/zerobotv9.arm7 id: auto-66b4ab38da5bc2144853e7fe930f85179941cb4624ea11f6f209ad1bbbaeaac9 status: experimental description: Detects traffic or activity related to http://216.126.227.101/mamakmukekkontol/zerobotv9.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://216.126.227.101/mamakmukekkontol/zerobotv9.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm id: auto-82da2ad0965a6e72052476fecb0710045b73ab67b89e483310c51e4251f6b1ea status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://143.20.185.78/bins/jews.arm id: auto-5bff6d3ffd37584d5a151a9495db7af70f710df7204521d3e3b27e647d88e9c4 status: experimental description: Detects traffic or activity related to http://143.20.185.78/bins/jews.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://143.20.185.78/bins/jews.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.33/bins/parm4 id: auto-e548748cf98bbad961318e08e1061eb05012457cea435fd03bb7b44bb7985361 status: experimental description: Detects traffic or activity related to http://130.12.180.33/bins/parm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.33/bins/parm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.105:36377/i id: auto-ccaf770a2d811182e53c044b16d71fc26c538bb50342ff887db405d3664c3464 status: experimental description: Detects traffic or activity related to http://117.209.81.105:36377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.105:36377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.126.150:57510/i id: auto-634badccf141c27175897c9f362fb4d74b0e8712d88fa53498c5534ea1d38c68 status: experimental description: Detects traffic or activity related to http://61.53.126.150:57510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.126.150:57510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.28.63.30:36508/i id: auto-c9cdd23410d019e12912bf9ff7cc7a1af5886a7e191335c9e7d7b141be05bcd2 status: experimental description: Detects traffic or activity related to http://218.28.63.30:36508/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.28.63.30:36508/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.16:53268/bin.sh id: auto-fdf2467f17e2d0c05993fe3649dc1fe08835d2b30600f6157328b2545733cbed status: experimental description: Detects traffic or activity related to http://110.39.237.16:53268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.16:53268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.138.106.58:47164/bin.sh id: auto-1eb078b2f26f639c1df192e66ef24f434099165011e2e4e0c9976e6f6129470e status: experimental description: Detects traffic or activity related to http://116.138.106.58:47164/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.138.106.58:47164/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.105:36377/bin.sh id: auto-2b48b767b5e88270228a8e83f570be030434d5becafe827dca64997472c3e95a status: experimental description: Detects traffic or activity related to http://117.209.81.105:36377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.105:36377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.82.199:37963/i id: auto-bb4c33ca6844565612ea8d4231aa2fb2f04418236664020043b2a3858a60ce2c status: experimental description: Detects traffic or activity related to http://59.95.82.199:37963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.82.199:37963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.28.63.30:36508/bin.sh id: auto-97b1966ee6ddeb7a3ad29ede2adcb8bd824cafba4eb4a26f9a5600d3778e35c0 status: experimental description: Detects traffic or activity related to http://218.28.63.30:36508/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.28.63.30:36508/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.168.10.70:59985/i id: auto-f4df805842bb2d9fe8bd1abc28cd1c1e79b887d89bac9d6f47cc99f93bba5184 status: experimental description: Detects traffic or activity related to http://108.168.10.70:59985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.168.10.70:59985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.73.120:57364/bin.sh id: auto-5519afdf5e912ec51bedb2820f68cf2e253afaf14642591bc33f53517d8bda48 status: experimental description: Detects traffic or activity related to http://42.57.73.120:57364/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.73.120:57364/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.157.118:50785/bin.sh id: auto-3933853f2878572b1f2c92b8e12e28163996f25861fde3521cbc7fcb32f4eace status: experimental description: Detects traffic or activity related to http://222.140.157.118:50785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.157.118:50785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.54.186.80:40407/i id: auto-1b0f80332b4caa28edfe84b8a94fa7ae9095e473254eeb150e05cb74f2f8969d status: experimental description: Detects traffic or activity related to http://42.54.186.80:40407/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.54.186.80:40407/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.178.155:45552/i id: auto-635f20015ec6adc3798511b44100c8003432501f93ed1b3f2b1fc06043ab8784 status: experimental description: Detects traffic or activity related to http://42.179.178.155:45552/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.178.155:45552/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.102:36299/bin.sh id: auto-1c29d20912bc6e7bc8437734e252c8139c83f0b31e606cc77824cfccfc5c477c status: experimental description: Detects traffic or activity related to http://110.37.2.102:36299/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.102:36299/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.146.206:37512/i id: auto-076d51c3eb72d4760d1b8412d7e275179392fbd0c734074f4359be5b9fae5423 status: experimental description: Detects traffic or activity related to http://61.1.146.206:37512/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.146.206:37512/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.216.29:39201/i id: auto-cd99033fde261bf15656219876e416d0a726a3f660756d697b6961c0ecbcc610 status: experimental description: Detects traffic or activity related to http://42.234.216.29:39201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.216.29:39201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/gititierer/tekrarbasladi/raw/refs/heads/main/inattv.apk id: auto-bb8d5f96bc339b1bbd2785dba277c00e9bf8de440d40bb467fa8dc7aeb71aab7 status: experimental description: Detects traffic or activity related to https://github.com/gititierer/tekrarbasladi/raw/refs/heads/main/inattv.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/gititierer/tekrarbasladi/raw/refs/heads/main/inattv.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/selim1192353/aa/raw/refs/heads/main/Chrome.apk id: auto-abf7b2f688c2ff2c32781097f85e2e196b54a440ad145d4febfb79c671c53ff0 status: experimental description: Detects traffic or activity related to https://github.com/selim1192353/aa/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/selim1192353/aa/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.21.7:56138/i id: auto-006551b55f4a24a37f554f9883e1566636fc3063a2db8959d1c8d98ab4ca9b37 status: experimental description: Detects traffic or activity related to http://119.116.21.7:56138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.21.7:56138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.178.155:45552/bin.sh id: auto-10ab83c86979781e4b291343097bcad070be3770988c6a13668f7a512c971f80 status: experimental description: Detects traffic or activity related to http://42.179.178.155:45552/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.178.155:45552/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.146.206:37512/bin.sh id: auto-9aaedc5d6aea9d34649bc06821f6c54ca9f63b6a114fa09350825bc3c6433849 status: experimental description: Detects traffic or activity related to http://61.1.146.206:37512/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.146.206:37512/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.82.199:37963/bin.sh id: auto-b0c6113cf8faeb12555efd08e58b4d532ea89eb390d57d36617bdf0965b82ea9 status: experimental description: Detects traffic or activity related to http://59.95.82.199:37963/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.82.199:37963/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.107.241:53650/bin.sh id: auto-4cd41e867196e8f80c005d70ca5800d120b168172f11a4a559765d6213ba0f74 status: experimental description: Detects traffic or activity related to http://182.121.107.241:53650/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.107.241:53650/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.197.118:59592/i id: auto-9e263792d59d4ea88da6192bdd4aecca79ff8230c290343f7d4e2b5b02d5aaf4 status: experimental description: Detects traffic or activity related to http://120.28.197.118:59592/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.197.118:59592/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.207.136:52412/i id: auto-6803d8fa2caccacd4fe4fe797c77ac72cf6c95d5035f3ba7e2e529eac2af8726 status: experimental description: Detects traffic or activity related to http://115.55.207.136:52412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.207.136:52412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.253.187:33898/bin.sh id: auto-09dd5358ad4b2beb54bacf76caff4cb038a1f4d9aa7778a9250f059554e34da9 status: experimental description: Detects traffic or activity related to http://120.61.253.187:33898/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.253.187:33898/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.112.237:51363/i id: auto-4e25a4f4e71176a7d279c675f28e8c8dbcc70ecf891c19b8be4c719b68dae6bf status: experimental description: Detects traffic or activity related to http://117.195.112.237:51363/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.112.237:51363/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.103.93:58473/i id: auto-52c5fee44fad186c301dc0637b6f9a4839a99cbe461b0653499ed275760de2b1 status: experimental description: Detects traffic or activity related to http://110.37.103.93:58473/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.103.93:58473/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.246.115:32996/i id: auto-37ad464534e3627c79e9697a7a173b57236dce083f483d1ba5cf8210dc9d0ce4 status: experimental description: Detects traffic or activity related to http://176.226.246.115:32996/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.246.115:32996/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/a-r.m-4.Sakura id: auto-3652a4688d48ce625379d5afb93ba50a0faa0f328cbc885db76ca7cd271a80cd status: experimental description: Detects traffic or activity related to http://185.221.199.159/a-r.m-4.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/a-r.m-4.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.50.8:59718/i id: auto-b3518fd0aab29016ea57e0d4a8beb25b0425a006eeba02b0103a65fffb5c58eb status: experimental description: Detects traffic or activity related to http://115.63.50.8:59718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.50.8:59718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.23.17:46127/bin.sh id: auto-5acd6659297ceecebe35135c37acaceb62aefb0216a404b99acb6ff5e39e1fd6 status: experimental description: Detects traffic or activity related to http://110.37.23.17:46127/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.23.17:46127/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.21.7:56138/bin.sh id: auto-a2c06f882936c4705bce309acfaae0e9e18d78e1f959d1db1fda37ae448df09d status: experimental description: Detects traffic or activity related to http://119.116.21.7:56138/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.21.7:56138/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1975996902/nJ9O008.exe id: auto-5f6a171e4bc724577341b41ca78ce430e5f82495dd3d3385298e20d55530a5bd status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1975996902/nJ9O008.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1975996902/nJ9O008.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.197.118:59592/bin.sh id: auto-e473b4431daedee3ae443c791948b1be5edb7719248564c3d9e6ba1d9774d015 status: experimental description: Detects traffic or activity related to http://120.28.197.118:59592/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.197.118:59592/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.246.115:32996/bin.sh id: auto-6bb462f7a04edd93c3330b3d24e73909ccd2622d3c9c7ab9dc0149d0696cf06f status: experimental description: Detects traffic or activity related to http://176.226.246.115:32996/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.246.115:32996/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.112.237:51363/bin.sh id: auto-0afd0f2838a181b7b62f17e23fac0c7777aaa3a2bc2572233c60838ec87574f9 status: experimental description: Detects traffic or activity related to http://117.195.112.237:51363/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.112.237:51363/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.173.76:59681/i id: auto-15662bd7fdd33c89fe640e19dcb6209550e5cd3a735ea0532d7c2db8187210f2 status: experimental description: Detects traffic or activity related to http://117.205.173.76:59681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.173.76:59681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.159.57:46001/bin.sh id: auto-d9ac0cac374f3e9ba0b17bbd180869a0b9ae59b450336ffd2b5a39d634ae257c status: experimental description: Detects traffic or activity related to http://175.148.159.57:46001/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.159.57:46001/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.50.8:59718/bin.sh id: auto-6f2ab3dac5e5afc5d5f3e1f4e8aa8a7a4582fac7e0954c2c5dadb830bf61e397 status: experimental description: Detects traffic or activity related to http://115.63.50.8:59718/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.50.8:59718/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.91.63:60432/bin.sh id: auto-a19397d35dc601166df0556dcb223c0a6cbb766760cbc5b44282573edb536994 status: experimental description: Detects traffic or activity related to http://123.185.91.63:60432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.91.63:60432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.163.6:48984/i id: auto-ada11381d6d8fe4420b740f7845d81dab2a7f1b8380d08db77e2d76f5b9ac1fe status: experimental description: Detects traffic or activity related to http://182.119.163.6:48984/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.163.6:48984/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.11.43:33423/bin.sh id: auto-0b4d9e9b3a693d94c248faa5a727c778b0cedf3fad9ab92f1423ddb170665ac7 status: experimental description: Detects traffic or activity related to http://219.157.11.43:33423/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.11.43:33423/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.223.22:51197/i id: auto-145778f913d9264c53dfca81e263a1ceb015187e3dafa856243acbda5f473d68 status: experimental description: Detects traffic or activity related to http://182.113.223.22:51197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.223.22:51197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.145.12:36961/i id: auto-7ea67c164e2009c682aa82312287f5151775c1bf7dbfd275f047a1c17e243d7b status: experimental description: Detects traffic or activity related to http://59.88.145.12:36961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.145.12:36961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7845402472/CJTOpuQ.exe id: auto-6f04fc85c0f6ca8e4335ddd108b2f56e1a2ab78a4b8f59f46d512c095708c215 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7845402472/CJTOpuQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7845402472/CJTOpuQ.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.173.76:59681/bin.sh id: auto-0619ef8f71482921728838c7e38d30b0c994bc37273d16c0e628f4ef737e6600 status: experimental description: Detects traffic or activity related to http://117.205.173.76:59681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.173.76:59681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.145.12:36961/bin.sh id: auto-9079940cfca23f5872089c57da3cdc82aff5238654c57817369b54069c5acade status: experimental description: Detects traffic or activity related to http://59.88.145.12:36961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.145.12:36961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.163.6:48984/bin.sh id: auto-f66dac5b9608f2f8f0c38a1851c78af65c25aeb96f27d7fd0699286ecd86689d status: experimental description: Detects traffic or activity related to http://182.119.163.6:48984/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.163.6:48984/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.160.241:34200/i id: auto-c80ab1f3463b80af279ca42505e14fe34f6b8e15331fe3c6f1e4604583254460 status: experimental description: Detects traffic or activity related to http://182.124.160.241:34200/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.160.241:34200/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.220.246:51415/bin.sh id: auto-7ba75af7b833d32ef0a468d08c604a5556202ba54904b3450e76385556cf8833 status: experimental description: Detects traffic or activity related to http://221.13.220.246:51415/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.220.246:51415/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.111.61:58322/i id: auto-1b3a9fa645d61f37a74f31d3366d471b94fd22336404e1d3e03b1d319e0cc8c3 status: experimental description: Detects traffic or activity related to http://61.3.111.61:58322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.111.61:58322/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.80.166:60552/i id: auto-ed5ec36d5ff1c4eafdfe10f0024999ef776346e62c32280ed835b8da6c6563e6 status: experimental description: Detects traffic or activity related to http://125.43.80.166:60552/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.80.166:60552/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.192.239.222:50366/bin.sh id: auto-f0d47d09525e8a59c977b1ac7d6c6f347f52cdbe419b588b3f2f680b8581ec8c status: experimental description: Detects traffic or activity related to http://220.192.239.222:50366/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.192.239.222:50366/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.111.61:58322/bin.sh id: auto-09fa40c7c47817e672d287e219f40c649604fc12a39be0d187964ccf3eb03e08 status: experimental description: Detects traffic or activity related to http://61.3.111.61:58322/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.111.61:58322/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.163.89:57983/bin.sh id: auto-0863a4d5b35e32b19cdae4c7696b7d0db46a3e405c9ee8181cae9d28bf1c1061 status: experimental description: Detects traffic or activity related to http://182.123.163.89:57983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.163.89:57983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.7.49:41057/i id: auto-34c7537a0296dd2514fc830ad8092f4ae0863e1f4995ea61c3d3a405e072758e status: experimental description: Detects traffic or activity related to http://124.95.7.49:41057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.7.49:41057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.80.166:60552/bin.sh id: auto-f66d855964978bf72b57765cd867e1b89ae12d423c5cfbd99f5fab5c0c318e3a status: experimental description: Detects traffic or activity related to http://125.43.80.166:60552/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.80.166:60552/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.6.168.74:58952/i id: auto-28104a5b1aaeddffe8bc4391377343db3d24e798f754b5d9b8b1b62a000695d0 status: experimental description: Detects traffic or activity related to http://124.6.168.74:58952/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.6.168.74:58952/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.130.83:44217/i id: auto-92716422fdded6e2f669f7298ab30d6f2bd1624b4260eb1c007c9825a2b7755b status: experimental description: Detects traffic or activity related to http://182.115.130.83:44217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.130.83:44217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.233.147:39417/i id: auto-103aa7fb0a9cb09c810fa21f306ab13283ea5003486f39112ec1a0df0e85eb4d status: experimental description: Detects traffic or activity related to http://42.234.233.147:39417/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.233.147:39417/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.231.62:40310/i id: auto-320adbf2c3912a249452b54258174a22643863b26fbc2968a27820bfd8ac252e status: experimental description: Detects traffic or activity related to http://115.55.231.62:40310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.231.62:40310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.7.49:41057/bin.sh id: auto-7a96ebaa4dac16b74bfeb9add5ef5778937179cfaf6cc286fdf17e1d96e0affe status: experimental description: Detects traffic or activity related to http://124.95.7.49:41057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.7.49:41057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.130.83:44217/bin.sh id: auto-84a3d76c8223814341bcfda4193f1bac29a93088f6fa0415dbce1cddc722d3ee status: experimental description: Detects traffic or activity related to http://182.115.130.83:44217/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.130.83:44217/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.38:50756/bin.sh id: auto-3809820f4ac7e6c75fea2182cacfb2ce9b8104a77ac2397a65fd9b684455ea4e status: experimental description: Detects traffic or activity related to http://59.96.137.38:50756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.38:50756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.151.218:57797/i id: auto-7e6f7fbc04bca74408da2faf2ac6b7ea8cb52fc44ba5a4e4dbcd2b4d3181eae2 status: experimental description: Detects traffic or activity related to http://39.90.151.218:57797/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.151.218:57797/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.219.177:44871/Mozi.m id: auto-e57e92bac12f8f3d62b68bdc0dcde46abc1c03d15f3b52e0b5fe2d665b72f9a4 status: experimental description: Detects traffic or activity related to http://182.112.219.177:44871/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.219.177:44871/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.42:42231/i id: auto-6f09181c82306537bce12bf69a0d01c5778439e312ed59635313ada68a2c253d status: experimental description: Detects traffic or activity related to http://117.209.22.42:42231/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.42:42231/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5765596543/Eire7m9.exe id: auto-0aacdf6dfe4b6d7843e87b88b8e0552b14444008f1b043ef9c48986f9e768561 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5765596543/Eire7m9.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5765596543/Eire7m9.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.6.168.74:58952/bin.sh id: auto-de327e687b7689263e2beffd21f2b4a2cddc7d3e366eb9722f10cb00d98881fe status: experimental description: Detects traffic or activity related to http://124.6.168.74:58952/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.6.168.74:58952/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.239:40335/i id: auto-36ee4558b7aa0f5316299fbd19ebc1c1bdf3f5f56c72aec2286972a2c4712af4 status: experimental description: Detects traffic or activity related to http://110.37.3.239:40335/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.239:40335/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.22.42:42231/bin.sh id: auto-a09a04a98dc1c803a0e339bd4713f1f1b1556413f9e248a1c58afc2489438b51 status: experimental description: Detects traffic or activity related to http://117.209.22.42:42231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.22.42:42231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.181:45395/i id: auto-4f4dc01185799ef3748e7df85ed84a2fc944c04fd85d3ae0ee4f69bb7ddd5372 status: experimental description: Detects traffic or activity related to http://42.239.235.181:45395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.181:45395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:50414/i id: auto-413d315f67d31cd796040fd1a754f6071aa845b0737e90fb9e119e28470f71b3 status: experimental description: Detects traffic or activity related to http://118.232.137.101:50414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:50414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.3.239:40335/bin.sh id: auto-c1e3356dcf7a8b12a9a05aacb4586f49d18d0bc5febc52730ac43479a5af93f0 status: experimental description: Detects traffic or activity related to http://110.37.3.239:40335/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.3.239:40335/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.10.33:45851/i id: auto-4b4d0601d6975e37ebf062aca9fb3705bd4d634c23d173617983143f92af54e2 status: experimental description: Detects traffic or activity related to http://42.180.10.33:45851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.10.33:45851/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.150.252:57456/i id: auto-7ff1d193c5c623f4c8ff006d3ae3e9d6ff6a5622bad0b0978916db887cab4df7 status: experimental description: Detects traffic or activity related to http://221.13.150.252:57456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.150.252:57456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.231.62:40310/bin.sh id: auto-ff342483f9cdbef87eedfe2d83ea7f92c5a5b91dad3aeb2d156dcca68ec4a35e status: experimental description: Detects traffic or activity related to http://115.55.231.62:40310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.231.62:40310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.243:44440/i id: auto-0bdeb08e21d907e1503659d9795f557884381078352dcf633d3255afaeb78b57 status: experimental description: Detects traffic or activity related to http://110.37.90.243:44440/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.243:44440/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.163:33047/i id: auto-d2ac2986fe5c84091a10904bf61c9375439d8e52fbea16e7aeebff7532395c01 status: experimental description: Detects traffic or activity related to http://110.39.225.163:33047/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.163:33047/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.168.41:57318/i id: auto-6983d83d958f370bce420d371fb202542fe23e4da4e5843be1757b4ff7562842 status: experimental description: Detects traffic or activity related to http://117.212.168.41:57318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.168.41:57318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.241.47.7:38784/i id: auto-9527139d6546f9a94a21ee77f4085608cfac09a294acd11723528e5b5fe992cd status: experimental description: Detects traffic or activity related to http://94.241.47.7:38784/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.241.47.7:38784/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.232.137.101:50414/bin.sh id: auto-bd31d954ab36d105a3a3be681e0d9bbd65dd88a59afdf0a04c504019acb98d21 status: experimental description: Detects traffic or activity related to http://118.232.137.101:50414/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.232.137.101:50414/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.180.8:46011/i id: auto-878fdb760ea135e0baf3911968a73182dca0ce3497e85cda970cc858a37f9a95 status: experimental description: Detects traffic or activity related to http://117.215.180.8:46011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.180.8:46011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.181:45395/bin.sh id: auto-d9a4b8a9051f527c4abe6eb0bb069a0784d0b5dc15bf1b2cc20fb2ed535b2920 status: experimental description: Detects traffic or activity related to http://42.239.235.181:45395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.181:45395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.163:33047/bin.sh id: auto-1bce3b1dfd835e54b22246d5813fc831ea9232c728fa0b7442ed9d1b8bfac4fa status: experimental description: Detects traffic or activity related to http://110.39.225.163:33047/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.163:33047/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.145.97:60809/bin.sh id: auto-102f990c380162e0438e6a4b007d462247b95696e3a16066f941577c42915780 status: experimental description: Detects traffic or activity related to http://222.136.145.97:60809/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.145.97:60809/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.168.41:57318/bin.sh id: auto-0dc0ba7a5513756c6b64850d62e1fba7d6646092bbffaa18c6a47c3edb429aed status: experimental description: Detects traffic or activity related to http://117.212.168.41:57318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.168.41:57318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.52.31:47605/i id: auto-ed46cb91595222a1b657ae5385212eb8649ba4eb6b92d278319fce1987f6a00a status: experimental description: Detects traffic or activity related to http://125.40.52.31:47605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.52.31:47605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.192.239.222:50366/i id: auto-73e48215f2f66aa78799040e2ddf6c7f8e1375e3d9647ea2920c3a9ea0be9cad status: experimental description: Detects traffic or activity related to http://220.192.239.222:50366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.192.239.222:50366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.179.100:38537/i id: auto-f4874e3afef31d7731708f354ca0476334318c7b1210bb517d4d6d1b46e4f1fa status: experimental description: Detects traffic or activity related to http://27.215.179.100:38537/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.179.100:38537/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.90.149:47877/bin.sh id: auto-a7e833382a3bbb672d7086c9b56dab20618d179dc64aa4ba8c144476266f7fa7 status: experimental description: Detects traffic or activity related to http://42.235.90.149:47877/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.90.149:47877/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.231.22:36712/i id: auto-defac830fda5804b5f153153365b89af10d8d012c334a9e9fb8328d930ba18ca status: experimental description: Detects traffic or activity related to http://123.12.231.22:36712/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.231.22:36712/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.180.8:46011/bin.sh id: auto-569a490692f4bfe88b7cd46c3da78284856cf140b4290ffd1d4848f11569ba99 status: experimental description: Detects traffic or activity related to http://117.215.180.8:46011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.180.8:46011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.222.255:49975/i id: auto-7e29d88aebc78bcd4783be4e267a25d280f721f08a9342e1786732f52c424f6d status: experimental description: Detects traffic or activity related to http://115.55.222.255:49975/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.222.255:49975/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.74.222:34867/i id: auto-7d740af9fe98ea78981b74821a80e8463a5bd071b5707779573581ed75b2cbe3 status: experimental description: Detects traffic or activity related to http://119.117.74.222:34867/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.74.222:34867/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.33.21:44104/i id: auto-aca3fc4f8fbe67b5e75ea7cd803edee4af9e202caf8bb4aedaadb6dee13ea8e7 status: experimental description: Detects traffic or activity related to http://219.157.33.21:44104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.33.21:44104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.181.99:44657/bin.sh id: auto-e757d603a9e8846e1a68362e7d274d91b8098303da8758412c13b8da38d86910 status: experimental description: Detects traffic or activity related to http://219.157.181.99:44657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.181.99:44657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.173:35902/i id: auto-1eee5c708b205d98e26c5b64fd1ba7700f73b7b949284488fda932726385be5f status: experimental description: Detects traffic or activity related to http://110.39.225.173:35902/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.173:35902/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.180.10.33:45851/bin.sh id: auto-16374add5875dd2f47d350d817e015c6fb8997bbe02a1511923662b378795398 status: experimental description: Detects traffic or activity related to http://42.180.10.33:45851/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.180.10.33:45851/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.163.181:37583/i id: auto-327017cf32684f16a2fa3b248a97efbbff9c28ec0b1339545149b7456099950a status: experimental description: Detects traffic or activity related to http://123.5.163.181:37583/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.163.181:37583/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.87.245:44489/i id: auto-d8d478db53c9d68844f5c8cee8858cf1b1bec603fc38d73aed6e72291f2cc09f status: experimental description: Detects traffic or activity related to http://59.95.87.245:44489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.87.245:44489/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.150.252:57456/bin.sh id: auto-c674f964e3aaa91f308acde847f385518f05369efa69c8b53643b1aea055559f status: experimental description: Detects traffic or activity related to http://221.13.150.252:57456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.150.252:57456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.87.245:44489/bin.sh id: auto-aa9c0ce0c8a17664ae6645271d500d88a87ede4602ded15d4dadd4ef1cf8d061 status: experimental description: Detects traffic or activity related to http://59.95.87.245:44489/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.87.245:44489/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.32.9:33953/i id: auto-6ba133678b38d99220ec5dd5dcc54e2316dd2c0e21c0a9e600299a413592b973 status: experimental description: Detects traffic or activity related to http://182.127.32.9:33953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.32.9:33953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.133.136.111:54795/i id: auto-a20d3fec250f570c4254087aec94b57bf26118d86f5b2e692b7554cd654dc966 status: experimental description: Detects traffic or activity related to http://123.133.136.111:54795/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.133.136.111:54795/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.46.53:34791/i id: auto-0c76fd7b8dc2c3efa7850dd71511c342f7d4517429318a594ef9eb137708c096 status: experimental description: Detects traffic or activity related to http://110.37.46.53:34791/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.46.53:34791/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.22.179.243:34215/i id: auto-e15897cd2235e29631371509845cf75c9e6d7e010a3eec8b28b06240965a8704 status: experimental description: Detects traffic or activity related to http://60.22.179.243:34215/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.22.179.243:34215/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.33.21:44104/bin.sh id: auto-264a7124e8bc1a7719a22bd89d9a542ec641428ad8e207a582c9b78032f4b6d3 status: experimental description: Detects traffic or activity related to http://219.157.33.21:44104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.33.21:44104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.163.181:37583/bin.sh id: auto-54b9fbc3989c2c8bfdd952156b74d0e12079eebc489c640d5855b90233d0a406 status: experimental description: Detects traffic or activity related to http://123.5.163.181:37583/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.163.181:37583/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.202.17.218:33172/i id: auto-7684e62fe531ba547f7738d2b25e5db46ffa813db690f23bd2d6ceac497f695c status: experimental description: Detects traffic or activity related to http://221.202.17.218:33172/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.202.17.218:33172/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.2.23:41216/bin.sh id: auto-44420265ae017ca6ebeb82ee40b38d98c111fea51058bb8f6109c2100af2260c status: experimental description: Detects traffic or activity related to http://115.51.2.23:41216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.2.23:41216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:37854/i id: auto-7d80eb2eac78a08185a965fd580176d014d90e4b96e9d4e9a21e91077c7d3037 status: experimental description: Detects traffic or activity related to http://124.29.225.50:37854/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:37854/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.arm6 id: auto-b9b7d74b9e7300861278944fbbe9178cbe9ab5c21e962fcc328f43a628e548d2 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.arm7 id: auto-405e4796e4ac0ca98d4162053b74d05eb3d7a13f96e7478c1bc3135cd351fd51 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.mpsl id: auto-4eaac3543e8a9256261abcdeb7019938c4240b253b7d3cbe8c8d76c7247ce0ea status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.ppc id: auto-508c69957b26b174c57527968373962c4e31e0cead323ad221d4385dd8e9c9e6 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.x86 id: auto-5cae7fa2618dd16ff1d80c1ea0d40a3f99448fa199db1c50810ced7e52e42b82 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.arm5 id: auto-bd498ef8cb105221a37afb150fe5079110d45e3e7f3fcec756195a131daf27b0 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.mips id: auto-c9b80a7f0cd2747198c8922998d623f77661b9b3eddd21ef2d83830f98eec295 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.m68k id: auto-4da426acc1df10aa7dc0c5fb94cbf6fdd10aa9ee59ede5a5be755dded02c7954 status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.57.19.146/hiddenbin/boatnet.sh4 id: auto-a23ef05071db7ee168269a080b666f29391cb6aa773b511a7c3ee630d0ffc56d status: experimental description: Detects traffic or activity related to http://2.57.19.146/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.57.19.146/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.133.136.111:54795/bin.sh id: auto-909faa86de1f43802454b4dbe63728a1e41288da02673317238bb9d9583d4e75 status: experimental description: Detects traffic or activity related to http://123.133.136.111:54795/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.133.136.111:54795/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.66.247:34480/bin.sh id: auto-e025421792b0155d8db66d50f5a3ee9444492468fb63b867275192a41b175662 status: experimental description: Detects traffic or activity related to http://42.226.66.247:34480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.66.247:34480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.27.198:40312/bin.sh id: auto-d41e720a762cb39d29d2264c9b8ebb692504eb9c195127efe61bda8c5730b0df status: experimental description: Detects traffic or activity related to http://219.157.27.198:40312/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.27.198:40312/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.66.5:56245/bin.sh id: auto-bc41dff8638a557a81d742ce985a3136d67c536666c0337f8578b1b8a9688e22 status: experimental description: Detects traffic or activity related to http://175.149.66.5:56245/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.66.5:56245/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:37854/bin.sh id: auto-aaefffbc0b79f3a3e27bbc88d53b8cb9be545ac79c1250cd599ba4c51272b648 status: experimental description: Detects traffic or activity related to http://124.29.225.50:37854/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:37854/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.105:45608/i id: auto-5932fe894b5545a2d8b6db032a5b5e5ad2dadf146d6c3e528fb42145803e708e status: experimental description: Detects traffic or activity related to http://110.37.37.105:45608/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.105:45608/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.95.167:54239/i id: auto-071f9b2505dd83da23fafffa12109e6535cc3509ad732c073889e323e4dc7aff status: experimental description: Detects traffic or activity related to http://110.37.95.167:54239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.95.167:54239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3.239.60.114/DOC%20-HARLegal.hta id: auto-c62031d40d96176aad348064501e6a0e537f8a310638939b811e386cd0310025 status: experimental description: Detects traffic or activity related to https://3.239.60.114/DOC%20-HARLegal.hta which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3.239.60.114/DOC%20-HARLegal.hta*' condition: selection level: high tags: - attack.t1587.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.103.14/XBNrzfxR.exe id: auto-570078ac0bd25358635d7b782cd7e0e7955e7dccbe8e88b0f0d278a0ab85347e status: experimental description: Detects traffic or activity related to http://144.172.103.14/XBNrzfxR.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.103.14/XBNrzfxR.exe*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.75.243:59800/i id: auto-d525d91bdfd0a21a418e596d900475c257a7a5800a9a9226301179479fc89222 status: experimental description: Detects traffic or activity related to http://110.37.75.243:59800/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.75.243:59800/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.242.81.130:39381/bin.sh id: auto-a1bbb8e80e6a361103ad69ab92d885351d691605ed8624404f794ad01f47d8c0 status: experimental description: Detects traffic or activity related to http://42.242.81.130:39381/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.242.81.130:39381/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.14.43:52751/bin.sh id: auto-ab526ed67595742d91ea73720e8e33b2cb39d807a02b396e2d34114e9850f501 status: experimental description: Detects traffic or activity related to http://110.37.14.43:52751/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.14.43:52751/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.46.135:33220/i id: auto-a26fbb00b728d0bf6feff3448abec06e84fb4a231c2999a2193102230c0462f2 status: experimental description: Detects traffic or activity related to http://125.44.46.135:33220/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.46.135:33220/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.132.68.79/nx64.bin id: auto-ba43d097f8885c4d6be005095f5485b438add86f96ffe4fb41f441c4da678c8b status: experimental description: Detects traffic or activity related to http://212.132.68.79/nx64.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.132.68.79/nx64.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc id: auto-d640831c9529e594de306d5da211fbae13b3bf87d20d91a5c32246bea9a9f475 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.46.135:33220/bin.sh id: auto-9bd0f85ac05be1960b43621d6c5ed440894f7e0b8b9d9ec971d049cf2c98af64 status: experimental description: Detects traffic or activity related to http://125.44.46.135:33220/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.46.135:33220/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc id: auto-649a3ad36cd194e29e0fa91de13159fc8df57d36e30a09d6237e0172e27b9e67 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm id: auto-a29cd0f112a2fa0a1e14e9e2b492700ccc951ce866f47414cc7ab0c2a8b8f7c4 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drive-security-cloud.io/Fewneses.exe id: auto-ad4aa947625eedba1966b7095e88e04e7c275e20c792564f7d1b4c26d6b734b7 status: experimental description: Detects traffic or activity related to https://drive-security-cloud.io/Fewneses.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drive-security-cloud.io/Fewneses.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/Video.lnk id: auto-e05ff0182b0e294191a0177a464710a441c80b1473fc968e66b264f97eb765de status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://connects-magiceden.io/dropper.apk id: auto-dbaee2035658daa597862510e4c9ebcfe9982c8ea1c98ead02d132a0e974dcf6 status: experimental description: Detects traffic or activity related to http://connects-magiceden.io/dropper.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://connects-magiceden.io/dropper.apk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drive-security-cloud.io/Ilmarchens.exe id: auto-08001f40ab9b3506a47a6742fbee28e31b61127d9bc3137435e2b0019060492e status: experimental description: Detects traffic or activity related to https://drive-security-cloud.io/Ilmarchens.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drive-security-cloud.io/Ilmarchens.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.182.146.104:8082/sda1/Video.lnk id: auto-8c3662790285458d2b50ba2919737c41eda01a671a8e440d219c1754f3310756 status: experimental description: Detects traffic or activity related to http://58.182.146.104:8082/sda1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.182.146.104:8082/sda1/Video.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/y4.txt id: auto-dd5b7c3b62848e515534542ea93f40c51a395b4b9de15d39025fc38a9effc0b9 status: experimental description: Detects traffic or activity related to http://69.5.189.129/y4.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/y4.txt*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/y3.txt id: auto-adc0617dd47b50a0bfb8bd391190a130eb4931ca73f259f65922c58a02693ef7 status: experimental description: Detects traffic or activity related to http://69.5.189.129/y3.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/y3.txt*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/y3.exe id: auto-1ca63b4c8c53536b03a6302b159a36bbcec18f9cf8a6c042706e2d85509bd25c status: experimental description: Detects traffic or activity related to http://69.5.189.129/y3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/y3.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/y4.exe id: auto-4073be014e14f1c1b8b84b82376a0c1dce947bddc77b3c872bf640e0a1fe2f20 status: experimental description: Detects traffic or activity related to http://69.5.189.129/y4.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/y4.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/x86_64 id: auto-93b7d97399a6d3c27713e563c14c57ff2eaa4c1dd9d49fb3c5f8f5439d2d4fbb status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.95.167:54239/bin.sh id: auto-2eefa6646babe5e0207e4d313e23bbea41699ff8049434d76c8e3b7e3feb2ccf status: experimental description: Detects traffic or activity related to http://110.37.95.167:54239/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.95.167:54239/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/Video.scr id: auto-5feec173cbb508df1fcf7dcf5e287740cb199211f63ce61884ab590a562a562a status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.90.102:35859/bin.sh id: auto-9fb38cedafae60b34533709420e180ecc24f6e97d963e87e55513e848a5c94e5 status: experimental description: Detects traffic or activity related to http://124.95.90.102:35859/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.90.102:35859/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6 id: auto-e8e6c958adcfa336baf2c38de7956513be76e9121bac978cd4931a0d11becb37 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5 id: auto-dcc567b85b7a990243986fd39b54e9efc5764706e241e2f2f08afff9126b70a4 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7 id: auto-a4be1ca94d34430e8f177a382eca3d781a2f1ffa6909340396ba64bd08d5b91d status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips id: auto-976887cebddf855219a52cd5f2211468c774dd33ef653a9266df6e94acadc690 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/ohsitsvegawellrip.sh id: auto-d38c56f88002e6f64c53545e88c0026e8813d1d7a40af7fd486f22b6b00d44ad status: experimental description: Detects traffic or activity related to http://94.156.102.75/ohsitsvegawellrip.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/ohsitsvegawellrip.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486 id: auto-e48d12987b48a1a4816ea36b9529f53f53375084dd7c7f76303eb1ab1ea5bb0c status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686 id: auto-75d80b95e5f90d3028526002f0f418d28b66c38a948d683b437ab9b2cacefaed status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7 id: auto-f4f8980166e274ccfa5ca30d422c60dfef63ddd79ed8559434838071a1355af4 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64 id: auto-086fd675f74658d97106fb5dbaac66b918e23a4d4eeb3d16c02940820f4afab8 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64 id: auto-5d0f9c3773422f88ae4a951822f62673f84775970fae75209af512cbe7c96fd0 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486 id: auto-a21148dc136f1ef66b108aad02ba59a19622e2fd22a4a334596f338bfafff917 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/ohsitsvegawellrip.sh id: auto-aa4eac69112b3755ebd33d6f27785a15118dd2252be6fe0c13bb9bbe0b2959ce status: experimental description: Detects traffic or activity related to http://dariksky.bg/ohsitsvegawellrip.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/ohsitsvegawellrip.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl id: auto-ec10eff056b9a90b7b6d072fe74e2f1c3c16900ca85cd0c75dc97865ed0ec35e status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm id: auto-967e6c8087d820eac62e1e9582043d4c22f1bb0bf4d92a554fd7df4dbb1f821f status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.8.129:51305/i id: auto-2e67f169e2c714c1c5206c04656c355474e18e2687a668c82f3562b3e1155259 status: experimental description: Detects traffic or activity related to http://182.121.8.129:51305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.8.129:51305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4 id: auto-d4327e09001e5744dc7dd21b70f0d36f6f593ca45fe692b535ff7cfbbfae9ffb status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc id: auto-ca4e63b17e0e62ce3cfffd3ffb56adca1d71bc99c91b7031b252925b11908de7 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5 id: auto-23fded9e27af7b035aaa87a3fdad717b5861fa564b2bdaea32e603973757753d status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc id: auto-63013e89eca0a863a2e0df48a0990115f76357615f9ec30bdb19fd37113a3fbb status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k id: auto-f9a4d39288c74c347887605072642c7ed17ed1f8ff2553898dbfbc576b59e5ec status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686 id: auto-e423b72d74e9986b181ca688259a234dc9cba33b9f4294c43dd96d474bada885 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc id: auto-7925cb648f39695559e8a71be9d4cabdef086e8515e7f27d8c8d4f0461963364 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips id: auto-6ba71779d6d5b0979e2bbf6563581b63f749c7c7f0f282722e1ad1060562f69b status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k id: auto-32259b06f992346c48cf79b77f4376ec6de8b8d96daed001e8d3676ca6b517f6 status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.205:43889/i id: auto-f3264305b6b2ffbf682886c8a6370704cc72bd48bdf230095c302c47bce766ee status: experimental description: Detects traffic or activity related to http://110.37.18.205:43889/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.205:43889/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/arm id: auto-b36410fa2fa4d4b1deaca53fe6fe8af9291ddcf0565be4bd7d58705e965ff806 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/x86_64 id: auto-7ac09f8de005a66931b63a9ddd19bb6aed6143ea314dbf0244aa6f92f40b055c status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.182.146.104:8082/sda1/Photo.scr id: auto-61a6da9d86d2d6057e6a93a10844a9d8cda2839618f51762e0542183142d1f2d status: experimental description: Detects traffic or activity related to http://58.182.146.104:8082/sda1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.182.146.104:8082/sda1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc id: auto-46b1e6ecf6b0a7fd6bab4b07ad4d0df5c7cf40bd60d6c10855b60d4748e55a00 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/ohsitsvegawellrip.sh id: auto-7292051643bbe7a1fccb807c29b3a082376e3cac26b3c7c80cba52fe3f2f05d8 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/ohsitsvegawellrip.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/ohsitsvegawellrip.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl id: auto-4acf129199f70fa77750b7ebb88ecc9ddde88c47c1c60dbc84f07fed19f4643b status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6 id: auto-93c1a7b0d189323b911f871982e2bfa7000b91f7cd86cd4121fb89681ca3c1eb status: experimental description: Detects traffic or activity related to http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://dariksky.bg/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.182.146.104:8082/sda1/AV.lnk id: auto-9a8ab6447e65b5499ab6e45ae25a444af599fe57da66ad5e3f965aab49252618 status: experimental description: Detects traffic or activity related to http://58.182.146.104:8082/sda1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.182.146.104:8082/sda1/AV.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.182.146.104:8082/sda1/Video.scr id: auto-f8be5347dae0095769815675abed1908e1a6e4d507e71ac5c94054ba104afa6c status: experimental description: Detects traffic or activity related to http://58.182.146.104:8082/sda1/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.182.146.104:8082/sda1/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.182.146.104:8082/sda1/AV.scr id: auto-6aa4eaad5bebe9c28eda00afc1ff129a0c13c8c4c98d1d578ab397d12fface87 status: experimental description: Detects traffic or activity related to http://58.182.146.104:8082/sda1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.182.146.104:8082/sda1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4 id: auto-764ecf5d94c57225f1d7aa7392dadaae4a6cf6e7d477700b341b9f1232a3ddd1 status: experimental description: Detects traffic or activity related to http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://limeware.sytes.net/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.182.146.104:8082/sda1/Photo.lnk id: auto-e882c31ff8c2016bef7897fb78238359eddd190f7b9968baf27fb05484c0e043 status: experimental description: Detects traffic or activity related to http://58.182.146.104:8082/sda1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.182.146.104:8082/sda1/Photo.lnk*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/x86 id: auto-ae7dbdbb15a14313f9dbd3f9b01d96cdb92f4989b12e9c675c21b1206df81c82 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/arm5 id: auto-64fdde7439cfbdeef5ec18c598144f0a4b0ae919656893477e3a7ed36763fdb4 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/sh4 id: auto-1732dd71f8e8ef887a185a7f3dcd689fa29dbf950ee977f293572aae59b95886 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/i386 id: auto-0437a7b9bc92fe156cafd98d4c7dac76f8732c1446ff838c84b736cf0f4240f2 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/i386 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/i386*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/m68k id: auto-793c2092faf0aae71ae3ef253f3842bd99259b605ada0d4a4b185b773c6ba7ba status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/arm6 id: auto-031e9655dc199399ff3c149e7fc4c272d720cb14d7f1e3705597485a26a15732 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/arm7 id: auto-9cb5e80c182f8016ffa6f8539012e6a7e8e7dc7c73d72b19dc26b86da027f325 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/i586 id: auto-ce898a6475bf665553761865a9b197ba0c596cd3b1ac77c8b1a66f4415d81241 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/arm5 id: auto-63b3dbd2868db68613046c4f24b0b93d14112bebf3eae4a166b0e76f6837203e status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/ppc id: auto-d166dafa4abf5d68e07a652889d864490f3ce377e4f826ad5c8aae81c4927bf4 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/arm5 id: auto-c48ea6fe841e7b3551f0d3c1fcacaa8d560d2ee14d875303ab987546be3e421a status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/spc id: auto-4840fdaf95e06ae62ece2f9bea72db0d1f8c78a17164b0ee514e6f51fada46d2 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/i686 id: auto-10f0f5150b279373c5cbbd925569f477231e5e23d61da21c5da4eafcbfe3bc88 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/x64 id: auto-4ca75cafe4c5a0d653dd14132477187db2ae000abf3f09418d266e7a51df625d status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/arm7 id: auto-ef9018c57effeae3e4978923bb3ee9eaf68924d0bf3615f6b78d765bbb71345d status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/x86_64 id: auto-80fc267180770390ffd621a9383c147dcb116b6243f39336eb54fcd56896507d status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/armv5l id: auto-e6a07964a3b2a5073573e9f93444386fb52b11351658c55bde27ec0f4ba5c8ab status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/x86 id: auto-32ce994e72e7651f0cab5436877a9a622042f2d1952fd346d9177d5128d43724 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/powerpc id: auto-6daebefadb5a0e787bff5a951a92418c7e1b852ac8ba1df00a63556552791b1c status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc id: auto-b826fad22b3b25a0e7c1e701b3bd6d7fa87017d4a7bfd34bb0a9d6f3b48bce46 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/armv7l id: auto-0ac28dd2faa78129168f34382dbd819852be20f1cb366a81fa051d23d2db213d status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/amd64 id: auto-ba56d876b4c3f065fc40cae7a594709242c0fa4d74e2bbaa6988665fc7e1a156 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/amd64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/sh4 id: auto-ac11d4ee37e3bc1f921884d49ada695702e48324387b4bfb9f53359963714ffc status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/armv6l id: auto-d2eb1b4801bf8540715f3cf4d389fe3d04b6969a0f4406ead2dd428a34d7a91f status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/ppc id: auto-27ea90ce9aaece499dbd00da44b8c287e2baaa320fb478bdbe438feefa54c1c7 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/sh4 id: auto-5d1019ffe62ff81e9ab7cfb30776433f3d85d4e19d4a69db54c08c10fdc2ea91 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/sh4 id: auto-d7edc89a5632533b0f813971081625cdb57b2263dd8f14f45fa2b6cd1bb824d5 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/ppc id: auto-f2bcf59e2accc050286434531d82ea8dac4811eb9dcf6da09bc43fe5bdfbb5f0 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4 id: auto-19103755ad830720a0c04c0cf951f9c77fbcb2b0ae63167f075d4d44b3856ead status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/debug.dbg id: auto-40fd025ef2579ea455f9fb0389b43d1c3ca5ffcb3ec4e97b9826aee8509cb408 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/amd64 id: auto-82f04dac9ba46698ac097f8e48cde185bdb4465d9d61ae455a7e63bf296f21a3 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/amd64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/mips id: auto-c6a99c167f7c331043a81acb9b5656d5459c5dbd9096357928a93f43da0168c2 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/i486 id: auto-c7bcb2fa037cadebb995b9ccc544606fa35637fc4fdbd30653387fed860e1d86 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/mips id: auto-5584c96d2952a9db5bc27f6cf743d47926e6b4d05a94f5faef9122c4d0b8c1ff status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/powerpc id: auto-58db76361dfc0c313b257e4cc4adc3a7d10539ec27bf4145a9e9197b262aea74 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/x86 id: auto-36b70497e6b3f7c71885cbe587dad01177d94b0ae753e357d446527feb8e3bf3 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/mipsel id: auto-f4c01e77d2f742081bd5001e88d23924f270186f60e633e4983b2cd3a316224a status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/debug.dbg id: auto-858cfd0dc8f6d58c4e2c3356f1c85fb69efc35020b4e1f14d50d0f0c142d22b6 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/i686 id: auto-f85346144c6788d056bd5cd12f702fa5495a85ad1c41ff1ffe3d43883edbc1ff status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/sh4 id: auto-729e7235e0656ac7078e564cfc5f9b8e3e36da150994c88038fb2a8b1a1159c6 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm id: auto-70757f15cea05b5f5c7a1cc4c1e186ee33e692491cb19a79df36775d7dbac6fe status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6 id: auto-fe4d27572f1dd1503629ed020c2be6f348823a07f66c6dc3343638a412b687ad status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/aarch64 id: auto-6f0251c0a143598a2704a711f7260f125a5af547e6e4d266644db5db656b170e status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/spc id: auto-41b77a91c0e298ce83f118fa4c41878913840ee3a567d3110e676766a487df19 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/arm id: auto-578a84bdc856a306fc44b7962aac4e19dbd1c12808b68705a1e6cd8ff839ab6b status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/ppc id: auto-e4d1a42f0f64036f00a29da9eff9c64fd0543095347c63e7fee52d61053340fb status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/x86_64 id: auto-bb7d4b31014b20e79d995785eb3b6a8e7c665b8e776f85470d5e26dd8c94dcb3 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/mips64 id: auto-af353a137053ea0c15bd0ae1db2e6488be7c00724af0cfcbe834f1ff1c1b23dc status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/x86_64 id: auto-5382ef48899c67130a495c3b9fbc43ece124488c13873028c8092c04b3eb3c2b status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/mips64 id: auto-2794fdc7c276004bf774dce1a6bc730fc152209c8927a6817e6dc3fe13a36009 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/armv6l id: auto-3480a2e4d88ee1b30cf4c16ca12d50773c1dbae723fd73bd9abb652eacfca3db status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/arm6 id: auto-b215016646e2c692acc738981fc315ad9bffefeb102e3e812ae949e7aa37f86a status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/arm5n id: auto-2d5bdc5cd7f994554a9d204630d20049cecff46c6f87cd65785589b36020949e status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/arm5n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/arm7 id: auto-4bb563881233cfa5db023ebb0b85b547b979767af68511b1bcdda677bddbfea7 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/mpsl id: auto-5e0df5dd7a3a7a2a8d23d5a7d9d1e2f09160a347b4e6b000b361cfde0c0a767e status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/armv5l id: auto-a2e919af65b5b07731de6aab10acad654042927e9edd6c937a5553220c97e86e status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/mpsl id: auto-e94ea04fa067856ce87f1a9d64eb914d3f795677958df30c83c02032d644ae5f status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/m68k id: auto-fd69964dfcf8aeee32d6c57cfba2d3ee19392e1cefef917bc9705caa1517e084 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k id: auto-fed6f7ef98b69821a7f073d5c52b2844996ead5c37ead29fee21fae0bd21623d status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7 id: auto-0d1cafef5b6c37af05f77891966bad50efa1a3a28f4565afd2f917f6137e0dff status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/x86 id: auto-3756a12c142d64ba515fef81f7615aea604137c72f592889f3bddba6666e7a65 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/arm4 id: auto-15bda487c02abf3f5c550d5487ac029a7a2ee11425dd08e47b407c3fd91cef65 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/spc id: auto-5ed4f8769557e198ccab4b6c9492a5b26958ea31c0f1a4230f45a742b1f578b0 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/x86 id: auto-87eabb3cbc9869e5e8cca7f232aa7ebe82de64240ff632167fff99ec016ae3d7 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/i586 id: auto-813efb53fb982b54641094483c103a5d9d7bbed8c96e9526b4004bce04a3a5fd status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/arm id: auto-39ca0b9e5d77b7ee631e3f14a16662282efafe3d34ae23c45787e78ada789c51 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/mpsl id: auto-7b6627d82779605ecdd9b7ff8e76d6f24916899ead505e85a33f3f9050200a6f status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc id: auto-c87867c1beee545fa4632267a22402afc3cb0bf92de940ad90cf9523d8f71db4 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/aarch64 id: auto-f2df4577c18c0b51889877be257f0667a026b2e7ef72a9c5ee516e5ea8057736 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/arm4 id: auto-33f3f887bcd844e1a115f5ab53fc148ae1291cbfb9915464244a42c0c249b051 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/mpsl id: auto-5d9d7d46ad943351973521e24a400200c685eecac89c2a6eb0ae07900d852d02 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/mipsel id: auto-82c4b00003458b2511ad3f4c0fd22421e342896bb0f0e326e7756e3329605974 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.75.243:59800/bin.sh id: auto-9c9a13ed0cf67a3178ce69acaa80c9291a79dad5ad0b7e3ea56fb7f83831ecec status: experimental description: Detects traffic or activity related to http://110.37.75.243:59800/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.75.243:59800/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/mipsel id: auto-f654ed1f8826a7349c918b4ea0e53863a978e355bbeb85c32993362568485d22 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/mpsl id: auto-d70201f5144d2578e0bb25509cb5cafc9d8814700c62f47ffe376eb53f5e60d2 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5 id: auto-e3ab086077e1602bb16c5534b6677dd48f94eec4fbcdcce75301ce8de9948d95 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486 id: auto-766be5295dddeae4b755c24c2691e778e3b64332c33ca6c8d2b6da06ce75aa2f status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/debug.dbg id: auto-b95216c1a6489884d01b7a2e7b5e546d72760f0e7949a238a9ec0dc5b3ee76e1 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/x86 id: auto-b259fbc5443b5a2dceef07ebfb7d3a3be852a8bd150197b3f94d363125c36b92 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/spc id: auto-e1f2e43d6d346b1f33de1139fd7b50a2d5d853f943a2da1da84ec7fcbd95c80b status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/powerpc id: auto-84b7bd3671e644617c6c6b94cf3455288620800d17555dacf0409b4bb0f58c66 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/m68k id: auto-8730be9b4fc118816fde634d474ddccf0e0df0281d9c2de29e49bba90b36b42d status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/debug.dbg id: auto-cfe50b862704bab948175a8dec76b200a04474c0e1c035aa79e66adfdd523900 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/spc id: auto-a44f6944fc149982aa373689423ba5d7f9e87a48b0d3c8ae7c97c8d7b18208eb status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/spc id: auto-5bddcc3b5d11fa60abb24e5a2fab8b9852cb41a3b26041ba621de14c5f4d9116 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/arm5n id: auto-e47c41e05f4998fbb2c4beff52b7df6d6b7f3c1f9505e1d2610d42ce149b6e1a status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/arm5n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/i486 id: auto-a6a4f03be875904583c8269cf21f2cf9cea20c7fa81051d30f168ea8714274b7 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc id: auto-908bc9683f98f65a9538d198316ca0ec3ce6317a1773b9b20c832e626632b740 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl id: auto-88e0f7c7353a9db7485ffa7c73e79675583e41174f2e45c101560c8ba8084af3 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/armv4l id: auto-d54251d94c9d05a9def8612435502a91a304989b7601170daa41fcfc88086c71 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/x86_64 id: auto-d7699b016a535d7e7e1ccfb30d6c46c3aa2995fcd99d64b0f518a17650f92c42 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686 id: auto-c30b197f79248f1be137921452b45158c212dbf59bbf41f9371fc35f6c216260 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/m68k id: auto-315903cb5fd8819dc2e5011ea3413acaee5896014f772c2349cc3efba265c67e status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/mpsl id: auto-6cc509a6c0214a8ce1d060006e34f1a1b1b864f14261fb9fbc153119407e35bb status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/sh4 id: auto-044c26786adc2478ee7a26e1c10934c1e17d3d99dddcd4ce39dc828838688f5e status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/arm7 id: auto-9fc0da0f7ed03ae0aa0eeddbaab4343ce80888c06398369f71f8d0ce1b17757d status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips id: auto-2839b709ea8cbc7a1493d7189e0805206db9913cd32ad51a2ac13eb0f3b72873 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/arm5 id: auto-0d03a36cd82e3d3104969d30bf6beafd2efaf45683eb2dfd22acae4e93ce03cd status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/mips id: auto-442077bbaec5a984410eb72bce73dc0ae99742dd0e90023011fd5d3b728df8b2 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/mips id: auto-f740a21f9fc3c699423d1b929aa41c574559645e99aec95c09b7b239afdd07b2 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/mips64 id: auto-66e63c94a1f3bf5cac8ef5175b6bcd00a2e643fec1f4ec47eb58415b82dc554b status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/m68k id: auto-58753c4b4c7cbba3fd97a62e98e77f8cc895c402abba4f101b494345d7b34ae5 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/arm6 id: auto-690f824f7f18ed6364a5bf4fccf9707f563848d025b345789634d7869f38da45 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/sparc id: auto-ab38f385e44a621593e127320985a9db752ccffdad546f70411dd2f7fc6909d2 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/i386 id: auto-e9d0e91db052980ef988e2669398417c0ed4e2b0e97ae567bc8ce301690d83e6 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/i386 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/i386*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/ppc id: auto-25a664c6a5723d581823010e3b0995c16eefc32746771ede8c5e5854225023c9 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/sparc id: auto-110b27ad14f15cd2932416af380a839a10a0daa54ab7d2f3ce9bd061b61a56b3 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/x64 id: auto-e17133820b470e3a0b921ac7b4edf675dcb46f9dcf12a27f9c451b8f03e44ddc status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64 id: auto-fe9c07bcf4fd76842df9694a331ff764168ba9a9a39f7ca9cccfa34546e0e051 status: experimental description: Detects traffic or activity related to http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.156.102.75/KKveTTgaAAsecNNaaaa/KKveTTgaAAsecNNaaaa.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/x64 id: auto-bfb7604d50f2709dfbfcbfd78231d190003cc0ab76b03622a61d2552bbf6c21c status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/mips id: auto-e4ef0e577229921f5430329199ca1c3e93f3e68910f421f1c00383454d2c9098 status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/armv4l id: auto-852c9a4f718985d2e46f3aca812e2c6f03b1ddb359b7eaf12f1384bb06d182ec status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://bot.devnguvcl.dev/bins/mips id: auto-1b99708ca3f0a024ed186c143799c6d505272f8a6bd7233f335a6bf7ef763b4a status: experimental description: Detects traffic or activity related to http://bot.devnguvcl.dev/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://bot.devnguvcl.dev/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/ppc id: auto-071c9aab46f555c02ab6ca3723810367f03a19de21f0af1c467ba7a7cc947a90 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/debug.dbg id: auto-8bc86c54671d7ae4b61f7221632787733e712fc872e9abd3f8db775407063b38 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/arm id: auto-9789ce32d120db27a1220487efa9bf30cc86697762f3776d16616dcbee2f2d9d status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/arm6 id: auto-3d44584e5994f6de3151aec042cf7697498985d31d7c46532dd0366d843bb3c7 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/armv7l id: auto-1bc7c43081afe68c4fbf875d0a592970fdbbe194d458a815ac35fe089d62767f status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://server.mikompa.sch.id/bins/sparc id: auto-6c3559037413f66632475ec52dd56a0834c7b3ef962d595c95cf720531705d56 status: experimental description: Detects traffic or activity related to http://server.mikompa.sch.id/bins/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://server.mikompa.sch.id/bins/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/armv4l id: auto-c2e14d044557f2bf6734c0d83356d96c19f653c3745e045cf7aacbb5ae25a0c7 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/armv7l id: auto-ce1d5ba0636d9cfaa0bdbb0911f5f142081c863e0d6d8df3883515b13ec3f5c4 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/armv6l id: auto-85964aaa8db3c41be07a607147624738d9b199cd5989a74ca21e3d58c53bb112 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/armv5l id: auto-ac5ad23e7114b913c1862935fb6f39e2dd5badac6120a271d9d7db37af8a29e6 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/i686 id: auto-eb4b4366a66fb8ecea8e20c472fd7e69d9719ebb0339b2d4b0d7cbd05e33dddd status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/arm7 id: auto-1761eee381cc80f7018e49dfb1e5bfba30822ae5bc5e02271ffa1e7b5daa009d status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/i386 id: auto-662ea6cfbc7244e0f4bb9d86c02219e5d9648cfe7eafe3f4c539ad2f8ec3b17c status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/i386 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/i386*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/arm5 id: auto-f510b7dfffc9c9e4d03a287a71c0104f9ec0e6c06c461fcc325395bfc6957c4b status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/arm id: auto-fc3248bfb91a3cf1b056c766e2c1ea82c705da144c06a8c41d62ef4a6ce8cfb8 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/i586 id: auto-7f9fda0c8513f780c80c7af5e11d703d0f1cc371c85a86583bc3cfe5572677f4 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/debug.dbg id: auto-6f14f6a2a92add0274615180db700bcd9ed7156be6594682b0b30a3402280ce4 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/arm6 id: auto-a472b844de4d1c78c10295a7b7619f600cf63f0d4dd1c16b9119abf1c2bede87 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/arm7 id: auto-a6d8ec66adde83ea9ee6e7b0566b7cfa1a2f67999f39ad045325056741f5760b status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/arm id: auto-b908b378e40b346ed5508acce210a5ff78034ae2754533a127317cc4c120a45c status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/arm5n id: auto-732577869587ba549dcf0a614e28b774cfea968e30ad4f2a4596d62269471d78 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/arm5n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/amd64 id: auto-0e4f07ca3327784f389c18686311b172d1b72c95daaaa791b15d0a582ba8da82 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/amd64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/i486 id: auto-dbb1cfb85dddd26cfb2c5cb07ad772fbb584e13156f63df5e29e7562ffc96e37 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/arm6 id: auto-d3c48791f697b9f30eb25173a0749e035b39ab6064e302ae1a3a46277dfffa97 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/arm4 id: auto-d53dfad3783e3ac431f744a8a09d2a59d8f7d9c4229e38b3bfcb0ba159d11b39 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/aarch64 id: auto-fe45ee41842e8c2e51579be1d5c7192bf4edc4fa385c664633b19033ffd0d082 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/arm5 id: auto-064cc17e351a50093001b25e01c3d8064ef04e0a3f6dc76a7c04a0d40da275c3 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://rdm2.mikompa.sch.id/bins/m68k id: auto-36e41f3d5fcbea3252a22097e512fc282acb6799924611e2b134db9428f7ac90 status: experimental description: Detects traffic or activity related to http://rdm2.mikompa.sch.id/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://rdm2.mikompa.sch.id/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.23.172.120:666/xmrigCCall/ap.sh id: auto-16b031931e30bbee263c3c579c56f14c894948b0c179f306f91cb25a8c569360 status: experimental description: Detects traffic or activity related to http://154.23.172.120:666/xmrigCCall/ap.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.23.172.120:666/xmrigCCall/ap.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/agent.dll id: auto-62fb9091aeab3f9f30a8424aea4f8ad96d62e8bec6af29be278fdff00cc1a6ca status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/agent.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/agent.dll*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/aarch64 id: auto-3e7767fc9d6230aad34cb5ecc39c2fd433a88a1ea585683660e48d2c8f7a0f0a status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/spc id: auto-9fe47b157d2418d77c878445098a58fb74acc76c28f75a9e62b1d7563dd20689 status: experimental description: Detects traffic or activity related to http://178.128.54.100/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/armv7l id: auto-c5987f6b8b78a8365a26a3c2666c55f69a632e9579a338134225d767c1bf6e9b status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/sparc id: auto-1b61b6dfda7df9458c6ce5ca347e8192f601f8e87b4ceda3b423dcfcd11e0fdb status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/ppc id: auto-ea9fe779f1ee1aed41f1eb9ecfcc737708b3a35fbc9bbd2337abf0f496a47ffe status: experimental description: Detects traffic or activity related to http://178.128.54.100/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/arm5 id: auto-b5bca03a548c6cd604a6d84294a01d7dc41377d543980b0141553b5f989d8b76 status: experimental description: Detects traffic or activity related to http://178.128.54.100/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/m68k id: auto-348d59befff2fd8ea906fbdcfd364de80766f3cd18d8d668073b5fbbe74050a0 status: experimental description: Detects traffic or activity related to http://178.128.54.100/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/i586 id: auto-e3f1da4c55d08ca5243b7b38b5f6e2f5c809ed42797cb14e187e409ca51b2ac0 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/i486 id: auto-9af91ee8c9bd2c79ad2937882f0252ea29128c0959ea096970cafd0e00c93e7a status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/debug.dbg id: auto-83dc2d2c75860aee95d418bd3c4a07c4dab8a25680f64a9340b35994c1b66061 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/x86_64 id: auto-84e7e3938780842d7972d51b4f53630b54e86771a747effa780a72ba9525ab7e status: experimental description: Detects traffic or activity related to http://178.128.54.100/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/armv6l id: auto-4e4665e745ec78fdee37848192a12e3255865762c93d4a4b38ef6ee224e3ad1d status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/armv4l id: auto-f454632a6f518bb9552d259de051c18440c898d29f82cdb26cd03c0b822d1cc0 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/mipsel id: auto-49091371a1f3fbae0ca3061c51e257cb0cc5f5463a4e26835dbc73b8df2019e2 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/arm6 id: auto-c6952641bd07094a70d0289f9f7d9351e672ad6a581c80a7fc4c9088c1921027 status: experimental description: Detects traffic or activity related to http://178.128.54.100/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/arm id: auto-db5339375dbd04d51d48c903bae467dd4936a0f256ed77d7fb6024622429b0cc status: experimental description: Detects traffic or activity related to http://178.128.54.100/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/arm5n id: auto-de75f4a1087b75eb2a2d81f8c65a5153f8274573dd6a73a252535a7add6f4a32 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/arm5n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/mpsl id: auto-68241a8a30b56c3e4b2414c548d43a4902970dc59f25b527c01a8fc9d7cb7590 status: experimental description: Detects traffic or activity related to http://178.128.54.100/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/debug.dbg id: auto-e648f8cb8374908501b58f33d726ffe9bc6fb1e42cd5c4edae5cdf716a471eb9 status: experimental description: Detects traffic or activity related to http://178.128.54.100/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/arm7 id: auto-612e13b085c79d6c2ab5407bb2ec6327f0d4a62483124d9be083fdd86a80f92a status: experimental description: Detects traffic or activity related to http://178.128.54.100/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/mips id: auto-a59a391e95b92121569a281e23736c489e336d346e0739ddc830e6eb789a040b status: experimental description: Detects traffic or activity related to http://178.128.54.100/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/i386 id: auto-c6054820a90d96b2da1a8bad0efc371ace65282d488cfe4f5533541425ba91ed status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/i386 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/i386*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/x64 id: auto-5f8bd476f6b876ba0f6b9830ec0113c07bb182dfd3e433dbc9e150f0b9a532a5 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/sh4 id: auto-f8ad27342d8a547c6be00dff018c75ceee7b4f29fa268f067db25d9f6e599e4d status: experimental description: Detects traffic or activity related to http://178.128.54.100/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/x86 id: auto-968ce21ad5ec18f697122c5ce86a7479c80719423a911e384583c486beda800b status: experimental description: Detects traffic or activity related to http://178.128.54.100/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/mips64 id: auto-792321f104f0b69199b43858287a95349a5c983a090549cb26187108d8f0a075 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/i686 id: auto-514e5c60b8ce0312732a7503179fbc0843c484d5d672e2a52ef2feb3e81c9f88 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/arm4 id: auto-c04c8fb31fa5c208e571652c82c5df5b26aac344666e994c15dda20f3a3d65af status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/powerpc id: auto-d5cb6c5c525f40d141327317e5fb0023c4d7c78a32bf87b0a26e178d20b0faee status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/amd64 id: auto-bf5647bc043e0feae80524a9fd63ed6484d04d6bb8c98c446b0476d8a4faba02 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/amd64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/amd64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/agent.exe id: auto-eb06ada0dada66a932162ae8e7a4d2da12de5085d5f183995231601f8994ecd5 status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/agent.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/agent.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/tmgm.exe id: auto-899caa0acb446517afe4119a8e5fabb3e49dbd9cf83efeac03a762377221436a status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/tmgm.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/tmgm.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/agent_clean.exe id: auto-f8f7da0384ff67a5af444c1480ec15b44ae471a736f6254d587caa949bfc1fab status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/agent_clean.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/agent_clean.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/clean.exe id: auto-cecbb09e40f80034d9a170a8cd3e07dd28e76e7855dad1c934d1b55343b3df0c status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/clean.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/clean.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/tmgm.ps1 id: auto-c0e2d26d78f1c402d96ad12593b2e895bd08be280a767685a728adf32a859e75 status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/tmgm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/tmgm.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/armv5l id: auto-ec889ee8736fbcf1c0950d36c3cc50f312dbc8787f9ee4b74264e23dd78c48d7 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/hello.txt id: auto-8d50e2d0fa889f7f192fcb502f7368edb99785fc17f3c6adef6d917c54cbe3ca status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/hello.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/hello.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/enc.txt id: auto-86f0444f3e20ff39343b4bac88d402513da820991044517f49f07dffb089433c status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/enc.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/enc.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.162.56.242:8080/tmgm.txt id: auto-4ff78873440f03102540782cee5c0bbfb55c93b1494947d0e0171d218e7a2a20 status: experimental description: Detects traffic or activity related to http://74.162.56.242:8080/tmgm.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.162.56.242:8080/tmgm.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.91.236:35402/i id: auto-6b7b2f76446a896bf3568b084dc56725fa7408e7d0ddea90cd84299ff810965d status: experimental description: Detects traffic or activity related to http://175.149.91.236:35402/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.91.236:35402/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://172.86.123.179/tol.sh id: auto-81e262093fb6ae34f994f31131ba6b102d4bc40deddd68d1781feeed6ca489f6 status: experimental description: Detects traffic or activity related to http://172.86.123.179/tol.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://172.86.123.179/tol.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.205:43889/bin.sh id: auto-9534923e786404a5059bb13c8d67bb8f197570f1618d7b16614649b3a8ce737d status: experimental description: Detects traffic or activity related to http://110.37.18.205:43889/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.205:43889/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.195.41.174/doc.exe id: auto-01f0af63e09a5f85d14373bdf8a1b15a93390c3496937636556f1f79ffbda1d9 status: experimental description: Detects traffic or activity related to http://20.195.41.174/doc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.195.41.174/doc.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.195.41.174/cu.exe id: auto-2b82f39355a97339c3325aa88b546f3e282201e7f9db7872326cf88e4bd296fe status: experimental description: Detects traffic or activity related to http://20.195.41.174/cu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.195.41.174/cu.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://20.195.41.174/Talleuhuongdan.exe id: auto-d5c836fa98af23cffeb3e07e7ee228623d2ededba9a23fbdff456e6ccf95c4c2 status: experimental description: Detects traffic or activity related to http://20.195.41.174/Talleuhuongdan.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://20.195.41.174/Talleuhuongdan.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.225.223:45425/i id: auto-1f31b9c62435b0a68afbe7146299cd039cc5f5bf7145c61d8b51a4a1e9168e39 status: experimental description: Detects traffic or activity related to http://115.49.225.223:45425/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.225.223:45425/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_m68k id: auto-bd3ec100f0c084ad9ee715cafed2ab70741b29a5712b8b9fbcbffd99752c60c8 status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_sh4 id: auto-7e829ba6d869a31b1917b9290ef6eb72c727906a4b94e85efa1aa4786af1790b status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_arm6 id: auto-02e3b42aaf156d8626738a8ba251c53d1db213b61ebee30f586d277286c049bf status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_spc id: auto-f0027c7f31c4144b6ec2bc242e7714c1d96ce174f4f6d99caefc282abc76d1a5 status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_ppc id: auto-3c6624cd1123b98890671371314a5bfec1115162c6cca5b3e86024c989d266f9 status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/debug.dbg id: auto-64488bec12ecca204ce304fe7a5c3841c957aa894a30a877f0e5478c70626309 status: experimental description: Detects traffic or activity related to http://103.77.241.135/debug.dbg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/debug.dbg*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_arm id: auto-600e3f058d4ddce4af58277ad04877fec24f6f4644c50f894a49fba101d19a90 status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_x86_64 id: auto-a85fe108b4cf82a06543b5a8945f1747adab07b37e197ab02c88cdafeb1101af status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_x86 id: auto-46cd183e98c572548f49d2a9bc3d67573adf851994ab400235ff141c289d10fa status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_arm5 id: auto-98d5ca793c3add4c158c489813aaa0d2fdad95f7fdce813f19aa4612bde03ece status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.91.236:35402/bin.sh id: auto-9e14ff76604a060d615659db50fa87964f396a6f269cf371cc5a796275204961 status: experimental description: Detects traffic or activity related to http://175.149.91.236:35402/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.91.236:35402/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.217.144:50380/i id: auto-c7350faf541416a9e6b0d2c2e9f60644111e752047be31ad56f58b6ba9fafbae status: experimental description: Detects traffic or activity related to http://123.4.217.144:50380/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.217.144:50380/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.148.52:53384/i id: auto-c2a0df108c5a98c0d98f5fe1a9c4157c3154f5ade7e0052bfcd8a1e051af51bf status: experimental description: Detects traffic or activity related to http://42.235.148.52:53384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.148.52:53384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.65.106:57285/i id: auto-47b8289ad90d8254e1b9fd6fae645eb4a0d8bba370b7732d20987e24f0e8c63f status: experimental description: Detects traffic or activity related to http://219.157.65.106:57285/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.65.106:57285/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.122.230:40102/i id: auto-0057ec1e783e2e5698c64f2c16c7af8c2a45ffce5a0c163e4393f5951d65943a status: experimental description: Detects traffic or activity related to http://61.53.122.230:40102/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.122.230:40102/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.56.67/Herramienta%20de%20eliminacion%20de%20malware.exe id: auto-d7c00d06b871018dca9eef028dbf7ea39742e2df7f55094a1e974a5548267077 status: experimental description: Detects traffic or activity related to http://186.169.56.67/Herramienta%20de%20eliminacion%20de%20malware.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.56.67/Herramienta%20de%20eliminacion%20de%20malware.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.56.67/gosth.vbs id: auto-f34d37b45ea016bc96cd8d4e18cb615533d05f4399975bfb21eca180c0343cd3 status: experimental description: Detects traffic or activity related to http://186.169.56.67/gosth.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.56.67/gosth.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.56.67/host.vbs id: auto-8a634a594576278ba683d4b2a1ef157514f994bb803109f63bcb823ef3d3ce12 status: experimental description: Detects traffic or activity related to http://186.169.56.67/host.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.56.67/host.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.169.56.67/prueba.bat id: auto-950cfc5f8573d9a3cbcd35293c13755e77b28e55bb2a40d12e49b96de4893db9 status: experimental description: Detects traffic or activity related to http://186.169.56.67/prueba.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.169.56.67/prueba.bat*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.91.112:38644/i id: auto-83cce19b2f25ee6f65240dd6f306509f87c5380945431ad3d8ddca0e6d90376e status: experimental description: Detects traffic or activity related to http://220.202.91.112:38644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.91.112:38644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.132.237:34306/bin.sh id: auto-8f070b8476ba0d1b604ab635f0bbe9bf6a8eb0dde5a8194b55ea1a9315af4185 status: experimental description: Detects traffic or activity related to http://115.58.132.237:34306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.132.237:34306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.27.164:52272/i id: auto-11d7f6b7ed4630fc20f6dd67c4cf5cdf58c353087a0a21d022a19685c32cb8ca status: experimental description: Detects traffic or activity related to http://110.37.27.164:52272/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.27.164:52272/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.101.161:59196/i id: auto-1f79f6f0bfbbdc82bd2b37f0a37f020df80664941fd161e8ef5517b37cafa37d status: experimental description: Detects traffic or activity related to http://115.54.101.161:59196/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.101.161:59196/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://171.80.1.116:8081/yaml-payload11.jar id: auto-ec4a9261ae11db958779daea84420a2fda2675db1e8b9e98a105fa41dcb0e9f6 status: experimental description: Detects traffic or activity related to http://171.80.1.116:8081/yaml-payload11.jar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://171.80.1.116:8081/yaml-payload11.jar*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.9.236.229/msgbox.txt id: auto-0d3cf8835bf5a831bd3903d567e49a569a619a25a99bbf63beaaefe835a19ea1 status: experimental description: Detects traffic or activity related to http://95.9.236.229/msgbox.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.9.236.229/msgbox.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.9.236.229/cap.ps1 id: auto-c0da812d47edd889b9e000cb33ec902f8817a15b30f3dedf5221e67274614b7c status: experimental description: Detects traffic or activity related to http://95.9.236.229/cap.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.9.236.229/cap.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.9.236.229/script.vbs id: auto-1c16e63ed7483a2da0ee8f37435052f974440a9117846187dbb4f648ba0acc7a status: experimental description: Detects traffic or activity related to http://95.9.236.229/script.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.9.236.229/script.vbs*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.9.236.229/1.vb id: auto-8824bb0f52c9d965480e5a209b5a7811970dd87107dc4b1f8b5a3693fe2ac144 status: experimental description: Detects traffic or activity related to http://95.9.236.229/1.vb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.9.236.229/1.vb*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://95.9.236.229/secret_bytes.txt id: auto-5b0acedf9794f9edaa176734b3f0f946d373cc23094cd24e289ca96512477b08 status: experimental description: Detects traffic or activity related to http://95.9.236.229/secret_bytes.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://95.9.236.229/secret_bytes.txt*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:33609/i id: auto-1e34e1cf8fe6d64d7b52da547cada4f8f9833caa08fd2ac20f95c9ae03689494 status: experimental description: Detects traffic or activity related to http://110.37.101.252:33609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:33609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.7 id: auto-a0c5a502af182eeb95616f815f143ac3c49603fea3dd01c1d1a3709c8f48fd59 status: experimental description: Detects traffic or activity related to http://86.54.42.154/.7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.4 id: auto-787eba3fee711093afae07397cf76494b40742a41727d0a01d81553acf6e2826 status: experimental description: Detects traffic or activity related to http://86.54.42.154/.4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/.5 id: auto-840b7b29438469a1f806635915fb703fe69622c4788306cccc2b5c2058b57b41 status: experimental description: Detects traffic or activity related to http://86.54.42.154/.5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/.5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.231.122:40208/i id: auto-d29ee6f55d37d67716347b977928a4f994c29759092632d6ccc54c17cd99845a status: experimental description: Detects traffic or activity related to http://42.225.231.122:40208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.231.122:40208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.65.106:57285/bin.sh id: auto-c5ffdbf6716e8f22b8bbe1540ea8c61d33b5b4c1379620e6ea0778622d25f7c2 status: experimental description: Detects traffic or activity related to http://219.157.65.106:57285/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.65.106:57285/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.217.144:50380/bin.sh id: auto-a01e6a4c92a7164985ce6722274ca93779fb00cdb62ac1fddfb28ca9be968aa8 status: experimental description: Detects traffic or activity related to http://123.4.217.144:50380/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.217.144:50380/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.225.223:45425/bin.sh id: auto-0339606f4166245091f9c99796a87d4620de821100498c5abecd198ccde0db85 status: experimental description: Detects traffic or activity related to http://115.49.225.223:45425/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.225.223:45425/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.122.230:40102/bin.sh id: auto-8522f37bc1dff6396319bac253790a5fb76ae391e69ac7d96de99c4a6855a1fc status: experimental description: Detects traffic or activity related to http://61.53.122.230:40102/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.122.230:40102/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7044575709/WDmzMjc.exe id: auto-e08ad73a271ca69e5f505ff85b8784d391d4a8b3462f3d3c96584898a07de7ff status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7044575709/WDmzMjc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7044575709/WDmzMjc.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.202.91.112:38644/bin.sh id: auto-4d91a4779f222f2dcf8d432f31518b6e08a8379f85d4832531778ef408fd0bb1 status: experimental description: Detects traffic or activity related to http://220.202.91.112:38644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.202.91.112:38644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:33609/bin.sh id: auto-e3d1e35b6ec58ac3bfc052a464c08c9c96ad928d4320241e31bc84c82c35c7f9 status: experimental description: Detects traffic or activity related to http://110.37.101.252:33609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:33609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.15.21:37207/i id: auto-32db16da1220aa7e2b20e00768a0654202117d1fdc61108454a44a09c03303cd status: experimental description: Detects traffic or activity related to http://110.37.15.21:37207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.15.21:37207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.237.15.69:3389/s.ps1 id: auto-98a2bb4505eb2e50eec921daa8b6d525eac660bc5c2d80bfff1f5eb9332024ab status: experimental description: Detects traffic or activity related to http://47.237.15.69:3389/s.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.237.15.69:3389/s.ps1*' condition: selection level: high tags: - attack.t1547 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.237.15.69:3389/OneDrive.exe id: auto-f0caea6445b2e3f5c9df1bd96419732911e4c576f3cbf53a59503b310e9de3f8 status: experimental description: Detects traffic or activity related to http://47.237.15.69:3389/OneDrive.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.237.15.69:3389/OneDrive.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.237.15.69:3389/z_App.exe id: auto-00456809133743753e97c631964cc1a20390aa3299e29c648f1a58eb3ffa4637 status: experimental description: Detects traffic or activity related to http://47.237.15.69:3389/z_App.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.237.15.69:3389/z_App.exe*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.237.15.69:3389/App.bin id: auto-aa19de79df1d05cc471df120fe5ff4f254ff14d8191af119450594add717790c status: experimental description: Detects traffic or activity related to http://47.237.15.69:3389/App.bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.237.15.69:3389/App.bin*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.64.130:36586/i id: auto-ce14080aff1c5118d583770662b2b82d60d64dbe5ae5410fe3aa50e93d74eb30 status: experimental description: Detects traffic or activity related to http://182.124.64.130:36586/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.64.130:36586/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.223.68:60895/bin.sh id: auto-ae418906eb5db76e1103de77a55d892d52bbaeea192ff0303a93b3196d7831f0 status: experimental description: Detects traffic or activity related to http://219.155.223.68:60895/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.223.68:60895/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.105.169:33202/i id: auto-232d228a168c166dc56983850d15f0a16787e533737832b8f5002fa3c2fbad27 status: experimental description: Detects traffic or activity related to http://110.37.105.169:33202/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.105.169:33202/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.239.183:43663/i id: auto-5af675890db60a3ea6621a3eb5e2b2e2dc8270b5bc6688ebde771c1e3761adfc status: experimental description: Detects traffic or activity related to http://117.242.239.183:43663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.239.183:43663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i486 id: auto-c833f08673d9bef03f9f77ff90f6e87cb6bd78c2b16648a002248d9e2465895c status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/ssh.sh id: auto-6fb24ca2b37ca2e2733b36ef5d65e0d754c79b62716ac1e1ee6a07568a94a82c status: experimental description: Detects traffic or activity related to http://135.225.120.199/ssh.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/ssh.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.m68k id: auto-fb7c24d95b78ae2fc71c0f59c7733d518d9a66d4a9c29c9c75eacf3eab52b39b status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.x86_64 id: auto-5f88394484911742852672eb216c07a77f4689a98a2b80f170f2b8f091f2dba3 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.spc id: auto-7b488e4c8398b8e19efc4bf5423ca79307e5dee8de1f467b9b0974176b48cde9 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm5 id: auto-67e1a60d1dc5bfac19e70cfe2b775100baa08dfe940568b5791cac37a4bd8793 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.x86 id: auto-a9588814071c82dd4f7c29550a3a515ce601f1ce744451ff537ca17ed8224b6c status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm7 id: auto-ffbf708c45632fbf0c8727082a52b75df07f94d2b8a15e246d8e88e20585f292 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm id: auto-c89871dc3a9db54cd2fff0621e06cfae81b5b54919fa2cf7168cc659b855d1c8 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i686 id: auto-a5045a7f391ae2e379f83543810b650f8ab0d2533b7db5f867f237c09b613f92 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.sh4 id: auto-daa1d9318fbca9991e2112d00399e052f0551d2311baea931f636ec1ef178076 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm6 id: auto-3b4442ea0235147d5d81b4bce26d6051a3b6a9913b46545e9be4296c035d2d29 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.ppc id: auto-e51bedb9016250d1c51dd6b8e9859d7245171852799086b2fdafa94ef1974c3d status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.64.214:36898/bin.sh id: auto-b7c7c410d6fa756fedb4efa415113a12adddcbc0cc406dd4053a5f2809af579b status: experimental description: Detects traffic or activity related to http://182.127.64.214:36898/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.64.214:36898/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.240.174.44:34171/i id: auto-0d57ba3906db4297d93520f4177488d9630cd9616507204c494f1d886af66a57 status: experimental description: Detects traffic or activity related to http://112.240.174.44:34171/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.240.174.44:34171/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.97.249:43832/i id: auto-7b2c5a634a665335b560fee9c0dc1aea4ce97560bcefa35b545a9df62225d4b4 status: experimental description: Detects traffic or activity related to http://182.126.97.249:43832/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.97.249:43832/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.31.1:52934/i id: auto-b5c40180a8e9219ce4b258de9c67098c03042cf6e085a62e43228db76e3ed7de status: experimental description: Detects traffic or activity related to http://115.57.31.1:52934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.31.1:52934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.52.230:36235/i id: auto-384324ef8cf43b9d5cb9c46f1a1dc28cbac771bfa25e681111c06ba55cdea25f status: experimental description: Detects traffic or activity related to http://115.63.52.230:36235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.52.230:36235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.89.202.217:45497/i id: auto-5d75e9bf918d34cfa9927dfaea6bfe45ade8a72ba13750baf43a51665b3dfb24 status: experimental description: Detects traffic or activity related to http://196.89.202.217:45497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.89.202.217:45497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.54.101.161:59196/bin.sh id: auto-854501564dbcec206572ec777a42366d77cf42e58c67115d96df29a6472decd7 status: experimental description: Detects traffic or activity related to http://115.54.101.161:59196/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.54.101.161:59196/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.sh4 id: auto-8f25c4fb358f50280556c4437a7418a45b03646c551dfcfb7c30935df3ac1ddf status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.mips id: auto-61a9f0e465f032ee41a17c4115e0672df74d6b4c79aee6f7ee9d939e329846fc status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arc id: auto-4243d7b4529d1d3c6f6ff07edbd60a116da7803e5e94073201adbd0fd0a8da6b status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/telnet.sh id: auto-63a9a9ea5704111bc30ef343f964a200dacb84d0b6d84d73d39a909bb661218b status: experimental description: Detects traffic or activity related to http://135.225.120.199/telnet.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/telnet.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://23.254.250.81/ENCRYPTED.ps1 id: auto-1b74bb07737b3577ee137cddb9c7fa22cbe13a5b2bdbda84ed24bcaaaed2a77a status: experimental description: Detects traffic or activity related to https://23.254.250.81/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://23.254.250.81/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.mipsel id: auto-ce816dc95993dd41da92b31851fb9d64b54e2d11ba8d566778b2ea73075dd988 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.x86 id: auto-903f13a25f8bed265020446b7ac3e699801fea1703b27288f6a3554c5fb2e980 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.arm id: auto-168fb1a3e48cf6fc684e0bb18cb13c5b3d1301878950413a3554ab66cfe97499 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.ppc id: auto-77ed78feef0b689839f23cdb4c0c3295071d948782eca4bed98e91c403fa2c7b status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.arm6 id: auto-0684f182cb1c3da2d5de42a0f7be5827fdc7d757f17627a1cf6862a24f3ef90f status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.i686 id: auto-e2bcfccccdc7d148b5861a4d924202340237ae5c50085c8f55c5771c4b14ad84 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.i586 id: auto-b5e01df6cff2b48dcdca5ac49f2a244a48d8c0d3d2b0065971e9ddf43d145815 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.armv6l id: auto-71f9b9059a40105c26800ad72bf41ae1cfc174ee9c8178c1a24dc24f923e8946 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.arm4 id: auto-85070eb557e92209b4ff096e28c56750adb73f87dd94f64afda733ac56caba8c status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.powerpc id: auto-b4ebecc75a900cdbd1f3c1a4b835ce51b3fba6dddb0e127e05eab157c5405f6d status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/ohshit.sh id: auto-fc7f03e6083c984078fb765ee18c0019f647990d0ad4f1623de17c54a0c457f6 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.armv5l id: auto-d5010fad4618884c4c2ac1354e4b27d478d6edad346b50ac09046e764708a290 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.x86_64 id: auto-29767b45f94ad5af739782d125ae504790d322bf822b62643369c2026c5945bc status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.mips id: auto-e760620a0176cd3a6a7a5a2e61f06bc79bedf45f266437fc16346cb84b8c370d status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.spc id: auto-8108fa37dd5a06013b5496c4205b56fdd7de681bcdba4465520aad16a40044b6 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.mips64 id: auto-39d742875bb2c8726d69780a9e0a54a1e8b66639a689c45f82c8d4137ca0b3e0 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.armv7l id: auto-6ec35a1e93310a0b5106ad0de7d677909d26ec4fe9a9360d928816dc805eb683 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.sparc id: auto-3dde6fce59a7f56fe967381f4d0bf3e499f2ea5216edcd64ac720dcdbe7152a8 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.arc id: auto-5f78b19069ae0f57698262147e7a5e20a870a80c9428c1846d20abde4b39ab9f status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.m68k id: auto-d25ae367fb74467f4d38fddaefd9f2ea90dacd28870bdc7599d6e43014eab7a6 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.arm7 id: auto-cf9a9ae46346bb56be02672c6628ae0b7c518e92bd54f7766adae0f6b7c515a9 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.arm5 id: auto-8db619776703f6f0e53f17154bffe7d2c823232ef2ce803878073ddd96a3c674 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.mpsl id: auto-b7f85d9ceabf48c5b7561c67b6e5ff557661bbd8fa175a57c881779f57f16c07 status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://game19.flash-myanmar.com/hiddenbin/boatnet.i486 id: auto-41ed9ba54df2a5b6b95a517633a11b20427cbe0c9da0d9f2a93947a375706b8f status: experimental description: Detects traffic or activity related to http://game19.flash-myanmar.com/hiddenbin/boatnet.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://game19.flash-myanmar.com/hiddenbin/boatnet.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.i686 id: auto-1ccf0c9823b07cffe75464caa57a85187948b241b2de05d89c1172bc299757a7 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.mipsel id: auto-eb43f8953f175e8c15387d0536380aff8f1ebabfb03ea3228395162dd1d7abc2 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.armv6l id: auto-4fbdd1018cc82b512abe0dd5974c50ffce6962a73b2000249555de2f9b420517 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.i486 id: auto-3801b5478a8bbd7b203171ab379ec4485daa3a0cc966bbe5b290bd2aabe4f532 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.arc id: auto-f0c32aca7e81462e0f3b2ae10d6a6e1acc05f39e1b66408d628957e52d200d49 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/ohshit.sh id: auto-581a5b9b5c9c31030416e0e1f761283776dddcde0c4d6332f9c3f5eac9fc7cd6 status: experimental description: Detects traffic or activity related to http://134.209.96.175/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.powerpc id: auto-50bc6d054640d049a0c868a7808dea623064c2e7bb1bc9ba0fa3a1a307699258 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.sparc id: auto-6685d42e113affa2672f5ae0da47d8fa6ee8a275931bf596783861cc70d2f66e status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.spc id: auto-5530c73fea3568769b0c78923e5603f1abaae2a36c737cec12b1b79ed0143223 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.armv7l id: auto-7e3b90944c9a1c7836dc36e7e9d9dfc882bbfa97129592b276b3eb82884f4ec2 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.mips64 id: auto-5f3283d58df1c2b02baeecc2a7cb358703f41d83bb9df434e5dae9b1abd6a905 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.mips64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.mips64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.x86_64 id: auto-ed2c91c30ac9a79dadd9b4b54440a2acd8b2323b0a363a7483b7207de3fb1f46 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.arm4 id: auto-d84938273539a010329e4ea021bc2fcd78dbdcf74d56078ef818d7e30c366e3c status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.armv5l id: auto-4d99d691d6398ab204c9b62fb4899072add076f39c05ced4f054a0df580266f8 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.i586 id: auto-31e2d6bea9d6cedcec7927a45a49d0cfdd986d05c24e9046b8a17c7bdc3ab1e1 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.240.52:43043/i id: auto-ac471b11f5c41da811c620607ce4a296e17daad765d06df3d2e0b54addfdacb3 status: experimental description: Detects traffic or activity related to http://125.41.240.52:43043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.240.52:43043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.242.239.183:43663/bin.sh id: auto-1a2411086389a519ee72faac97b96a9b25291ecb8052de5dcd7122418d6501a4 status: experimental description: Detects traffic or activity related to http://117.242.239.183:43663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.242.239.183:43663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://206.119.174.15/cdf.zip id: auto-5d6dec161a4c593d992b3c70882b46d7369701d196fd1e67aa782dfd0735bb41 status: experimental description: Detects traffic or activity related to http://206.119.174.15/cdf.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://206.119.174.15/cdf.zip*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/i486 id: auto-22dea2a24e49f221a71d43595b55ff75a1180a5ab47523b3817b6581efb15eaf status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/arm64 id: auto-3ed1e85118564281354f8a9d5a8acb42e3e8d1bdd95d1e76b79b4ebeb7e5f2a1 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/arm64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/arm64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/arc id: auto-e3d0c8d6dd75c394cf7a53115919381b97a63f28f2ae07eb2055f5c41180f6c0 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://security-teamz.com/ENCRYPTED.ps1 id: auto-1262cc6613e43e6fc5d19612a7a9e77a4369f26194e64c34d2f73e8f6c7195bd status: experimental description: Detects traffic or activity related to https://security-teamz.com/ENCRYPTED.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://security-teamz.com/ENCRYPTED.ps1*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.52.230:36235/bin.sh id: auto-e4e754d2e75b2f8639218e047fa8df61b8c0be71d4328953cc154b219fd4f368 status: experimental description: Detects traffic or activity related to http://115.63.52.230:36235/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.52.230:36235/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.89.202.217:45497/bin.sh id: auto-c637e72daf1f92fd8bf67684e8245453753b7aefe12ef1d934249c48adb36137 status: experimental description: Detects traffic or activity related to http://196.89.202.217:45497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.89.202.217:45497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.31.1:52934/bin.sh id: auto-5020167084b0be963df01bd116dc8a6ce67c12b57595380e8daa29a6ac8ace68 status: experimental description: Detects traffic or activity related to http://115.57.31.1:52934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.31.1:52934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.33/pay id: auto-dd843083c45f2b727b62f8ca586d40a8b15886120f9c999a76d90c66a2ed89a9 status: experimental description: Detects traffic or activity related to http://130.12.180.33/pay which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.33/pay*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.240.52:43043/bin.sh id: auto-acd97050b65adfdacb801e7a4a64f864aa34d00248cade05f53022712c23dd6a status: experimental description: Detects traffic or activity related to http://125.41.240.52:43043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.240.52:43043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.33/bin id: auto-96a693774a12b931558786bd70aef55cc426cd4ab5ec3e623c1942f6a7f61745 status: experimental description: Detects traffic or activity related to http://130.12.180.33/bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.33/bin*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.33/yarn id: auto-956bac40d8b0fffe04963d8463d8f1c648ccfd45381cccb725c8517b5583e6ba status: experimental description: Detects traffic or activity related to http://130.12.180.33/yarn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.33/yarn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.33/ok.sh id: auto-8a757904b2be8617c949c644eb67bce9604d0eb27e26e68e420e3788ba09444e status: experimental description: Detects traffic or activity related to http://130.12.180.33/ok.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.33/ok.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/weed.sh id: auto-88d48fb400ce596de22735c357fa7b9666e0e42bd425a659e6b2619faabdd737 status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/weed.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/weed.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/gpon.sh id: auto-a5b152aa71b9bb833c67ba7cb11988da610d94d4cd8f99e6a81a37d6e9b05cea status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/gpon.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/gpon.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.97.249:43832/bin.sh id: auto-a1570a568f819fa36f21ea1b3295b034e66466244b3bcedc67a89089c336425a status: experimental description: Detects traffic or activity related to http://182.126.97.249:43832/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.97.249:43832/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.15.21:37207/bin.sh id: auto-6fbe228f660d92c08903f41d58643deee922ac0c9117ba12d6337b01cd054f47 status: experimental description: Detects traffic or activity related to http://110.37.15.21:37207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.15.21:37207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.146.23.241/dlr.arm5 id: auto-c191d5f758478eca3304d7ae98c8ca3146e43ee467e97402b751bcdb676d87b8 status: experimental description: Detects traffic or activity related to http://103.146.23.241/dlr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.146.23.241/dlr.arm5*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.146.23.241/dlr.mips id: auto-88b238f9104bb0b18554f0c4c027da25aac64460c1eba423d99ece277cd938c8 status: experimental description: Detects traffic or activity related to http://103.146.23.241/dlr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.146.23.241/dlr.mips*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.146.23.241/dlr.arm4 id: auto-b0a2ec9444286ca95271eeeac2a168f1f5fd2f3fe286c46e19b572e39cded9dc status: experimental description: Detects traffic or activity related to http://103.146.23.241/dlr.arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.146.23.241/dlr.arm4*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.146.23.241/dlr.mpsl id: auto-1215cb197b6c20e082ff7bf89a1b914af2cb2a7a33f742b197c011d5354eac88 status: experimental description: Detects traffic or activity related to http://103.146.23.241/dlr.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.146.23.241/dlr.mpsl*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.146.23.241/dlr.arm7 id: auto-0309382f83c0a28d74df48efbbd00c4aafc67a753e55bb9e793fa966322d23d3 status: experimental description: Detects traffic or activity related to http://103.146.23.241/dlr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.146.23.241/dlr.arm7*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.8.129:51305/bin.sh id: auto-92ca1499ebd1aead095fad341effec2def9da423677bdad934d6b095de3a0ebc status: experimental description: Detects traffic or activity related to http://182.121.8.129:51305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.8.129:51305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.81.11:60420/i id: auto-d846cb40533278453dc668066bf5ed2c53caaa49709c1ff55a9444ec3d1bfafe status: experimental description: Detects traffic or activity related to http://27.215.81.11:60420/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.81.11:60420/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.35:37306/i id: auto-30c24c46a04f5eb267ac3e1eb4facf96b5d0d24c470aca3d39f014ca49c70091 status: experimental description: Detects traffic or activity related to http://117.209.81.35:37306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.35:37306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.241.32:46188/i id: auto-e1639c1075c5cd0a2246d9e70ae9a052448a8fb49fdf962bc6602da41a06b71a status: experimental description: Detects traffic or activity related to http://182.118.241.32:46188/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.241.32:46188/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.23.140.229:55392/i id: auto-b8da94b8b0b5ec042538e228dac77eff66bb3b739fcae3e0e7b10761d58c76b3 status: experimental description: Detects traffic or activity related to http://183.23.140.229:55392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.23.140.229:55392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.81.35:37306/bin.sh id: auto-ed4b68a4c33146ade29d7d837d5570ea80a56fa991312afb1c94d39cb973170b status: experimental description: Detects traffic or activity related to http://117.209.81.35:37306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.81.35:37306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.187.114:51456/i id: auto-5e22fbb921e69d87d457e5b34449920a43266308fd6e5b0aff8c20f7d58ae9aa status: experimental description: Detects traffic or activity related to http://123.8.187.114:51456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.187.114:51456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.118.241.32:46188/bin.sh id: auto-6acd205ceaf8917dde36bfc20cc85f5cfe77600ae9df878bc147e5d24d1ee03b status: experimental description: Detects traffic or activity related to http://182.118.241.32:46188/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.118.241.32:46188/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.95.198:53835/i id: auto-2a4330a33ad5893eadd8e705a248b25443ef097f44992449a52cfb936cb12a3a status: experimental description: Detects traffic or activity related to http://42.235.95.198:53835/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.95.198:53835/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.135.115:35395/i id: auto-39be81d826200e9bec2ab3a549ecdd422fb2b8828d71d70b264bf93659a78f57 status: experimental description: Detects traffic or activity related to http://182.120.135.115:35395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.135.115:35395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.81.11:60420/bin.sh id: auto-09d78a05c262e5efa0bf39d713dcbbb0bb63afdd7ceff7990beebf2cb08293cd status: experimental description: Detects traffic or activity related to http://27.215.81.11:60420/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.81.11:60420/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.2.193.132:18956/i id: auto-b304cf7795743749d49bb447ae686386a93bbdc3d6e9b981c6a20c59f5d8d584 status: experimental description: Detects traffic or activity related to http://120.2.193.132:18956/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.2.193.132:18956/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.205.9:57277/i id: auto-c89c921e5745ab558d442ec9aa87d9b27596093451f112f03ac67f150d62a70e status: experimental description: Detects traffic or activity related to http://113.239.205.9:57277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.205.9:57277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.142.91:55347/i id: auto-1639876ef55f83db0b87c95c2ad5144b096006f31de79be585c56c5f25ab2605 status: experimental description: Detects traffic or activity related to http://220.201.142.91:55347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.142.91:55347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.17.106:41394/i id: auto-a3ed8e80387af69dbf087d5f055c036ddb7cf1efd6295cb2b19df06e838ba784 status: experimental description: Detects traffic or activity related to http://117.217.17.106:41394/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.17.106:41394/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.255.33:50375/Mozi.a id: auto-642e2267e11c9e5321463b44494a2ada6efe680ee7c7378ecf3a1461dbcba3c7 status: experimental description: Detects traffic or activity related to http://78.165.255.33:50375/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.255.33:50375/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.121.162:43741/i id: auto-2fbe39d29bd305ae7a41f333655a7d9e07db7d8c846237b2b4eb65065e036200 status: experimental description: Detects traffic or activity related to http://182.116.121.162:43741/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.121.162:43741/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.21.101:33007/i id: auto-96244494529493e3c996ec8b24ca6fa24d1ddc18e006f29cc56345711c7faaa5 status: experimental description: Detects traffic or activity related to http://123.5.21.101:33007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.21.101:33007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.216.203:45416/i id: auto-0b984809bcb7466fc5f6549b0894efe71ba03198c85ef4cde8a0d1317d032ac5 status: experimental description: Detects traffic or activity related to http://115.50.216.203:45416/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.216.203:45416/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:41098/bin.sh id: auto-504d38a5e431d708fa8c4b955fd2a9261a570dc2de38e6abb58138cf9cb57d0b status: experimental description: Detects traffic or activity related to http://188.38.158.163:41098/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:41098/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://94.240.199.114:33636/Mozi.a id: auto-1a08a56555cd6e2c22c30ffb23d527bd50d66fed0ba87fc37cdb75e0bb76ab6d status: experimental description: Detects traffic or activity related to http://94.240.199.114:33636/Mozi.a which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://94.240.199.114:33636/Mozi.a*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.116.78:45582/i id: auto-df16bd62a2c3003de3d51a96db691ab151b48d1cc966424ac639295c9b6d2f51 status: experimental description: Detects traffic or activity related to http://110.37.116.78:45582/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.116.78:45582/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ykapi.luyou.360.cn/rule/check?ckey=SZATlh33sZmW2OazOfmZILickUfaw+72V6VKQfafHtOaHq1yeUdcXwELWqbKyxq7FGmuEzeE7Pmk/51YmT4Kt8Xhny5EF2nvBHi3cdZVJisW1RO8ddmgRDGowxA5Z0Que22/3JF9IbD8QNXx3h3yxZLSboUyD80N1Be+UjqpNBE=&data=4taDSepEs63PhsiEqPDf8sYBp1NT+fxoP7/i id: auto-f1b27238e5f598d6b7f081da80dbafadb86880446a64689614ebeaf80fb53c8d status: experimental description: Detects traffic or activity related to http://ykapi.luyou.360.cn/rule/check?ckey=SZATlh33sZmW2OazOfmZILickUfaw+72V6VKQfafHtOaHq1yeUdcXwELWqbKyxq7FGmuEzeE7Pmk/51YmT4Kt8Xhny5EF2nvBHi3cdZVJisW1RO8ddmgRDGowxA5Z0Que22/3JF9IbD8QNXx3h3yxZLSboUyD80N1Be+UjqpNBE=&data=4taDSepEs63PhsiEqPDf8sYBp1NT+fxoP7/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ykapi.luyou.360.cn/rule/check?ckey=SZATlh33sZmW2OazOfmZILickUfaw+72V6VKQfafHtOaHq1yeUdcXwELWqbKyxq7FGmuEzeE7Pmk/51YmT4Kt8Xhny5EF2nvBHi3cdZVJisW1RO8ddmgRDGowxA5Z0Que22/3JF9IbD8QNXx3h3yxZLSboUyD80N1Be+UjqpNBE=&data=4taDSepEs63PhsiEqPDf8sYBp1NT+fxoP7/i*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.74.222:34867/bin.sh id: auto-a79b1856d924af17bf1c3ab5c887ff5777277039af988eb403894aea9a51b329 status: experimental description: Detects traffic or activity related to http://119.117.74.222:34867/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.74.222:34867/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.187.114:51456/bin.sh id: auto-85872d843cf92fc180ff367b91ff291a0af1b81e4e4ac3704c7f5aca913694cd status: experimental description: Detects traffic or activity related to http://123.8.187.114:51456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.187.114:51456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.160.129:39373/i id: auto-c31844da87c7972661d883d4170064aab38cd498a6af74d129cae1cd9109f117 status: experimental description: Detects traffic or activity related to http://27.217.160.129:39373/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.160.129:39373/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.95.198:53835/bin.sh id: auto-d6d13767e5c69fbd341e19818c779a7ef2041b00718b97daa6ea6bce039bf641 status: experimental description: Detects traffic or activity related to http://42.235.95.198:53835/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.95.198:53835/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.180.135:52080/i id: auto-ebf956f660756e4d0b35580b3f5c203e0991b57588de5f4d3ee9b7f0914df5bb status: experimental description: Detects traffic or activity related to http://59.93.180.135:52080/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.180.135:52080/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.152.40:50073/i id: auto-24e9f7c605925c1bd6c3f6089c8935a7188bdb3ed7b00cd6bcbda4adc1694548 status: experimental description: Detects traffic or activity related to http://61.53.152.40:50073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.152.40:50073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.217.160.129:39373/bin.sh id: auto-430273f7ae036c1ecc8eadf6c25f340f67e1c6db37bb274e0c38b68b09b116f8 status: experimental description: Detects traffic or activity related to http://27.217.160.129:39373/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.217.160.129:39373/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.184.94:53544/i id: auto-5b632d31bddf028d994a5d53585446ed928096ef0abd8bbc599260b537bb303f status: experimental description: Detects traffic or activity related to http://42.6.184.94:53544/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.184.94:53544/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.157.118:50785/i id: auto-c651eb524dfc2ad2baea913b502d65baa6ec2bd9fa80e8fc16a67b5a98ca2c6c status: experimental description: Detects traffic or activity related to http://222.140.157.118:50785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.157.118:50785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.130.158:52805/bin.sh id: auto-2d601b09ed92482f0d4d21ece5bc328cec334672b2ee57ae7920bb47770a234a status: experimental description: Detects traffic or activity related to http://117.196.130.158:52805/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.130.158:52805/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.93.180.135:52080/bin.sh id: auto-27850f5554226ad77bc6e130c1b3e2ca064b689b958103c6e806dfdd37c55e40 status: experimental description: Detects traffic or activity related to http://59.93.180.135:52080/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.93.180.135:52080/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.80.62:60466/bin.sh id: auto-4a6d5b34c50b048c3a3e17a5d235a60f8cd0c325cf07a58dd4a7baf567f2839c status: experimental description: Detects traffic or activity related to http://110.37.80.62:60466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.80.62:60466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.152.40:50073/bin.sh id: auto-52124df3485ad844b7ba79417c146b8572aa6bd5ac0541cb56e1cd84a1849017 status: experimental description: Detects traffic or activity related to http://61.53.152.40:50073/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.152.40:50073/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://haisolarery.top/static/net.xsl id: auto-8c36f1e83ccd6caaa0b439fa2bb426bddf84e014356ed73d658005a70e04f8db status: experimental description: Detects traffic or activity related to http://haisolarery.top/static/net.xsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://haisolarery.top/static/net.xsl*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.113.8.2/static/x.ps1 id: auto-13a0d11b9d41d16f7623ca9a9cf98cbb8014e8e6e588dd314a248048adaa1eca status: experimental description: Detects traffic or activity related to http://185.113.8.2/static/x.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.113.8.2/static/x.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.113.8.2/static/net.xsl id: auto-74231679555e8d42a2f6d4f5a88c9e1cad256318fe05f600cd35e7f246f8f98d status: experimental description: Detects traffic or activity related to http://185.113.8.2/static/net.xsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.113.8.2/static/net.xsl*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://haisolarery.top/static/x.ps1 id: auto-1d5c746495af014b96c540aef3c99f8d96f1d90a2eb498bd7addbde98dd71572 status: experimental description: Detects traffic or activity related to http://haisolarery.top/static/x.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://haisolarery.top/static/x.ps1*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.214.30.148/ping id: auto-7612ac6b68efee8ccd3b4611b22533a537545d538cec04394503589a8823d380 status: experimental description: Detects traffic or activity related to http://188.214.30.148/ping which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.214.30.148/ping*' condition: selection level: high tags: - attack.t1498 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.214.30.148/bot id: auto-8c2d63d38028c6509e2be5d5e6fb3280dbd6628122d1744087f77586be330754 status: experimental description: Detects traffic or activity related to http://188.214.30.148/bot which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.214.30.148/bot*' condition: selection level: high tags: - attack.t1498 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.231.122:40208/bin.sh id: auto-e2053812828c3f4e74fc39f284c1b0258f9f23ff32f859ff570774d08228b89c status: experimental description: Detects traffic or activity related to http://42.225.231.122:40208/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.231.122:40208/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.116.23:49295/i id: auto-e927b10fad9985f8db2eddec22129125f0d49df7782637c8cab386f69815c110 status: experimental description: Detects traffic or activity related to http://222.138.116.23:49295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.116.23:49295/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.176.122:38144/i id: auto-3873399c71a4da714795f725df3874465c05aef42864ad3c5b44d05a185227b4 status: experimental description: Detects traffic or activity related to http://218.60.176.122:38144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.176.122:38144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.95.191:54091/i id: auto-25a8701192e53a74f9c836400367f740c8cf8edddfc9c85dcdf5f0a8d1eb7070 status: experimental description: Detects traffic or activity related to http://110.37.95.191:54091/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.95.191:54091/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.142.202:47289/i id: auto-4453493dbfb8afd5824e0f34b493be27025e3c6bfc868e2c2483cb22d332b306 status: experimental description: Detects traffic or activity related to http://115.55.142.202:47289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.142.202:47289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.57.209:47977/i id: auto-7811ef31438b38f6c1e5412a734442e6682ffbc288abd4f46b194ba49587c355 status: experimental description: Detects traffic or activity related to http://42.6.57.209:47977/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.57.209:47977/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.71.86:44062/i id: auto-57f4667b616894ba9ec58a11e61bb80b79591d41461276fd07acc2341aaa6e01 status: experimental description: Detects traffic or activity related to http://60.19.71.86:44062/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.71.86:44062/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.176.122:38144/bin.sh id: auto-ac3d8bc19be57cd283f233d897a138e0f4531dd5e0b5243520147563fd511dfb status: experimental description: Detects traffic or activity related to http://218.60.176.122:38144/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.176.122:38144/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.52.31:47605/bin.sh id: auto-0b4704adc4957976209ebd52c38e8274c2bc5401252a3c4fb02e98c2dea46869 status: experimental description: Detects traffic or activity related to http://125.40.52.31:47605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.52.31:47605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.95.191:54091/bin.sh id: auto-52b71d33b62d984f2b4ffdc61c6027d873f8b8bbc0ff85bf4ec48f07354423eb status: experimental description: Detects traffic or activity related to http://110.37.95.191:54091/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.95.191:54091/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.57.209:47977/bin.sh id: auto-e353b6f5dc12e21cbc5b81b6f80b822529b5d9b171bc487967c048a12fce0a6c status: experimental description: Detects traffic or activity related to http://42.6.57.209:47977/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.57.209:47977/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.81.139:47140/i id: auto-2f54097d5e7da48d8fe3fcf1fca21ca74539dd02f52a0f439581e36b9391d560 status: experimental description: Detects traffic or activity related to http://175.165.81.139:47140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.81.139:47140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.81.139:47140/bin.sh id: auto-57cb1ceb56f2831ad672240c2a68daba31799cc806d360801d677d88b57bb963 status: experimental description: Detects traffic or activity related to http://175.165.81.139:47140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.81.139:47140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.163.34:40479/bin.sh id: auto-5c345e45a16144ca85041bcc9e612b59fae192ae905dd7afbc384ac104bf50c1 status: experimental description: Detects traffic or activity related to http://117.205.163.34:40479/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.163.34:40479/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.142.202:47289/bin.sh id: auto-ed2e12b5099578c00186a991213041ae35cacc83cabdfd683b7e3fbd35e22f44 status: experimental description: Detects traffic or activity related to http://115.55.142.202:47289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.142.202:47289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.9.74:56919/i id: auto-3d05e357db8a47b50313e5732aaf345b92535f63abc3943a84d949c1aaff2498 status: experimental description: Detects traffic or activity related to http://117.209.9.74:56919/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.9.74:56919/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.54.95.49:40497/bin.sh id: auto-e4c68180f60dd1da1385430bcad4cfeb2496ae0d5024eef05b77071c514d9529 status: experimental description: Detects traffic or activity related to http://24.54.95.49:40497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.54.95.49:40497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.247.151.64:48303/bin.sh id: auto-c88de5ca21c33b2df60e78e2a787cc68604b1892bc844642aadc3d38c741e26c status: experimental description: Detects traffic or activity related to http://117.247.151.64:48303/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.247.151.64:48303/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.82.188:34276/i id: auto-cfb572b3c2defb86bb3fc18db169eaafe18569f9adaefd78f4a6f48a24e45269 status: experimental description: Detects traffic or activity related to http://42.178.82.188:34276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.82.188:34276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.86:50915/i id: auto-991b1f2ff5050b692c04b49f493c57fc4421ee638b360aace6660ee5ee70af28 status: experimental description: Detects traffic or activity related to http://110.39.225.86:50915/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.86:50915/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.71.86:44062/bin.sh id: auto-9db405921109e37e49f3f6fb5d8f9f61dbf7ce683dad207b3c64a1fab79f9a16 status: experimental description: Detects traffic or activity related to http://60.19.71.86:44062/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.71.86:44062/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.9.74:56919/bin.sh id: auto-4c004d608c0406b367253981d20e3f042a09d1a9ba0b53bc5641c6f9529139bc status: experimental description: Detects traffic or activity related to http://117.209.9.74:56919/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.9.74:56919/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.4.8:41306/i id: auto-ebebac397908763558e20f075588f9e3f7662b4ffb196ac2325487704d757cb3 status: experimental description: Detects traffic or activity related to http://42.179.4.8:41306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.4.8:41306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.36.20:52059/bin.sh id: auto-3aad230d54452146beedc01a4d6cd3e2a10cc07d0a112f3e55f03f3499991512 status: experimental description: Detects traffic or activity related to http://117.217.36.20:52059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.36.20:52059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.183.13:59295/bin.sh id: auto-e80d10996b2a1adb7c2a2ed72a6984c882e5f2ee5eea7e0d1e132a3101569c97 status: experimental description: Detects traffic or activity related to http://222.138.183.13:59295/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.183.13:59295/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.225.86:50915/bin.sh id: auto-4453cdf0053174112ea2e8dceb4832221144e9476360a72dcc9961086ca58783 status: experimental description: Detects traffic or activity related to http://110.39.225.86:50915/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.225.86:50915/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.82.188:34276/bin.sh id: auto-08a719a2951e7863573f4076c6ce010fa4e23accd0db9a949ecc621c3cdf55db status: experimental description: Detects traffic or activity related to http://42.178.82.188:34276/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.82.188:34276/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.4.8:41306/bin.sh id: auto-06b398a4ddb62720993eac539d38041d93ab3fea621106685d74b38199dc5544 status: experimental description: Detects traffic or activity related to http://42.179.4.8:41306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.4.8:41306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.241.107:44289/bin.sh id: auto-87f3680c8dba5236c078257ae9d9809fc0cb7f5eb2abae034b67bfcc7212645c status: experimental description: Detects traffic or activity related to http://180.190.241.107:44289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.241.107:44289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/ id: auto-20227284c3ddb140f74189442b2e8668f81cfbd36339b093026b0fef8236d152 status: experimental description: Detects traffic or activity related to http://62.60.226.159/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.148.86:34577/i id: auto-6480982c8a5f7d573d41979d640c4cfa1eb5a90210bb6566740695b9f35b1004 status: experimental description: Detects traffic or activity related to http://115.48.148.86:34577/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.148.86:34577/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://abrababa.xyz/epstein.exe id: auto-a6fc02a34005bc7c03588ad6d2d093983c2ce743312ef8ba1b974b2123140e92 status: experimental description: Detects traffic or activity related to https://abrababa.xyz/epstein.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://abrababa.xyz/epstein.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8455847319/xbE6N2L.exe id: auto-8f0f31aab8ccc5c7a76d1c26fddf1034c7f3186ad69e81c95b34dec5f150c056 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8455847319/xbE6N2L.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8455847319/xbE6N2L.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/zF0xG5x.ps1 id: auto-0936645534753bde96238e2f8cec95cb0461dc60ee29b0ae5c0a231d72f5f485 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/zF0xG5x.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/zF0xG5x.ps1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://abrababa.xyz/oip2.exe id: auto-bb56fa579e9e3364cbbde273199108e344ebe475b1d9a9e797b4c4eac79e43d5 status: experimental description: Detects traffic or activity related to https://abrababa.xyz/oip2.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://abrababa.xyz/oip2.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.87.100:52743/i id: auto-25a0b7c36a95dfc731dad8493f1a762f82bbbf6ef5f962bb26566c9da99e8b3c status: experimental description: Detects traffic or activity related to http://27.215.87.100:52743/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.87.100:52743/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.86.86.221/config.json id: auto-ae706f80f00feb640ba1e3a451e58dd58b15c964423c7cad3a8b476a037451c7 status: experimental description: Detects traffic or activity related to http://45.86.86.221/config.json which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.86.86.221/config.json*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.86.86.221/xmrig id: auto-04cb37184c937f6041ce295d086e5c30f73358056f525a20c48681d3776c3505 status: experimental description: Detects traffic or activity related to http://45.86.86.221/xmrig which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.86.86.221/xmrig*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.137.15:51670/bin.sh id: auto-8588591375240e4f2b3b87f6cd39b9e73605138ceb5fb50a8f3a4ff408f376d5 status: experimental description: Detects traffic or activity related to http://59.96.137.15:51670/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.137.15:51670/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.198.186.100:54771/bin.sh id: auto-8208bd3880d744c0f9158d3d8ec6b324bf682087f93e58696d0ea693b30121ee status: experimental description: Detects traffic or activity related to http://112.198.186.100:54771/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.198.186.100:54771/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.87.100:52743/bin.sh id: auto-5302af0307d201a8977153f762c8e382489b38063b6dfd1d6078fe1b8fa8a895 status: experimental description: Detects traffic or activity related to http://27.215.87.100:52743/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.87.100:52743/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.8.128:44900/i id: auto-8e88ec1e2e351f80529cbdbedb37fe05ec5670bdcb2449cbd53f881ca7b88aae status: experimental description: Detects traffic or activity related to http://115.63.8.128:44900/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.8.128:44900/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.219.138:38499/i id: auto-59ab814d8d9fdba5c5297277a530d4aac65976a6e14d50d686943b4be62b32ac status: experimental description: Detects traffic or activity related to http://61.53.219.138:38499/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.219.138:38499/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.148.86:34577/bin.sh id: auto-afa934a0f022ac7367456d50f074965e45903c6dd44f4a169ade7f21cbf96829 status: experimental description: Detects traffic or activity related to http://115.48.148.86:34577/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.148.86:34577/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.65.94.66:41362/i id: auto-ac9301ab866baaf949e2d42a3eaa573a83756f7646fb02eb8c2e8a3b0329599c status: experimental description: Detects traffic or activity related to http://39.65.94.66:41362/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.65.94.66:41362/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.20.151:49494/bin.sh id: auto-67b420b90f82ca6ad4cc27ddb64d231946ab346461b57523499dd9986ad17930 status: experimental description: Detects traffic or activity related to http://42.177.20.151:49494/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.20.151:49494/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.236.74.65:43334/bin.sh id: auto-0acf16a665fb89c7e220af9dacb9d42e51db29e0ffe274513e3804a582c30d6f status: experimental description: Detects traffic or activity related to http://77.236.74.65:43334/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.236.74.65:43334/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.208.112:57221/i id: auto-a5571db252a7ce88c0e56905b2ee5332616e4703a66a8607e1eff6dd33f77bde status: experimental description: Detects traffic or activity related to http://123.4.208.112:57221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.208.112:57221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.219.138:38499/bin.sh id: auto-9d68fb9e0a33775d6ecc613451773bfc7c699d7bab0ef2d8cb36bf724491de4d status: experimental description: Detects traffic or activity related to http://61.53.219.138:38499/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.219.138:38499/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.65.94.66:41362/bin.sh id: auto-077a5ac5aeada00f9852aca2e62963b942ff8718fca7259282bb5062c01e5539 status: experimental description: Detects traffic or activity related to http://39.65.94.66:41362/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.65.94.66:41362/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.12.124:39675/bin.sh id: auto-2fd69e2ea6a0c5ac5cf9f4a66289f060b72ca3718f60a74268f961fed0498f19 status: experimental description: Detects traffic or activity related to http://123.188.12.124:39675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.12.124:39675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.172.71:44029/i id: auto-e7ffdb081c9599635484af9a1e9f1453383746b172c5efa6db3065ce13ab2df5 status: experimental description: Detects traffic or activity related to http://42.58.172.71:44029/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.172.71:44029/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.149.78:54207/i id: auto-b855f3b8f72dd115126e80c508278e3bb90cb3106e3723d5ecceae56c80fc939 status: experimental description: Detects traffic or activity related to http://61.53.149.78:54207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.149.78:54207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.63:57689/i id: auto-0efe2481b9d14d2f7210ce19122f1a0c59ff0b43dd6a443e1e2810710c0bbde3 status: experimental description: Detects traffic or activity related to http://200.59.83.63:57689/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.63:57689/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.226.117:48316/i id: auto-3411b8b9ad8142c4a89529a549891cdf182c1457454ff9918cc64a0d779cd06d status: experimental description: Detects traffic or activity related to http://123.12.226.117:48316/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.226.117:48316/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.203.78:50687/i id: auto-ccc19c7e330a27afacc50acbbaabad1b8c54c24689308a2d0438217d5d1e75dc status: experimental description: Detects traffic or activity related to http://123.11.203.78:50687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.203.78:50687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.58.172.71:44029/bin.sh id: auto-f689e2a1785d06ba90f59d0ce116d6238b426aac28244a3b2c835d0f1e21df16 status: experimental description: Detects traffic or activity related to http://42.58.172.71:44029/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.58.172.71:44029/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.149.78:54207/bin.sh id: auto-75360300f8e88da76be82827c065a2a7c83555a2eb9288b0b71dc7b99eac2785 status: experimental description: Detects traffic or activity related to http://61.53.149.78:54207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.149.78:54207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.mpsl id: auto-8a5807666974d05f0d4efca68f37b3411217d559b1ffd55356b2b610804cf8c2 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.i686 id: auto-f37e7cbd4e3350130f4172698956c74ab00d648ecd3edc2110be82a4ee498677 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm5 id: auto-706257600cf9d6f54ce495d46340ef1cf3dff47458e1084ac38e6f9e68f51b73 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm6 id: auto-306a072e70dc1e9d547d77d884e757d039d2a36142f0c31a6a434a252d6af758 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/newreaxe.sh id: auto-573f71ced1831f67768663f821ee327f281503b7821572ab0552f4843c57d748 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/newreaxe.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/newreaxe.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.x86 id: auto-9a9d4b0206757e68ecc96aa77e710c23ad304e7e1775a1704b8c9de8e2f1bf85 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.sh4 id: auto-9184d4fcb90250ebfa5fdd17b599e5bb97fcc883511e7394f1583fbdb52aa9b2 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm7 id: auto-cbb3220a7767ed1f2fa62bf109065525e2d8b76b9897d0ef67c79d7402f3e011 status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.m68k id: auto-7eb2ee6dadbc580caf3de0044a02b205fbb2d551bd0a819d5d39e507135285fc status: experimental description: Detects traffic or activity related to http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://play.mclighthouse.ir/x7k2m9v8b/m9x7k2v8b3.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.197.49:47989/i id: auto-4d3da14a0f4b61d927e25112ce0418f0ed49fbb3fcd7b922ce3e9dc2ffaf8dff status: experimental description: Detects traffic or activity related to http://110.38.197.49:47989/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.197.49:47989/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.59.194:46475/i id: auto-45197c63be396bfa9a75daa599cb862a2861bb30ad9e17924f9c921abe6d157a status: experimental description: Detects traffic or activity related to http://115.55.59.194:46475/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.59.194:46475/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.63:57689/bin.sh id: auto-ba3798ccbeb504cfb8b63ff8b8d8a95a1e8c78d1d02cea5ad17468a1dbc910d9 status: experimental description: Detects traffic or activity related to http://200.59.83.63:57689/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.63:57689/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.226.117:48316/bin.sh id: auto-6849bd48fb20987aa2926514df9367d9c434b1d8559d9b0e47930fbe599c235f status: experimental description: Detects traffic or activity related to http://123.12.226.117:48316/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.226.117:48316/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.91.163.46:51818/i id: auto-f68a5d1a8bc530a0906cc3ab17c952a54f738866925239391ff118662ebc1e53 status: experimental description: Detects traffic or activity related to http://111.91.163.46:51818/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.91.163.46:51818/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.203.78:50687/bin.sh id: auto-0448831b76c3a1bff46ab1e28c8c72182e90461448ede9500a00962b2dac042a status: experimental description: Detects traffic or activity related to http://123.11.203.78:50687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.203.78:50687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.237.247:53916/bin.sh id: auto-7f5e5bbdf4faf9a3000e022a50ba71ada6264cb14d8dfb917a6605bc219f0d8e status: experimental description: Detects traffic or activity related to http://182.112.237.247:53916/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.237.247:53916/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.197.49:47989/bin.sh id: auto-08c3b30f84421f17c20a67ad75ffee9ae0a4640c630a9131999108c7e0a98e35 status: experimental description: Detects traffic or activity related to http://110.38.197.49:47989/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.197.49:47989/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.19.241.213:41480/bin.sh id: auto-5450be2f455418ca5c1fae99332a442612d466a81f72d88369e77f5a22cedd81 status: experimental description: Detects traffic or activity related to http://60.19.241.213:41480/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.19.241.213:41480/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.82.234:51460/bin.sh id: auto-1b222459fcdd4900fd5cb36b6e69bc6a4f2f863d70da4743f669a8cf70b527c7 status: experimental description: Detects traffic or activity related to http://115.58.82.234:51460/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.82.234:51460/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.8.214:33638/i id: auto-8ea9097337c3d661d4eacbdd0ef47a8a243e6e558343bfcb2da76d9add3fc8f0 status: experimental description: Detects traffic or activity related to http://110.37.8.214:33638/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.8.214:33638/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.153.238:41239/i id: auto-c5a464bb346dd93638aa8328caf40e2f2f0305f0853cddd789c7e2a8d1576632 status: experimental description: Detects traffic or activity related to http://115.48.153.238:41239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.153.238:41239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.105.76.45:48190/i id: auto-b968faf69241f941ecbe6eeff0040fe6589c8f0f12b38f17dac82d924a59aa9a status: experimental description: Detects traffic or activity related to http://85.105.76.45:48190/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.105.76.45:48190/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.235:52014/i id: auto-765b99fb44ce0ae93485307f0a13ccc9950cfa0531fff62e89fcbd53f96b9676 status: experimental description: Detects traffic or activity related to http://110.37.35.235:52014/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.235:52014/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://170.0.60.61:43489/i id: auto-24ec9704d4fff7e89eaa54d7839cd43c5135a2bec75d5ca634188366a2898645 status: experimental description: Detects traffic or activity related to http://170.0.60.61:43489/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://170.0.60.61:43489/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.181.99:44657/i id: auto-6ca142426be5d04b1a4fca831896160e1dc7d8a324d5d639648a1780bc9f9f35 status: experimental description: Detects traffic or activity related to http://219.157.181.99:44657/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.181.99:44657/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.38.158.163:41098/Mozi.m id: auto-dd711cb35ca4b8f16707830186a67ea92b92feb6d9b6e109ed4a818c27963f19 status: experimental description: Detects traffic or activity related to http://188.38.158.163:41098/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.38.158.163:41098/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.12.126:56897/i id: auto-a67880954d9c8f13a9dd39fb9a9da89ff61be6c43a5d254ebcab3356aa2b08b1 status: experimental description: Detects traffic or activity related to http://42.238.12.126:56897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.12.126:56897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.177.215:42732/bin.sh id: auto-bd363fecc3d50e23eaa4def1a0d545d81ae317bb1d0b0b270868594bd39d778b status: experimental description: Detects traffic or activity related to http://27.215.177.215:42732/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.177.215:42732/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.123.45:49705/bin.sh id: auto-a009d89fbf8b1845b2ed07e34d7fb38aa30aa724339d8c2dc0291546795d4ee0 status: experimental description: Detects traffic or activity related to http://60.18.123.45:49705/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.123.45:49705/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.27.242:53299/i id: auto-7c6bd42771cedabf87e9315b51970e08fa9eb80d6c4ababe1881ddc7ce8a8d1a status: experimental description: Detects traffic or activity related to http://175.175.27.242:53299/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.27.242:53299/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.91.163.46:51818/bin.sh id: auto-517e59af72f3536d61fc19eb90d7948e8c3118caa9e42a32caa39344c9cf322d status: experimental description: Detects traffic or activity related to http://111.91.163.46:51818/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.91.163.46:51818/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.14.59:37198/i id: auto-75b8cdbdc2ff5247d9e524b96657ace3e8a51e222115e61787a39a9eb8987e1e status: experimental description: Detects traffic or activity related to http://221.15.14.59:37198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.14.59:37198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.0.36:51149/i id: auto-d54bf478bfbbb164412385713418828f43fecba03cce536817dd19e735d29a38 status: experimental description: Detects traffic or activity related to http://221.15.0.36:51149/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.0.36:51149/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.188.135.20:52935/i id: auto-c7073e3d90a07f09c9d4df8ac0d7e2e03745b498d8c61dbf7195c179c7037e99 status: experimental description: Detects traffic or activity related to http://196.188.135.20:52935/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.188.135.20:52935/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/zF0xG5x.exe id: auto-1bcfbada9ed5160307e64bfe02228e80e0f8228cf1d998b24efdafaf155bd43f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/zF0xG5x.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/zF0xG5x.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.27.6:53254/i id: auto-34f10dc2c222fc23fa08b998405224bb6046e40dd63f9cbb281a249bf7e64fdb status: experimental description: Detects traffic or activity related to http://115.49.27.6:53254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.27.6:53254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.206:35686/bin.sh id: auto-5f4c7422d98357c71ad107d45cf928f576026fca3577730dbbbaa89e9a9fa5ca status: experimental description: Detects traffic or activity related to http://117.209.86.206:35686/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.206:35686/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.153.238:41239/bin.sh id: auto-f9a911407233813926c213d4bf8dae3dbba4f99382a8296b38be5c9cb15f803b status: experimental description: Detects traffic or activity related to http://115.48.153.238:41239/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.153.238:41239/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.123.30:39093/i id: auto-1e143a6fe959cd879da0e2e8b8b82bd1fb08f15ec00bdd6a62ec29d3b51b5422 status: experimental description: Detects traffic or activity related to http://115.52.123.30:39093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.123.30:39093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.0.36:51149/bin.sh id: auto-1491ab12cfea1ebee9f04213f80f2a3cdafd733e5fbba74f88522f078578c93f status: experimental description: Detects traffic or activity related to http://221.15.0.36:51149/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.0.36:51149/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.188.135.20:52935/bin.sh id: auto-8c6bdccd751505b9525a3420f11306a3a42196428fd4f60fa7c73c1fb9c422cf status: experimental description: Detects traffic or activity related to http://196.188.135.20:52935/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.188.135.20:52935/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.123.30:39093/bin.sh id: auto-bd8b817e0a335820925955b517e428e1b283270498e4a0d82d425d2ddf55cbe7 status: experimental description: Detects traffic or activity related to http://115.52.123.30:39093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.123.30:39093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.230.171:54675/i id: auto-aa41bf7d04ea2fde93ca5ec03eefff2f84d6808e5ca5948026b55b5c5116ba84 status: experimental description: Detects traffic or activity related to http://110.39.230.171:54675/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.230.171:54675/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.42.123:33370/i id: auto-fa2992f29e7fa6406dfbddf262bff739507b17fb1deab1d772ca50f801decc9e status: experimental description: Detects traffic or activity related to http://222.139.42.123:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.42.123:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.21:35949/i id: auto-188c7e5b4402bd4acf615166c5f7fb25fcf2df142edbf12f8b23ed46d59cb8de status: experimental description: Detects traffic or activity related to http://110.37.42.21:35949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.21:35949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.154.224:48571/i id: auto-e145f0c9203f6ab632064905cee575e2265e2d58f90112ffc29828ddbacde220 status: experimental description: Detects traffic or activity related to http://219.154.154.224:48571/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.154.224:48571/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.42.123:33370/bin.sh id: auto-06aed27a7c909bac1599427c9decaecf31fe031e5caaf21e674d89d63534c0df status: experimental description: Detects traffic or activity related to http://222.139.42.123:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.42.123:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.21:35949/bin.sh id: auto-0f1c8406f3d82631687d6265fbcd5c95b1e71ec79f853138f46b9a6d78d25b91 status: experimental description: Detects traffic or activity related to http://110.37.42.21:35949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.21:35949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.230.171:54675/bin.sh id: auto-7e7f63cc74593dddf501c33e3f0557290e913d6cb9cfaee9d9f2d88a1a5c6ba8 status: experimental description: Detects traffic or activity related to http://110.39.230.171:54675/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.230.171:54675/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.176.34:49208/bin.sh id: auto-64c896541f24022d344fd220f1b626f7cb0db78ec3b8f4bdd834efd6fa491fad status: experimental description: Detects traffic or activity related to http://61.176.176.34:49208/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.176.34:49208/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.162.39.84:9090/02.08.2022.exe id: auto-9db03e84fdc925b2475682acb925af3ae00cb2ef25db3398f8f39396ddb2f612 status: experimental description: Detects traffic or activity related to http://139.162.39.84:9090/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.162.39.84:9090/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.174.95.25/02.08.2022.exe id: auto-18feb2defefe29e0129ac2a6490b2b66e087c0cb4781d3d27f31bf04ea906886 status: experimental description: Detects traffic or activity related to http://107.174.95.25/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.174.95.25/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.3.215:85/sshd id: auto-971b8022db6a94f398b2e7828143a2d5be0b5e3c6e9a943123310c3a27fa5bd6 status: experimental description: Detects traffic or activity related to http://120.157.3.215:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.3.215:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.90.81:2004/sshd id: auto-77532e09e3784632937a796702388d8b140569aae56812ffa3f9184b338f2127 status: experimental description: Detects traffic or activity related to http://117.215.90.81:2004/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.90.81:2004/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.49.126.199:7979/sshd id: auto-f3369f541111389352c1f55ad983b429e79698d2e7e9de0f95a0a1bc50391b64 status: experimental description: Detects traffic or activity related to http://83.49.126.199:7979/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.49.126.199:7979/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.235.246.136:22064/i id: auto-6ee5b5ab8fd648bb9301ae1e97253e95ecf82235935abc99523968d69e6a4ec4 status: experimental description: Detects traffic or activity related to http://151.235.246.136:22064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.235.246.136:22064/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.172.18.177:8081/sshd id: auto-dedfc5ad5fc5d757b2dbe2d87be906577aa1216f3e03b313db736176b62186b1 status: experimental description: Detects traffic or activity related to http://14.172.18.177:8081/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.172.18.177:8081/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.183.98.74:47542/i id: auto-e02f6626e2d8a63b6a0df0d346a76b40fae706727a3f83c4da85b737498ac302 status: experimental description: Detects traffic or activity related to http://2.183.98.74:47542/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.183.98.74:47542/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.157.253.147:85/sshd id: auto-ffda9f5c1a944e38a401e2a56eb20327fddc690288731403f829facef27e3445 status: experimental description: Detects traffic or activity related to http://120.157.253.147:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.157.253.147:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://121.200.63.106:62461/i id: auto-10eaa79fd4bc615b2faaa9d6e95129e531f2c783fa347d3040c85c03e1eb4105 status: experimental description: Detects traffic or activity related to http://121.200.63.106:62461/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://121.200.63.106:62461/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.167.28/sshd id: auto-e4db7a5bb10940120fbf642080b8aadcd1bce122cfe60b01451180a23975acc0 status: experimental description: Detects traffic or activity related to http://83.224.167.28/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.167.28/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.127.75.219:6198/i id: auto-512f6769adc908a1d0fdb356e06aa537d65c11b65e456283b8a7cf24bc6ca2a9 status: experimental description: Detects traffic or activity related to http://115.127.75.219:6198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.127.75.219:6198/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.24.75.136:10052/sshd id: auto-1e1d6b0dbdac1ac664f140ad26b0c53ec632474b4667ad9cbc06c0972f4cde1c status: experimental description: Detects traffic or activity related to http://88.24.75.136:10052/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.24.75.136:10052/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.38.98.43:25323/i id: auto-445ca5147c3d7c046e253208a7ad72c58c9ede9b2e03de9ae5d1cd4ecc72549b status: experimental description: Detects traffic or activity related to http://78.38.98.43:25323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.38.98.43:25323/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.18.152.24:91/sshd id: auto-5e4c7cc3088ad1bf60a459ef83c391c83e514e996d30eec7b6390a034e9df29a status: experimental description: Detects traffic or activity related to http://88.18.152.24:91/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.18.152.24:91/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.130.102/sshd id: auto-102f0ac3ef2e0f2c0266c39eadf7e4a53c02ac19b94d824ef336781fe0702e3f status: experimental description: Detects traffic or activity related to http://91.80.130.102/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.130.102/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.204.188:42517/i id: auto-2dbc609b29670a287e73cbcbd34e7922272f8e09644f4205207b7d179bb922a0 status: experimental description: Detects traffic or activity related to http://123.9.204.188:42517/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.204.188:42517/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.177:47327/i id: auto-1db47003c7117d5d8d51555d2f485bdff956ebeac132f43614e5e187e338e102 status: experimental description: Detects traffic or activity related to http://117.209.85.177:47327/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.177:47327/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.83.118:39439/bin.sh id: auto-a022a6e29f7267b7c7a29f33508191451f8b246fc373442a8effadac14d045bf status: experimental description: Detects traffic or activity related to http://59.95.83.118:39439/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.83.118:39439/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.154.224:48571/bin.sh id: auto-51fcf464a6960a979ed0bed1bdbd2843ed6fe223320b568b3f92ea1d1e36b554 status: experimental description: Detects traffic or activity related to http://219.154.154.224:48571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.154.224:48571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://201.149.107.50:60606/bin.sh id: auto-e112a67266ebc73436e882a7cf4117e27ef63fbcfff92bb6a777dcb60849c1d4 status: experimental description: Detects traffic or activity related to http://201.149.107.50:60606/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://201.149.107.50:60606/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.83.200:33334/bin.sh id: auto-12d9506d129a392f0580881ff8e80916f6597852bbb05c69688e4ca3dcf218fa status: experimental description: Detects traffic or activity related to http://219.155.83.200:33334/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.83.200:33334/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.204.188:42517/bin.sh id: auto-0b23a5ec7b8b7d19eaba5bd2338bc85c1c0e6c048abe6dcf2e9de0db3d2e3f0d status: experimental description: Detects traffic or activity related to http://123.9.204.188:42517/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.204.188:42517/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.85.177:47327/bin.sh id: auto-4bf9383f36c2d3fe19f9bea37ced90f6f0c27dc556706a94326edf3286453f9f status: experimental description: Detects traffic or activity related to http://117.209.85.177:47327/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.85.177:47327/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.238.26:39004/i id: auto-74821f7c69c6e4ec216d25c2730405a58a8095d26b4aed71e782469823d96f77 status: experimental description: Detects traffic or activity related to http://110.39.238.26:39004/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.238.26:39004/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.159:40847/bin.sh id: auto-f41f3b8a6a9bf8f74e90920333791b3c33eac4c334a2c32dd2b338eea5b22fc6 status: experimental description: Detects traffic or activity related to http://123.5.159.159:40847/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.159:40847/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.226.36:36814/i id: auto-42ada3d90c6fd7897f6917c74199b138326786c07d401a135f9c8f4e59d5f732 status: experimental description: Detects traffic or activity related to http://175.167.226.36:36814/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.226.36:36814/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.32.151:45299/i id: auto-cc59c3deced677947d764a5ec6b8a730f60fa985b8a210d3720e662b084c3b06 status: experimental description: Detects traffic or activity related to http://125.43.32.151:45299/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.32.151:45299/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.182.139:53978/i id: auto-26cc7f40c5008a96a870622a8602048695a9bb8b153869cf48661ee73d2de59f status: experimental description: Detects traffic or activity related to http://222.138.182.139:53978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.182.139:53978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.24.74:42371/bin.sh id: auto-15129b32a89bdea85791b065e0581c21220b2577adcd09172a1e406cecbd2e63 status: experimental description: Detects traffic or activity related to http://117.217.24.74:42371/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.24.74:42371/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.99.11.201:47571/bin.sh id: auto-617daffbef5cb9f01c8c677d4948225d0fb620a11d73536fe5bde2fd68968d90 status: experimental description: Detects traffic or activity related to http://59.99.11.201:47571/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.99.11.201:47571/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.146.195:44687/i id: auto-6a36cacec46714a254481c4e918e82e85704d13b161253e3f93d2de5cded1ca5 status: experimental description: Detects traffic or activity related to http://125.43.146.195:44687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.146.195:44687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.240.174.44:34171/bin.sh id: auto-81b15fa446ec07faaab7a8445a08972b515caad6ded5cce9ff64b77cac53dd16 status: experimental description: Detects traffic or activity related to http://112.240.174.44:34171/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.240.174.44:34171/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.34:53744/i id: auto-6a5c339d1804cccaf16f972e8fe5b9417060bad24387b35dead618722cbbbb60 status: experimental description: Detects traffic or activity related to http://110.39.227.34:53744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.34:53744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.5.113:46849/bin.sh id: auto-c14aedaf0e2771c0e552e3e5cece222c976a07f822be53556ab79251cf6b176b status: experimental description: Detects traffic or activity related to http://115.49.5.113:46849/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.5.113:46849/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.226.36:36814/bin.sh id: auto-c4aaa5c1cf768ef8949c7ea87d2472bddada3ede8c813926d69995adab2401b5 status: experimental description: Detects traffic or activity related to http://175.167.226.36:36814/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.226.36:36814/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.182.139:53978/bin.sh id: auto-99e5cfcd3b1f91661782b377c434499b865294c1afee651339e876e09dcec26f status: experimental description: Detects traffic or activity related to http://222.138.182.139:53978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.182.139:53978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.8.209:34974/i id: auto-78c3b83d1eb64f305848c78c163f5fa44136a639052b68487785b23ab84c2552 status: experimental description: Detects traffic or activity related to http://123.8.8.209:34974/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.8.209:34974/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.8.209:34974/bin.sh id: auto-23ac552f1546e988a2cd9ee8920874101a3c0449be5ed35e059eec3e0f466f98 status: experimental description: Detects traffic or activity related to http://123.8.8.209:34974/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.8.209:34974/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://104.193.63.208:38191/bin.sh id: auto-ef136d1813e96bef9305b54c995a3b262e7f903f7683b978f27ac5355cc2c442 status: experimental description: Detects traffic or activity related to http://104.193.63.208:38191/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://104.193.63.208:38191/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.227.34:53744/bin.sh id: auto-debad88fa1ee0e7de3166ed8fcb6ea06fb3715b2c473841619170e2390a354fc status: experimental description: Detects traffic or activity related to http://110.39.227.34:53744/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.227.34:53744/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.201.207:34944/i id: auto-aeb0fdcf8108b686ecbecdb99d0a9af14de8e33bb1a2ac161923ec55c22d8347 status: experimental description: Detects traffic or activity related to http://175.146.201.207:34944/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.201.207:34944/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.235.239:35350/i id: auto-f1b2f2c0fcf419dd418440c2cec70d1a2a231a4cf9e0bbc7a3214fe1c1f33d2b status: experimental description: Detects traffic or activity related to http://123.14.235.239:35350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.235.239:35350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.139.208:56802/i id: auto-a8c0c86029bbb0068fd5066900eac803f7139b1f78e64323f735cf039af627bc status: experimental description: Detects traffic or activity related to http://125.41.139.208:56802/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.139.208:56802/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.201.207:34944/bin.sh id: auto-bc0a9d760f02a44143a1dc88f62118a5acea2a0826c02a3728c93d03bcc98d26 status: experimental description: Detects traffic or activity related to http://175.146.201.207:34944/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.201.207:34944/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.202.149:47260/bin.sh id: auto-341001593df6ae38dd93bffa057038b058e23001f112b081ff460ef7cd2efccd status: experimental description: Detects traffic or activity related to http://42.230.202.149:47260/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.202.149:47260/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.95.129:50029/bin.sh id: auto-c3a7185698aaa28c195e966b56d22f24babd4e17c1c9aa42c2f535443402e74b status: experimental description: Detects traffic or activity related to http://115.51.95.129:50029/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.95.129:50029/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.197.113.32:56132/Mozi.m id: auto-afe4a88d0dcc2af86b9d19628e6667528bf59d355c654d844e3730b8f220b532 status: experimental description: Detects traffic or activity related to http://103.197.113.32:56132/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.197.113.32:56132/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.50:59714/bin.sh id: auto-19d0d6be84283642ebb1034d6324f3a6c9569bbcfa25d6c09b10908097ffab5e status: experimental description: Detects traffic or activity related to http://219.155.210.50:59714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.50:59714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.9.148:60124/i id: auto-f0d3d40e3bec387abcec9a7940122d531e557eb8613150404ea4b29dcc6deb6a status: experimental description: Detects traffic or activity related to http://42.179.9.148:60124/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.9.148:60124/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.209.143:33153/i id: auto-77219ac5f3266c30fad70e4aaac4c43474c4684800fb459dc8eef808b4c0be6a status: experimental description: Detects traffic or activity related to http://115.50.209.143:33153/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.209.143:33153/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.87.97:45914/i id: auto-768718d384346adca974f5dad76fa513ff28dea73f4e215e13ea336f7c2caffe status: experimental description: Detects traffic or activity related to http://42.235.87.97:45914/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.87.97:45914/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:59968/i id: auto-74f7cf5eba8e47ec077cbe21a52e703f124993f64681806233effd3a60cd7cd5 status: experimental description: Detects traffic or activity related to http://110.37.37.232:59968/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:59968/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.230.170:50638/i id: auto-00c38ba84ff45b1ce65686fe637acab09d1e07caff3529baa69d3db393231981 status: experimental description: Detects traffic or activity related to http://125.43.230.170:50638/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.230.170:50638/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.120.182:41162/i id: auto-abe09cd7b3769c02362a7223a2f143f085c8ef8dec41a063467e66f07500d0d5 status: experimental description: Detects traffic or activity related to http://110.37.120.182:41162/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.120.182:41162/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.106.148:53350/bin.sh id: auto-9516bb2540a21f054059c8c40abde448a64fc9f1814918ad3df7c3ccdb671bfb status: experimental description: Detects traffic or activity related to http://110.37.106.148:53350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.106.148:53350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.19.51:44187/i id: auto-4933211804aabc8e583306bfd899d0bdda4b4937a132e6389ad1113cb9932a1d status: experimental description: Detects traffic or activity related to http://219.157.19.51:44187/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.19.51:44187/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.195.26.115:46295/.i id: auto-7bbbce324aad3060d5c81aaf7776df16e00b379d33ffcf3fe6443c3b94809190 status: experimental description: Detects traffic or activity related to http://175.195.26.115:46295/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.195.26.115:46295/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.209.143:33153/bin.sh id: auto-eb5c7b2e69cee3f4bbcddef1f7fdca9e2241a44da2b501f6cce072106fcf7bd3 status: experimental description: Detects traffic or activity related to http://115.50.209.143:33153/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.209.143:33153/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:59968/bin.sh id: auto-30c0116e2957764bfdfcbb010e6f5411cb4b0e1a21cec74dbc268b7546876544 status: experimental description: Detects traffic or activity related to http://110.37.37.232:59968/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:59968/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.230.170:50638/bin.sh id: auto-cffe91bc3c3e2ade2fde8fdb73d35d71acbb6075cb880238feb0c53689faffcc status: experimental description: Detects traffic or activity related to http://125.43.230.170:50638/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.230.170:50638/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.230.124:41697/i id: auto-b1a72c1bd87b4f76963c63900afdae98c3b6efb62000555ec3d4052ba2ea8b42 status: experimental description: Detects traffic or activity related to http://123.10.230.124:41697/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.230.124:41697/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.234:46153/i id: auto-20a92012268ce93392a0fc6108c2dabd6fc51ebd6069fc8b7a68c4ef49dec33d status: experimental description: Detects traffic or activity related to http://110.37.39.234:46153/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.234:46153/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.2.141:37146/i id: auto-7c93f7d6ec67b0d2e37e925f6ccaf11a8fcc6719f48ebf78dde89c30b595c7cb status: experimental description: Detects traffic or activity related to http://59.88.2.141:37146/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.2.141:37146/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.120.182:41162/bin.sh id: auto-48754633c90ead0e500042c4ddcbf5b9fefa6b2aa19a1a28a140eb1197865f73 status: experimental description: Detects traffic or activity related to http://110.37.120.182:41162/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.120.182:41162/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.132.94:47024/i id: auto-0bed97ee0267b702ebb447dca8ffda81a2ddcb5c12d60f4f04911ce5efc08701 status: experimental description: Detects traffic or activity related to http://42.56.132.94:47024/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.132.94:47024/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.103.97:46420/i id: auto-5adaf6c7f34b9864835bc2e02d04104e3fa1b48b9b4e5b44e979cc50cbba78c8 status: experimental description: Detects traffic or activity related to http://175.174.103.97:46420/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.103.97:46420/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.34.176:58254/i id: auto-315df9ea5b8ce7b6b7eb2c7d5f89c5b9175de74a8422e0a94ff1294e9f3bee87 status: experimental description: Detects traffic or activity related to http://117.244.34.176:58254/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.34.176:58254/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.9.148:60124/bin.sh id: auto-a6e574fbf1e87c1a664f8fbe24bd9710e0151444dfb274bb4c1827ae86122c4e status: experimental description: Detects traffic or activity related to http://42.179.9.148:60124/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.9.148:60124/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.191.152.243:50350/i id: auto-9112f1cc5e5de45228bef88bdd8694ad3a69c27fe4c85afd9813e19f18c96514 status: experimental description: Detects traffic or activity related to http://119.191.152.243:50350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.191.152.243:50350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.223.149:42082/i id: auto-60195852b9710f02810bc46b3f181a0fe7d4e6da4b9fcefffa283229531764c7 status: experimental description: Detects traffic or activity related to http://113.239.223.149:42082/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.223.149:42082/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.128:57978/bin.sh id: auto-a5a992e7ff425fe152f849fe3a33f234d458a53bc3631b02787b57622d19f71c status: experimental description: Detects traffic or activity related to http://110.37.97.128:57978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.128:57978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.230.124:41697/bin.sh id: auto-76c041bef29c02cfd35e1aec3e4f3d64e1ffaeb2dbc89a25ef9611913d0e5147 status: experimental description: Detects traffic or activity related to http://123.10.230.124:41697/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.230.124:41697/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.255.33:50375/Mozi.m id: auto-42ab43b1359c92833d307014e3cd95c70d81eb081358e027c3b83057369d3013 status: experimental description: Detects traffic or activity related to http://78.165.255.33:50375/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.255.33:50375/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.85.39:47897/bin.sh id: auto-16127ba3ac47fa1d2f1b2198f7d1e0622d56739db2bc015ff77be9d660fe8124 status: experimental description: Detects traffic or activity related to http://61.52.85.39:47897/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.85.39:47897/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.114.80:38742/i id: auto-7df5359129f1f59417f0722d6b8c9da8acba3f0aaf03dac52c818601f9913b9f status: experimental description: Detects traffic or activity related to http://27.207.114.80:38742/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.114.80:38742/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.34.176:58254/bin.sh id: auto-d3ee9ff966303a7cb79a38236c27ba29319ac68cb4d98ddf8f756c25cb70535d status: experimental description: Detects traffic or activity related to http://117.244.34.176:58254/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.34.176:58254/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.118.231:42140/i id: auto-1a35de3b44354546fd083b7c1f702772074d5cfbea8219599b1693dfdb1c939a status: experimental description: Detects traffic or activity related to http://182.121.118.231:42140/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.118.231:42140/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.235:52014/bin.sh id: auto-61a49d81fc99c53753e4702be0fd7cbe63dc3c57bd195c8b71e561681889d61d status: experimental description: Detects traffic or activity related to http://110.37.35.235:52014/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.235:52014/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.39.234:46153/bin.sh id: auto-f300225a3f9828205bd40b20bc6fc1c78397b7e434750b5266dc5ed7ee9ed556 status: experimental description: Detects traffic or activity related to http://110.37.39.234:46153/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.39.234:46153/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.87.97:45914/bin.sh id: auto-5fc3081a46c6f10878c783405d393a48849e6c6ea3f4d94fec95a2635e52e5b1 status: experimental description: Detects traffic or activity related to http://42.235.87.97:45914/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.87.97:45914/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.239.223.149:42082/bin.sh id: auto-d1c3c8e25711785f30a55836f29014f100fc60dd8454a8bd406dcae78fc2ff82 status: experimental description: Detects traffic or activity related to http://113.239.223.149:42082/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.239.223.149:42082/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.142.11:59423/i id: auto-ae015af8d66b843f884237c683c5d422b111b6df60cb5cdb755fcce60bd39047 status: experimental description: Detects traffic or activity related to http://42.239.142.11:59423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.142.11:59423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.87.8:35153/i id: auto-39bf541af47bc4ad38fcd0dd8058a76228f0acf33236a8a4d21d3836655cbf43 status: experimental description: Detects traffic or activity related to http://61.53.87.8:35153/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.87.8:35153/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.181.10:56090/i id: auto-f1284c2805b074947a898303f2d31621a16795f6dacca8a2dcb1a878629de790 status: experimental description: Detects traffic or activity related to http://222.137.181.10:56090/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.181.10:56090/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:42225/i id: auto-173ede4ac495f3fbb74505665d4ac382bfed7923d0bce69179c28a6188f71581 status: experimental description: Detects traffic or activity related to http://36.64.174.50:42225/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:42225/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.16.254:45423/i id: auto-879a4d69c50a7d3d4d414f8e3d7c8bb18da0d2bc31e1592d1ed9804db491d07b status: experimental description: Detects traffic or activity related to http://115.52.16.254:45423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.16.254:45423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.247.65.122:55754/Mozi.m id: auto-8ec1d7c43c299c956f0d5ca48f09d64aabd1ebb52f9dadf3928c3d81c7e1cb4b status: experimental description: Detects traffic or activity related to http://88.247.65.122:55754/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.247.65.122:55754/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.159:40847/i id: auto-9a2a4ef695bb05089944899dfa98295a1ae917ebe2690e7ee939761186be4ebe status: experimental description: Detects traffic or activity related to http://123.5.159.159:40847/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.159:40847/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.10.1:60505/i id: auto-a93008799e005dc81052891420cc98200a91d0c2d6f47fca2b4617cbc8cd5d33 status: experimental description: Detects traffic or activity related to http://123.11.10.1:60505/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.10.1:60505/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.168.139.180:35531/i id: auto-1e8e79d58d9a4fdba0735f31593fbda0e4d987d8e36ce14a71980d6407e9f050 status: experimental description: Detects traffic or activity related to http://61.168.139.180:35531/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.168.139.180:35531/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.115.120:32879/i id: auto-00d475aba83900ae23faf533bf41c08e474b1c01a6363a2c6fb572c7c67f4a7c status: experimental description: Detects traffic or activity related to http://115.55.115.120:32879/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.115.120:32879/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.230.87:35233/i id: auto-8ffb904a920dbd830b0a888392a1f8af3844c5de7c9cab5738eb64ec7ee82d5a status: experimental description: Detects traffic or activity related to http://115.55.230.87:35233/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.230.87:35233/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.54.223:38509/i id: auto-953756db58975cf5a523e4fd870c53e903f1bb7e9e4646ea31b2a97c13989993 status: experimental description: Detects traffic or activity related to http://219.156.54.223:38509/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.54.223:38509/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/abc/mips id: auto-5c42e880daa1b8dbdf6a4c989c2dc9f7e5bec7f314362c84c50f2c4b547a224d status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/abc/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/abc/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.64.66:56902/i id: auto-815174b5ba8599cfc86d760af3ecd467c22cb53f0c55a54636397752a43273a6 status: experimental description: Detects traffic or activity related to http://125.45.64.66:56902/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.64.66:56902/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://157.15.98.92/bot.arm7 id: auto-942c03411c73dc204cabc9e8f0b71a5d9e7a8aa776fbeb6ebbd8812080b2dd3e status: experimental description: Detects traffic or activity related to http://157.15.98.92/bot.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://157.15.98.92/bot.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.105.76.45:48190/bin.sh id: auto-f2e6dc35f4f96f4d09e1abd8387f7456e6e845ed91fa967842a5585ca8cbdc3a status: experimental description: Detects traffic or activity related to http://85.105.76.45:48190/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.105.76.45:48190/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.201.203:40937/i id: auto-a61943cd2ef54d174c58d5e9e61eed22418ce0c7a9056017c6c0c428c5789868 status: experimental description: Detects traffic or activity related to http://219.155.201.203:40937/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.201.203:40937/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.63.128:48514/i id: auto-2e6a848b22e6bdf8ddf16999ba741f44bd54fd617301a5f4019d71323e0eaa51 status: experimental description: Detects traffic or activity related to http://219.157.63.128:48514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.63.128:48514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.239.244:42207/i id: auto-d0fdf92bfc1ffb30cc826dbb7c6f0ae9bc8626b46cef3fd8e11e07c9305c7e7e status: experimental description: Detects traffic or activity related to http://115.59.239.244:42207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.239.244:42207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.64.237:58449/i id: auto-f72f481bd1aeb89a5569b9c4db7bfb7131226a91f5cc3fafaf1b29fa6c7eb074 status: experimental description: Detects traffic or activity related to http://59.89.64.237:58449/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.64.237:58449/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.239.96:32831/i id: auto-a08701c469e90e9d34e45402ec18d2462650b18e0bbc88e5f2b1b04687e94e97 status: experimental description: Detects traffic or activity related to http://182.122.239.96:32831/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.239.96:32831/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.250.248:40585/i id: auto-4d81ab69d6e489070cc8039190d34c8f449cdde2493ba13454ac76b83215772d status: experimental description: Detects traffic or activity related to http://182.119.250.248:40585/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.250.248:40585/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.152.12:41776/i id: auto-349c3ee03b11de70661685e21ee633836f9744914d77f0922a678c0b0369f205 status: experimental description: Detects traffic or activity related to http://182.115.152.12:41776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.152.12:41776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.244.75:43277/i id: auto-df6786d8f20d074afd3e16ee362322c63514f5161a0c9f765ed982076323f64c status: experimental description: Detects traffic or activity related to http://221.1.244.75:43277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.244.75:43277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.176.42:56651/i id: auto-7f638765d7017ba4e0414e9c3fdc9c0983680acdc751422f7e58440672ab532e status: experimental description: Detects traffic or activity related to http://42.239.176.42:56651/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.176.42:56651/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.118.231:42140/bin.sh id: auto-b4904cc02f6de589e1720b21c1b8a395820deb0d25900f48e90f54c187ef8ab0 status: experimental description: Detects traffic or activity related to http://182.121.118.231:42140/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.118.231:42140/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.103.97:46420/bin.sh id: auto-0980c438f9a8223f972103d0a50083c4b1c92246debdefa10cd0f8d94ac5afd7 status: experimental description: Detects traffic or activity related to http://175.174.103.97:46420/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.103.97:46420/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.0.66:38459/i id: auto-72ef06e7db0271ddaf1f9d1bfe05c73313178f751da77ba1861c9043bcbc3c20 status: experimental description: Detects traffic or activity related to http://106.57.0.66:38459/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.0.66:38459/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.104.64:57159/bin.sh id: auto-909e211d57a1d132ed8c10b29908d07db5971fbc0cb72d7575fa452df2c540e6 status: experimental description: Detects traffic or activity related to http://175.149.104.64:57159/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.104.64:57159/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.191.152.243:50350/bin.sh id: auto-06dc97508088d77e3932b54bc88aa7a838c389d53c534047e19b2525f3165b89 status: experimental description: Detects traffic or activity related to http://119.191.152.243:50350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.191.152.243:50350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.64.174.50:42225/bin.sh id: auto-591d67d79ff1d1b77eff78aa12dff16a2ed5eac25e652b2a08b1ee8c0da85423 status: experimental description: Detects traffic or activity related to http://36.64.174.50:42225/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.64.174.50:42225/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.247.65.122:55754/i id: auto-fcbc7dde8f240a57ec68d214209aad3d9cb15c6d850fe87dfbf705ab4e4623c4 status: experimental description: Detects traffic or activity related to http://88.247.65.122:55754/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.247.65.122:55754/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.152.12:41776/bin.sh id: auto-0dccb357a79d8c21a000d30c1886e6ce9476fd7f01e6e1f5263f28890f7cbc58 status: experimental description: Detects traffic or activity related to http://182.115.152.12:41776/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.152.12:41776/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.249.107.216:1668/.i id: auto-2a38802885eba0d96d8c12d0cf6b824507838f136fc421ec87cd5d6b90133cd9 status: experimental description: Detects traffic or activity related to http://14.249.107.216:1668/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.249.107.216:1668/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.176.42:56651/bin.sh id: auto-6c329ab213f58bb3a61df57ffbef61aea24a1807b13883e4ee96e03153f7db99 status: experimental description: Detects traffic or activity related to http://42.239.176.42:56651/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.176.42:56651/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.186.38:39997/bin.sh id: auto-153b1dc881b491dd2a7b3232c1dbb0863f4926ddc329a2f8f02b27285d3bd0a5 status: experimental description: Detects traffic or activity related to http://42.87.186.38:39997/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.186.38:39997/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.68.195:58561/bin.sh id: auto-8842fb96b3a3a97c08b003128eeca381227a760f298ffeca48cda4ac9db2fee4 status: experimental description: Detects traffic or activity related to http://110.37.68.195:58561/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.68.195:58561/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.247.65.122:55754/bin.sh id: auto-7af939efd970db153357be76f20f14381be298affc41860929bb2f5cafabe799 status: experimental description: Detects traffic or activity related to http://88.247.65.122:55754/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.247.65.122:55754/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://106.57.0.66:38459/bin.sh id: auto-5c961712fd8f0aeade6a12efbc779f2def5933b6ea5357b5f5aeb4e069c4a499 status: experimental description: Detects traffic or activity related to http://106.57.0.66:38459/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://106.57.0.66:38459/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.237.4:50094/i id: auto-c557882151f7c34cba11677e1b5bfd4deaff82873a921c089a8283b1a98eedd1 status: experimental description: Detects traffic or activity related to http://115.55.237.4:50094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.237.4:50094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.43.189:37787/i id: auto-999074ffdd3b0556dfc2d74384876dcb08ed8ad3f34fe7c0ac24def211821f32 status: experimental description: Detects traffic or activity related to http://110.37.43.189:37787/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.43.189:37787/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.239.244:42207/bin.sh id: auto-558e74105b1e321df1c50536f089c51eb820449df98428211ed844c9aebd3ab8 status: experimental description: Detects traffic or activity related to http://115.59.239.244:42207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.239.244:42207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.16:49073/i id: auto-87bf70b2871691c43646fb194abbca82eeb26615d3e3e93db1268f8e2bedd1d6 status: experimental description: Detects traffic or activity related to http://110.39.246.16:49073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.16:49073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.32.17:51875/i id: auto-0cf8439d0c6fb5b6d78eea32026bfa29d8dfd1851d788383f3dd05365d914ca1 status: experimental description: Detects traffic or activity related to http://182.116.32.17:51875/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.32.17:51875/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.2.242:44230/i id: auto-367e5eaf7ca52ff0d94c2189102bf7274cd9ee3731e28b7c912cc2798aa9ac84 status: experimental description: Detects traffic or activity related to http://42.224.2.242:44230/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.2.242:44230/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.13.220.246:51415/i id: auto-c12cdf269bbcf35ad5e1620fffdeac212f89d8e6644e6f2385619bd855039b70 status: experimental description: Detects traffic or activity related to http://221.13.220.246:51415/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.13.220.246:51415/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.arm7 id: auto-25cde33a472930dc41a3c898bd890dd1f7a4edb7ad22785bfc4bd05dfdacfd34 status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.sh4 id: auto-f021afd5e6afa194920d68ee283bae77d873dc2b39838bbc202994f840c89a9a status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.arm6 id: auto-b09ca13aab2dedf06c7592bdca7191d64a36f9ca171360689bc429ea8a3959ee status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.mips id: auto-f72d8f0eb827dd7dd12457a083f248963172b428d6529370c789c977ceb43eaf status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.mpsl id: auto-7602e059cea1c90a995cf04cafb9e2b1b8ec911da1dd18a68561e51ceb93a05d status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.x86_64 id: auto-f7ef790f2e05819c2fd6a7997d68cc6e6a8a3d6bfc7179ff7305df21e561cc6d status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.m68k id: auto-81feaf966350555163172a5a9c0729f23034104e0d3a72d985b3263278cbb1f1 status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.ppc id: auto-947ac86a699ea921ba27e5cd0d5b707cc318cdf02451ebe7294414d4afb85c84 status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.arc id: auto-ee29e8fa599ee65afd755ce6c6eface4dc66caacbc3dcb9c6ca30adf7797ecb0 status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.arm5 id: auto-c5df4a8e69f0ab4343a526bae092be368a3258432bd7d020d37ddad49d385e0c status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.arm id: auto-2ea26b588377cbd0d78b222f1a432ea07f4a22fffc0475620d45617a6693ea64 status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.x86 id: auto-0e1051e5a08c8c85491f83ba42c61f33dff42ef43ef64a526ab137df7057b0f3 status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_i686 id: auto-ff85e2cc26a428d4a2788ad00e03777fe25cce28b6a1ca9fa574726f82373d7d status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.i468 id: auto-f07ec6c08abf03557886b5b264eec4e17ac2c46f93f381ecb3c35d524b9b665d status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_arc id: auto-9dcdcda3926fdd5aa4d5119e98a9fdd409ae2cfb2559851c2110e1e06442f2e3 status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_spc id: auto-863e7fd947c749774e805ef43139eba2caf8b54f30e9268e2709da17caab7b6b status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_i468 id: auto-44305528ec6db82d085f31b50df579beaf0737bce9123ea2ef045598dac98d66 status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.spc id: auto-f60906517284d368c22f84c2192d27aeceec4098b365c1bd0da2b8086c97e3bf status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/denegadito/yamaha.i686 id: auto-0b6ca085eb42d7b882daf9cc2739d9e41dbcc2a6b8b58801a67e06f75f2c850c status: experimental description: Detects traffic or activity related to http://50.6.248.160/denegadito/yamaha.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/denegadito/yamaha.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.255.247:44496/i id: auto-0fca6003a0ce4cec08bcac3dcdcb2c8b353054b55d13533eb2c3a3eb87e5026e status: experimental description: Detects traffic or activity related to http://110.39.255.247:44496/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.255.247:44496/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.16:49073/bin.sh id: auto-aa5577e01e124d781d38b333c1cb8864d761df44c02991c5b4d4f15aa142845a status: experimental description: Detects traffic or activity related to http://110.39.246.16:49073/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.16:49073/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.32.17:51875/bin.sh id: auto-05613fa380e46da2b93909a3687afbd2b1a3a2ce4688751dfea5df9f04cecff9 status: experimental description: Detects traffic or activity related to http://182.116.32.17:51875/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.32.17:51875/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.43.156:44503/bin.sh id: auto-d015f9d367e4f11269aeed7ccfd655b70b30f3463a6abb3a4edab751dd3ac40b status: experimental description: Detects traffic or activity related to http://42.230.43.156:44503/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.43.156:44503/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.237.4:50094/bin.sh id: auto-9fd3f6ee625c491c56d17517ac73aaeb2d864049d824a984fd6a0156caaa816d status: experimental description: Detects traffic or activity related to http://115.55.237.4:50094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.237.4:50094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.hotelrhousecuscoperu.com/maishywuqoskfa.zip id: auto-ccfa76fca0e43013e0673ec43d3fe788fe0b6b89111dbffa3e549cac3991e4b4 status: experimental description: Detects traffic or activity related to https://www.hotelrhousecuscoperu.com/maishywuqoskfa.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.hotelrhousecuscoperu.com/maishywuqoskfa.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://50.6.248.160/9xs2.sh id: auto-fe3b42406c27f6b94892f22b96541b85bcde8a743bf7e0cf8038947c92a8c57e status: experimental description: Detects traffic or activity related to http://50.6.248.160/9xs2.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://50.6.248.160/9xs2.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8278288380/cmklP8o.exe id: auto-81b8afb943a89c0f134ee24092dbfdff5d09bfc00891a6017dccb24cc97095c0 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8278288380/cmklP8o.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8278288380/cmklP8o.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://latinashosting.com/kla.sh id: auto-b1221752c49f7afae7db9185ae43a9f7974ceb051212c61efcfc982720451fe7 status: experimental description: Detects traffic or activity related to http://latinashosting.com/kla.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://latinashosting.com/kla.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://latinashosting.com/pay id: auto-901fff7d01c27fe15414316e0e053d650a1373dcfefae020b9cac48466993ac2 status: experimental description: Detects traffic or activity related to http://latinashosting.com/pay which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://latinashosting.com/pay*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://latinashosting.com/yarn id: auto-e17c591674cee61c26ccea79ca211c3f4fee1906ac6dfb934a7a249cd4d980b6 status: experimental description: Detects traffic or activity related to http://latinashosting.com/yarn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://latinashosting.com/yarn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://latinashosting.com/bin id: auto-a7ea5f32f127c001f6210a0e225475e6675d1ac1ef5978b0b2a3bb3912769d9f status: experimental description: Detects traffic or activity related to http://latinashosting.com/bin which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://latinashosting.com/bin*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.255.247:44496/bin.sh id: auto-2ed3947be749d536ed07ce9d718786ac764cb9fb88008f531d46e64bd87bc367 status: experimental description: Detects traffic or activity related to http://110.39.255.247:44496/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.255.247:44496/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.165.208:53983/i id: auto-5f3ee61bba4ea45fccad232308452b95e60a82f0928321e2c98cfb1f0b85ef65 status: experimental description: Detects traffic or activity related to http://113.229.165.208:53983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.165.208:53983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:37367/i id: auto-fe255f17f880a436d00bc0948166f8f80e877ce4841ea9f289b0ce570d3b0ea9 status: experimental description: Detects traffic or activity related to http://168.195.7.106:37367/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:37367/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.3.140.68:58356/bin.sh id: auto-b6341c0d7b51aa344d421f46970497ab387cc3606bbd08743d45f9d80a2e13ab status: experimental description: Detects traffic or activity related to http://61.3.140.68:58356/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.3.140.68:58356/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.20:42124/bin.sh id: auto-dfdfcbbe9b8063841cc7bea82c611e1aedd5583b4fe306fcac651f3dd48cf2e1 status: experimental description: Detects traffic or activity related to http://59.96.143.20:42124/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.20:42124/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.77.22:37106/i id: auto-fcb4235e79dd2104c3d7c23f5efc6846cb3ee55aca73f9bc16587ed0565131f2 status: experimental description: Detects traffic or activity related to http://182.117.77.22:37106/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.77.22:37106/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.215:47881/i id: auto-98e5f45fb7dd6fe7d670a6be32631485e5a067a7442895fbcd119e33c9e3d434 status: experimental description: Detects traffic or activity related to http://110.37.11.215:47881/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.215:47881/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.8.214:33638/bin.sh id: auto-b0e56a352b93a1b462dc8c8b7d54e53d39002f53a03ce1f68df774ffc74cc201 status: experimental description: Detects traffic or activity related to http://110.37.8.214:33638/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.8.214:33638/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.229.165.208:53983/bin.sh id: auto-5166c0f5639ecdd2514d22d4e1a7b643ea1a60a9f8b89af1119724a0308cd83b status: experimental description: Detects traffic or activity related to http://113.229.165.208:53983/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.229.165.208:53983/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.82.1:48145/i id: auto-7342551e3b8e1617408c312b85ccddeb46322c55a3d5528c3409c346654cefc0 status: experimental description: Detects traffic or activity related to http://125.43.82.1:48145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.82.1:48145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.107.241:53650/i id: auto-a14d18ce88bb1f279195de1f7055e79ac68342d2527cd872f7de34dc6dd220d6 status: experimental description: Detects traffic or activity related to http://182.121.107.241:53650/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.107.241:53650/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.106:37367/bin.sh id: auto-249313ae25d20ffa95431e63f7c31163ff55fa7b6cc61be7bff8f3f42f3e99ae status: experimental description: Detects traffic or activity related to http://168.195.7.106:37367/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.106:37367/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.109.21.102:54356/bin.sh id: auto-bddb624fccda7404a0c6440c030c1e07f7a44912a19348fdceb57e46ac9d50fd status: experimental description: Detects traffic or activity related to http://41.109.21.102:54356/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.109.21.102:54356/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.255.101:46746/i id: auto-9199293e9a8218fde082db3592371a7ed07f39931379469383107da164f7a533 status: experimental description: Detects traffic or activity related to http://110.39.255.101:46746/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.255.101:46746/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.77.22:37106/bin.sh id: auto-b4c4e3353a78dd0b733756d9904521ff4218ce57ce75d6c596e33bdbae14d5cf status: experimental description: Detects traffic or activity related to http://182.117.77.22:37106/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.77.22:37106/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.136.152:35260/bin.sh id: auto-83632d5284fa69e6b81d97037e57fa513b4616a5eabb6ccd183c1c27b12a133c status: experimental description: Detects traffic or activity related to http://59.96.136.152:35260/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.136.152:35260/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.137.127:46706/i id: auto-7e2ded6a7d1bd3f024c615a6dec386dafa400cec85d07206e76401bdfbee46b6 status: experimental description: Detects traffic or activity related to http://125.40.137.127:46706/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.137.127:46706/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.181.175:49933/i id: auto-ec311359728f522a1cd9e508d87798e9757c8dce2841c3130872537b64b079f2 status: experimental description: Detects traffic or activity related to http://42.235.181.175:49933/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.181.175:49933/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.137.127:46706/bin.sh id: auto-6edc6c1a450e3f07a331bf0b87868a28dce50888678d06f4edbe1599bca1b146 status: experimental description: Detects traffic or activity related to http://125.40.137.127:46706/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.137.127:46706/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.181.175:49933/bin.sh id: auto-0296495e968cd3a2895330276988cf00d38c9a61f89393659104b7516b52da7d status: experimental description: Detects traffic or activity related to http://42.235.181.175:49933/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.181.175:49933/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.14.88:44940/i id: auto-b0217ca9e9bf1c93666ea51d58b0f5140e3a0f9ef5c850bddd6aff999c566c07 status: experimental description: Detects traffic or activity related to http://61.52.14.88:44940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.14.88:44940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.255.101:46746/bin.sh id: auto-1b65e606b0dd3943777f38f4d0a5888f81c868851fc7696116ce80c53eb4d4aa status: experimental description: Detects traffic or activity related to http://110.39.255.101:46746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.255.101:46746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.215:47881/bin.sh id: auto-5748269464da3831b3f6914b6a83eb7e2d0ab0c9b23d5c19a2c59c1bfbba21cd status: experimental description: Detects traffic or activity related to http://110.37.11.215:47881/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.215:47881/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.46:53892/i id: auto-4f46c64dbdd6f56fb200e820ff882e995d09421bb3ff267003a156a53a4f4455 status: experimental description: Detects traffic or activity related to http://219.156.62.46:53892/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.46:53892/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.75.187:48744/i id: auto-fc18d18dfb939328b6c1e5aa79653e393364017889f421b72f2620688d65e018 status: experimental description: Detects traffic or activity related to http://125.47.75.187:48744/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.75.187:48744/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.6.184.94:53544/bin.sh id: auto-4543feb394b05107a763275e423005ca23f2dae56fcb12b9f76a313f8eab97b6 status: experimental description: Detects traffic or activity related to http://42.6.184.94:53544/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.6.184.94:53544/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.19.41:39583/bin.sh id: auto-58007ff783b3d7195a60747888f0da1fd2f2f17942b3c0fba75b89c9c255a20f status: experimental description: Detects traffic or activity related to http://117.198.19.41:39583/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.19.41:39583/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/armv7l id: auto-c85f2ce845aaf41bea4be909eb223f19cb619763bdcf2be3be88e157de6dfa43 status: experimental description: Detects traffic or activity related to http://45.156.87.201/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/x86_64 id: auto-f7cf50a756ccff3542fe87eb2b544489b6a36a69b0c445f341b9f3a810f0c0e2 status: experimental description: Detects traffic or activity related to http://45.156.87.201/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/armv5l id: auto-e38da4fe970d146b9f0a050b29814c91f84038a9271aead5868136dd9795a9b7 status: experimental description: Detects traffic or activity related to http://45.156.87.201/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/mips id: auto-684479c02b508d4461aaaf63e7dfc473d34ba03c15b205566a1138f162ad9334 status: experimental description: Detects traffic or activity related to http://45.156.87.201/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/m68k id: auto-22d122c73ad7a2e053af8c7550b242883fe54a2e2f4d72c0476d94abf8155be2 status: experimental description: Detects traffic or activity related to http://45.156.87.201/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/i686 id: auto-497c2df3e8ea9e41e61410271d07fba30299fd7c1bac01c19031888482e8b5bd status: experimental description: Detects traffic or activity related to http://45.156.87.201/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/mipsel id: auto-ce11b7e41705e86d27b6e9eaab2bfb19ca79e2e4fea01540f5568c472282a9d4 status: experimental description: Detects traffic or activity related to http://45.156.87.201/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/sh4 id: auto-abe857e07be95018357faf6807a4b54d7fdbd7941da4d24ad62767423ef9a0e9 status: experimental description: Detects traffic or activity related to http://45.156.87.201/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.14.88:44940/bin.sh id: auto-f1e0b81850061b44d0b7a64876e95964e9007d14b60e5d2b61ebd5541e8ac762 status: experimental description: Detects traffic or activity related to http://61.52.14.88:44940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.14.88:44940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/armv6l id: auto-e3aa98359c6f7375de1dae5d0c044523bea461bd4c812f04dc9d00a2b9ee4c33 status: experimental description: Detects traffic or activity related to http://45.156.87.201/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/powerpc id: auto-dd71f40a9f69b3c8dbcf8728cf0ef9be8063440c0ab4dc524e48734102eaefbc status: experimental description: Detects traffic or activity related to http://45.156.87.201/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/armv4l id: auto-e9c21ea9c5440700848fadf645b4b6b3591d4f6c7141a3a4c2f2fd56b2ef00e4 status: experimental description: Detects traffic or activity related to http://45.156.87.201/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.201/i586 id: auto-42df0b31f7768cf27f494fbb843829157bf4d47f88f22318c5157edb5b732f74 status: experimental description: Detects traffic or activity related to http://45.156.87.201/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.201/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.79.168:42337/bin.sh id: auto-e9ec50061eace0517b890fe8e9e8524e51259a05f1071a1f94495e807f688f0e status: experimental description: Detects traffic or activity related to http://42.224.79.168:42337/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.79.168:42337/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.110.247:40812/bin.sh id: auto-12a941bf706270b2cb89e68215761c97988e5a697b7dc24a3762e4e2fa1e4041 status: experimental description: Detects traffic or activity related to http://117.235.110.247:40812/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.110.247:40812/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.8.203:45372/bin.sh id: auto-b53c2aa9a95db32a5609883653d2d5953d686e9b8ee347545ee555c8bf80e0fc status: experimental description: Detects traffic or activity related to http://115.55.8.203:45372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.8.203:45372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.200.147:58011/i id: auto-6aa8f07a88776193066b825b612401fbc45fd561b7ba1245324b739b1680fe9c status: experimental description: Detects traffic or activity related to http://42.227.200.147:58011/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.200.147:58011/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.75.187:48744/bin.sh id: auto-51d4191e8046bf2cf8b560e062a8b4849dc31cf09b2c5c904528a316fb0474b7 status: experimental description: Detects traffic or activity related to http://125.47.75.187:48744/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.75.187:48744/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.117.222:57510/i id: auto-8aedae63912189aa1eeb5c9fb8c9b319d48f6d913c8637b48ffa54cad8de8878 status: experimental description: Detects traffic or activity related to http://61.53.117.222:57510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.117.222:57510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.71.252:57908/i id: auto-dd5aaf54374bf27935c01d63221795c04a5aff97f4543234eac994bf73557c86 status: experimental description: Detects traffic or activity related to http://59.89.71.252:57908/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.71.252:57908/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.62.46:53892/bin.sh id: auto-08316f67c803bcd48d82ee4efc95c83a8be0747687d60ce5dc24ecdc17b5346c status: experimental description: Detects traffic or activity related to http://219.156.62.46:53892/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.62.46:53892/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.117.222:57510/bin.sh id: auto-c621bf719e7f0a95eec6845446168450c8fdc902071ae047582ff215c7b43aa5 status: experimental description: Detects traffic or activity related to http://61.53.117.222:57510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.117.222:57510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.210.50:59714/i id: auto-13e58e9f84b88ac353c3077826c9a162f9b9fce99c1760ff3ea796d0e3c998cf status: experimental description: Detects traffic or activity related to http://219.155.210.50:59714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.210.50:59714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.169.129:46520/bin.sh id: auto-265daab931347965828492c4f5fa004ac243ae31f4844cd9ca33a15fe92da542 status: experimental description: Detects traffic or activity related to http://116.139.169.129:46520/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.169.129:46520/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.171.224:45248/i id: auto-3c54f644589be7db9db7d5f758e1e626ad542996eb6f4b319e0a50b14a15f51a status: experimental description: Detects traffic or activity related to http://37.52.171.224:45248/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.171.224:45248/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.79.49:53058/i id: auto-a0b02a90a0db1a92bc6e6dc24ebf745f61c345ace003a0c8545678e5bf977c93 status: experimental description: Detects traffic or activity related to http://42.239.79.49:53058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.79.49:53058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.165.22:36739/i id: auto-12f2d51807b2f2185e9a28a1adeddd91143a7b950ab20eeb8178716a3e5a03c4 status: experimental description: Detects traffic or activity related to http://182.121.165.22:36739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.165.22:36739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.139.208:56802/bin.sh id: auto-82634788f0dcffee0e8017ba149090b22f7eb88febd177b6782327018822b9e8 status: experimental description: Detects traffic or activity related to http://125.41.139.208:56802/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.139.208:56802/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.47.149:33977/i id: auto-cfb4f7eac04eae2c17cbe5d9b5ca5a05f2c04ff4cb70a15114745dfdc20034aa status: experimental description: Detects traffic or activity related to http://123.13.47.149:33977/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.47.149:33977/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.75.24:33966/bin.sh id: auto-6ae0d15f5728fa1bcc40910eacef6e1af3dd89e2f8b08206cf03b4f17f9c9968 status: experimental description: Detects traffic or activity related to http://222.141.75.24:33966/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.75.24:33966/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.71.252:57908/bin.sh id: auto-ece5ecdd3deba3306613580ddc71af9371f270ba1505b8c435d6d8aadd12df7e status: experimental description: Detects traffic or activity related to http://59.89.71.252:57908/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.71.252:57908/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.43.60:39201/bin.sh id: auto-ebba86061f3e63820f89ba9685004d26ef7fda62fcb740b15a42298f1a633f4a status: experimental description: Detects traffic or activity related to http://123.8.43.60:39201/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.43.60:39201/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.52.171.224:45248/bin.sh id: auto-da34e1497ae5031805a9619f1d379bd07e8d8b101b8be3c86353a48465002fe9 status: experimental description: Detects traffic or activity related to http://37.52.171.224:45248/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.52.171.224:45248/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.79.49:53058/bin.sh id: auto-84516f2024c75c26b10a7b43aebdccd9a3f39ce99b042063f8eec598e3debb0a status: experimental description: Detects traffic or activity related to http://42.239.79.49:53058/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.79.49:53058/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.252.183:53491/bin.sh id: auto-3f55358e34ff27f399b5ed34f91f7ecae2567985214f878645076e067fda8748 status: experimental description: Detects traffic or activity related to http://42.239.252.183:53491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.252.183:53491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.165.22:36739/bin.sh id: auto-9f78435da89cb8b92381020cab76bde6861106376d2bb6d892daea3826a44525 status: experimental description: Detects traffic or activity related to http://182.121.165.22:36739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.165.22:36739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.23.111:46852/bin.sh id: auto-fec3972cf8adcc37bea92996ae45cfed579fce16226b40a3049070d96a01b387 status: experimental description: Detects traffic or activity related to http://117.198.23.111:46852/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.23.111:46852/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.47.149:33977/bin.sh id: auto-57a078e9506545f157c7aeffb557e90d00579e0114e58970f28fb3324012adc3 status: experimental description: Detects traffic or activity related to http://123.13.47.149:33977/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.47.149:33977/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.239.253:44871/i id: auto-e2db9048c361033ad0de55a7776972bc30ccef919b0aebe9d54457b169f1be69 status: experimental description: Detects traffic or activity related to http://182.112.239.253:44871/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.239.253:44871/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.34.179:38284/bin.sh id: auto-be1dc9fcc253b6adbbee13730ea17aa919173729731307f84c8d6424575994b2 status: experimental description: Detects traffic or activity related to http://110.37.34.179:38284/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.34.179:38284/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.239.253:44871/bin.sh id: auto-d6154c6a93c0a36961d0a0ad0c86b67892aeff5478bb5d2c4af8e0222efb8ba4 status: experimental description: Detects traffic or activity related to http://182.112.239.253:44871/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.239.253:44871/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.1.244.75:43277/bin.sh id: auto-038ae0c702c07cff396f89e8d37f4273e36a17e4d5bdf051be2f933f65f0b7d4 status: experimental description: Detects traffic or activity related to http://221.1.244.75:43277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.1.244.75:43277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.146.195:44687/bin.sh id: auto-c204dc645b98d6c8568c0f8eba19278c58b82bd6f6dc2ff5ac97c4ca029ba723 status: experimental description: Detects traffic or activity related to http://125.43.146.195:44687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.146.195:44687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.28.218:50470/i id: auto-8a73c769ca70719c07096d8f261fcf6f069b98c56b99dc88d059a416ba70cffb status: experimental description: Detects traffic or activity related to http://42.57.28.218:50470/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.28.218:50470/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.89.12.128:47781/bin.sh id: auto-eee1ca7bff81f59847ed883da673da82085c32795f5a8705b111b52fcf5e2912 status: experimental description: Detects traffic or activity related to http://59.89.12.128:47781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.89.12.128:47781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.6.104:38145/i id: auto-d4068ef41f90ed8a744075d8546ccc3a8ac471b4ecc7a2efea352d66bfeba024 status: experimental description: Detects traffic or activity related to http://182.119.6.104:38145/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.6.104:38145/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.194.227.46:40323/i id: auto-1a30f5d8d2d1e61ac3f6f57a44a8f3bb9a665ef180942ce8a7370ef82c08a27b status: experimental description: Detects traffic or activity related to http://72.194.227.46:40323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.194.227.46:40323/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.74.148:54318/i id: auto-a353a96cdf0b816dc6cffbc0bebe12ac77f2340c8f4c1bc04276a5fb626a794d status: experimental description: Detects traffic or activity related to http://123.13.74.148:54318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.74.148:54318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.142.88:45587/bin.sh id: auto-a28fbb42ffb9a4a3125dbc7306a7927894fa8f2952fbcea57f4cf9fcb3335607 status: experimental description: Detects traffic or activity related to http://59.96.142.88:45587/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.142.88:45587/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.74.148:54318/bin.sh id: auto-b04e0943b26d22a5dfee6f34ee22c0fb1884cd66ca37cdbd762bb0c413d3875b status: experimental description: Detects traffic or activity related to http://123.13.74.148:54318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.74.148:54318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.166.187:49540/bin.sh id: auto-0b11e8ef238cb579224059654c420775f2b1b87eeafa7f2c99d0a5ab3bb3f2dd status: experimental description: Detects traffic or activity related to http://175.146.166.187:49540/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.166.187:49540/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://72.194.227.46:40323/bin.sh id: auto-6b7d98f3b919d35fb4ca4b891974538b511e8a751345d4e79ea2c76924144559 status: experimental description: Detects traffic or activity related to http://72.194.227.46:40323/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://72.194.227.46:40323/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.19.41:42611/i id: auto-c4cb651a7c75df3c9d00a3df0edd7377f794986e5b43d00bd0589bb91083fe2e status: experimental description: Detects traffic or activity related to http://219.157.19.41:42611/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.19.41:42611/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.179.227:51490/i id: auto-55a25798b6b87c134bd79399457f34c9006ab54dbf6cb5c3b0f2af520f1fc0bf status: experimental description: Detects traffic or activity related to http://42.7.179.227:51490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.179.227:51490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.186.207:42601/i id: auto-dcb6bae287c4534a401c52b04964d3ff23b639260f0074640b3d4e35d32f2e09 status: experimental description: Detects traffic or activity related to http://219.154.186.207:42601/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.186.207:42601/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.215.0:46003/i id: auto-cdd90acbc79597f475786b02d0f253dacee13b68cb0668921b97e65e84c6d01a status: experimental description: Detects traffic or activity related to http://119.179.215.0:46003/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.215.0:46003/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.29.98:35970/i id: auto-6fd879fcb41aaf761208b2f6bbf7e3ca575939da4cb00f6180b873c1f45c2640 status: experimental description: Detects traffic or activity related to http://182.113.29.98:35970/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.29.98:35970/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.42:37239/i id: auto-5e5205daab43ba9bf8cc31fdf80b75e7c7977bab741cd017a3a313d3b5fb3382 status: experimental description: Detects traffic or activity related to http://200.59.83.42:37239/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.42:37239/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.147.249.118:54526/i id: auto-00dc2322d2189925d22bf4ea7bd99d67f85a08f745af0574fbeaaaf2576cfed5 status: experimental description: Detects traffic or activity related to http://175.147.249.118:54526/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.147.249.118:54526/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.30.71.238:44982/i id: auto-5d3c03ed82fae17e8405cf4d3845a4711768e8ff7aa5d1a11fd2483769459be4 status: experimental description: Detects traffic or activity related to http://175.30.71.238:44982/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.30.71.238:44982/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.1.221.41:59256/bin.sh id: auto-ba5200186964cd2476f31ceb682adda48858f1e6c40b4a65960ef0ce7dccf540 status: experimental description: Detects traffic or activity related to http://61.1.221.41:59256/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.1.221.41:59256/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.27.75:51064/i id: auto-c275abb44d8f9c64e5bea1e22b5685be428da0e354152316f1d49f2c73ce3fde status: experimental description: Detects traffic or activity related to http://117.248.27.75:51064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.27.75:51064/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.215.0:46003/bin.sh id: auto-156dc5be9218875a3c5b54268b599da252c9acd958520aa29d4142d0cd95fbac status: experimental description: Detects traffic or activity related to http://119.179.215.0:46003/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.215.0:46003/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.37.237:51286/i id: auto-01c8f7447f26c28550a1b15b51cc9aefe2d443bf3976665b663e46c6a9260d95 status: experimental description: Detects traffic or activity related to http://61.52.37.237:51286/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.37.237:51286/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.83.117:37596/i id: auto-24036c55f3173c6dbf2a505895d5a8a7b72d52cd56e510bda208ba1bd0c93100 status: experimental description: Detects traffic or activity related to http://27.37.83.117:37596/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.83.117:37596/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.154.186.207:42601/bin.sh id: auto-de7362f8657520563213f250d980f59064b2e41c697d7bc40fbdb2a20cdecf1b status: experimental description: Detects traffic or activity related to http://219.154.186.207:42601/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.154.186.207:42601/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.129.134:51197/i id: auto-32b2cfec6b3d20a316e5c86fbe23f34df23b51e99174d65644b0982e65e03d09 status: experimental description: Detects traffic or activity related to http://123.5.129.134:51197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.129.134:51197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.234.177:39417/i id: auto-03a753a0242461fc6b554010b3d7b8862aa9dbc1e4c7a9cdee710ad34a8a3be3 status: experimental description: Detects traffic or activity related to http://42.234.234.177:39417/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.234.177:39417/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.30.71.238:44982/bin.sh id: auto-310133ae5680be2f4ac7233c23154443e91689ef3d111acf40512637327fc17e status: experimental description: Detects traffic or activity related to http://175.30.71.238:44982/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.30.71.238:44982/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.29.98:35970/bin.sh id: auto-4808f78fe176273ac0568508b5786ad0a7947cad9583cc6307c7c586dc0ad1af status: experimental description: Detects traffic or activity related to http://182.113.29.98:35970/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.29.98:35970/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.233.41:47018/i id: auto-3113bd8d3677a64aa4c16ea5d98c75ae5bbf9ffecd1d6e3c98e0dc34730482c4 status: experimental description: Detects traffic or activity related to http://110.39.233.41:47018/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.233.41:47018/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.111.122:38949/i id: auto-6f693acf250e260fe3f119ed0c6468142b37543a3de778511f8774446c3136dd status: experimental description: Detects traffic or activity related to http://110.37.111.122:38949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.111.122:38949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.97.128:57978/i id: auto-92913daa77f6f15357b03c6081d62b1c4f863701b06e49195b7c30db5de08984 status: experimental description: Detects traffic or activity related to http://110.37.97.128:57978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.97.128:57978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.27.75:51064/bin.sh id: auto-ad482db25b6b32f574dbe993a8e89fbc654e273f55f8dd4f7b8bafe4ac7430fb status: experimental description: Detects traffic or activity related to http://117.248.27.75:51064/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.27.75:51064/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.19.41:42611/bin.sh id: auto-399697aa78256ce28ef96b92d0cecf5cbf03678596ac94876b2166ab708cabfb status: experimental description: Detects traffic or activity related to http://219.157.19.41:42611/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.19.41:42611/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.0.111:59466/bin.sh id: auto-1f8f941e0cda1a79db16c802521358753c495c4aca3293877555686b6f782401 status: experimental description: Detects traffic or activity related to http://117.206.0.111:59466/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.0.111:59466/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.129.134:51197/bin.sh id: auto-6031c09e353dccd697628b00c37822d1f5f901825ad4f55eee253f5d6eaf87fd status: experimental description: Detects traffic or activity related to http://123.5.129.134:51197/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.129.134:51197/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.48.96:40901/bin.sh id: auto-c954f7c4b5abdffed0bd0000374562a14f97374e238b6233b064abb2e8a9d34a status: experimental description: Detects traffic or activity related to http://125.44.48.96:40901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.48.96:40901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.20.162:54486/bin.sh id: auto-f02cb9f0f72aa70e3ccce8d4eea2db3d50ee83f053460dd14a6faaf77ef9a563 status: experimental description: Detects traffic or activity related to http://117.209.20.162:54486/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.20.162:54486/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1660276343/wi6NLkw.exe id: auto-e8bf691bbfef7684f7cf642c84b39896d378e79e468cf174f4b1ea628a4968f8 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1660276343/wi6NLkw.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1660276343/wi6NLkw.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.116.23:49295/bin.sh id: auto-14d165e3d5ae9f5df78b770e1a6f4bf01a628911edb4e14b55a5c0a25c031817 status: experimental description: Detects traffic or activity related to http://222.138.116.23:49295/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.116.23:49295/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.127.198:52098/i id: auto-797dd565301e82374b327d3170f7c1054018e97a4ddc3809337bc9a2a3b328ae status: experimental description: Detects traffic or activity related to http://115.58.127.198:52098/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.127.198:52098/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.181.16:43065/i id: auto-ef1fd064d5e8beb1df7dc256eac6fef7065a4c2aaa75ab0e231d8fb2029d6dd4 status: experimental description: Detects traffic or activity related to http://115.63.181.16:43065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.181.16:43065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.234.177:39417/bin.sh id: auto-0e777b160284e3f356e8518e19db7927a827998b5951fdc1d9a65cc7ed582876 status: experimental description: Detects traffic or activity related to http://42.234.234.177:39417/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.234.177:39417/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.115.202:41216/i id: auto-3993abb57843cb765e1542c4b19ae2949a15ce93bcc4d544cfd0e5c42313028e status: experimental description: Detects traffic or activity related to http://123.13.115.202:41216/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.115.202:41216/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.233.41:47018/bin.sh id: auto-364720a17cf5314ea6e0a0dcfaa9b1327592f209b358a14d22e7450bdac62e85 status: experimental description: Detects traffic or activity related to http://110.39.233.41:47018/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.233.41:47018/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.160.86:52104/i id: auto-e6cbd603f2cdc4b6056ba946fa5b124628cf639858d46ea8c27239360e744f42 status: experimental description: Detects traffic or activity related to http://117.196.160.86:52104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.160.86:52104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.100.183:58644/i id: auto-5bfce9a7ecaaa6b64749bca5a37bd94ce2a30f1bdc538e7003e582abb145dfee status: experimental description: Detects traffic or activity related to http://113.237.100.183:58644/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.100.183:58644/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.136.164:33370/bin.sh id: auto-90505cab11770241f7ec9de134eb502fdd0f6b2fcdab1d086fe6335c4c914bf8 status: experimental description: Detects traffic or activity related to http://182.112.136.164:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.136.164:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.19:56546/i id: auto-ebffcaf180ef9770053ac9488be9b0742a5192b5d4b14ffcce131f2ab37d38cd status: experimental description: Detects traffic or activity related to http://110.37.53.19:56546/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.19:56546/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.115.202:41216/bin.sh id: auto-e93fae8b65e664b5c85dfe834d1254075867ca4c403246db2c4789650e989fdf status: experimental description: Detects traffic or activity related to http://123.13.115.202:41216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.115.202:41216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.56.147:36190/i id: auto-c43cdac7ff88d251482f7d182751a47b3451edf6cf42a8ef661717fa83f2da92 status: experimental description: Detects traffic or activity related to http://60.18.56.147:36190/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.56.147:36190/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.192.33:49392/i id: auto-5b98856ba23ba07757d60a86727ff2bfdb869c4f6d4f1fcc5c5f74df655a10f9 status: experimental description: Detects traffic or activity related to http://176.226.192.33:49392/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.192.33:49392/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.99.169:34604/i id: auto-66bdadea79b75de0d1f379e7a92a3813885acf7736b9d7473ba3861cfe92b79a status: experimental description: Detects traffic or activity related to http://42.235.99.169:34604/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.99.169:34604/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.196.160.86:52104/bin.sh id: auto-f6544702aa285554ab385bf3477d594b11ada4deb4b50c78c0bdaec59a600ce1 status: experimental description: Detects traffic or activity related to http://117.196.160.86:52104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.196.160.86:52104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.215.154:41311/i id: auto-e97ee6cf3b57bc4fd44fa11d77a5be0ee0b4b303dfd1c6db85a559808bce9659 status: experimental description: Detects traffic or activity related to http://115.57.215.154:41311/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.215.154:41311/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.127.198:52098/bin.sh id: auto-70f10b03c116e27d3a53c52f254d707c2804ce400bc5a37016c16d64986112a6 status: experimental description: Detects traffic or activity related to http://115.58.127.198:52098/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.127.198:52098/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.19:56546/bin.sh id: auto-fae8d9ee036635df8e692d9d2efabcffe6ef427725b17aaecd41d6e66645f45c status: experimental description: Detects traffic or activity related to http://110.37.53.19:56546/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.19:56546/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.21.132:56497/bin.sh id: auto-7b9b4753a42a6a3a2951bd75badd75e0a728027146b2307720e49e0f1e45a1fd status: experimental description: Detects traffic or activity related to http://110.37.21.132:56497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.21.132:56497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.192.33:49392/bin.sh id: auto-d02df7784658cb186da7f222ee6c01afc6e81f9935fb20884c0e632b82f13390 status: experimental description: Detects traffic or activity related to http://176.226.192.33:49392/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.192.33:49392/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.56.147:36190/bin.sh id: auto-1f637f3ce1122c38b6691d7123c2221e49e9e2d36044f5a44f2fc2a5f3a8ad3a status: experimental description: Detects traffic or activity related to http://60.18.56.147:36190/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.56.147:36190/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/MMaaRRiiOisecTanee.arm7 id: auto-d0f2e5c24d02d06615f3203a1ed1aa00f5eceedcc8583fbadad8d2605c5f6d50 status: experimental description: Detects traffic or activity related to http://130.12.180.28/MMaaRRiiOisecTanee.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/MMaaRRiiOisecTanee.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.100.183:58644/bin.sh id: auto-a0a9006a76ff2f8a263d3adc3e891dae17011dc9f5c378766a5d0e4f5a9f306a status: experimental description: Detects traffic or activity related to http://113.237.100.183:58644/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.100.183:58644/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/MMaaRRiiOisecTanee.x86 id: auto-ec58ae693fa1396d86ff15dfc500401df08785d57dbf6c56e87a463eafad9923 status: experimental description: Detects traffic or activity related to http://130.12.180.28/MMaaRRiiOisecTanee.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/MMaaRRiiOisecTanee.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.158.74.30:56207/i id: auto-5718d69429e42475009bf2d7d12c5982bd29be66e485f34776c4a005ab4cbcd9 status: experimental description: Detects traffic or activity related to http://36.158.74.30:56207/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.158.74.30:56207/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.215.154:41311/bin.sh id: auto-93fb8aaeda7f59d90a330eba0750e869c36b36b83010969c0060c61b321a6aaf status: experimental description: Detects traffic or activity related to http://115.57.215.154:41311/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.215.154:41311/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jasm72mf.vagusbra.ru/?=check&&actmn=JUcCPFvIbFKlgLPV id: auto-048bf03bed57993fc49f28b94cece70c85a123afb39bc2aef13d3ef6160f2fad status: experimental description: Detects traffic or activity related to https://jasm72mf.vagusbra.ru/?=check&&actmn=JUcCPFvIbFKlgLPV which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jasm72mf.vagusbra.ru/?=check&&actmn=JUcCPFvIbFKlgLPV*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.105.169:42757/i id: auto-ee9b4ca8a586aeb780f904fcc64bcbea9b7e2ebd23d37a1a947c8445daa25f3b status: experimental description: Detects traffic or activity related to http://110.37.105.169:42757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.105.169:42757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qzf73dvm.vagusbra.ru/?=check&&actmn=qZZgJwDaitxXomjU id: auto-c9887cd1a036b22c634a1cfd4d0fd83f3c2cf26970ddd36c472109325e6ee9ac status: experimental description: Detects traffic or activity related to https://qzf73dvm.vagusbra.ru/?=check&&actmn=qZZgJwDaitxXomjU which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qzf73dvm.vagusbra.ru/?=check&&actmn=qZZgJwDaitxXomjU*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.99.169:34604/bin.sh id: auto-b5f2dad3b107666c2b1e4f9766f69ab2468872efe7738e9bb87c2fdd3f06859a status: experimental description: Detects traffic or activity related to http://42.235.99.169:34604/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.99.169:34604/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.253.11:57573/i id: auto-c5285ac96178ccfbce8cf2b82e6527efe0edac15fcdc1153571bd6edaf241f68 status: experimental description: Detects traffic or activity related to http://182.121.253.11:57573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.253.11:57573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6137477328/jhNAnZF.exe id: auto-ab4345edcc13dd2079b45a4cd8adcb3eaf39274b99d79be651b24b21b27565ac status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6137477328/jhNAnZF.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6137477328/jhNAnZF.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.51.95.129:50029/i id: auto-711ffdf7939bc21bc76915037e7838dfa587de045f49b1cfa7a64d16b9e884b1 status: experimental description: Detects traffic or activity related to http://115.51.95.129:50029/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.51.95.129:50029/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://g9zj25k4.spikeslavage.ru/?=check&&actmn=vhKNhgLpenYRGsuC id: auto-ca08700c9eface4eebaf05769f4f3bcdcf47e7526e49510de72faa8c8e1f2103 status: experimental description: Detects traffic or activity related to https://g9zj25k4.spikeslavage.ru/?=check&&actmn=vhKNhgLpenYRGsuC which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://g9zj25k4.spikeslavage.ru/?=check&&actmn=vhKNhgLpenYRGsuC*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gp0k9bqe.spikeslavage.ru/?=check&&actmn=jbbyGGZqGjmEgcvH id: auto-a773e2041b9d94a38b07989c77d6aa13cd855cb81fa4837685d5e69ae90fe4f2 status: experimental description: Detects traffic or activity related to https://gp0k9bqe.spikeslavage.ru/?=check&&actmn=jbbyGGZqGjmEgcvH which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gp0k9bqe.spikeslavage.ru/?=check&&actmn=jbbyGGZqGjmEgcvH*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.158.74.30:56207/bin.sh id: auto-47b47a7003c917b51009d63ea07fe4543a41309953249aa3e86018aafda3e689 status: experimental description: Detects traffic or activity related to http://36.158.74.30:56207/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.158.74.30:56207/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tki8tul2.rufousquet.ru/?=check&&actmn=UkBxfuRzynPqMcYQ id: auto-6f6b5a8d0bcaca7e6831d36e4b4bd21bf724b83a09ff604080e67b5fc1e075e7 status: experimental description: Detects traffic or activity related to https://tki8tul2.rufousquet.ru/?=check&&actmn=UkBxfuRzynPqMcYQ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tki8tul2.rufousquet.ru/?=check&&actmn=UkBxfuRzynPqMcYQ*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.105.169:42757/bin.sh id: auto-199bbe1d7686f9bcf48665f17f60ecfc4eb8c3580cf776cdc64d218be04d212f status: experimental description: Detects traffic or activity related to http://110.37.105.169:42757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.105.169:42757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ushvnei2.rufousquet.ru/?=check&&actmn=GSfYOXZVwiyRbCLr id: auto-9193f42e19be101b706979ef0730a9aefb1688d1ed6d5dadcd260fd171d73721 status: experimental description: Detects traffic or activity related to https://ushvnei2.rufousquet.ru/?=check&&actmn=GSfYOXZVwiyRbCLr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ushvnei2.rufousquet.ru/?=check&&actmn=GSfYOXZVwiyRbCLr*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.172.220:49720/i id: auto-c93c1a12b57a10653414332d3be66cf645c9dabe6fc7dcbf95fdeb31ce6a2ab7 status: experimental description: Detects traffic or activity related to http://222.137.172.220:49720/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.172.220:49720/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.178.94:58160/i id: auto-26b7a4f88ef41580ef0449466cd0305803d5c18850b419aae356351d7ca02303 status: experimental description: Detects traffic or activity related to http://116.139.178.94:58160/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.178.94:58160/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://7mqkvitp.rockyhigra.ru/?=check&&actmn=RJThpHuyvKYmxWKU id: auto-dc99230f7b0f5213263132077716c67c1698b2375b1bf47d91deba7df14c44dc status: experimental description: Detects traffic or activity related to https://7mqkvitp.rockyhigra.ru/?=check&&actmn=RJThpHuyvKYmxWKU which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://7mqkvitp.rockyhigra.ru/?=check&&actmn=RJThpHuyvKYmxWKU*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/a-r.m-4.Sakura id: auto-2b5525f4babb92a6348f29274d22543951103814dfa428465eef4b2f23610249 status: experimental description: Detects traffic or activity related to http://185.221.199.34/a-r.m-4.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/a-r.m-4.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.58.87:51050/bin.sh id: auto-602a52706ceae5360ba8ba4e56e365146ca0124449bac369ca99856f6135f596 status: experimental description: Detects traffic or activity related to http://220.201.58.87:51050/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.58.87:51050/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://epsbaram.rockyhigra.ru/?=check&&actmn=HJCAQcDIdweqHQnH id: auto-7a4acd6c86783334af17461d5a351a4588b6704c9f2e0b659097624e03dc7683 status: experimental description: Detects traffic or activity related to https://epsbaram.rockyhigra.ru/?=check&&actmn=HJCAQcDIdweqHQnH which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://epsbaram.rockyhigra.ru/?=check&&actmn=HJCAQcDIdweqHQnH*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.73.120:57364/i id: auto-9f560a74f5eb717c5b8fbcf9e03b123a70f5b70d94d38bbcd0d08266f16bb71b status: experimental description: Detects traffic or activity related to http://42.57.73.120:57364/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.73.120:57364/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.139.178.94:58160/bin.sh id: auto-62199f520ea227dd372a79e28756de2d91a4d5aaf92484fed3e5788436771266 status: experimental description: Detects traffic or activity related to http://116.139.178.94:58160/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.139.178.94:58160/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://0m0923vi.ngotln.ru/?=check&&actmn=UNNFtygpXRTBZcFT id: auto-14c49df725f145b5ef2d63748f41912bab193a9f50a4d323fd8fafdd759dd27f status: experimental description: Detects traffic or activity related to https://0m0923vi.ngotln.ru/?=check&&actmn=UNNFtygpXRTBZcFT which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://0m0923vi.ngotln.ru/?=check&&actmn=UNNFtygpXRTBZcFT*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lukf5b1i.ngotln.ru/?=check&&actmn=hUCrVNTDvEEeFSZo id: auto-6330fcda5aee1bda7e18963cfd0d90353a9f6dc8e640bcb10dcf8b5429157d36 status: experimental description: Detects traffic or activity related to https://lukf5b1i.ngotln.ru/?=check&&actmn=hUCrVNTDvEEeFSZo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lukf5b1i.ngotln.ru/?=check&&actmn=hUCrVNTDvEEeFSZo*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://xclur56f.neumechawl.ru/?=check&&actmn=XcxakQFTzWZyUPqz id: auto-4e022dc5ac0d5a066baff943d792d868f7201d01ab33350da81def7cd36c01a2 status: experimental description: Detects traffic or activity related to https://xclur56f.neumechawl.ru/?=check&&actmn=XcxakQFTzWZyUPqz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://xclur56f.neumechawl.ru/?=check&&actmn=XcxakQFTzWZyUPqz*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://48e3kq3j.neumechawl.ru/?=check&&actmn=cQcxAIbSLSdGiHPW id: auto-8800fa0eb0be97b1ef26d89c185cadeae955193906456a9200591811ac9bf690 status: experimental description: Detects traffic or activity related to https://48e3kq3j.neumechawl.ru/?=check&&actmn=cQcxAIbSLSdGiHPW which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://48e3kq3j.neumechawl.ru/?=check&&actmn=cQcxAIbSLSdGiHPW*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.237.192:56032/i id: auto-802d1abbca746b5ac03afc667eceaba7dfd8d51eb2d448b4929a39c84a76edc6 status: experimental description: Detects traffic or activity related to http://110.39.237.192:56032/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.237.192:56032/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.154.226.142:9999/02.08.2022.exe id: auto-874c30f27e6ffa54a58ccf26476b3ef35f8eb5b3bfe794b99afee08d418b1ef1 status: experimental description: Detects traffic or activity related to http://165.154.226.142:9999/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.154.226.142:9999/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://144.172.112.247:8001/02.08.2022.exe id: auto-81c457925228d1bcc3ae9e454742e6a31047350803297c7a1f8f8aa6837587c3 status: experimental description: Detects traffic or activity related to http://144.172.112.247:8001/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://144.172.112.247:8001/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.147.172.196/02.08.2022.exe id: auto-7430902fe53ebe6f7feaf2c5bc9f23d50d9f65a9f9df1a9d20906373b1c17f58 status: experimental description: Detects traffic or activity related to http://38.147.172.196/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.147.172.196/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.154.226.142:10080/02.08.2022.exe id: auto-db50b3f576026b2d4c6da5d18e805925d397555887a30dd2c0811c5b6f968dfb status: experimental description: Detects traffic or activity related to http://165.154.226.142:10080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.154.226.142:10080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.61.162.218/02.08.2022.exe id: auto-2c5e1bd40611b17ee3f8be1a330517c6d9326b7cb49f59d6bd51fb6a771fa904 status: experimental description: Detects traffic or activity related to http://108.61.162.218/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.61.162.218/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.18.77.112:5992/i id: auto-97718d341b9b58e178d3e01cf20663fbfde171300e10f14e33aac9fc632f63cc status: experimental description: Detects traffic or activity related to http://92.18.77.112:5992/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.18.77.112:5992/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.26.11.253:55910/i id: auto-1444ffba02c1832a47692c0729e94a35421deb4661ca6d6883e38be2f233a802 status: experimental description: Detects traffic or activity related to http://78.26.11.253:55910/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.26.11.253:55910/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.255.220.133:64415/i id: auto-a05fe33a14cd9fb5077326ac9f6bc8809f4d6530c550fb6b0cbb25251b24a7d4 status: experimental description: Detects traffic or activity related to http://138.255.220.133:64415/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.255.220.133:64415/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://212.160.175.18:25000/i id: auto-bfd3613a5f3631a60c1bd4907a9ab001c5c68d4593cb7238b2abd72c1d9a026b status: experimental description: Detects traffic or activity related to http://212.160.175.18:25000/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://212.160.175.18:25000/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://193.189.171.145:4234/i id: auto-fb00bfa1aafe88a2e02dbf08bfffbed557efe05cf93b829ac150420e778721f7 status: experimental description: Detects traffic or activity related to http://193.189.171.145:4234/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://193.189.171.145:4234/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.164.50:48035/i id: auto-7bc437eae6bb1176621e92ebf3b70ad9a560896947a9a4cb51bdf2c845af52e8 status: experimental description: Detects traffic or activity related to http://36.88.164.50:48035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.164.50:48035/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.166.57.2:28561/i id: auto-15793c29281ad72753c34d9737fc2f368135b8f062f79734e5c4754d33b7a4d3 status: experimental description: Detects traffic or activity related to http://82.166.57.2:28561/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.166.57.2:28561/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.123.26.174:8895/sshd id: auto-deb82801cd8454acd7513e8da9c483631b15bfad3f4b3f466bacd4f65e3cbbaa status: experimental description: Detects traffic or activity related to http://124.123.26.174:8895/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.123.26.174:8895/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.61.242.119:2000/sshd id: auto-57eb2e66a2850b9b64acd3a4a8f298b0d947c712b92ac11f5dfb0da25de479ab status: experimental description: Detects traffic or activity related to http://120.61.242.119:2000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.61.242.119:2000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.179.193.54/sshd id: auto-430f1d12f1707a3ca19c577706ccfcbcbc3b79bd0d3a467c714b77fd02f6960a status: experimental description: Detects traffic or activity related to http://14.179.193.54/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.179.193.54/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.132.64.234:81/sshd id: auto-1224a3e65a24f9a9a0ea329152c57e219ae6dfdb30f490c4b82210a9874cc82b status: experimental description: Detects traffic or activity related to http://86.132.64.234:81/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.132.64.234:81/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://81.47.15.252:9000/sshd id: auto-22c243854bcad1b7322b50b3e9e4c438a6fb58029c74470546f61ce6ca565222 status: experimental description: Detects traffic or activity related to http://81.47.15.252:9000/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://81.47.15.252:9000/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.24.75.136:10062/sshd id: auto-d2f0c0aab63078e8047cf70bfcbd09de60832036b07e198e11793c5e70e77b96 status: experimental description: Detects traffic or activity related to http://88.24.75.136:10062/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.24.75.136:10062/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.80.169.155/sshd id: auto-480a41d14dd0ba1df62ab19d6f8751b27a24657b975a0f1ed8160226a8a0f6e1 status: experimental description: Detects traffic or activity related to http://91.80.169.155/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.80.169.155/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.181.113.163:8080/sshd id: auto-5a47f09a0e46e5d1472a9242a48f97f8be308fa730c73d4c15fbcccfbcadd119 status: experimental description: Detects traffic or activity related to http://77.181.113.163:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.181.113.163:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.132.29.154/sshd id: auto-b10f6b1f57af15f6e26ac4c28fd371af81873ff2ed444f282162b5c78ffbbea6 status: experimental description: Detects traffic or activity related to http://78.132.29.154/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.132.29.154/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.155.252/sshd id: auto-842be45afb1ffd6eb1722977b8ca76b8bf601b9587c040a7cb3129601ffba489 status: experimental description: Detects traffic or activity related to http://83.224.155.252/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.155.252/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.128.191:34874/i id: auto-c5f978a452d7792d0c75782ca95b06bf649065880a6af71756412e93fd008ad3 status: experimental description: Detects traffic or activity related to http://123.129.128.191:34874/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.128.191:34874/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.77.188:54674/bin.sh id: auto-933ae7b4a8a90e6f4bbd7b15c19bef1310d3ca284a56668f6399166171eee2a8 status: experimental description: Detects traffic or activity related to http://110.37.77.188:54674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.77.188:54674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://w5ukqj3l.maidalensesalvy.ru/?=check&&actmn=AOFQUOhMEQqCKIrg id: auto-25223d69ba9ea6a0d8e2accc9e593a2df6887cc40c452220865c3f8edbefe43a status: experimental description: Detects traffic or activity related to https://w5ukqj3l.maidalensesalvy.ru/?=check&&actmn=AOFQUOhMEQqCKIrg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://w5ukqj3l.maidalensesalvy.ru/?=check&&actmn=AOFQUOhMEQqCKIrg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lj1a3x3o.maidalensesalvy.ru/?=check&&actmn=WPCnmEjrtfPeWryE id: auto-b9c406935de14dc036b270fb9f6c882822ed30e7ed1baca1a7ea46da95e262fb status: experimental description: Detects traffic or activity related to https://lj1a3x3o.maidalensesalvy.ru/?=check&&actmn=WPCnmEjrtfPeWryE which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lj1a3x3o.maidalensesalvy.ru/?=check&&actmn=WPCnmEjrtfPeWryE*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.255.139:44575/i id: auto-314a5396219bff905625a67cb3c8d5e279314dbc35d3a59e15110c5b2d3c1218 status: experimental description: Detects traffic or activity related to http://59.97.255.139:44575/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.255.139:44575/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.129.128.191:34874/bin.sh id: auto-618852d2865076438e2549182b51e93fb38a0c852e87cf25b993b33ba20b289f status: experimental description: Detects traffic or activity related to http://123.129.128.191:34874/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.129.128.191:34874/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://avg6wjm4.joggedyankedtetrao.ru/?=check&&actmn=sKlILRqxXfQhYJQL id: auto-163e240d81517304004b5138d2ab42b9140b6c8805423b2ed6ec1b0c9bdc7871 status: experimental description: Detects traffic or activity related to https://avg6wjm4.joggedyankedtetrao.ru/?=check&&actmn=sKlILRqxXfQhYJQL which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://avg6wjm4.joggedyankedtetrao.ru/?=check&&actmn=sKlILRqxXfQhYJQL*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1ohxr29l.joggedyankedtetrao.ru/?=check&&actmn=hXypJDLuWatsMvRF id: auto-fb9a5666e71c9cf4ca45aaff62593cb2eb7c0d725aa326775d78d07b6b25f2f3 status: experimental description: Detects traffic or activity related to https://1ohxr29l.joggedyankedtetrao.ru/?=check&&actmn=hXypJDLuWatsMvRF which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1ohxr29l.joggedyankedtetrao.ru/?=check&&actmn=hXypJDLuWatsMvRF*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.219.144.97:46888/i id: auto-07a484e19fc7eee35d0e9e262f5eec515359195e5433fbbf24b0fb026b58184c status: experimental description: Detects traffic or activity related to http://117.219.144.97:46888/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.219.144.97:46888/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://s0u8vtfv.camaslepleypixel.ru/?=check&&actmn=ljAiPoyWMiTZPTls id: auto-b592ee5b88f4fc3ef56a9716b92c34c17bc6c9fa525fe05bc6d0c88ce1344034 status: experimental description: Detects traffic or activity related to https://s0u8vtfv.camaslepleypixel.ru/?=check&&actmn=ljAiPoyWMiTZPTls which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://s0u8vtfv.camaslepleypixel.ru/?=check&&actmn=ljAiPoyWMiTZPTls*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hr8aedru.camaslepleypixel.ru/?=check&&actmn=vxCzTFArzAXccWmm id: auto-92f2eb16cc65e2a402fc341576bc355b76822b4a88e76650d701c354a8d533ab status: experimental description: Detects traffic or activity related to https://hr8aedru.camaslepleypixel.ru/?=check&&actmn=vxCzTFArzAXccWmm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hr8aedru.camaslepleypixel.ru/?=check&&actmn=vxCzTFArzAXccWmm*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.32.151:45299/bin.sh id: auto-a88b31baa425d38e80c0b2d8a9770e46a2491960ef8f925396dcdb5d8c9a7b48 status: experimental description: Detects traffic or activity related to http://125.43.32.151:45299/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.32.151:45299/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/arm5 id: auto-2a84ebb97e9f6fabda0c30f025644eaa5a2a630309c5145f99c8c1c571daad49 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/mips id: auto-a5aa2662d2dc1ace140242ce93a5d0552905fc87826f8a4ae5d652488c05764d status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/arm5 id: auto-01a0e9b0a5fbe5716bd1f58401d4ecb241efb387ed1a4fa3467e4307c457c3c6 status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/mipsel id: auto-7d5fd8df537675a07e56c14c964b1abde1d24cbebcd864c79863f1210ad5206c status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/aarch64 id: auto-9c42b0e836d45e70c83a47016c37b8ac552ef5780d649f0c60689ab1dae50b65 status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/aarch64 id: auto-68d9d15691c9bfbe2d2f027a36ca09f449da23d5d1acc9df65fc2cb287859c8e status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/aarch64 id: auto-f1a70c50b21f5dd391f76812bbf3e8e0f3be543e1c70f938cf076b4fd635f942 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/arm id: auto-7207527dd1eef2281a44f47ed219d87c286aef9d715980f53e2d56ce6d4be032 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/mips id: auto-8e49e92ea3ddfb9e1cb6d78a069d62d61447da3a38fd004241414119e04d2b09 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/arm5 id: auto-ba89d4d6c646be20b48517f8f90640e3b6d616186b0092eb425f2f7f14b78da6 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/mips id: auto-5d0d7e0829065f67bc128f30a30aadc05273b415bbc661d0b8078ca51d322126 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/mipsel id: auto-09452e3645b980efb7b33c1dfefc516793a806f28492167cf8c4b2f14727570a status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/arm id: auto-bfa8e07b3b2ac5d705f1e88f8e67255c839b36c83ff98caf06ac70be47384f1f status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/mipsel id: auto-6dcc5647ecb0570028ab59304062aa50855feb1334fdf90fb5efd98bf699e158 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/arm id: auto-32d97e38eeeed9008dd2f450a4c54d5e649ba2f5de3dd393bf871185d0a83c69 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/arm7 id: auto-429645ec0c2cca828aa91c009e896fab6fc1b68f1965814b21a50b5fbdffaa6e status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/arm7 id: auto-0833649e860e66ac0790c7752f916eb07fc18ef40f003fff5f6a3a98d6db09d9 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/arm7 id: auto-f0d573cb7d29bd488b82c02c852fcd2653c0cc126c8c75688387c31355a8ad68 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.255.167.171:37961/bin.sh id: auto-c60d8a5e16eacdc170aba91619f774688d01dc33b5ed2144134a378974fdaf7d status: experimental description: Detects traffic or activity related to http://112.255.167.171:37961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.255.167.171:37961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/x86 id: auto-255a3982e424a82baae8307bb01cd27ca9bd720591f5c1ef4da1bd15a3512b05 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/arm6 id: auto-d67dfa0734d54e4ae036d17914751916c3c2056b778a59553fecbdc9df05ee5c status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/x86 id: auto-d3de9c2481c4a4ded85bb9dc6af9729a28e772ccf92b826cec71cc4549ac30ae status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/x86_64 id: auto-0a78e72ffb7f7145500ec29c2bd6d74aeb8103b339e1a85b62203926d15b0626 status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://resentnetwork.qzz.io:1204/bins/x86_64 id: auto-a31f40efc7e9847efb74bb92ecded9c88da598b409c355c1ba2015be68c7a649 status: experimental description: Detects traffic or activity related to http://resentnetwork.qzz.io:1204/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://resentnetwork.qzz.io:1204/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/arm6 id: auto-d0b1a851731b90e9912a975086227288f73d849393b8aa6d046e83efc96ba264 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://delta.embotic.xyz:1204/bins/arm6 id: auto-2700be5ac50dddd87497e48eaf8bc8c5b254f3e06ee182e1381f3ec3ff576735 status: experimental description: Detects traffic or activity related to http://delta.embotic.xyz:1204/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://delta.embotic.xyz:1204/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.i486 id: auto-c0a80708a22b15ce799cdf4490e3418adf2a842c4676485b56398551a6c30738 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.40:57231/i id: auto-37ef86469b9c6ee833c8a36d8511d5724f915add90c314e6b4dc1ed5eed436ba status: experimental description: Detects traffic or activity related to http://42.7.202.40:57231/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.40:57231/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.255.139:44575/bin.sh id: auto-256d60b716c49318edc737e282a096bd499ceff4363b3c5a839517f13729c2bc status: experimental description: Detects traffic or activity related to http://59.97.255.139:44575/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.255.139:44575/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.6.104:38145/bin.sh id: auto-e0cecadccc0606cb3cfe7dcc08a86ec6e9d4db6058fde2baaa3788a36698a8c7 status: experimental description: Detects traffic or activity related to http://182.119.6.104:38145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.6.104:38145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.48.252:44056/bin.sh id: auto-8e7ef7d27e18c342578a7108fdd815655943fcb0cab349a161a9a866ca91c737 status: experimental description: Detects traffic or activity related to http://125.44.48.252:44056/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.48.252:44056/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.56.43:38340/bin.sh id: auto-5a8a92e7b7ee3196598cc4303326c520a7510228f58ae36f5a488e59417f294d status: experimental description: Detects traffic or activity related to http://182.119.56.43:38340/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.56.43:38340/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.85.38:42418/i id: auto-7cbe2a164b91921cda039666ef80612c7ce29634771cac9170bf70d58fb50b3f status: experimental description: Detects traffic or activity related to http://222.137.85.38:42418/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.85.38:42418/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.181.36:53811/i id: auto-642b4a3724ea9daa6edb89a2d75e460a53a571fb034e64f6515fe32ef71346f4 status: experimental description: Detects traffic or activity related to http://42.232.181.36:53811/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.181.36:53811/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://uolu3j41.love5w0rd.ru/?=check&&actmn=xuQSkEDgEvfLuzLb id: auto-764feb5017344b361e92f7ba1c8e399547df4de9adf0e3a79346f87dbf8b77e4 status: experimental description: Detects traffic or activity related to https://uolu3j41.love5w0rd.ru/?=check&&actmn=xuQSkEDgEvfLuzLb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://uolu3j41.love5w0rd.ru/?=check&&actmn=xuQSkEDgEvfLuzLb*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bt7klphp.love5w0rd.ru/?=check&&actmn=DigLZYaYukrgEKzk id: auto-16e08a5e4669631006589f1f9a2457a2424ae2f6232d65554a5128417bffe485 status: experimental description: Detects traffic or activity related to https://bt7klphp.love5w0rd.ru/?=check&&actmn=DigLZYaYukrgEKzk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bt7klphp.love5w0rd.ru/?=check&&actmn=DigLZYaYukrgEKzk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.arm7 id: auto-5e003af826fd6332364640232ef9ca369f991059b4395307698894445a9f9b65 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.arc id: auto-7c2532dff815ff0a88abdf2a3be078d62ad02072e117af951d1f9dcadbe404df status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.i486 id: auto-6d9e18e21a99210f8fa995670ad90b0997eef04d5ec630f48f0b139dfcae26af status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/x86_64 id: auto-6ff35deb4e4293e3de08e8bc02fa35c5a03d584b662aa9660f5761041e998e90 status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://46.202.82.68:1204/bins/x86 id: auto-e512e86638db82a1784b867f41ade4d88189d76cb789605ed81a9cd2b8e7947a status: experimental description: Detects traffic or activity related to http://46.202.82.68:1204/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://46.202.82.68:1204/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.219.144.97:46888/bin.sh id: auto-6bad412229a37b1c5c16ec89ba66244cab0ef952ad4914dcfd0fad7561cdbd58 status: experimental description: Detects traffic or activity related to http://117.219.144.97:46888/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.219.144.97:46888/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://0dmtxln9.afriteblurbcepes.ru/?=check&&actmn=rbRApZRClmgXOpvh id: auto-4baf39bcfc8461a038615f8ac8a7ad972b610db65b4c048fdd2d86741cee6a34 status: experimental description: Detects traffic or activity related to https://0dmtxln9.afriteblurbcepes.ru/?=check&&actmn=rbRApZRClmgXOpvh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://0dmtxln9.afriteblurbcepes.ru/?=check&&actmn=rbRApZRClmgXOpvh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.ar5 id: auto-4ba5724978cab8d0b9bf3a60ccebfda02be60e99f0cdadc44ce9adc363e9285d status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.ar5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.ar5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.pp4 id: auto-0b68c13125c99b2661e97c0174d62d0c358babee416bcfa7feeadc325f5bf9ed status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.pp4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.pp4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lmklwnfv.afriteblurbcepes.ru/?=check&&actmn=nyVspfbHfONDNuqi id: auto-c122fc467f5565e8eb126523c6f7a9741025ac509876e8ec39c336be46fd715b status: experimental description: Detects traffic or activity related to https://lmklwnfv.afriteblurbcepes.ru/?=check&&actmn=nyVspfbHfONDNuqi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lmklwnfv.afriteblurbcepes.ru/?=check&&actmn=nyVspfbHfONDNuqi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.ar6 id: auto-cc4e8e1b1b9ea63061288e35fa2d81b59ffe924bd7f3f75755bce0d997283784 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.ar6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.ar6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.i686 id: auto-6639322acbaca2d1d529dafda336cc2793f2ad158dd8f770eca2fec6be1662ee status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.arc id: auto-41779067b1f0e46f85598e40d25e6e05fa162734bf321125d8fae20864d217bd status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.ar5 id: auto-f5c1433a0d0b8819efcb6543eff10be84a0c0b875a03e36b410f524c02b56f4a status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.ar5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.ar5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.194.11:33662/i id: auto-a14511a1bb232c693de072bd2ab9dd69e65e524a37006ae72629a8b787140609 status: experimental description: Detects traffic or activity related to http://113.237.194.11:33662/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.194.11:33662/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.i686 id: auto-c818ef0054cc6fdb7e0a021d2fab0a750a060d719deb480ddac73d0a678c25d7 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.ar6 id: auto-b9f1031ba4e59b2b89401422f6388e8aadaafaa71874e4bd51a13920dc7f40d4 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.ar6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.ar6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.pp4 id: auto-5f592d2600f2efa8573d465541066f47b141548517fb834019e1ca26e9d2d71a status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.pp4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.pp4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.mpsl id: auto-3a0c846f8a27813a19d71e3d984c817ef0b04a1fa6d4fa54a4dd4bf10f44c83e status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.ppc id: auto-7a8474926a15f30a97e45543a4fa6769dc2606ccad1df9455a8973e27380afa1 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.spc id: auto-e242af6c8295504fc12d6d48ea5aec862013177fd6ee010eb6954d4b6e30c944 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.x86 id: auto-eadb093c0e53209b0a8ca9879a4aabe2f158e0c61113ce1e128870a166bb2629 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.arm6 id: auto-7827ef71650b83066233b9d225a9d96cd6ff9b5930cb6c20c6ee760a31d6d019 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.x86_64 id: auto-9f54794cc1fc97c76fc08aadee90e2c64d3a3c143e7bb79fa6572b3a0a49e870 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.mpsl id: auto-856e54c7486518b4f8f37212278b14941862c3d6f4f634fe6bb1f2e6cc374f6b status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.i686 id: auto-b33fc9e412c1a47ccb988287550307d315e8d98f7e5a9834626f0689bfd7513d status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.arm id: auto-4796c89b77be2a5167aa4421355c9e6a63e2aa8cf1bbdc04ede732a0a9eafbae status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.arm6 id: auto-b3dc7d977d68a0ea10ebfec5435fcf1897c06de9fb5e3e69bdeb8a626e4a4c3c status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.x86 id: auto-1406a95e89505de403b86c79b477fa189cb6e2443928b94a8ee5dcdbc6acce6f status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.sh4 id: auto-8e06ba4af6de5afbc5e8e9455a6dda4fd0603656fb5513c5cc1785bc59c0c695 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/web-api.sh id: auto-76592710bf2c25a92248c885e224fd314e984c111c5bd31f9bc2f28112638528 status: experimental description: Detects traffic or activity related to http://www.id888.pw/web-api.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/web-api.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.m68k id: auto-6c33e2496b3edb938987f4ff439232fed4097ac3c42723cc47226aa1a039f70e status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.ppc id: auto-4c6a68d3db973ce75399c8c430a0e4e6f31c10e818bd99d5f598afd5214e3e0c status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.arc id: auto-c69f504a196bcff57a807ee3e0f4abb9923b0e95c6a634a06e869d53bc029111 status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.arm5 id: auto-b8644a74656193f2decde4db7ef767f0543da370e33dd0d93a8d6c8e6cb1e01c status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.arm id: auto-c425fb61fca653bbcc3511018a5874a4605b3e9881c661df7655ad33f48b8147 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.sh4 id: auto-c924256453d344f41557a79f5f0d6940ed16446fedfb6619d650693f3c806621 status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.arm5 id: auto-4629f5a2ad9e0e798048d01ad90bff52659ca19e4bb0d861b7d2744b4c53b40a status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.mips id: auto-5f7f82b0045aee46449bb3244fa49f0281237b64737bcd9fa0e332592d30ff38 status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.arm7 id: auto-1242450118f746800f6478a5c7f45afebbd20edf72c1a0abc827e0715f5d8590 status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/cache id: auto-a281be5e2f92d64a6210160a78194b7738899cd058c38857fc8355850a0676cb status: experimental description: Detects traffic or activity related to http://www.id888.pw/cache which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/cache*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.m68k id: auto-3069ead74660a50d3298cc364122764fe818c4de6a15944f33b11be45916c96f status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/gb id: auto-9c9ed98862d19492a6fd428a35febf84ab27e2828115acaa154f80edd7661b2b status: experimental description: Detects traffic or activity related to http://www.id888.pw/gb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/gb*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/dj/dj.mips id: auto-b666268e89b3f29bc932a8e51fc8f56c128bd620cf70b460d75b1fbfd6340ce4 status: experimental description: Detects traffic or activity related to http://www.id888.pw/dj/dj.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/dj/dj.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.i486 id: auto-1f89b4092ab98574c61def558648e078d1e2a344ea27be0adc5373dd1c0a62ac status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.x86_64 id: auto-9cb2c1adde45a98d1db181031422594faad6648f7be14127a689ed5d080b281f status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://www.id888.pw/Mddos/Mddos.spc id: auto-c44f2535f6c33f7deadaa6e637ac3d9f54597ba8ff7578ff87d17dac52e5e918 status: experimental description: Detects traffic or activity related to http://www.id888.pw/Mddos/Mddos.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://www.id888.pw/Mddos/Mddos.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.82.1:48145/bin.sh id: auto-8b079fbeef9c89300378689d93770894950d9a6a2a71ea4f7420b2c2985785c9 status: experimental description: Detects traffic or activity related to http://125.43.82.1:48145/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.82.1:48145/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.arm7 id: auto-bcb356a93d18b744d99c687dbe02d6cd9060e8b7b243d07deec7d1b803145798 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.m68k id: auto-636baa81f8ef62e688deb3f14384e6a1c2c4978eb04dacb6146d6a9e481912df status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.x86 id: auto-65c59d054ea7ab0a0e2f79f13b0f498ccf2ca9682b7fe9094181a4468298fe8f status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.arm5 id: auto-49773eaaf8d4e2667643a9fd088e0bbe0fd554b5b86068c81774e9fc3cc7808f status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.arm6 id: auto-944fe1d5a951dc38585e52d1ec034effe99edde82500608f2dd8146298c0c65a status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.arm id: auto-8cfecac9e85eac8bd006fea99c5ed6e795eab71afed8c21a35126d62f685ff72 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.mpsl id: auto-04e3c8a1b7f03fefca4d156fe96c27725d1d25a140f55c063edf2197e0fa70e1 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.sh4 id: auto-da76244ce0e435e2fde027a980dbf53096d0d67b0475f49195eba22fb4b18aae status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.spc id: auto-2f09fb0f136139ef3d251af1ed73f1c2dc9bffa0f6c3aa85fcf9ac5794c156f3 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.ppc id: auto-3acd74bd441356f257c05c7cd8db26481e3d6f43fdce67788225bf4d3cebca80 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.mips id: auto-a819d235e24ed9702b6a7917f4140205d5eb1bda9506836dfe4067bdf548c867 status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.133.51:39255/i id: auto-48e50b141f55fb27fb1f4309e3b56e767e4ce4c27912316171e9463cd2e15564 status: experimental description: Detects traffic or activity related to http://222.138.133.51:39255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.133.51:39255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.71.28:38158/i id: auto-bdf6047914b418650165b65a99e1b4d592ddaa84915e30ee3fba626f8d8d6135 status: experimental description: Detects traffic or activity related to http://42.224.71.28:38158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.71.28:38158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/dj/dj.x86_64 id: auto-53f2eecd2cd2e7b8b42685ee8ffcba2f3f72e8d875c63a8bf3c9ae90dd643e9e status: experimental description: Detects traffic or activity related to http://176.65.148.41/dj/dj.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/dj/dj.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/web-api.sh id: auto-89c90de8dc3fe97147d6e45f15d241ecb95030c73f630789394ab774b37cb940 status: experimental description: Detects traffic or activity related to http://176.65.148.41/web-api.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/web-api.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.148.41/gb id: auto-6cd71e65a9bbbe392ce6f0746117a94f06c5d84e5ea8dba3b700c785fc4b233a status: experimental description: Detects traffic or activity related to http://176.65.148.41/gb which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.148.41/gb*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://7xupsxdd.m0tionpo7t.ru/?=check&&actmn=LxQUpHNROAsINkTg id: auto-3e1e9bcaef1b842922b7c7f49af911046afbddc6d81b919ee172dbdee330ddb4 status: experimental description: Detects traffic or activity related to https://7xupsxdd.m0tionpo7t.ru/?=check&&actmn=LxQUpHNROAsINkTg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://7xupsxdd.m0tionpo7t.ru/?=check&&actmn=LxQUpHNROAsINkTg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2en04iv0.m0tionpo7t.ru/?=check&&actmn=dALNkeMfUsXwURsn id: auto-5860059a8b9ff7be8af993b529aa180707dedfae811498a13b6332562fea4dfb status: experimental description: Detects traffic or activity related to https://2en04iv0.m0tionpo7t.ru/?=check&&actmn=dALNkeMfUsXwURsn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2en04iv0.m0tionpo7t.ru/?=check&&actmn=dALNkeMfUsXwURsn*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.armv6l id: auto-3c90a7bdd974a185cb61e9054d43c062b948a06861faced326afca12530793e4 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/cat.sh id: auto-0e8c9bdf4d27693f3d5e95a07a7e4e9019e8dc20e862f29ae2533894c54b55ac status: experimental description: Detects traffic or activity related to http://45.153.34.195/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.74.26:41100/bin.sh id: auto-fb06d847a80271b1a04cfa6d6dcec71f91624c2198fa059874177c982cfc6e12 status: experimental description: Detects traffic or activity related to http://123.11.74.26:41100/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.74.26:41100/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.m68k id: auto-b18f452587482d0a71585e694bb2e98295d42467bd627a956689b1e29c3669fc status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.aarch64 id: auto-b7d7504dec59f4a2ff5f780360b9753ca7a4b5eef373601e35758e4a7c15d59c status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.armv5l id: auto-80f0d9a852b99556c686f4fbd7bc414133140c015df160cf6edb206894dd4bbb status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.armv7l id: auto-95357575553882b5fd583b95e24795bc3f7f1691ca0ce7d383131c5d75fd492a status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.x86_64 id: auto-76b937e6ccf583a82a35af4c04c2fe162bad9f7d0d0e329644044d2b522fc5de status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.sh4 id: auto-23bbb8b275bf0b7d56d492f1275d98fab114b3541d0ddaea49bd34c2f5f67974 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.i486 id: auto-fbde75d6de0552f721ec615b68461b84c9f5b7961e8c3f355c23a3ea5d2f6c1a status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.arc id: auto-b7c671289aa8a2f746a03ba438911c97d0e64e1c2e77335333b454478ba60840 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.armv4l id: auto-9cd83f47f9b4970c4b607d32be59f6ab1c8006397112442847d67c7218367c17 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.sparc id: auto-f90bd7adb049703acd74353547f5b63f87e38795d282c4e7d87709ef323e7d2f status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.sparc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.sparc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.mips id: auto-ebb332f5a4ab22ba9934559ec2f7fa2675bb9df04f9244022e253fd98ce4df92 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.mipsel id: auto-b461790362d9f49c48f5cc34fe0ea9160ea7a5624b218b25833d4435658d87f8 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/iran.powerpc id: auto-91980150018f7d883331d42ef63548e54d004415d8ec0a874b105cd42cbeb723 status: experimental description: Detects traffic or activity related to http://45.153.34.195/iran.powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/iran.powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i686 id: auto-84134d4cba81e4d0c4dbeb69dbc4045bf12e73ad6c7da44f919184a1c1ace89b status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.235.239:35350/bin.sh id: auto-0d71a0b0112babfbdc9087a2f364498464256d1352a5ddde50398be1758306bb status: experimental description: Detects traffic or activity related to http://123.14.235.239:35350/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.235.239:35350/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.181.36:53811/bin.sh id: auto-6ddd2dbbbb5bcb6eb8ad158728fb581a1eccba4ef65e3abe71027605788dd5ea status: experimental description: Detects traffic or activity related to http://42.232.181.36:53811/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.181.36:53811/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.133.51:39255/bin.sh id: auto-2482de52a9004b05d8c70c707979ad0c6677f57012e4cd2f328894da2f7fed02 status: experimental description: Detects traffic or activity related to http://222.138.133.51:39255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.133.51:39255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.255.33:50375/bin.sh id: auto-0145baf2d701c8d18979810e64c9f8c148842c80fd6754b7e91a3c503dda1c55 status: experimental description: Detects traffic or activity related to http://78.165.255.33:50375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.255.33:50375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.33.51:44653/bin.sh id: auto-64161f583f571a4db32f1374a95540eafd59e29c0b9106b3560330f0f16b206e status: experimental description: Detects traffic or activity related to http://115.50.33.51:44653/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.33.51:44653/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.7.202.40:57231/bin.sh id: auto-e7400a1eab351cba1cf5bc0a92a151e0612c1d0770db07897f0d961027f0490e status: experimental description: Detects traffic or activity related to http://42.7.202.40:57231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.7.202.40:57231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm7 id: auto-4923be987b4f44e950e5ce9d9d836280ffc175f33a4878f1bde88a1656353c3e status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://a6mgkosi.c0mediandu7.ru/?=check&&actmn=COUInscjQiDeLjIf id: auto-b3db972284a95eb435d9d9a59dc9cdae00c22ea899ce3b9f17e895ecb8179570 status: experimental description: Detects traffic or activity related to https://a6mgkosi.c0mediandu7.ru/?=check&&actmn=COUInscjQiDeLjIf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://a6mgkosi.c0mediandu7.ru/?=check&&actmn=COUInscjQiDeLjIf*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://w8v9ulxk.c0mediandu7.ru/?=check&&actmn=HRKKJRCnoQlBPNAR id: auto-c570796527473eb496767a4aba9b80fb2bbd78c111c31f27da5b2fc8637b29b6 status: experimental description: Detects traffic or activity related to https://w8v9ulxk.c0mediandu7.ru/?=check&&actmn=HRKKJRCnoQlBPNAR which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://w8v9ulxk.c0mediandu7.ru/?=check&&actmn=HRKKJRCnoQlBPNAR*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68k id: auto-5937db8e880cb7b67fa30f288dea2754d06645fecbe3494c1cd62f4866c5566c status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4 id: auto-fe3c7588ea2a5911265fd72510c082ad8e24da97c7fb3c163bfb184ecb6526b9 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86 id: auto-4658db40de7284e909ff0b9a0eb5d65dc9ef5c47a67711082c9ed3cd2c07e17d status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl id: auto-e4d68b25112292d54ef099cc65d5c20086532d21c1d4f3f70a50edca099fd84d status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm id: auto-1528a8706afed481d2b59b1ae9b58d338dfa5d2d491b4182c1f6e25e75f874c5 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc id: auto-50fc266bb504c9e12286337488546178a8d3fd6a73add39f7fd01ea328eb741f status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64 id: auto-d1b73cb9b1ee0655c5b5449190abb728549afc3fe2e2a7d54306b3cc63d8b950 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5 id: auto-741fe4ed031a7da0bdf7906aa899d778e4fc2df47e62d40773b7a5908e90dc2d status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mips id: auto-573b7800ff8dafe9b337b6ffadbed15fe221ad492aaa93baf2aad67f5a2340bf status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc id: auto-e95b9a777767201bf6b22194c8bcc75a410595be31561c4e354f302d8eddc1e9 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i486 id: auto-f07cc32daddabda46673f3677e02095976d60e1e7104ac6dee5da1357cb4b7f8 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm6 id: auto-e197ce64a420985d1f59e1d21ae9bb4c3e129a230e33b440d32482909455bfa4 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc id: auto-dfdcf114d39ead766c9be696a22db9bd3806fca9e5cff6aeac984850b17422cf status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/cache id: auto-5c397c68ba891292b1f8d22b9bddcbfc20d7382a9d4cb2eda1ca94d35e843f63 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/cache which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/cache*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i686 id: auto-323c9253a4b6dd5adc181455ebc5d986cf43d53fe5083be094740a4b2796724f status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm7 id: auto-cd73c21f26804252592481e5556682a0e12d220a8450663bfb7eb7069116f543 status: experimental description: Detects traffic or activity related to http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://lmfao.school-kids.space/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64 id: auto-8c162dbf7d5bcad4e6cf1519e13135f18b657418f91eb0a28801276d4114b084 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5 id: auto-b36761160c8b387b6482f49d97479aaf362992cc39f0831bc309047ac5e75d17 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4 id: auto-720ef38df1c84b5272825a3c94b0c27e2a2318d989ddb09ca1c8b96467def7bc status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86 id: auto-21392cb45e5733022aecc025e42a3bafe89b706297976afeaf63367029c2fb11 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl id: auto-e7f282629904e33d3ea281500e521d725e4b7b2b7bb72df721354100c3cfaf16 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i486 id: auto-670ca146e6cd01b60b1f9c131cb092800723fdfc42f966c575a6e687fea3135f status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc id: auto-61fffb73ae378f09edb9331fe197e9f38f603c16516416ad6db476a59743e85a status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm id: auto-5e16c89edb375a897a17852eb0419039b11a96efc586a41578c886c922ccfebc status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc id: auto-da051e33ad7a502092b4af517099615c4abdc3a8dff3cdc93daf3bd369b0fb68 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc id: auto-1a9d73a72f912c0e6c6f666b9a6fd2863e9c03fd1b50afc0b135ca6bf62085e1 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68k id: auto-0bc1d2304503b28c23d28bb35f7791a91ea5668e0c65d4bab68777eec236f1f5 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm6 id: auto-3dfe5e091a811a4d3ff5efa5ce0b0bb7d33df897ee4745264c9776f7721bb809 status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mips id: auto-1c42e425a17cf3113948cd4d57fbc16827d06db3c4b20304865dc9c04a6d63dc status: experimental description: Detects traffic or activity related to http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/z0l1mxjm4mdl4jjfjf7sb2vdmv/MMaaRRiiOisecTanee.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.33/o.xml id: auto-b94c2ddedb71ae425495ed579111f47dac73a703c7156d56c3d7252bd7dee4a6 status: experimental description: Detects traffic or activity related to http://130.12.180.33/o.xml which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.33/o.xml*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/cache id: auto-f9d6b011ea706d33601d65cf9f7af2f0b35caa0f662ade5fca997c1caf679a54 status: experimental description: Detects traffic or activity related to http://130.12.180.28/cache which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/cache*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.195/xmr.sh id: auto-15ca05d04b42cf3fae122a413214ec9dc2ed54a18c64e0dba928ba06e1822187 status: experimental description: Detects traffic or activity related to http://45.153.34.195/xmr.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.195/xmr.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.127/o.xml id: auto-b95c67ce7d63df04736c0f97b5b6bddfb11f79e9203e52bbc26547ba8c4b3539 status: experimental description: Detects traffic or activity related to http://130.12.180.127/o.xml which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.127/o.xml*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/1.sh id: auto-fee971d3fd3b686e5809085fec12423951894ae182d46fe4dd5dbd5d0395fe9e status: experimental description: Detects traffic or activity related to http://130.12.180.2/1.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/1.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.127/lol.sh id: auto-2a5d01dbf911f1184af923f0bcec85006219ad35adb483742b247846e3b03225 status: experimental description: Detects traffic or activity related to http://130.12.180.127/lol.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.127/lol.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.x86 id: auto-fbe980a2c713ffc8d5088c5a10bcb49705faa96f1eee1f11d16f92521eef27e7 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.mips id: auto-e25e22d7ea6e4ba08de0955accf492a8f5349d1f92971ca44218f62626efa981 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.arm7 id: auto-d4f2a414c8fee5d819a143375fdc956ec52450ad39738b2a5ca4d9672d74a722 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.ppc id: auto-a6df5197e45b8f6f29dfa6e831ffd48a57fa464b203a6ffd30ca8fe98872c237 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.ppc id: auto-2214efb7dad371f3f3dc12086b1756e6ba1dd9d596373e12ba2b2208dd67e242 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.m68k id: auto-5cbb6fd3935bb04a30d2307fc0e884c8579c16e33774a14294ce489020e3885a status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.spc id: auto-cdd3603f42746b02f829f368022861e709606663ade1a89096b2e30473c4ccb6 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.mpsl id: auto-d732e1886fead4f0bff56112a6f1af2c76ce5d84561756b0b7b4f19bcd9745d0 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.arm5 id: auto-42219360c361b86f97062b61d1338f0573310e3b00cf6ae22138b0bab572754e status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.arm6 id: auto-581c8df8e47a1d5a784f750388fc8a9da1860c98e38b31e6f5683ff9432e824c status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.sh4 id: auto-78e30a2330a165a885d5d3950794a88f078b2b5da7741df659b145aa40e20f38 status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.223:33389/i id: auto-b56a9fc1123eb076ed13a83c5a5d46d779339ae11221445d529256315787447a status: experimental description: Detects traffic or activity related to http://110.37.87.223:33389/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.223:33389/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.arm6 id: auto-f26438bcda3af42c125752c8770ed10012456ab38e4654d50068672520957f98 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.arm5 id: auto-4878f680f94e1354e64c6e4a1ba2c4774144d3eb91cd2a06a69f457dad3d5a0c status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.spc id: auto-0bd814b9ab4547829b95989480ed6767c0c8551a8be656b1a31265e43e4e3fb2 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.x86 id: auto-17045c1a80904107f5cac94549c9fdaa29c2c890f6dc4923c3dbbf39378a813a status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.134/bins/87sbhas6as.arm id: auto-b77e3dcdc72a064ba4440c1c34441196d605ed6d295fd89eeeb285f2f67b176c status: experimental description: Detects traffic or activity related to http://130.12.180.134/bins/87sbhas6as.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.134/bins/87sbhas6as.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.arm id: auto-c6c9acffd26a2b755c31ad0a86c4f17286962546f757db8a23a095107f20c71c status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.sh4 id: auto-8f805cc571729aa8d3a1d49236036286b5cda78338ac9f4220a70854f3421357 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.mpsl id: auto-95b5a83a985e0a81b7184a762eede86118aa94798863887d1eb3bf1bf1052ba7 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.m68k id: auto-81eb39da8ab6f5c4dd19ca9d00aee008646b44fadf2f827a5c4ad089049d5e77 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.arm7 id: auto-f6e44c761afd967ac680f8302da7279d7d4ecafdb6092d304d16ab488713f61f status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.231.222.195/bins/debug.mips id: auto-525b668b1f27c56184114380e5c54ac3f7712e6f592a66294aff44def9ac45d7 status: experimental description: Detects traffic or activity related to http://91.231.222.195/bins/debug.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.231.222.195/bins/debug.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://kktz6llc.u9putvirolo8.ru/?=check&&actmn=emXqHeYKcDXkUKwj id: auto-1756c910f05fd45c1060612bee6996fa7b86c1877834c55f242a6fa2814a636c status: experimental description: Detects traffic or activity related to https://kktz6llc.u9putvirolo8.ru/?=check&&actmn=emXqHeYKcDXkUKwj which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://kktz6llc.u9putvirolo8.ru/?=check&&actmn=emXqHeYKcDXkUKwj*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://e8jla7wl.u9putvirolo8.ru/?=check&&actmn=IowIkDcISVQxJigN id: auto-f3ccd475a069464decad031236880615ef4f1e7497480f2544b600f4956b154a status: experimental description: Detects traffic or activity related to https://e8jla7wl.u9putvirolo8.ru/?=check&&actmn=IowIkDcISVQxJigN which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://e8jla7wl.u9putvirolo8.ru/?=check&&actmn=IowIkDcISVQxJigN*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.237.247:53916/i id: auto-c366c6e2c0e83908dce7291690af5f343dc4cae85868675094c2d2749b861a33 status: experimental description: Detects traffic or activity related to http://182.112.237.247:53916/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.237.247:53916/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.43.60:39201/i id: auto-bc7ab8847797e65464951ca107ffbb439ae7f6f8828c9d28907eae6e8c5c4505 status: experimental description: Detects traffic or activity related to http://123.8.43.60:39201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.43.60:39201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.179.93:54007/i id: auto-a2e71eca4be358e4a76c2da903026e160a1892dba51ddc761ae3d954075dbe7d status: experimental description: Detects traffic or activity related to http://182.127.179.93:54007/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.179.93:54007/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.85.39:47897/i id: auto-e6b93efbd38f1ebdd019868c0437397a3c091bdd869f63def81da51e744aefab status: experimental description: Detects traffic or activity related to http://61.52.85.39:47897/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.85.39:47897/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.237.223.168:9593/i id: auto-d7e9315f2524d4919b4b71424400c08389ed635e7139c98c8a584cf8509b464a status: experimental description: Detects traffic or activity related to http://5.237.223.168:9593/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.237.223.168:9593/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.69.220:49775/i id: auto-b7ea1d01f5c3e23190de21a336f48a241ad8ba35276d6805f88353dee4389204 status: experimental description: Detects traffic or activity related to http://110.37.69.220:49775/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.69.220:49775/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.61.225:47230/i id: auto-25174dcb20bc13e32eabbeb6ca54f954dc1ba522c8d551d94bda77b1d188510c status: experimental description: Detects traffic or activity related to http://119.114.61.225:47230/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.61.225:47230/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.104.132:39841/i id: auto-ce5a54a6be634fe7368d04d1e7b7bb2b9059f0ba0208d3b1e16cb4986f7c5eb2 status: experimental description: Detects traffic or activity related to http://113.237.104.132:39841/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.104.132:39841/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.135.191:40102/i id: auto-4140ea7da158fdb2fc66835646903e5bd0f59561d394e662163bedaff094711a status: experimental description: Detects traffic or activity related to http://61.53.135.191:40102/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.135.191:40102/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2ts4xbdl.inimit9adin2.ru/?=check&&actmn=VTZPLpMNspWmyLXl id: auto-ab65b58848c774e4442bd41a2507dd62d71302e0fd09d5e168e8aa5d087b6c8a status: experimental description: Detects traffic or activity related to https://2ts4xbdl.inimit9adin2.ru/?=check&&actmn=VTZPLpMNspWmyLXl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2ts4xbdl.inimit9adin2.ru/?=check&&actmn=VTZPLpMNspWmyLXl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://frboe5t2.inimit9adin2.ru/?=check&&actmn=tNkPhhvUJrNpQkfl id: auto-fc58e08077e297ce8dacc9ab16492f9f8ab13e8a290649d4ea8a3017366a0466 status: experimental description: Detects traffic or activity related to https://frboe5t2.inimit9adin2.ru/?=check&&actmn=tNkPhhvUJrNpQkfl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://frboe5t2.inimit9adin2.ru/?=check&&actmn=tNkPhhvUJrNpQkfl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.223:33389/bin.sh id: auto-0efdf0b7cbd88b1d4cf98853f8b7130b2058a76dd8aecd7c74fcab5e6a9b6bac status: experimental description: Detects traffic or activity related to http://110.37.87.223:33389/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.223:33389/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.104.132:39841/bin.sh id: auto-2d61f5a9961464dea99d2dfc3b3559ae78e45c58814e9d2adc4391b6d114350c status: experimental description: Detects traffic or activity related to http://113.237.104.132:39841/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.104.132:39841/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://npqxzvny.m2p5uck.ru/?=check&&actmn=cecqMFPiEHnthsvE id: auto-d5810dbeba903c2dc56a32180e4a70311ad976395a3bc9eac4ca02db510f0c33 status: experimental description: Detects traffic or activity related to https://npqxzvny.m2p5uck.ru/?=check&&actmn=cecqMFPiEHnthsvE which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://npqxzvny.m2p5uck.ru/?=check&&actmn=cecqMFPiEHnthsvE*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.114.61.225:47230/bin.sh id: auto-d730774ca40bbec5efa1bddde7651eea95c9a84046e2c61b890be020b6fec5d4 status: experimental description: Detects traffic or activity related to http://119.114.61.225:47230/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.114.61.225:47230/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://881d04q9.m2p5uck.ru/?=check&&actmn=kSSnZrRxyFtejngM id: auto-aedea4b5e8c5453352b5f65f902e3dee70841e562a02fb69c095c483080c2ce7 status: experimental description: Detects traffic or activity related to https://881d04q9.m2p5uck.ru/?=check&&actmn=kSSnZrRxyFtejngM which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://881d04q9.m2p5uck.ru/?=check&&actmn=kSSnZrRxyFtejngM*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/newreaxe.sh id: auto-0466c83e03d897a7fc2f9fdc48e1f95ea332bf2e18a617a7fd91f36cc216dba8 status: experimental description: Detects traffic or activity related to http://130.12.180.72/newreaxe.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/newreaxe.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.sh4 id: auto-9f64195ba7a682b66c68bda90c4ae9dd9f6c792af47d92c28ffd8a3207a2ec6b status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm6 id: auto-01b1548be37f3323878dc3b838175e017d97ef7a3ee5cf09aa343985d5d0670f status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.m68k id: auto-756e82b31dbfcb5e17bdf37ba2ff646e073570d9808d7ab3305dc96ce894faf1 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.i686 id: auto-72851525a37d1be8833cbb150f347a0eaa364d293e3ccac84c4941cd93247ae5 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm7 id: auto-2c6781c03224cfc3a3c9643dcaeaadfe19d63c4bca4f34401825d2b663416226 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.mpsl id: auto-828b5e813f409cff534d00ff83f36a8b12b0770c947e548b9621e3978806702f status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.x86 id: auto-b9f119201291054cebc0e9a305de182f6f97cff78318c8b0b6a4fa7927968e1e status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm5 id: auto-f97841527539a7cfd3fc284efb400aaf05f1b0c7311d696efb21dae63d22d9b7 status: experimental description: Detects traffic or activity related to http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.72/x7k2m9v8b/m9x7k2v8b3.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ukocpmma.offe7sawmi1.ru/?=check&&actmn=KRqtumBfBKTBnAOG id: auto-3050d182ff5e3545b8c2c947b4b806657b38a95e731df71aa3e44e18efb066fd status: experimental description: Detects traffic or activity related to https://ukocpmma.offe7sawmi1.ru/?=check&&actmn=KRqtumBfBKTBnAOG which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ukocpmma.offe7sawmi1.ru/?=check&&actmn=KRqtumBfBKTBnAOG*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ibn00ky3.offe7sawmi1.ru/?=check&&actmn=VduWajDfwWxGVGkc id: auto-c5ce20f73fd272098b3fed86a9c08417cddefcb1e4b2de8c4d1473498dc00f1e status: experimental description: Detects traffic or activity related to https://ibn00ky3.offe7sawmi1.ru/?=check&&actmn=VduWajDfwWxGVGkc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ibn00ky3.offe7sawmi1.ru/?=check&&actmn=VduWajDfwWxGVGkc*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.151.171:38760/i id: auto-8a37e34ae5b0e8918ead5511a8802976b0f138ce8f2a8bccaae4eee2f9d2664f status: experimental description: Detects traffic or activity related to http://115.48.151.171:38760/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.151.171:38760/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.98.100:53494/i id: auto-1a8e761cc6dc97479dc3709adf72e0920cd1057f370303fc048e5f67125fef5c status: experimental description: Detects traffic or activity related to http://110.37.98.100:53494/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.98.100:53494/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.169:46023/i id: auto-d2652cec7d44f683046fcf813d4461ec2a79762bde9f61876029e5a6ec302681 status: experimental description: Detects traffic or activity related to http://115.55.50.169:46023/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.169:46023/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.59.35:57142/i id: auto-7c4d02cbbaa778f10fc64ca540fa4be2e03c754037c61b5e170a812302e009af status: experimental description: Detects traffic or activity related to http://125.44.59.35:57142/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.59.35:57142/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.146.2:40231/bin.sh id: auto-2d437513013081efb3f2c1c8d24693f641004ec6ddfdbee7fccb3cb820684e0a status: experimental description: Detects traffic or activity related to http://125.40.146.2:40231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.146.2:40231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2w5pvupy.c2rv5uating.ru/?=check&&actmn=rBdGanJESMJbTESM id: auto-fc0175d3361286d27d0f7a21c1f8d3494c666cee12553b570f49631cd460a174 status: experimental description: Detects traffic or activity related to https://2w5pvupy.c2rv5uating.ru/?=check&&actmn=rBdGanJESMJbTESM which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2w5pvupy.c2rv5uating.ru/?=check&&actmn=rBdGanJESMJbTESM*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fxccubi6.c2rv5uating.ru/?=check&&actmn=BMDiIZVgBnrSeCHk id: auto-32e62759588839de206fe4f972a2a2db81c8c8ef26e35534608e952b1c8e8eb7 status: experimental description: Detects traffic or activity related to https://fxccubi6.c2rv5uating.ru/?=check&&actmn=BMDiIZVgBnrSeCHk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fxccubi6.c2rv5uating.ru/?=check&&actmn=BMDiIZVgBnrSeCHk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.189.118:41730/i id: auto-66b539b5668b43007717a3906f2a966bcd425c199fa3fb81f74194e1d1f0d53c status: experimental description: Detects traffic or activity related to http://123.8.189.118:41730/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.189.118:41730/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.64.214:36898/i id: auto-b86cc9b83e7509f9a1c92aa1743e2556987766b31d72235c4e11953a85a795e8 status: experimental description: Detects traffic or activity related to http://182.127.64.214:36898/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.64.214:36898/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.162.114:33456/i id: auto-fa508144c10db3e75332099ab61d233f78738114f6a4cadc9daf3646dfaca849 status: experimental description: Detects traffic or activity related to http://182.119.162.114:33456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.162.114:33456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://chezvouscuisine.co.uk/wp-admin/js/px1 id: auto-ba24957ba35ea806f00332c6b1d9e38d76a2a35fca3018d33f358a8953167ef7 status: experimental description: Detects traffic or activity related to https://chezvouscuisine.co.uk/wp-admin/js/px1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://chezvouscuisine.co.uk/wp-admin/js/px1*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/mmXncrP.exe id: auto-70d1b8266b839cfd398f5d16e2fed495bbdd1939935bd344ea3f48bf108f6092 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/mmXncrP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/mmXncrP.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.25.221:55055/i id: auto-8c1859617925e660cb6de1af5d1d412e9b902de29c605c69436a6184b6b55058 status: experimental description: Detects traffic or activity related to http://125.44.25.221:55055/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.25.221:55055/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.151.171:38760/bin.sh id: auto-2d588c66762c5d25688a99992acd166edb77584fb70cdf4551b452bdd0e448ca status: experimental description: Detects traffic or activity related to http://115.48.151.171:38760/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.151.171:38760/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.112.204:44230/i id: auto-1bc9d388785ab22edf5f5c9e4534099de3f720f71f2cd9a600221f816aa3a23a status: experimental description: Detects traffic or activity related to http://182.121.112.204:44230/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.112.204:44230/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qighklwi.b2sil5kirdor.ru/?=check&&actmn=yLEPanPYyaLYvWCn id: auto-568741452262bb20c0581a238bf7c7af73becd31fef78a4286d1d4b2f15a05fc status: experimental description: Detects traffic or activity related to https://qighklwi.b2sil5kirdor.ru/?=check&&actmn=yLEPanPYyaLYvWCn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qighklwi.b2sil5kirdor.ru/?=check&&actmn=yLEPanPYyaLYvWCn*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.115.143.75:19766/.i id: auto-e0c281369749f86373aa3e7710d2ae0ce9cd087455b6c99bb1107a9647cb8b3b status: experimental description: Detects traffic or activity related to http://58.115.143.75:19766/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.115.143.75:19766/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.164.67.92:12868/i id: auto-0482d2d144cb6f58a5cc3b3aa56dc00817a87a27758f5967bed83018b5bd435b status: experimental description: Detects traffic or activity related to http://119.164.67.92:12868/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.164.67.92:12868/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.98.100:53494/bin.sh id: auto-6f2ea2cfef1612ce8d7f22031377272106a6a5a5a3c54b77116c24eeba41708c status: experimental description: Detects traffic or activity related to http://110.37.98.100:53494/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.98.100:53494/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://q0qwfwsf.b2sil5kirdor.ru/?=check&&actmn=QhTMgWXQdRkOuOck id: auto-f42f265c2ba922721b99cc3103773899af1ad231e3f29c804b09e2e5d1bd28d8 status: experimental description: Detects traffic or activity related to https://q0qwfwsf.b2sil5kirdor.ru/?=check&&actmn=QhTMgWXQdRkOuOck which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://q0qwfwsf.b2sil5kirdor.ru/?=check&&actmn=QhTMgWXQdRkOuOck*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.197.97:44775/i id: auto-8cb823d4bd1373a2e51f01ff75d54fb1630e673207115fbaa3573ded52e63f91 status: experimental description: Detects traffic or activity related to http://120.28.197.97:44775/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.197.97:44775/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.222.198:59039/i id: auto-119386299cde9b9efd3b3ea8461a968efc091849d03df25530cbe0a1795e8f78 status: experimental description: Detects traffic or activity related to http://42.226.222.198:59039/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.222.198:59039/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.59.35:57142/bin.sh id: auto-a4b6e9880b38303c7039c16c93317dcda38f0ad8e8e0bced8fee3d5b081caed7 status: experimental description: Detects traffic or activity related to http://125.44.59.35:57142/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.59.35:57142/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.169:46023/bin.sh id: auto-ccfafa6a729bb190df03fd7097ab452d4e1ee774518a62c27cba439f452fd704 status: experimental description: Detects traffic or activity related to http://115.55.50.169:46023/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.169:46023/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bxiwtept.dr2nudmu7t.ru/?=check&&actmn=MfbWmOjaxKxPPkUm id: auto-1ad61a212cc820dfee95f8fc33e11a9c8f21cd92ac01f534381f97ad04ba3a3c status: experimental description: Detects traffic or activity related to https://bxiwtept.dr2nudmu7t.ru/?=check&&actmn=MfbWmOjaxKxPPkUm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bxiwtept.dr2nudmu7t.ru/?=check&&actmn=MfbWmOjaxKxPPkUm*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.189.118:41730/bin.sh id: auto-514559b9ba1891be94c80b92b50d90f26b8e7d144f52ee5daeb788aabbc9a05e status: experimental description: Detects traffic or activity related to http://123.8.189.118:41730/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.189.118:41730/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://c1tcodwo.dr2nudmu7t.ru/?=check&&actmn=akznjAkeOvlgPisG id: auto-223f0b9ae2d5e543a7e3ddefbab246d1fad0edde6d2aa99c105a91c76f5f33f0 status: experimental description: Detects traffic or activity related to https://c1tcodwo.dr2nudmu7t.ru/?=check&&actmn=akznjAkeOvlgPisG which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://c1tcodwo.dr2nudmu7t.ru/?=check&&actmn=akznjAkeOvlgPisG*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.25.221:55055/bin.sh id: auto-c0af091778104eac77055d4f6679aa9b8534389e4341c0c92895c2b746e6ca89 status: experimental description: Detects traffic or activity related to http://125.44.25.221:55055/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.25.221:55055/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.247.164:58906/i id: auto-389248f1d2c1cbffccfed0242dcf323d72a24f3eda975effb5b53b1a9f5e5346 status: experimental description: Detects traffic or activity related to http://110.39.247.164:58906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.247.164:58906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.112.204:44230/bin.sh id: auto-e096cb0068e2d5e193bb59fc1352d04f8253598ae2df3569c7f8636de27bd291 status: experimental description: Detects traffic or activity related to http://182.121.112.204:44230/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.112.204:44230/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.197.97:44775/bin.sh id: auto-fb80d27dd5ea85a720930ab78f69daaa7efea397dd284dddedf3c23a4c8e4eb7 status: experimental description: Detects traffic or activity related to http://120.28.197.97:44775/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.197.97:44775/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3e8w8can.pr0peltano1s.ru/?=check&&actmn=yBVjtafXyYCVQWcC id: auto-739e9e8459a44c7031f6b9c21d2fdc34ddc41d994bbc30f4bc88573163e47af2 status: experimental description: Detects traffic or activity related to https://3e8w8can.pr0peltano1s.ru/?=check&&actmn=yBVjtafXyYCVQWcC which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3e8w8can.pr0peltano1s.ru/?=check&&actmn=yBVjtafXyYCVQWcC*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1swvw1lt.pr0peltano1s.ru/?=check&&actmn=MmhluLsbgrhesKyA id: auto-f2445d6a74ea98b967098aa9c8e94f97fc023c82d2bc846c8ae629420fa55975 status: experimental description: Detects traffic or activity related to https://1swvw1lt.pr0peltano1s.ru/?=check&&actmn=MmhluLsbgrhesKyA which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1swvw1lt.pr0peltano1s.ru/?=check&&actmn=MmhluLsbgrhesKyA*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.157:52736/i id: auto-4e20aa3e8215578c08d9bf82c467346b359b300ea022143c70feca79d43015c2 status: experimental description: Detects traffic or activity related to http://110.37.53.157:52736/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.157:52736/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://rmqe76k0.adju5tc2b.ru/?=check&&actmn=sdUKzmDIYhgTqkdA id: auto-2bf7b643b645b79b5e968038881f80d622effeb83a7519f2409641368a3cb7be status: experimental description: Detects traffic or activity related to https://rmqe76k0.adju5tc2b.ru/?=check&&actmn=sdUKzmDIYhgTqkdA which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://rmqe76k0.adju5tc2b.ru/?=check&&actmn=sdUKzmDIYhgTqkdA*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bis2ijbb.adju5tc2b.ru/?=check&&actmn=saKkrzQFOexwNQdM id: auto-0fa2c7f2b6d1c50eb64d8590d45067e2a0846bd0adcd1924182645b97c43ba62 status: experimental description: Detects traffic or activity related to https://bis2ijbb.adju5tc2b.ru/?=check&&actmn=saKkrzQFOexwNQdM which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bis2ijbb.adju5tc2b.ru/?=check&&actmn=saKkrzQFOexwNQdM*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/qMP3MuX.exe id: auto-238ff51a2260ced7e4e06d34d4c000c6af0dafef722953f27ccfca2da9e8665b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/qMP3MuX.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/qMP3MuX.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.56.140.139:45701/bin.sh id: auto-aa9650c1b710811dad1ea4247878dbf24f4007548b31288aa2fbad4b8c3904eb status: experimental description: Detects traffic or activity related to http://42.56.140.139:45701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.56.140.139:45701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.53.157:52736/bin.sh id: auto-d2d4732f787098a30cf0ff5c523348be52546a9a16507bbafec9b861a4bb29c7 status: experimental description: Detects traffic or activity related to http://110.37.53.157:52736/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.53.157:52736/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8278288380/2tMHSXf.exe id: auto-cb343fd1af556f98d5b87b7a1f927800cc3236adfc26204d2b02cb9499ced1c4 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8278288380/2tMHSXf.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8278288380/2tMHSXf.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/RM9zrCG.exe id: auto-06c4b0db37c1f219f0df6b85d14fbcaf4e42fe143904350a10f42cbca5e0ac18 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/RM9zrCG.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/RM9zrCG.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.38.87:57446/i id: auto-565a5e515996674e0b07d6971c92a57f6e07dd38b6e5ecc43cb4472f66a4edba status: experimental description: Detects traffic or activity related to http://175.166.38.87:57446/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.38.87:57446/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.aarch64 id: auto-c07b1854259d363653117fc5532f209844ca6c3f093d1403e1aa480290fc7ef0 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.aarch64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.aarch64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.arm5 id: auto-d101e695f3d28c8835bf49e8ae7a53961a7869983c58d14971736cbecd291e32 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.arm6 id: auto-48a29fca80a816693257f4d1f832d0ea4881220d3acc5a281ac8b86f244e818b status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.mips id: auto-707bcc75cf1b590988da6c519ce3c5d23ca2e7b22e4d63242212485de09030e7 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.x86_64 id: auto-496125bdef565edb6318c0d740d7768bda004bd0284bd1ee3268389ccb7e638a status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.x86 id: auto-b911b47fabd5734c564a7ff2ca44dede181698dee7898bfb634201109b8796fe status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.arm7 id: auto-37429af3b1abbe68ff955d7ec26a9df62cd497d037e6ca365de46fcfb2ab00b2 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/bbl.sh id: auto-6ae0534c1aeb46ef44065b4cca62f23cb34ba1279501d8f46033d6c796fd6f25 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/bbl.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/bbl.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.255.167.171:37961/i id: auto-50de91949de6998624aba2421f268dbf8510b686f468ea84fa829a14fc9aea8a status: experimental description: Detects traffic or activity related to http://112.255.167.171:37961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.255.167.171:37961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.140.41:46151/bin.sh id: auto-5df9b6e2eba953e2080aac3a0647d70081bd3079d53ad5d110f26835f605f01e status: experimental description: Detects traffic or activity related to http://115.58.140.41:46151/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.140.41:46151/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ksgwkcii.ku6chni8ht.ru/?=check&&actmn=NmttqznhRkHkwVpa id: auto-1e7a1b3ee8c33e601d9e5c05cd40d94e72b4e9640f26215a7133386c70d3988c status: experimental description: Detects traffic or activity related to https://ksgwkcii.ku6chni8ht.ru/?=check&&actmn=NmttqznhRkHkwVpa which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ksgwkcii.ku6chni8ht.ru/?=check&&actmn=NmttqznhRkHkwVpa*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://r1v6tqom.ku6chni8ht.ru/?=check&&actmn=FOaGjmggwWFcwWYK id: auto-86318d45b5a8eb888a41de380d3778704f12c377edc1505a5bbca611dd736c32 status: experimental description: Detects traffic or activity related to https://r1v6tqom.ku6chni8ht.ru/?=check&&actmn=FOaGjmggwWFcwWYK which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://r1v6tqom.ku6chni8ht.ru/?=check&&actmn=FOaGjmggwWFcwWYK*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.136.149.229:41610/i id: auto-ff6aa616e1d2acb31584608eba6607573a58dbbd983a7cc610ababccbe42cfd7 status: experimental description: Detects traffic or activity related to http://222.136.149.229:41610/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.136.149.229:41610/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.97.79:34496/bin.sh id: auto-6956d45cd213871e4df5e80d5f0311cbe3a823c5f97b2cb62f065bbdf44f435e status: experimental description: Detects traffic or activity related to http://113.221.97.79:34496/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.97.79:34496/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.242.199:52547/bin.sh id: auto-a5793e5b785193ead76a2eb77c431c14626df79533251909a97c87235157bb96 status: experimental description: Detects traffic or activity related to http://123.11.242.199:52547/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.242.199:52547/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.238.127:32978/i id: auto-a69ad515c60a04c084a827f52fbc3cf5e7878f6173f6223540d416ef30243c71 status: experimental description: Detects traffic or activity related to http://42.85.238.127:32978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.238.127:32978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.181.10:56090/bin.sh id: auto-b29295e047eb2c51f6f9928dba9dcac88a93be452c64b3f35aaf78a9a3745b6a status: experimental description: Detects traffic or activity related to http://222.137.181.10:56090/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.181.10:56090/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.130.159:36806/i id: auto-290109f9a4e074175374efff03f80b3006b3a154e3469dc7553ca659aece4df5 status: experimental description: Detects traffic or activity related to http://42.227.130.159:36806/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.130.159:36806/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.166.38.87:57446/bin.sh id: auto-73f3d04e659ecf99e26cc3aa08d59dd527102aed15880f2bca5b6c5a76dde075 status: experimental description: Detects traffic or activity related to http://175.166.38.87:57446/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.166.38.87:57446/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://v8q5m4s5.hi8hdukev1a.ru/?=check&&actmn=DOHqcUnBkKcmVHMI id: auto-fceffc8cba6380965ea98d501d8f2aedf9060e8e6feaf0a2be2afdd0195c8b1c status: experimental description: Detects traffic or activity related to https://v8q5m4s5.hi8hdukev1a.ru/?=check&&actmn=DOHqcUnBkKcmVHMI which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://v8q5m4s5.hi8hdukev1a.ru/?=check&&actmn=DOHqcUnBkKcmVHMI*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://w1b2ofrw.hi8hdukev1a.ru/?=check&&actmn=vFDwzUOgwSyEWZrI id: auto-6442b33351e24cbde4e5fba8cbb302c87a84f6bf3516853d05306872f24a82d7 status: experimental description: Detects traffic or activity related to https://w1b2ofrw.hi8hdukev1a.ru/?=check&&actmn=vFDwzUOgwSyEWZrI which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://w1b2ofrw.hi8hdukev1a.ru/?=check&&actmn=vFDwzUOgwSyEWZrI*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.43.189:37787/bin.sh id: auto-3507d79f13af8e92919382b94013e44bb122a60462be58e17e66eaea110a5cf9 status: experimental description: Detects traffic or activity related to http://110.37.43.189:37787/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.43.189:37787/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.170.147:56967/bin.sh id: auto-efb5a5aff157abb2141a25b695fd18bfe203ac622e12e8b341805e69faf0ff35 status: experimental description: Detects traffic or activity related to http://42.86.170.147:56967/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.170.147:56967/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.28.58:37078/bin.sh id: auto-790c169dbd7daba7f06849a75d63f1e8613ffa51311cb32df269762e97557164 status: experimental description: Detects traffic or activity related to http://112.237.28.58:37078/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.28.58:37078/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://m2r2vsbg.rend5win8.ru/?=check&&actmn=yMlZkIDbfbQziQvT id: auto-a8a6c1608bf9ec2c963e38f8c472d44267a0b81de999d73ed1dfbe52aca02f6c status: experimental description: Detects traffic or activity related to https://m2r2vsbg.rend5win8.ru/?=check&&actmn=yMlZkIDbfbQziQvT which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://m2r2vsbg.rend5win8.ru/?=check&&actmn=yMlZkIDbfbQziQvT*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jiibusmr.rend5win8.ru/?=check&&actmn=qgfgnHblyciINOap id: auto-c37fab084acc6d2ec39b0c4c827eb9f754011a42858c6fdf987a7a037087f18d status: experimental description: Detects traffic or activity related to https://jiibusmr.rend5win8.ru/?=check&&actmn=qgfgnHblyciINOap which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jiibusmr.rend5win8.ru/?=check&&actmn=qgfgnHblyciINOap*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.130.159:36806/bin.sh id: auto-c4e48ebf2b98e5addc436ab87cd8e44e71289d04dc267ea56be85fb8fefe6390 status: experimental description: Detects traffic or activity related to http://42.227.130.159:36806/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.130.159:36806/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.238.127:32978/bin.sh id: auto-66c1b403a26718b0438af9b7bd8379e38dedd324f1bc2f403bbf4a503a34ec07 status: experimental description: Detects traffic or activity related to http://42.85.238.127:32978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.238.127:32978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.44.248:55778/i id: auto-086cc174d09c6e408471f7a6bb57925c8f5e7fb12ed69b445548100d95340500 status: experimental description: Detects traffic or activity related to http://61.52.44.248:55778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.44.248:55778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://8r1qnkm3.rabk0r5pech.ru/?=check&&actmn=IUNNbOqNSxymRgTq id: auto-30ff171653f0207ba0afec5eeb0c4b094cb46c094f28ddb17431c9dd832535bf status: experimental description: Detects traffic or activity related to https://8r1qnkm3.rabk0r5pech.ru/?=check&&actmn=IUNNbOqNSxymRgTq which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://8r1qnkm3.rabk0r5pech.ru/?=check&&actmn=IUNNbOqNSxymRgTq*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://oonpfyma.rabk0r5pech.ru/?=check&&actmn=NOGXBKljaDKfgEBj id: auto-15abf8f1cf87a71331dc40e78a194b982abf6c6d44aad65858fe12f8346da356 status: experimental description: Detects traffic or activity related to https://oonpfyma.rabk0r5pech.ru/?=check&&actmn=NOGXBKljaDKfgEBj which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://oonpfyma.rabk0r5pech.ru/?=check&&actmn=NOGXBKljaDKfgEBj*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.138.159:43158/i id: auto-365b4870a24aff582effb771af41b362df007493af9f2aa0e010ab4b70d808f2 status: experimental description: Detects traffic or activity related to http://222.138.138.159:43158/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.138.159:43158/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.28.255:35815/i id: auto-414cc03ec4e122588c9f81a95a255a58fb2d5b91a17554bfcc08167c1129d551 status: experimental description: Detects traffic or activity related to http://123.12.28.255:35815/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.28.255:35815/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.192.118:58315/i id: auto-3b70328aa42751b85fbf1815ca01959392f23a7afa584ce8390d9e053b00ed7a status: experimental description: Detects traffic or activity related to http://182.114.192.118:58315/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.192.118:58315/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://yy62g3e1.fa1ditmim2ns.ru/?=check&&actmn=ginCQZgbozpjHLLt id: auto-83b2349b8929bcfcbec60897e89c92e5df890d0bbeb62ed6a87521fb375aa5a9 status: experimental description: Detects traffic or activity related to https://yy62g3e1.fa1ditmim2ns.ru/?=check&&actmn=ginCQZgbozpjHLLt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://yy62g3e1.fa1ditmim2ns.ru/?=check&&actmn=ginCQZgbozpjHLLt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://v5pxe3tg.fa1ditmim2ns.ru/?=check&&actmn=bvOOZvPVvDeXDzor id: auto-00eff01de2020da4f21b4ca1ad4b8de3daacae75d0e10bf3ba5e74401a31a4e8 status: experimental description: Detects traffic or activity related to https://v5pxe3tg.fa1ditmim2ns.ru/?=check&&actmn=bvOOZvPVvDeXDzor which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://v5pxe3tg.fa1ditmim2ns.ru/?=check&&actmn=bvOOZvPVvDeXDzor*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.131.179:34957/i id: auto-17658fbba5e8ba8c6d401c5fc13ff3d42c0bd4f3f575f58d4c9fcb0b9a272987 status: experimental description: Detects traffic or activity related to http://60.23.131.179:34957/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.131.179:34957/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://iyiqs094.fa1ditmim2ns.ru/?=check&&actmn=RRIXEOwuDpBKlNwl id: auto-fc1a02f93d99b00e3aee81ba3ea91aa10545ffde99c4059737e358c8604090ca status: experimental description: Detects traffic or activity related to https://iyiqs094.fa1ditmim2ns.ru/?=check&&actmn=RRIXEOwuDpBKlNwl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://iyiqs094.fa1ditmim2ns.ru/?=check&&actmn=RRIXEOwuDpBKlNwl*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.44.248:55778/bin.sh id: auto-820208f0d24348c7acbbdf6c4ef5829cd0e91503cf5bd64043c46cd65cf1b917 status: experimental description: Detects traffic or activity related to http://61.52.44.248:55778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.44.248:55778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://199.16.59.214:59376/bin.sh id: auto-41781659192a04055fb1af36db445fbf30b0e3accdc7c5aafcbf06eab1853d60 status: experimental description: Detects traffic or activity related to http://199.16.59.214:59376/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://199.16.59.214:59376/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.56.52:58064/i id: auto-5e59bb2122af96d2d434cdc4650aac87b3958bcaead1a07ac621ea926c44d906 status: experimental description: Detects traffic or activity related to http://125.45.56.52:58064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.56.52:58064/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_mpsl id: auto-aeea03fd4778d119e95494da08e9897026505d66034c090e230f8e8a85d3f5dc status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.138.159:43158/bin.sh id: auto-0309f8c1bd2cc3ee023991b25f618ca6f0b621322d884738e815ebf260c9554d status: experimental description: Detects traffic or activity related to http://222.138.138.159:43158/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.138.159:43158/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.52.208.207:44945/bin.sh id: auto-31e29d75365f85683eb13c4a74e866466527767e98c133c8fe86919a34d7a677 status: experimental description: Detects traffic or activity related to http://42.52.208.207:44945/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.52.208.207:44945/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d8kbeizm.bun8topch2n.ru/?=check&&actmn=xRDtBDnZneddtrCV id: auto-9067593f4ad24b8e3b75d6de5cb1307fbc9809707b5ef55cde5dc9f2eb4b4baa status: experimental description: Detects traffic or activity related to https://d8kbeizm.bun8topch2n.ru/?=check&&actmn=xRDtBDnZneddtrCV which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d8kbeizm.bun8topch2n.ru/?=check&&actmn=xRDtBDnZneddtrCV*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pzmiqand.bun8topch2n.ru/?=check&&actmn=jtSMhoumXwcejPcm id: auto-3d3ef8e65fd6094d9d979347950a2c81f57f8055ef518c17f36715e694b78612 status: experimental description: Detects traffic or activity related to https://pzmiqand.bun8topch2n.ru/?=check&&actmn=jtSMhoumXwcejPcm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pzmiqand.bun8topch2n.ru/?=check&&actmn=jtSMhoumXwcejPcm*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.131.179:34957/bin.sh id: auto-dfae74ba92ae97fff2f501a2901bc848e8ca420451bfacc0dcc554e135cf08e0 status: experimental description: Detects traffic or activity related to http://60.23.131.179:34957/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.131.179:34957/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.199.150:34015/bin.sh id: auto-3f5dc8809e1c2043320dbcf182294a49ec4796fe4a42075d1986e7b4ed43d0a7 status: experimental description: Detects traffic or activity related to http://123.9.199.150:34015/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.199.150:34015/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.173.102:45906/i id: auto-7c3dd7dda2a48811f89199803d22732f2a81aca872480106c3653a29c9739ade status: experimental description: Detects traffic or activity related to http://219.156.173.102:45906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.173.102:45906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://28l94n0x.astra1r0pac.ru/?=check&&actmn=TXuPrJmAcaMsXnAt id: auto-fa283226b1c75fb67be08c935bf00df657fdfca30cf80c548fbc29f331de4997 status: experimental description: Detects traffic or activity related to https://28l94n0x.astra1r0pac.ru/?=check&&actmn=TXuPrJmAcaMsXnAt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://28l94n0x.astra1r0pac.ru/?=check&&actmn=TXuPrJmAcaMsXnAt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://j2borkqf.astra1r0pac.ru/?=check&&actmn=mcdpEopbXJKmycUK id: auto-245cbd25136620e7c420b25921cb4fb90e1a18cd986ceff04495778dd0382f94 status: experimental description: Detects traffic or activity related to https://j2borkqf.astra1r0pac.ru/?=check&&actmn=mcdpEopbXJKmycUK which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://j2borkqf.astra1r0pac.ru/?=check&&actmn=mcdpEopbXJKmycUK*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.56.52:58064/bin.sh id: auto-4746c035b3690bf6f067b9df0acabb716ae9213d3030438ca87f3d62663ca244 status: experimental description: Detects traffic or activity related to http://125.45.56.52:58064/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.56.52:58064/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.247.6.200:56640/bin.sh id: auto-fe67b776d6aa5b56c6a233654cef9877c920879503a3ef534558b9d211f4747e status: experimental description: Detects traffic or activity related to http://112.247.6.200:56640/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.247.6.200:56640/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.17.59.40:5506/KCZXWEFJ.msi id: auto-b85d7d830a46e9c486e7f2473b1d7773fd03ec75540fbaf76afd0ba7589cec8b status: experimental description: Detects traffic or activity related to http://178.17.59.40:5506/KCZXWEFJ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.17.59.40:5506/KCZXWEFJ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.164.104:58719/i id: auto-977bc21a01341743d43549cdb4fe4b9afda687912312eb87c4001c08f2257fd4 status: experimental description: Detects traffic or activity related to http://42.227.164.104:58719/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.164.104:58719/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d4yi75m0.brist1ynom2d.ru/?=check&&actmn=imbDcORxJMNtKGnN id: auto-9927b66f6fbf7ad499230d0db4e7023e30fa6b8f33d5d2a043c1146925d2c216 status: experimental description: Detects traffic or activity related to https://d4yi75m0.brist1ynom2d.ru/?=check&&actmn=imbDcORxJMNtKGnN which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d4yi75m0.brist1ynom2d.ru/?=check&&actmn=imbDcORxJMNtKGnN*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://q9v5lqkv.brist1ynom2d.ru/?=check&&actmn=mMfHioQqQysCYzHM id: auto-79e49afa5357d015c1d93f3e03c204ff4edcd183d7383f9c59a6d8d08cccbbad status: experimental description: Detects traffic or activity related to https://q9v5lqkv.brist1ynom2d.ru/?=check&&actmn=mMfHioQqQysCYzHM which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://q9v5lqkv.brist1ynom2d.ru/?=check&&actmn=mMfHioQqQysCYzHM*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.173.102:45906/bin.sh id: auto-ab3e66103b01ce970b3a21d5ca0b5c4f6dbc629873898c062b089ad3dc3a81de status: experimental description: Detects traffic or activity related to http://219.156.173.102:45906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.173.102:45906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dvq02enh.five5kitt1es.ru/?=check&&actmn=yJkabPSyFHAGljEz id: auto-b122b9a3f52c872c47de01da7b3f098e78ae4795bfc411e7cf026918088b08fe status: experimental description: Detects traffic or activity related to https://dvq02enh.five5kitt1es.ru/?=check&&actmn=yJkabPSyFHAGljEz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dvq02enh.five5kitt1es.ru/?=check&&actmn=yJkabPSyFHAGljEz*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qj9v9qv3.five5kitt1es.ru/?=check&&actmn=QpyFkmHgfkIoroZF id: auto-b3fe2a80897592acecdfba2e87560a331e53ab2363dd52eba056a017000b1dda status: experimental description: Detects traffic or activity related to https://qj9v9qv3.five5kitt1es.ru/?=check&&actmn=QpyFkmHgfkIoroZF which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qj9v9qv3.five5kitt1es.ru/?=check&&actmn=QpyFkmHgfkIoroZF*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.89.24:48287/i id: auto-599e3e48044b0c050b4085eb70c0cf28ee72095772dc0f2a17b4366a9645f18b status: experimental description: Detects traffic or activity related to http://27.37.89.24:48287/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.89.24:48287/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.83.79:37341/i id: auto-5f5bb35299f249e64e5a90ecd64a6e71ca334b6f3cdde7dabcdbaea6e386cc85 status: experimental description: Detects traffic or activity related to http://113.236.83.79:37341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.83.79:37341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.164.104:58719/bin.sh id: auto-ee6589ac32df7e8ccdd9d4b45112808b4763eed32936a74a3fe42578e4059da4 status: experimental description: Detects traffic or activity related to http://42.227.164.104:58719/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.164.104:58719/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.95.136:56370/i id: auto-0bbd860db40bd3c65c4c548dbe5387970fe870f6b0ca707c4da930d310c7441b status: experimental description: Detects traffic or activity related to http://110.37.95.136:56370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.95.136:56370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.140.41:46151/i id: auto-28bc9cac1be141eb383de9c834e52fb7c9128e4c6eb6e64c45e3af75548275e6 status: experimental description: Detects traffic or activity related to http://115.58.140.41:46151/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.140.41:46151/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.30.32:34417/i id: auto-337d4b2076c5eeeaf7dd87e0ebeb5404137979f8c02cffc91673a62f774d2622 status: experimental description: Detects traffic or activity related to http://115.52.30.32:34417/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.30.32:34417/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.218.92:58317/bin.sh id: auto-a20cb3ee559aac36becb0978549f5d6216917bc07e0b8e2376af886c2a94ad4a status: experimental description: Detects traffic or activity related to http://42.230.218.92:58317/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.218.92:58317/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.148.197:41289/bin.sh id: auto-d6d5332291c7570ece738247a1a243acbdff14ea77fe96fd89ff508e115089b4 status: experimental description: Detects traffic or activity related to http://123.5.148.197:41289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.148.197:41289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://bwpxjg5k.bi8tape5try.ru/?=check&&actmn=OWsJFHIYDWzXdmmG id: auto-e905daa4a57a261d7da9a97f0f666eb5ba07c255a46638e211898e662c700043 status: experimental description: Detects traffic or activity related to https://bwpxjg5k.bi8tape5try.ru/?=check&&actmn=OWsJFHIYDWzXdmmG which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://bwpxjg5k.bi8tape5try.ru/?=check&&actmn=OWsJFHIYDWzXdmmG*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://w7k49x7q.bi8tape5try.ru/?=check&&actmn=GWYPRroeikclSfLV id: auto-10e22e324e5eb33bcbc913909619c1d0e70869feeace867052da78a92e4691cb status: experimental description: Detects traffic or activity related to https://w7k49x7q.bi8tape5try.ru/?=check&&actmn=GWYPRroeikclSfLV which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://w7k49x7q.bi8tape5try.ru/?=check&&actmn=GWYPRroeikclSfLV*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.21.194.49:37439/i id: auto-854076a5b62d10aefc6a6ace79f61f8dda116e84f40fb06376f432fdad0ab63f status: experimental description: Detects traffic or activity related to http://89.21.194.49:37439/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.21.194.49:37439/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.83.79:37341/bin.sh id: auto-d2a053f1b8cafc4b9cadf2965582fae067fafceb60d7ab40e9541da8f32bad79 status: experimental description: Detects traffic or activity related to http://113.236.83.79:37341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.83.79:37341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://62fhvzqh.benefc2th0de.ru/?=check&&actmn=SteaWTJDouYMxuIA id: auto-0916523dc6fcc67881f57e9c42247ba6895cf8105f63139f682cb3733936af0a status: experimental description: Detects traffic or activity related to https://62fhvzqh.benefc2th0de.ru/?=check&&actmn=SteaWTJDouYMxuIA which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://62fhvzqh.benefc2th0de.ru/?=check&&actmn=SteaWTJDouYMxuIA*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lzo4wndi.benefc2th0de.ru/?=check&&actmn=zZzQJhstkYkWzPnL id: auto-9c79f7d80595fc84745d63634af4408e00a6884a6fab8106bdad4059acd0314c status: experimental description: Detects traffic or activity related to https://lzo4wndi.benefc2th0de.ru/?=check&&actmn=zZzQJhstkYkWzPnL which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lzo4wndi.benefc2th0de.ru/?=check&&actmn=zZzQJhstkYkWzPnL*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://freminfar.floresdelphinium.cfd/?40449584567613974 id: auto-d166128b2cd4c4828f311ab0580b8531c540eef6a06fa21593ed4c108b2e6972 status: experimental description: Detects traffic or activity related to https://freminfar.floresdelphinium.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://freminfar.floresdelphinium.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brumol.floresflorchuvaouro.cfd/?40449584567613974 id: auto-4a1ee7ebef811c5024617207b162473d5b5d46a30a3ec0762af902123a5c3ce6 status: experimental description: Detects traffic or activity related to https://brumol.floresflorchuvaouro.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brumol.floresflorchuvaouro.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://globondinim4.floresflorestrela.cfd/?40449584567613974 id: auto-8fa1164e5aac80f5ab6e5084d0a03009ed3cf10a6eea75f2c1f3b7413bca7b1f status: experimental description: Detects traffic or activity related to https://globondinim4.floresflorestrela.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://globondinim4.floresflorestrela.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://scrowinnal.floresflorestrela.cfd/?40449584567613974 id: auto-8b8c9930ba07db242de1d02332d59ac96b7bb7a63e3b284747519803d4679efb status: experimental description: Detects traffic or activity related to https://scrowinnal.floresflorestrela.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://scrowinnal.floresflorestrela.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glejannonfil.floresflorcacto.cfd/?40449584567613974 id: auto-46ee34ab2cbaf6e4ef5ba626c242113e252f11729c3f82d99ce5744f751bea60 status: experimental description: Detects traffic or activity related to https://glejannonfil.floresflorcacto.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glejannonfil.floresflorcacto.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://stanintenal33.florescrinum.cfd/?40449584567613974 id: auto-46c6a0ceb9d71ea6f62a8f828df3e9b2f454c5ea0da115c6262a9b284a1e1cad status: experimental description: Detects traffic or activity related to https://stanintenal33.florescrinum.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://stanintenal33.florescrinum.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://scrofil.floresclivia.cfd/?40449584567613974 id: auto-0ee19a6132a66508c0263cdba25472f1f6334dde1cc86647f2a60f24873e811c status: experimental description: Detects traffic or activity related to https://scrofil.floresclivia.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://scrofil.floresclivia.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://screzol.floresflorchuva.cfd/?40449584567613974 id: auto-fb58aedb6b72a2209e79093c2ad6f6b5d2f7f9269203d45c1d57258bc5df45a9 status: experimental description: Detects traffic or activity related to https://screzol.floresflorchuva.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://screzol.floresflorchuva.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://planronpal2.floresixia.cfd/?40449584567613974 id: auto-67726ee1d4757f1560f36779006890557f045eb6d9acb8f3ebc6b349b547c8a9 status: experimental description: Detects traffic or activity related to https://planronpal2.floresixia.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://planronpal2.floresixia.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grafar.floresagapanto.cfd/?40449584567613974 id: auto-55eee2f20f5884bb7f94dcb834a11a792bbc4cf873d522264caedde2d6fcf267 status: experimental description: Detects traffic or activity related to https://grafar.floresagapanto.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grafar.floresagapanto.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prusul.floresflorcacto.cfd/?40449584567613974 id: auto-d73b1c6d30c23aea97cf186340a18d79fb120ad87c29a7ed1495ab6d257026f6 status: experimental description: Detects traffic or activity related to https://prusul.floresflorcacto.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prusul.floresflorcacto.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://planmenpunval.floresixia.cfd/?40449584567613974 id: auto-c61d809d61c487a6d7c51df876399839bee7c7697f73be82604b01de3fbc34fe status: experimental description: Detects traffic or activity related to https://planmenpunval.floresixia.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://planmenpunval.floresixia.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drapunninsom.floresflorchuvaouro.cfd/?40449584567613974 id: auto-9c6b2a50cdb0b9bc015a416c7f14b1cf8b7e0d215ab69a9457407b6b1d9eef0c status: experimental description: Detects traffic or activity related to https://drapunninsom.floresflorchuvaouro.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drapunninsom.floresflorchuvaouro.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brusonfinmol.floresnigella.cfd/?40449584567613974 id: auto-8fcba97730dfc5458b18f9c4a88bda19f671c4177fe28fddc5d28ce31e4c5aa0 status: experimental description: Detects traffic or activity related to https://brusonfinmol.floresnigella.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brusonfinmol.floresnigella.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drapunval.floresdelphinium.cfd/?40449584567613974 id: auto-25c7dcfe7ab706b334869c0f2eab58bdd3eef512a46e080f3b79b9379685b8b2 status: experimental description: Detects traffic or activity related to https://drapunval.floresdelphinium.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drapunval.floresdelphinium.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://crobel3.floresagapanto.cfd/?40449584567613974 id: auto-87ff4d4da1a524d14e7f182f7d290874f5685d953963f7a02bdd110951bd14cb status: experimental description: Detects traffic or activity related to https://crobel3.floresagapanto.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://crobel3.floresagapanto.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grammindiz.floresnigella.cfd/?40449584567613974 id: auto-df2f0e7a1dbb503dfba05d5967e7feb927f6e2572b9bad405f0fa750119f9efb status: experimental description: Detects traffic or activity related to https://grammindiz.floresnigella.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grammindiz.floresnigella.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://presinfer.florescrinum.cfd/?40449584567613974 id: auto-b03c9dcb115efd88921b46122c8869762053e60e4b5dd4538811eda72d7997d3 status: experimental description: Detects traffic or activity related to https://presinfer.florescrinum.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://presinfer.florescrinum.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grugoncinsom.floresclivia.cfd/?40449584567613974 id: auto-2c998c171f8a43c70b6f558d3a2274dc06a7ac4c8066e23df63c44974e361e5c status: experimental description: Detects traffic or activity related to https://grugoncinsom.floresclivia.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grugoncinsom.floresclivia.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brucontal73.floresflorchuva.cfd/?40449584567613974 id: auto-eccd99cab5b7e24a3cf05db7f9e71c27eb859e7792f6f3f92ecda6acc2cc81de status: experimental description: Detects traffic or activity related to https://brucontal73.floresflorchuva.cfd/?40449584567613974 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brucontal73.floresflorchuva.cfd/?40449584567613974*' condition: selection level: high tags: - attack.t1027 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://4bl1n9f5.ar7aydia1ect.ru/?=check&&actmn=oPNPNvclnGtCUcji id: auto-23248fa44657540b56cdffb6ed02f39c1544662ee03bb7fdd880db547039dc00 status: experimental description: Detects traffic or activity related to https://4bl1n9f5.ar7aydia1ect.ru/?=check&&actmn=oPNPNvclnGtCUcji which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://4bl1n9f5.ar7aydia1ect.ru/?=check&&actmn=oPNPNvclnGtCUcji*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grugoncinsom.floresclivia.cfd/ id: auto-ebd968cf9799215385e8157aa8388542c2843c35cb484a02ffbfe9c8d9eda757 status: experimental description: Detects traffic or activity related to https://grugoncinsom.floresclivia.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grugoncinsom.floresclivia.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://planmenpunval.floresixia.cfd/ id: auto-9f9e5c609879c62195e3addf5a1b552ee74e560145787006335c8732504e3b8e status: experimental description: Detects traffic or activity related to https://planmenpunval.floresixia.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://planmenpunval.floresixia.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grafar.floresagapanto.cfd/ id: auto-1d1fdf288c11cc8dc3539ed4e6cc4c1d78ed27da8bef1c3303a6c92fc3da886c status: experimental description: Detects traffic or activity related to https://grafar.floresagapanto.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grafar.floresagapanto.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://crobel3.floresagapanto.cfd/ id: auto-e3b2601e155ae18a2c3a200629d72408b2b1c7bc96bde54b06466c020ee3890e status: experimental description: Detects traffic or activity related to https://crobel3.floresagapanto.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://crobel3.floresagapanto.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drapunval.floresdelphinium.cfd/ id: auto-ae13f6a3b131879802d66dd70b848bbf6ee0102e2903775b0405b0ccab4835b2 status: experimental description: Detects traffic or activity related to https://drapunval.floresdelphinium.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drapunval.floresdelphinium.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://globondinim4.floresflorestrela.cfd/ id: auto-0de29412f1022ab30f67b23e7fc188364fd37c0c4555f2af52745f2e7174da53 status: experimental description: Detects traffic or activity related to https://globondinim4.floresflorestrela.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://globondinim4.floresflorestrela.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://drapunninsom.floresflorchuvaouro.cfd/ id: auto-85f5d389bd6a3c6129a0696f691731bc484ee5972880a41290132381e384cd3e status: experimental description: Detects traffic or activity related to https://drapunninsom.floresflorchuvaouro.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://drapunninsom.floresflorchuvaouro.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://planronpal2.floresixia.cfd/ id: auto-841b76b645b477189601b34c005e3f806ddb2e2e12468c1247708dda3971d01c status: experimental description: Detects traffic or activity related to https://planronpal2.floresixia.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://planronpal2.floresixia.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prusul.floresflorcacto.cfd/ id: auto-811cc89bdb9fbce06982d9a5dc5cc750861b82b039b7d8cf738de8ab5ce0ae6a status: experimental description: Detects traffic or activity related to https://prusul.floresflorcacto.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prusul.floresflorcacto.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://scrowinnal.floresflorestrela.cfd/ id: auto-37b9a364efb590f66dca60258c433811d2c52a262418cba2e352f7a3aa6dd11b status: experimental description: Detects traffic or activity related to https://scrowinnal.floresflorestrela.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://scrowinnal.floresflorestrela.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://scrofil.floresclivia.cfd/ id: auto-f66210be092fe412595d393c20e48786cb3d3df3fad8ce76e23ad8adc6081c50 status: experimental description: Detects traffic or activity related to https://scrofil.floresclivia.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://scrofil.floresclivia.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://freminfar.floresdelphinium.cfd/ id: auto-2285c21b213cf0e037edc9a2f465407ef9a870da5cc3c776a3d976e913b09490 status: experimental description: Detects traffic or activity related to https://freminfar.floresdelphinium.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://freminfar.floresdelphinium.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://glejannonfil.floresflorcacto.cfd/ id: auto-1ce523bca9c2802ff2fb259aa5053ccd6115ab9b08a95e6de577427ca2004f44 status: experimental description: Detects traffic or activity related to https://glejannonfil.floresflorcacto.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://glejannonfil.floresflorcacto.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brucontal73.floresflorchuva.cfd/ id: auto-8da34ee87478da0e08bf4d2975f8cae2e557dc72b33ca24d56569c884cfbd57b status: experimental description: Detects traffic or activity related to https://brucontal73.floresflorchuva.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brucontal73.floresflorchuva.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://stanintenal33.florescrinum.cfd/ id: auto-57de1b1e718023b102d53ea3fdb55df34134e5d5259a808879fe16832889bb6e status: experimental description: Detects traffic or activity related to https://stanintenal33.florescrinum.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://stanintenal33.florescrinum.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://screzol.floresflorchuva.cfd/ id: auto-aeb2905f0c553aeae322416c052c7443832475a424cb0895b597f09d8e0cf19b status: experimental description: Detects traffic or activity related to https://screzol.floresflorchuva.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://screzol.floresflorchuva.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://presinfer.florescrinum.cfd/ id: auto-7bb73902388a4ce9ab73a89d451b48ec130cc7248c76b384a2d7e2b9bba59c74 status: experimental description: Detects traffic or activity related to https://presinfer.florescrinum.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://presinfer.florescrinum.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grammindiz.floresnigella.cfd/ id: auto-4c71538aa476beeb2496957a3919dbb33f232861162009130173545c1d432b06 status: experimental description: Detects traffic or activity related to https://grammindiz.floresnigella.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grammindiz.floresnigella.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brusonfinmol.floresnigella.cfd/ id: auto-7126d3e7d211e9e4a159df06df6aa193f05222144c27dbc516020c1779bbf628 status: experimental description: Detects traffic or activity related to https://brusonfinmol.floresnigella.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brusonfinmol.floresnigella.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brumol.floresflorchuvaouro.cfd/ id: auto-6f7fa3cc54b39a4b0666e45e87249ab5dbcb569b9c5e5e695a33a4afdb66ce9f status: experimental description: Detects traffic or activity related to https://brumol.floresflorchuvaouro.cfd/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brumol.floresflorchuvaouro.cfd/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2aopzocs.ar7aydia1ect.ru/?=check&&actmn=ntGmOLRHUHngFwSr id: auto-9de88df2e13a2c17a4b6a5d23517ed6f56a8bd4cae62e2205bc58eaa6b780b73 status: experimental description: Detects traffic or activity related to https://2aopzocs.ar7aydia1ect.ru/?=check&&actmn=ntGmOLRHUHngFwSr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2aopzocs.ar7aydia1ect.ru/?=check&&actmn=ntGmOLRHUHngFwSr*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.85.70:47732/bin.sh id: auto-bc4a684e9af7e43b17a59a5290db700ea993708d2698148e153a3b4e5774dc36 status: experimental description: Detects traffic or activity related to http://221.15.85.70:47732/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.85.70:47732/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lyotbch4.ar7aydia1ect.ru/?=check&&actmn=RYcqjzhIPCinAolF id: auto-d54fb481d998f8a7d3c3c9c6efbb05b1cb8ad309e2575f767a0360b5d3be0243 status: experimental description: Detects traffic or activity related to https://lyotbch4.ar7aydia1ect.ru/?=check&&actmn=RYcqjzhIPCinAolF which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lyotbch4.ar7aydia1ect.ru/?=check&&actmn=RYcqjzhIPCinAolF*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.178.11.160:55192/bin.sh id: auto-3cbd2a469eb650b8c24b9d25d29dbd3f9a5eea9d1557ea4bc1405bf5a1b899a3 status: experimental description: Detects traffic or activity related to http://119.178.11.160:55192/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.178.11.160:55192/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.21.194.49:37439/bin.sh id: auto-35aee93d8e50d8d6ec20eb8506edc61d7a60cc92ccd59398fdf0dcfddd336d49 status: experimental description: Detects traffic or activity related to http://89.21.194.49:37439/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.21.194.49:37439/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.216.193:38701/i id: auto-e95207498ec29f500b1e008938a491f92c10d8020e623c9e665996c7964e0f65 status: experimental description: Detects traffic or activity related to http://182.122.216.193:38701/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.216.193:38701/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.159.164:4525/i id: auto-0e1f1c5ccbb686ee1df9c019985850b35cfdfe4828d19f8ee2599ad4dabf6239 status: experimental description: Detects traffic or activity related to http://27.158.159.164:4525/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.159.164:4525/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.212.135:49621/i id: auto-9fd755ba8b1b94a9e3437ae25decf9a7d83c64864118e236adfce317d9d2d087 status: experimental description: Detects traffic or activity related to http://27.202.212.135:49621/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.212.135:49621/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://grusul4.floresfloripomeiaverde.cfd/?3/ id: auto-3e3c211dbf44493b19baeac49175f24a1dc22984e9adf6047b21543ad799cfcb status: experimental description: Detects traffic or activity related to https://grusul4.floresfloripomeiaverde.cfd/?3/ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://grusul4.floresfloripomeiaverde.cfd/?3/*' condition: selection level: high tags: - attack.t1059.007 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ee6dxuic.ment0rr2nsom.ru/?=check&&actmn=WBSCkEMCkHHhsFxS id: auto-e4c87ee0e1137be15cec632d52a52d43fcc0b9aabb56e64a3022d742b1b3ee7f status: experimental description: Detects traffic or activity related to https://ee6dxuic.ment0rr2nsom.ru/?=check&&actmn=WBSCkEMCkHHhsFxS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ee6dxuic.ment0rr2nsom.ru/?=check&&actmn=WBSCkEMCkHHhsFxS*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://oo44p295.ment0rr2nsom.ru/?=check&&actmn=hNxvexSwwSUKlozS id: auto-f28c1d1e9d98dc714c5c683704157e7bb70df18a728ec5e8be467f4cc03b2e33 status: experimental description: Detects traffic or activity related to https://oo44p295.ment0rr2nsom.ru/?=check&&actmn=hNxvexSwwSUKlozS which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://oo44p295.ment0rr2nsom.ru/?=check&&actmn=hNxvexSwwSUKlozS*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.122.216.193:38701/bin.sh id: auto-3ab66e11b114089609ac79b744a55bbd776ddbb5246e5217b08f96f898e9404d status: experimental description: Detects traffic or activity related to http://182.122.216.193:38701/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.122.216.193:38701/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.178.84:50860/bin.sh id: auto-3f8a5abde9ae6a06f140e0022e580d49891451842fe01170aabf9bb2b18da0a6 status: experimental description: Detects traffic or activity related to http://42.224.178.84:50860/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.178.84:50860/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://wefbkvjr.in2che1ncrem.ru/?=check&&actmn=ceYlvNXxGkBhSyRz id: auto-cf0c6ecaa0f9cdf071a72d4b4eb962af1d4133cfd927c7d486f5d2293afa0b4b status: experimental description: Detects traffic or activity related to https://wefbkvjr.in2che1ncrem.ru/?=check&&actmn=ceYlvNXxGkBhSyRz which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://wefbkvjr.in2che1ncrem.ru/?=check&&actmn=ceYlvNXxGkBhSyRz*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.196.29.73:6066/i id: auto-a47f7e1a1d26bbe9422ec6be4c46f326c04ac5798bf09a1194ec26616239fe7b status: experimental description: Detects traffic or activity related to http://183.196.29.73:6066/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.196.29.73:6066/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.221.31:57221/i id: auto-e8b4fbfb8394df9608fd22f744f1fd6a468fb79ece58c73c9f4fa55c310ac1de status: experimental description: Detects traffic or activity related to http://182.123.221.31:57221/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.221.31:57221/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://oknkywzi.in2che1ncrem.ru/?=check&&actmn=kEqWSBHAoDxSZTHY id: auto-ef64fc7149a6cd54e9d88d118e41816e4e16f45822b35616567b04a2ea0a3c02 status: experimental description: Detects traffic or activity related to https://oknkywzi.in2che1ncrem.ru/?=check&&actmn=kEqWSBHAoDxSZTHY which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://oknkywzi.in2che1ncrem.ru/?=check&&actmn=kEqWSBHAoDxSZTHY*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.105.76.45:56575/i id: auto-d33eb3226a5d3cfb315e4b51e1cb3350cfa7db16bb85490a17b50ca27986f7ad status: experimental description: Detects traffic or activity related to http://85.105.76.45:56575/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.105.76.45:56575/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.230.239:51419/i id: auto-601977f0f440066e23511e40c69076a5ff527e2f6dd21587a3068d16c9e33b49 status: experimental description: Detects traffic or activity related to http://182.119.230.239:51419/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.230.239:51419/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.247.6.200:56640/i id: auto-a5233055c38ff28c8ca13bf3391914225310b38c6c9be5c7c113ad53b2628408 status: experimental description: Detects traffic or activity related to http://112.247.6.200:56640/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.247.6.200:56640/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.237.28.58:37078/i id: auto-e41e85b626af213262cbd06c1aec7813af4212365bd751feedf4bea0f53bb38b status: experimental description: Detects traffic or activity related to http://112.237.28.58:37078/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.237.28.58:37078/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.242.199:52547/i id: auto-d3ed50475175293de7a15cdee5159b21bc1f94fc8172f12a325e11491fa2849c status: experimental description: Detects traffic or activity related to http://123.11.242.199:52547/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.242.199:52547/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.124.80:51958/i id: auto-ddc181beb5fb585c77143bdbd19281b1107ea0c1baccfca5a6dc29ba5483e522 status: experimental description: Detects traffic or activity related to http://182.126.124.80:51958/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.124.80:51958/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.220.113.246:42343/i id: auto-36a13f392465c067aa7436e71afe531a724e1c5eb50cb77b0c882c70a97cda11 status: experimental description: Detects traffic or activity related to http://27.220.113.246:42343/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.220.113.246:42343/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.255.33:50375/i id: auto-b9a21da676e4e0655dac2a3d354a7f7b4f8e03a3a3066ba1775b48ac480ca84e status: experimental description: Detects traffic or activity related to http://78.165.255.33:50375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.255.33:50375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.30.225:47382/i id: auto-4d1436684c74e02d31889addab53bca9307b254f0f7a44e2ae0c1bbd9cc975c5 status: experimental description: Detects traffic or activity related to http://115.50.30.225:47382/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.30.225:47382/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.11.2:34315/i id: auto-f5386da56452f21b8a067d1a51759da485708fb1209806a6b9d85bc3d2bb86f2 status: experimental description: Detects traffic or activity related to http://125.45.11.2:34315/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.11.2:34315/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.218.92:58317/i id: auto-86d1ec3e06602122dda251cd354d6c48b0afcc5ea454a29f5e6649b52d93ee77 status: experimental description: Detects traffic or activity related to http://42.230.218.92:58317/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.218.92:58317/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.202.149:47260/i id: auto-fb2866af8eeb79c477bc5542d6bf4aad74689eafc28ee06a940cd7e2dd514785 status: experimental description: Detects traffic or activity related to http://42.230.202.149:47260/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.202.149:47260/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.40.146.2:40231/i id: auto-24b2e6977f423592ac72ba74ffb5f9689c26000825270930be768b6390776d00 status: experimental description: Detects traffic or activity related to http://125.40.146.2:40231/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.40.146.2:40231/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.48.96:40901/i id: auto-23cd8dc252578bc1ad4df141628e8da2777cc105ad294e31cc44ddbb43fbf0fc status: experimental description: Detects traffic or activity related to http://125.44.48.96:40901/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.48.96:40901/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.1.189:36065/i id: auto-709fe493fb4b2c3b0b89fd2c85d3713f7d43f3e7840bf296450cd89eb82af2f0 status: experimental description: Detects traffic or activity related to http://61.52.1.189:36065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.1.189:36065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.47.109:56229/i id: auto-57314c4104fdc03814c384c6992a374bbbd41ff3fabd9f987b758546c2dab450 status: experimental description: Detects traffic or activity related to http://123.4.47.109:56229/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.47.109:56229/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.129.23:51962/i id: auto-79150475849c1b99fdd69c41d76e3004bc1ebce4b00c60a76814368cd4fceb15 status: experimental description: Detects traffic or activity related to http://123.190.129.23:51962/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.129.23:51962/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.212.135:49621/bin.sh id: auto-20b2be976ccb28f0f2eb013a40f60f87eeec127d6915a91d56c1b05850ddc131 status: experimental description: Detects traffic or activity related to http://27.202.212.135:49621/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.212.135:49621/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://clzr2h4s.pr2gzigza8.ru/?=check&&actmn=toXdUtXuemFeZjyW id: auto-8ff0d7555f6c4acb42a0c4a69a43f5d6875652893be3fd04b39e00b232e9472d status: experimental description: Detects traffic or activity related to https://clzr2h4s.pr2gzigza8.ru/?=check&&actmn=toXdUtXuemFeZjyW which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://clzr2h4s.pr2gzigza8.ru/?=check&&actmn=toXdUtXuemFeZjyW*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ugr6nb59.pr2gzigza8.ru/?=check&&actmn=bnpbVrRfhwJOxIqL id: auto-aecda638410c7f2a837ea10c649f37bd508188b2940becf1867f89884ccba9e3 status: experimental description: Detects traffic or activity related to https://ugr6nb59.pr2gzigza8.ru/?=check&&actmn=bnpbVrRfhwJOxIqL which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ugr6nb59.pr2gzigza8.ru/?=check&&actmn=bnpbVrRfhwJOxIqL*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.79.168:42337/i id: auto-1351d2574cbb8a451ce7ef0d0a13de90fa3b79b0fc1fcdfc370f0fb2090333e4 status: experimental description: Detects traffic or activity related to http://42.224.79.168:42337/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.79.168:42337/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.158.159.164:4525/bin.sh id: auto-733e9f7f3249c14e78670dec71785223233fb6dd3cba19faf257ef167b80b1ab status: experimental description: Detects traffic or activity related to http://27.158.159.164:4525/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.158.159.164:4525/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://183.196.29.73:6066/bin.sh id: auto-feddb2baa33c2d695809cb7945820ed8b4bb73b6bef9c107b2983ca9a9447dfe status: experimental description: Detects traffic or activity related to http://183.196.29.73:6066/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://183.196.29.73:6066/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gi7uy1oe.seerin8w2tch.ru/?=check&&actmn=GNZsSHHkpfNUVwQh id: auto-47063123b5cd4b86e58f56c4d29778f8f47d47d94b9f306cdc0685e7c1ad51d7 status: experimental description: Detects traffic or activity related to https://gi7uy1oe.seerin8w2tch.ru/?=check&&actmn=GNZsSHHkpfNUVwQh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gi7uy1oe.seerin8w2tch.ru/?=check&&actmn=GNZsSHHkpfNUVwQh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://u5kxesyk.seerin8w2tch.ru/?=check&&actmn=myptbsvVFjBHkQWF id: auto-a1d2ee1064ac49cdb5f6a4d765b3e1a653b5b1a5ad2e9d1fe22b1e163d6c7c6a status: experimental description: Detects traffic or activity related to https://u5kxesyk.seerin8w2tch.ru/?=check&&actmn=myptbsvVFjBHkQWF which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://u5kxesyk.seerin8w2tch.ru/?=check&&actmn=myptbsvVFjBHkQWF*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.129.23:51962/bin.sh id: auto-a3bb4254b6a93ae35e0bff624e1cd1eb9c8d6025df1aa6adae3a10d78ebcea73 status: experimental description: Detects traffic or activity related to http://123.190.129.23:51962/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.129.23:51962/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.215.12:48535/i id: auto-43bac5d677e695c2c61645bc3ad67088b10f7e52f32b4f367db49ff8dbb3ebb5 status: experimental description: Detects traffic or activity related to http://27.37.215.12:48535/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.215.12:48535/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.43:57636/i id: auto-609d00b3b2bc60be44b3178b6a87a45eb92b878dc962dcf2f782cfe458ed8237 status: experimental description: Detects traffic or activity related to http://200.59.83.43:57636/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.43:57636/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7154003499/ABfGYur.exe id: auto-5f7352613d45dfa3ba7debc835585da8667d95a5e1f47c82a4d2543e6c1b887f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7154003499/ABfGYur.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7154003499/ABfGYur.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.236.105:40606/i id: auto-672dd64e8999b4f9dc339558c4ce413933afd8a40292ce30142dd26578490af8 status: experimental description: Detects traffic or activity related to http://115.55.236.105:40606/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.236.105:40606/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://by46beo2.bracketmurmur.ru/?=check&&actmn=ZLMMnouWLcrvnRgL id: auto-a589b78a3aaa03d513d46979a68a3369389ed8ddb5c3424677f1b63f1ddbcf70 status: experimental description: Detects traffic or activity related to https://by46beo2.bracketmurmur.ru/?=check&&actmn=ZLMMnouWLcrvnRgL which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://by46beo2.bracketmurmur.ru/?=check&&actmn=ZLMMnouWLcrvnRgL*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tvv7rf6l.bracketmurmur.ru/?=check&&actmn=DbOZXFVMttesIwMU id: auto-73369f5563331529fab3c7b8a37a110d781cd890a2edc24d007df8131eb92594 status: experimental description: Detects traffic or activity related to https://tvv7rf6l.bracketmurmur.ru/?=check&&actmn=DbOZXFVMttesIwMU which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tvv7rf6l.bracketmurmur.ru/?=check&&actmn=DbOZXFVMttesIwMU*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.192.20:52015/i id: auto-50d6c15738607c3bf18dafd655f6332e6be33878d368f245982874599d4d0a43 status: experimental description: Detects traffic or activity related to http://221.214.192.20:52015/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.192.20:52015/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/arm id: auto-cf8c1f0f9132cc27f6e5c3dd8dcb19035daba00c553cce7ad8502637dc978bf6 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/winhost.exe id: auto-6d8945a693030b67b508a5d71b63b9c86e8354d6f3f4e624c95756479359d94d status: experimental description: Detects traffic or activity related to http://62.60.226.159/winhost.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/winhost.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8278288380/yh0uuHQ.exe id: auto-30406e0c0de0b74a95b7e4f2f0ac3f3d1c2998f4cc3f3e67c4f8f6e2b00c8383 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8278288380/yh0uuHQ.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8278288380/yh0uuHQ.exe*' condition: selection level: high tags: - attack.t1219 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.57.63:58202/i id: auto-ccf18e0227ba58164bcc4ff950f1440d1cdb7dff7fbaa64b6fe4cfa1b1eeaef0 status: experimental description: Detects traffic or activity related to http://112.249.57.63:58202/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.57.63:58202/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/c.sh id: auto-33e211fc112e9464b026437bc01cc2d13737c500ee8d54f6812ad99adfce1b06 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/wget.sh id: auto-30b931a9013de86358a696727b29a03f8bee0bc54ff77eb7d1fd68bbe0daa1d4 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/w.sh id: auto-0029e94543149cd8535bf92a21cbe2389539bdc13273a3c85a04398c19aade92 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://4wuwovza.hush-pancake.ru/?=check&&actmn=XSSUsSidVgPUeavA id: auto-965aa2f741574f86dc13d74f84444e3afb4099ed628209094ab5412f80522810 status: experimental description: Detects traffic or activity related to https://4wuwovza.hush-pancake.ru/?=check&&actmn=XSSUsSidVgPUeavA which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://4wuwovza.hush-pancake.ru/?=check&&actmn=XSSUsSidVgPUeavA*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://prprrvoh.hush-pancake.ru/?=check&&actmn=hnYpulGQLuXcFRZI id: auto-af14dd432035019606d6b170cb57a5cfb1bfe26206a0d7fe3095273345a2fd04 status: experimental description: Detects traffic or activity related to https://prprrvoh.hush-pancake.ru/?=check&&actmn=hnYpulGQLuXcFRZI which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://prprrvoh.hush-pancake.ru/?=check&&actmn=hnYpulGQLuXcFRZI*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cex9a8ef.hush-pancake.ru/?=check&&actmn=QOdBThCOcavJcgXJ id: auto-f9f691a7f001c7511c514108abd375cf6c48418ce5859ef14664e6500283d9db status: experimental description: Detects traffic or activity related to https://cex9a8ef.hush-pancake.ru/?=check&&actmn=QOdBThCOcavJcgXJ which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cex9a8ef.hush-pancake.ru/?=check&&actmn=QOdBThCOcavJcgXJ*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.214.192.20:52015/bin.sh id: auto-29d0fb9ed060243ecd5c93d5c92103e5bf5ae0df99747632d20fdcce609a6667 status: experimental description: Detects traffic or activity related to http://221.214.192.20:52015/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.214.192.20:52015/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.43:57636/bin.sh id: auto-ae6879561664c3ca525abe9a36c7e6b087de6886f2eaff04dc7996459df70a3f status: experimental description: Detects traffic or activity related to http://200.59.83.43:57636/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.43:57636/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.236.105:40606/bin.sh id: auto-e72c9622bfd42c408a69ae3d1613468b705360a11f6abe8c746bb6b8a8f8d21d status: experimental description: Detects traffic or activity related to http://115.55.236.105:40606/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.236.105:40606/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.53.227:45960/bin.sh id: auto-183384c4b221df22973dc4e4c1298dd3c2953de2c9bbb422e306a23176123fc8 status: experimental description: Detects traffic or activity related to http://219.157.53.227:45960/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.53.227:45960/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fzjn4gee.hush-pancake.ru/?apikey=PvJxKdMjooiXJZYr&actmn=956af7dc-1f48-4e94-953a-deeb360bad1e&ocid id: auto-5abff9d639782e9ab1ca542f13367a8c937320685321c49e4b1c58fa74441577 status: experimental description: Detects traffic or activity related to https://fzjn4gee.hush-pancake.ru/?apikey=PvJxKdMjooiXJZYr&actmn=956af7dc-1f48-4e94-953a-deeb360bad1e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fzjn4gee.hush-pancake.ru/?apikey=PvJxKdMjooiXJZYr&actmn=956af7dc-1f48-4e94-953a-deeb360bad1e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.221.31:57221/bin.sh id: auto-a4b1df6f5ccd8a9c5a91351b0a80ffc67d9acc6c3dca61793c61129af1a8e85d status: experimental description: Detects traffic or activity related to http://182.123.221.31:57221/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.221.31:57221/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:56077/i id: auto-4a41cf93f049b7bec45f528e8e4809dfdff280555d50cc83cfe71484b9adef8f status: experimental description: Detects traffic or activity related to http://110.39.249.174:56077/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:56077/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ttxacj2p.hushpancake.ru/?apikey=lTwWkLzDQmFxYPnQ&actmn=b216f2dc-dcff-4b3d-867d-06da04215be0&ocid id: auto-dcfda4cdb730d5589e9e94d62dd6c659bb9624fce751e30706366e7151b97e66 status: experimental description: Detects traffic or activity related to https://ttxacj2p.hushpancake.ru/?apikey=lTwWkLzDQmFxYPnQ&actmn=b216f2dc-dcff-4b3d-867d-06da04215be0&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ttxacj2p.hushpancake.ru/?apikey=lTwWkLzDQmFxYPnQ&actmn=b216f2dc-dcff-4b3d-867d-06da04215be0&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.66.184:45787/i id: auto-8b521149fee3a0180402c95e31677d87e3e2634d7c43925f3d20def6ffc304b1 status: experimental description: Detects traffic or activity related to http://175.167.66.184:45787/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.66.184:45787/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://o0dy67t6.bracket-murmur.ru/?apikey=qEbcChUqQxpZtyIZ&actmn=da2849aa-4931-4fc4-a499-a29198f82e12&ocid id: auto-be54ee586172d539bb7d78bbf01c180fc77054ba12639d3be8db202755a30ea7 status: experimental description: Detects traffic or activity related to https://o0dy67t6.bracket-murmur.ru/?apikey=qEbcChUqQxpZtyIZ&actmn=da2849aa-4931-4fc4-a499-a29198f82e12&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://o0dy67t6.bracket-murmur.ru/?apikey=qEbcChUqQxpZtyIZ&actmn=da2849aa-4931-4fc4-a499-a29198f82e12&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.249.174:56077/bin.sh id: auto-064eb85b10191aee5affc1bc95ad682b60e32993bf445650be32370e5412b69d status: experimental description: Detects traffic or activity related to http://110.39.249.174:56077/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.249.174:56077/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.85.38:42418/bin.sh id: auto-edfd34665181444d03c80e2a8fa9b65b2aef3d8a83f503d81106508f08de863f status: experimental description: Detects traffic or activity related to http://222.137.85.38:42418/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.85.38:42418/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.33.51:44653/i id: auto-7ea383853fb7833c3632b21de5f1ce2f169021820f0d125fb56a50f447641f5d status: experimental description: Detects traffic or activity related to http://115.50.33.51:44653/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.33.51:44653/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.129.146:49523/bin.sh id: auto-f844ca400cbb1a314ac99c9cd7f208db5ea119f073e824f42be25ab8b6b5c041 status: experimental description: Detects traffic or activity related to http://219.156.129.146:49523/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.129.146:49523/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ic3kv9je.j1ttercoil.ru/?apikey=delTFfVUQgbPSekl&actmn=8a75948e-d6f0-4006-a7b0-75a8269ba680&ocid id: auto-359b06be564bcfa7c4dce5c72c4a238555fd36333a447d5179d96e75cce5ec1b status: experimental description: Detects traffic or activity related to https://ic3kv9je.j1ttercoil.ru/?apikey=delTFfVUQgbPSekl&actmn=8a75948e-d6f0-4006-a7b0-75a8269ba680&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ic3kv9je.j1ttercoil.ru/?apikey=delTFfVUQgbPSekl&actmn=8a75948e-d6f0-4006-a7b0-75a8269ba680&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.118.205:44657/i id: auto-9186312fd47d3a6e85af4f61b5265eb20f8461ab31e2c49eeaf5ee9b3ec318c9 status: experimental description: Detects traffic or activity related to http://182.116.118.205:44657/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.118.205:44657/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.132:45618/i id: auto-6d59cb71df84368e926630926e751a229fdb56b966636b7073fd0cddc1db09aa status: experimental description: Detects traffic or activity related to http://110.37.100.132:45618/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.132:45618/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://9fvaco8b.t0rchbasil.ru/?apikey=jwAkcIWRQSrLUPGu&actmn=c87ee801-e8df-4f43-8fef-7bd1c84406f2&ocid id: auto-f58548eba45b9834889e6be1e831135d629dd15664a8175184ea311069e343c4 status: experimental description: Detects traffic or activity related to https://9fvaco8b.t0rchbasil.ru/?apikey=jwAkcIWRQSrLUPGu&actmn=c87ee801-e8df-4f43-8fef-7bd1c84406f2&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://9fvaco8b.t0rchbasil.ru/?apikey=jwAkcIWRQSrLUPGu&actmn=c87ee801-e8df-4f43-8fef-7bd1c84406f2&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sw223sm2.t0rchbasil.ru/?apikey=NjvFyRmPJOnxALkv&actmn=83b601ff-0a4a-4956-adfe-d8fcd6bd485c&ocid id: auto-6519a5cdbf48f30b8372f321cd4087f208efacf74c0ad18e931d6ef68a2a5c98 status: experimental description: Detects traffic or activity related to https://sw223sm2.t0rchbasil.ru/?apikey=NjvFyRmPJOnxALkv&actmn=83b601ff-0a4a-4956-adfe-d8fcd6bd485c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sw223sm2.t0rchbasil.ru/?apikey=NjvFyRmPJOnxALkv&actmn=83b601ff-0a4a-4956-adfe-d8fcd6bd485c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://a2vok2y8.t0rchbasil.ru/?apikey=AnXmEhYTxxiRYcJe&actmn=7ca919f3-97e1-4cf1-924b-1e3066fd9ec7&ocid id: auto-efec2c0057ac41ec4f11192933cadb19e7683cbc466fbce0dc31c0a049fd761b status: experimental description: Detects traffic or activity related to https://a2vok2y8.t0rchbasil.ru/?apikey=AnXmEhYTxxiRYcJe&actmn=7ca919f3-97e1-4cf1-924b-1e3066fd9ec7&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://a2vok2y8.t0rchbasil.ru/?apikey=AnXmEhYTxxiRYcJe&actmn=7ca919f3-97e1-4cf1-924b-1e3066fd9ec7&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1phwsssa.t0rchbasil.ru/?apikey=YTbRFDdOqOPSkOSk&actmn=9ec16b68-7870-48cf-b839-7032d5425def&ocid id: auto-faa8fa5b1f5733d4f86c54aa4dafe1423ae68e642b74918e6f4e12e482348f50 status: experimental description: Detects traffic or activity related to https://1phwsssa.t0rchbasil.ru/?apikey=YTbRFDdOqOPSkOSk&actmn=9ec16b68-7870-48cf-b839-7032d5425def&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1phwsssa.t0rchbasil.ru/?apikey=YTbRFDdOqOPSkOSk&actmn=9ec16b68-7870-48cf-b839-7032d5425def&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.10.66.14:42971/bin.sh id: auto-4b5a5f84aedddff9e64825b3c0d4545478f65f33fe7b70038db233cd35c644f1 status: experimental description: Detects traffic or activity related to http://27.10.66.14:42971/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.10.66.14:42971/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.192.118:58315/bin.sh id: auto-46d99fbbd361d039fb279aa47fbdc2ce9f2b772da59434d1705d900c159a9424 status: experimental description: Detects traffic or activity related to http://182.114.192.118:58315/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.192.118:58315/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.118.205:44657/bin.sh id: auto-8ec9b41c7f099eea21fbe20aed4850c76390c027bd19b42a2c244fc995634388 status: experimental description: Detects traffic or activity related to http://182.116.118.205:44657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.118.205:44657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://xh5k6k5j.fl1ckerpost.ru/?apikey=GnbZIEpQzGFVFfTU&actmn=2ef73f4e-461a-40ea-aadc-9dd5712df47f&ocid id: auto-0a246f009afba3f87928b7d5cd77b79187a8adc72b4bc8ed9c6c1e61fe6d205e status: experimental description: Detects traffic or activity related to https://xh5k6k5j.fl1ckerpost.ru/?apikey=GnbZIEpQzGFVFfTU&actmn=2ef73f4e-461a-40ea-aadc-9dd5712df47f&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://xh5k6k5j.fl1ckerpost.ru/?apikey=GnbZIEpQzGFVFfTU&actmn=2ef73f4e-461a-40ea-aadc-9dd5712df47f&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://98pt6jbo.fl1ckerpost.ru/?apikey=bndqpJEBwdVYaRbo&actmn=f8730938-f0df-4598-88b5-d5201e7ba23a&ocid id: auto-f8158ea36f5485a81bec6ada00fdedad7a6e8ad4c3b90f97e3598dabc58f798c status: experimental description: Detects traffic or activity related to https://98pt6jbo.fl1ckerpost.ru/?apikey=bndqpJEBwdVYaRbo&actmn=f8730938-f0df-4598-88b5-d5201e7ba23a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://98pt6jbo.fl1ckerpost.ru/?apikey=bndqpJEBwdVYaRbo&actmn=f8730938-f0df-4598-88b5-d5201e7ba23a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.224.211:43395/i id: auto-5f548de57bee369bfabeaf682765375fe398641f286d8cb46d8c9c798bd104a9 status: experimental description: Detects traffic or activity related to http://1.181.224.211:43395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.224.211:43395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.136.164:33370/i id: auto-c06e96faced062abf1a32e00acca7a2cca55a4d2a1b6e6b6bc62fca7d0675bf3 status: experimental description: Detects traffic or activity related to http://182.112.136.164:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.136.164:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.174.37:45241/i id: auto-788b17b2c6af84c58610f0c6e22fb2af8d17f6cae1d9e63d500c56da2cc0cd48 status: experimental description: Detects traffic or activity related to http://125.41.174.37:45241/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.174.37:45241/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://wbj431uy.amber-flume.ru/?apikey=zvrBeNdVwffZIGph&actmn=0e159ff2-642b-451e-b82c-14678ab8c5cb&ocid id: auto-e70d2cad854d113909100db10c9bea7dd9bfbbe247ac580f0947884904389620 status: experimental description: Detects traffic or activity related to https://wbj431uy.amber-flume.ru/?apikey=zvrBeNdVwffZIGph&actmn=0e159ff2-642b-451e-b82c-14678ab8c5cb&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://wbj431uy.amber-flume.ru/?apikey=zvrBeNdVwffZIGph&actmn=0e159ff2-642b-451e-b82c-14678ab8c5cb&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5xp1e8eh.amber-flume.ru/?apikey=pRtofeCUBdhgUHSO&actmn=9ead90b7-e325-4616-9384-1c2d16ea48cc&ocid id: auto-19dbe3d1c150b91f6f6c6a4d7634ef88ef4275239dcfdea02c83b6355b692e56 status: experimental description: Detects traffic or activity related to https://5xp1e8eh.amber-flume.ru/?apikey=pRtofeCUBdhgUHSO&actmn=9ead90b7-e325-4616-9384-1c2d16ea48cc&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5xp1e8eh.amber-flume.ru/?apikey=pRtofeCUBdhgUHSO&actmn=9ead90b7-e325-4616-9384-1c2d16ea48cc&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.75.123:35210/bin.sh id: auto-a63f3792f20ff9f0e6372f8d91a09608754c2305c710d10bcb0a03e1bb44c4b2 status: experimental description: Detects traffic or activity related to http://60.23.75.123:35210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.75.123:35210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.28.255:35815/bin.sh id: auto-486972293ad5713a1c8fc2f6bd4f19ef1f449a8b5e56a41a1c1f64c840630869 status: experimental description: Detects traffic or activity related to http://123.12.28.255:35815/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.28.255:35815/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.52.102:38797/i id: auto-3f9bdd6315e6d47171a9df5397b7948189b5e2a31b44ae1dbd837d9280d09853 status: experimental description: Detects traffic or activity related to http://113.230.52.102:38797/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.52.102:38797/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.181.224.211:43395/bin.sh id: auto-b4403ca3c2dba8b4cda4c111d1a29cf41eed35d7e5afe8531209ba484b42881e status: experimental description: Detects traffic or activity related to http://1.181.224.211:43395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.181.224.211:43395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.174.37:45241/bin.sh id: auto-87b1d82fa0a32dddb71be8c2e0d157e22615c881b7a4441d7250a852518a8a0b status: experimental description: Detects traffic or activity related to http://125.41.174.37:45241/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.174.37:45241/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2v5d82bf.quartzsketch.ru/?apikey=JYeHtzBiBiEjaYxm&actmn=3454c74f-c6fa-43b6-98be-77a699aff343&ocid id: auto-39a8111d42806707420199db889f2af5401f80bb59dc741f4e414ab0688e12b0 status: experimental description: Detects traffic or activity related to https://2v5d82bf.quartzsketch.ru/?apikey=JYeHtzBiBiEjaYxm&actmn=3454c74f-c6fa-43b6-98be-77a699aff343&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2v5d82bf.quartzsketch.ru/?apikey=JYeHtzBiBiEjaYxm&actmn=3454c74f-c6fa-43b6-98be-77a699aff343&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://g9l8c7fk.quartzsketch.ru/?apikey=BUxRXcOdlQJsDPAC&actmn=546a4afd-b723-41da-89f6-120247793dab&ocid id: auto-aa98c76d5f54e28d3fe07368d5eccb4140e9d9ee9b97679968da16c56215dd95 status: experimental description: Detects traffic or activity related to https://g9l8c7fk.quartzsketch.ru/?apikey=BUxRXcOdlQJsDPAC&actmn=546a4afd-b723-41da-89f6-120247793dab&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://g9l8c7fk.quartzsketch.ru/?apikey=BUxRXcOdlQJsDPAC&actmn=546a4afd-b723-41da-89f6-120247793dab&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/m-p.s-l.Sakura id: auto-be734dede9635689c4c4c75c69ef2bb4623672a1b873b3d85fe5b6f7ea912fff status: experimental description: Detects traffic or activity related to http://185.221.199.159/m-p.s-l.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/m-p.s-l.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/x-8.6-.Sakura id: auto-b724ce47c29b799e4b0fdd27ab016537972c72e88e6625bee02b120d8de3bd99 status: experimental description: Detects traffic or activity related to http://185.221.199.34/x-8.6-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/x-8.6-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/a-r.m-5.Sakura id: auto-07bc18308497514dd9a3809901a42793ea8a223bc02253b43f8862a30047ec32 status: experimental description: Detects traffic or activity related to http://185.221.199.159/a-r.m-5.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/a-r.m-5.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/a-r.m-7.Sakura id: auto-b16963b89f11c8e4c6312f881f948b6c9a2fe4efdb1ff4b0c476e12531ea20bf status: experimental description: Detects traffic or activity related to http://185.221.199.159/a-r.m-7.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/a-r.m-7.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/i-5.8-6.Sakura id: auto-710ef57efbf71c990180d421baec45a978844ed3fb78692ced02aba85afb5cf4 status: experimental description: Detects traffic or activity related to http://185.221.199.159/i-5.8-6.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/i-5.8-6.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/a-r.m-6.Sakura id: auto-89904fa0c85ce5758bd57f5f28d1c6f1cae49a5cabe4cf3decd8c336141dfaeb status: experimental description: Detects traffic or activity related to http://185.221.199.159/a-r.m-6.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/a-r.m-6.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/x-3.2-.Sakura id: auto-f181a0b6b3537d39de2474177185a6af33bf677f577cdeff838ea6715d1214c0 status: experimental description: Detects traffic or activity related to http://185.221.199.159/x-3.2-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/x-3.2-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/m-6.8-k.Sakura id: auto-b87cfead168c865e35c253e6911487f8c06ba5c48253031b8b628cadd630adab status: experimental description: Detects traffic or activity related to http://185.221.199.159/m-6.8-k.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/m-6.8-k.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.187.15:48876/i id: auto-549e8ec598e621f31a2cc666bc4f137f3a106b2172157430ac6c191cf1532b9a status: experimental description: Detects traffic or activity related to http://61.52.187.15:48876/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.187.15:48876/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/s-h.4-.Sakura id: auto-1202585b34720f80b37be209a9d81856196c387b3369894af6cfc901666739b6 status: experimental description: Detects traffic or activity related to http://185.221.199.159/s-h.4-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/s-h.4-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/p-p.c-.Sakura id: auto-8e5ed49b2925c63f3f8a41eea6414d81da5fd7977b9dae77007ef01501e5d998 status: experimental description: Detects traffic or activity related to http://185.221.199.34/p-p.c-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/p-p.c-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/a-r.m-6.Sakura id: auto-e7ca49a53deaa5fb858fc08fa4d23fb1b25fad6c788914405f41000b677aa1ff status: experimental description: Detects traffic or activity related to http://185.221.199.34/a-r.m-6.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/a-r.m-6.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/m-i.p-s.Sakura id: auto-66270760e5c594f4feba65d5fbd018d50ab73d8152049624afb48d74097fcc43 status: experimental description: Detects traffic or activity related to http://185.221.199.159/m-i.p-s.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/m-i.p-s.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/p-p.c-.Sakura id: auto-d47313cce1ce6a63ddef2925521f0ca96d0e47591814bb24ef1154ea7aef1498 status: experimental description: Detects traffic or activity related to http://185.221.199.159/p-p.c-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/p-p.c-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/m-p.s-l.Sakura id: auto-a5e602fdbffb5a3347423fa8f0f572547b35aeb7c2cb3aac14869885e761af36 status: experimental description: Detects traffic or activity related to http://185.221.199.34/m-p.s-l.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/m-p.s-l.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/m-6.8-k.Sakura id: auto-8f20700028711727464b734e128bde46bc234ced835bb55ff077efa035484790 status: experimental description: Detects traffic or activity related to http://185.221.199.34/m-6.8-k.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/m-6.8-k.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/m-i.p-s.Sakura id: auto-c77af64a0cbd1d693f6c814bb6eef21b7e76c9d8a5eeb9c468a9b1909d594b6c status: experimental description: Detects traffic or activity related to http://185.221.199.34/m-i.p-s.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/m-i.p-s.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.159/x-8.6-.Sakura id: auto-924003cd0f161ea65a6c6bc746d2114470afb4d9e11730fb670061d6548e2a1e status: experimental description: Detects traffic or activity related to http://185.221.199.159/x-8.6-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.159/x-8.6-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://163.142.77.130:43810/i id: auto-cbf82ba988a1bf31103f431a93a7040f4d0a8edc54fa2e6ce968fc147d8e6b77 status: experimental description: Detects traffic or activity related to http://163.142.77.130:43810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://163.142.77.130:43810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://awjrq1fn.crumple-jet.ru/?apikey=pebAUPBAvUiXavvQ&actmn=253ae1ba-2829-45a7-a241-8fa523ae6262&ocid id: auto-8895a7b24e36e95527933a0ef404246d1bc67c3ef5335518f646ecaa31732faa status: experimental description: Detects traffic or activity related to https://awjrq1fn.crumple-jet.ru/?apikey=pebAUPBAvUiXavvQ&actmn=253ae1ba-2829-45a7-a241-8fa523ae6262&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://awjrq1fn.crumple-jet.ru/?apikey=pebAUPBAvUiXavvQ&actmn=253ae1ba-2829-45a7-a241-8fa523ae6262&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://f3s0gpds.crumple-jet.ru/?apikey=tIiNAUrjJGUDsHAh&actmn=ee1b7e60-ea05-416d-9627-68e6fda5bd3b&ocid id: auto-5488390623ac34049a386d544df959483a6841bdc729cd3fbee04fa5c1a4ec08 status: experimental description: Detects traffic or activity related to https://f3s0gpds.crumple-jet.ru/?apikey=tIiNAUrjJGUDsHAh&actmn=ee1b7e60-ea05-416d-9627-68e6fda5bd3b&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://f3s0gpds.crumple-jet.ru/?apikey=tIiNAUrjJGUDsHAh&actmn=ee1b7e60-ea05-416d-9627-68e6fda5bd3b&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.230.52.102:38797/bin.sh id: auto-0559083fecf54d8ff6fbbcc113156fd927f7e96f2c03ff909ddec0b3107c3f72 status: experimental description: Detects traffic or activity related to http://113.230.52.102:38797/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.230.52.102:38797/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.73.114:33423/i id: auto-0bf185d6902bde62c08eaa57e977b489bfb5395d38e749a5224b6820a761ad49 status: experimental description: Detects traffic or activity related to http://182.121.73.114:33423/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.73.114:33423/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gib9tyuu.v0xentwine.ru/?apikey=uHhbNtGcGtDmltQX&actmn=35c851ef-4a73-4333-b74f-99a922141c41&ocid id: auto-864cebd712b326a4d9c182184b28cd4e2c5bde90a42a2aa77c2d7fbb34a72586 status: experimental description: Detects traffic or activity related to https://gib9tyuu.v0xentwine.ru/?apikey=uHhbNtGcGtDmltQX&actmn=35c851ef-4a73-4333-b74f-99a922141c41&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gib9tyuu.v0xentwine.ru/?apikey=uHhbNtGcGtDmltQX&actmn=35c851ef-4a73-4333-b74f-99a922141c41&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://oeql6rvy.v0xentwine.ru/?apikey=cevBLtgAZaQVdIGE&actmn=635df791-4714-4d86-b8af-9509ece28079&ocid id: auto-a93a5dee0588bf50685ee694f90fce8026406113bcb69c23c056825d2a707ba2 status: experimental description: Detects traffic or activity related to https://oeql6rvy.v0xentwine.ru/?apikey=cevBLtgAZaQVdIGE&actmn=635df791-4714-4d86-b8af-9509ece28079&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://oeql6rvy.v0xentwine.ru/?apikey=cevBLtgAZaQVdIGE&actmn=635df791-4714-4d86-b8af-9509ece28079&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.135.191:40102/bin.sh id: auto-17f6f2cec7d9bedc18f5fccd863e732eaa264cc33a0a9345727d1685b03ccda9 status: experimental description: Detects traffic or activity related to http://61.53.135.191:40102/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.135.191:40102/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.204.242:32932/bin.sh id: auto-9a7fb0b15940d14aeea9cfcc2ecffd29318c297ee2cd7b50f3329e7dbf91ae4b status: experimental description: Detects traffic or activity related to http://27.207.204.242:32932/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.204.242:32932/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.169.74:59730/i id: auto-de3195a3df0976e8ffba5fd365e6490d46511e4ca055bec0ce806e0487dca36c status: experimental description: Detects traffic or activity related to http://176.226.169.74:59730/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.169.74:59730/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.121.19:51729/i id: auto-3bb37d387cadc82d5a7ec6ae59fb144cf4ae2a4b8334d6db99fd5340573a83c9 status: experimental description: Detects traffic or activity related to http://123.14.121.19:51729/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.121.19:51729/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.252.120:55081/i id: auto-1d57ed8ca531d9b9b1380a4163812d2ab48cba23580b8473aa5490a24c79c663 status: experimental description: Detects traffic or activity related to http://123.5.252.120:55081/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.252.120:55081/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.99.60:50756/i id: auto-3b5118b8d66024f235fd5c3fb952facf7d159323a4f8ac17b2a2498e1318ff8b status: experimental description: Detects traffic or activity related to http://202.107.99.60:50756/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.99.60:50756/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://phgbh6cb.quartz-sketch.ru/?apikey=mOeKHYSrQhHaYtOP&actmn=29dcf490-4cbe-404b-9789-90faa32e14dc&ocid id: auto-a87004c9e4f2d32e36bd9bfd67b0c63254021b173976c15703ab3d382cb57467 status: experimental description: Detects traffic or activity related to https://phgbh6cb.quartz-sketch.ru/?apikey=mOeKHYSrQhHaYtOP&actmn=29dcf490-4cbe-404b-9789-90faa32e14dc&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://phgbh6cb.quartz-sketch.ru/?apikey=mOeKHYSrQhHaYtOP&actmn=29dcf490-4cbe-404b-9789-90faa32e14dc&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://flrlrdl1.quartz-sketch.ru/?apikey=UbSZvejlSuHGctnh&actmn=a68886d6-a071-498b-9509-381bc03411ec&ocid id: auto-09d6908c384e2b066923b9f5137139c39bd5bcfa15257d98271e0d58e3b88143 status: experimental description: Detects traffic or activity related to https://flrlrdl1.quartz-sketch.ru/?apikey=UbSZvejlSuHGctnh&actmn=a68886d6-a071-498b-9509-381bc03411ec&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://flrlrdl1.quartz-sketch.ru/?apikey=UbSZvejlSuHGctnh&actmn=a68886d6-a071-498b-9509-381bc03411ec&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.104.15:43029/i id: auto-ae29482923582eddbf1838e79c587b7f43cc018a1b8e6a476710efdf3b929800 status: experimental description: Detects traffic or activity related to http://110.37.104.15:43029/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.104.15:43029/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.126.111:38184/i id: auto-93d572ef2e9b7328dd43db5daac1ce88a85852580ac185f1d697da5ee19d8037 status: experimental description: Detects traffic or activity related to http://42.224.126.111:38184/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.126.111:38184/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.169.74:59730/bin.sh id: auto-3ffccb35c01c6f7e2c939883e7c891d4c74353006c635639596ad38b7a7b6d9f status: experimental description: Detects traffic or activity related to http://176.226.169.74:59730/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.169.74:59730/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.96.59:52347/i id: auto-b4720f5e0672a1f94ac3bb68e3d61ac35ec7d39eb6a420a2935dc7a2f1a23610 status: experimental description: Detects traffic or activity related to http://196.189.96.59:52347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.96.59:52347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.141.155:41781/i id: auto-46f859dfca20b947229b170924608c730a619a99473a74ca5ce07c4ad871d938 status: experimental description: Detects traffic or activity related to http://112.248.141.155:41781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.141.155:41781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d9lwvqxy.quartz-sketch.ru/?apikey=KGjDdmXWQHeNjHAF&actmn=10821f05-3a7a-4a7f-95c0-9bdd9fc1eeba&ocid id: auto-ef59b89ec0e2cbd2bb913f6f5903eef5d5f3fe1e6aa1c0eadd2f7522bcfbce99 status: experimental description: Detects traffic or activity related to https://d9lwvqxy.quartz-sketch.ru/?apikey=KGjDdmXWQHeNjHAF&actmn=10821f05-3a7a-4a7f-95c0-9bdd9fc1eeba&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d9lwvqxy.quartz-sketch.ru/?apikey=KGjDdmXWQHeNjHAF&actmn=10821f05-3a7a-4a7f-95c0-9bdd9fc1eeba&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zbb6it90.quartz-sketch.ru/?apikey=AMFamVwqzPAWtjWK&actmn=08df6306-ccc9-46d5-84d2-4df26905f9f5&ocid id: auto-59abe74fd13d31c0ab559d0a7e16b48a69b0feb018a15871f6381096e3a1cbfe status: experimental description: Detects traffic or activity related to https://zbb6it90.quartz-sketch.ru/?apikey=AMFamVwqzPAWtjWK&actmn=08df6306-ccc9-46d5-84d2-4df26905f9f5&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zbb6it90.quartz-sketch.ru/?apikey=AMFamVwqzPAWtjWK&actmn=08df6306-ccc9-46d5-84d2-4df26905f9f5&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.107.99.60:50756/bin.sh id: auto-afead99c0778e541afa418ac853f3257a408400a80c1842cf4812a9fb103d773 status: experimental description: Detects traffic or activity related to http://202.107.99.60:50756/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.107.99.60:50756/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.252.120:55081/bin.sh id: auto-fc52e892ab6369d1bbf85df5831e5f683f9d6f223dd1e67c7b8d8be6f0ffc8c2 status: experimental description: Detects traffic or activity related to http://123.5.252.120:55081/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.252.120:55081/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.113.184:46012/i id: auto-7b5ec233be821755bccb6c2b65e225a76cc0b1aac7ba1ee7bd78b5cf61a7c469 status: experimental description: Detects traffic or activity related to http://115.61.113.184:46012/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.113.184:46012/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://s83sht55.amberflume.ru/?apikey=EGzyDbDxGsZUbeJa&actmn=cf41d155-ac79-4b4c-84a5-0070a8c6962a&ocid id: auto-1f0ae68d705853d2f2c7d4470a0036ab695faee0a9419ee44593b3960cc43e41 status: experimental description: Detects traffic or activity related to https://s83sht55.amberflume.ru/?apikey=EGzyDbDxGsZUbeJa&actmn=cf41d155-ac79-4b4c-84a5-0070a8c6962a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://s83sht55.amberflume.ru/?apikey=EGzyDbDxGsZUbeJa&actmn=cf41d155-ac79-4b4c-84a5-0070a8c6962a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.141.155:41781/bin.sh id: auto-149cf3a5f462fadbeaf64ad3f2af9d6290a8816a9b6f33798c97c26cac76803b status: experimental description: Detects traffic or activity related to http://112.248.141.155:41781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.141.155:41781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://9burdy0u.amberflume.ru/?apikey=NCdigIpwjqlvbIEI&actmn=1717ca58-4bdb-4a48-85bb-27dcafe5da35&ocid id: auto-860969687927b1170efcba8a35f032b2bba592adca14623eb92b20491240fcb4 status: experimental description: Detects traffic or activity related to https://9burdy0u.amberflume.ru/?apikey=NCdigIpwjqlvbIEI&actmn=1717ca58-4bdb-4a48-85bb-27dcafe5da35&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://9burdy0u.amberflume.ru/?apikey=NCdigIpwjqlvbIEI&actmn=1717ca58-4bdb-4a48-85bb-27dcafe5da35&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1vvmu70s.amberflume.ru/?apikey=TfMdXIYCPmQNslsc&activityId=44353b1d-d89b-414a-b809-a0af130e2166&ocid id: auto-7114658f2483ccd0c488ee4988c4b6f9cbec13a4fff4f83f4240aa38cbb24674 status: experimental description: Detects traffic or activity related to https://1vvmu70s.amberflume.ru/?apikey=TfMdXIYCPmQNslsc&activityId=44353b1d-d89b-414a-b809-a0af130e2166&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1vvmu70s.amberflume.ru/?apikey=TfMdXIYCPmQNslsc&activityId=44353b1d-d89b-414a-b809-a0af130e2166&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.126.111:38184/bin.sh id: auto-7dd4a3029f65646d58f1f1002843ebdb6900f03dffbf021c796b2880b7f74a5a status: experimental description: Detects traffic or activity related to http://42.224.126.111:38184/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.126.111:38184/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.30.32:34417/bin.sh id: auto-0d08cf13f199b79d75fcd1abb2ebec2a1e9c274a51a0f2f5e992d8534a1942c9 status: experimental description: Detects traffic or activity related to http://115.52.30.32:34417/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.30.32:34417/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hsrq2bkz.sn1pburrow.ru/?apikey=mdtcRchFXLPjTxEW&activityId=849fe2bf-fdd3-40eb-b089-fa90fd25c393&ocid id: auto-49dffe0604b2d9918d41238903ed0c88963b6b7995fb05f5272a2595ca469a1a status: experimental description: Detects traffic or activity related to https://hsrq2bkz.sn1pburrow.ru/?apikey=mdtcRchFXLPjTxEW&activityId=849fe2bf-fdd3-40eb-b089-fa90fd25c393&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hsrq2bkz.sn1pburrow.ru/?apikey=mdtcRchFXLPjTxEW&activityId=849fe2bf-fdd3-40eb-b089-fa90fd25c393&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://xozpwh9b.sn1pburrow.ru/?apikey=GjdfKmhmyIcYLrDO&activityId=817de613-515d-465e-9e22-28533bfa6f39&ocid id: auto-8d936b56d6f3cac75d25d568a45c520474d51c549543a099b0085a848c67acc3 status: experimental description: Detects traffic or activity related to https://xozpwh9b.sn1pburrow.ru/?apikey=GjdfKmhmyIcYLrDO&activityId=817de613-515d-465e-9e22-28533bfa6f39&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://xozpwh9b.sn1pburrow.ru/?apikey=GjdfKmhmyIcYLrDO&activityId=817de613-515d-465e-9e22-28533bfa6f39&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.241.42:37347/i id: auto-a4ba94bc772996ee24e2dbbcf0ca0af78ba0a09bb3c4a510de505ea64b3274cb status: experimental description: Detects traffic or activity related to http://182.114.241.42:37347/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.241.42:37347/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.113.184:46012/bin.sh id: auto-6bc7f5ff05df23109a8f9d6e09163b6e0357fd0ee30a877a4eeb5473dc866e1e status: experimental description: Detects traffic or activity related to http://115.61.113.184:46012/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.113.184:46012/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.229.54:34556/i id: auto-1b11fab68299bb59cf90c57c4b625c4d06ef40812aeac99fd5bfd4df228291e4 status: experimental description: Detects traffic or activity related to http://42.59.229.54:34556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.229.54:34556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.190.82:35384/i id: auto-457ad29a7786d9a139e6e8d4daf965de4d637ed991d27bbbd9072038023f0744 status: experimental description: Detects traffic or activity related to http://221.14.190.82:35384/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.190.82:35384/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.248:44868/i id: auto-041306a2ceb2799e86a760342997cadad165aa973532c9d02cfd9225a4e67fb9 status: experimental description: Detects traffic or activity related to http://117.209.86.248:44868/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.248:44868/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://50mfsn0s.crumplejet.ru/?apikey=oDPOSxNjzBiRuKEb&activityId=e7eaa7d0-fd97-471a-8d0c-a2e54dd4bd1f&ocid id: auto-5d3b5c020d2371de869c5463b544cee1ce32ecb616057aff282b0e1d65b04274 status: experimental description: Detects traffic or activity related to https://50mfsn0s.crumplejet.ru/?apikey=oDPOSxNjzBiRuKEb&activityId=e7eaa7d0-fd97-471a-8d0c-a2e54dd4bd1f&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://50mfsn0s.crumplejet.ru/?apikey=oDPOSxNjzBiRuKEb&activityId=e7eaa7d0-fd97-471a-8d0c-a2e54dd4bd1f&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.17.59.40:5506/qk.vbs id: auto-1c6377c5420093199f9f13e47ffabe50498f5c8fd358dfae6ac6f240bef36995 status: experimental description: Detects traffic or activity related to http://178.17.59.40:5506/qk.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.17.59.40:5506/qk.vbs*' condition: selection level: high tags: - attack.t1059.005 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qucwl9kb.crumplejet.ru/?apikey=xxlYuNAxXqYsCwvE&activityId=308a70bd-b2ad-445b-90d4-273a59d1e389&ocid id: auto-c23345a92bb09007817ae656ab3c9c6ef7cd014fa6c4d2d3f79d37a4134c626c status: experimental description: Detects traffic or activity related to https://qucwl9kb.crumplejet.ru/?apikey=xxlYuNAxXqYsCwvE&activityId=308a70bd-b2ad-445b-90d4-273a59d1e389&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qucwl9kb.crumplejet.ru/?apikey=xxlYuNAxXqYsCwvE&activityId=308a70bd-b2ad-445b-90d4-273a59d1e389&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ob.youstarsbuilding.com/sxp/i/522f8dbab717f669a06afa9122107971.js id: auto-b5dbb459a8fdd66bb23080c098aca454299692796f3c6efe949bdac4371613b2 status: experimental description: Detects traffic or activity related to http://ob.youstarsbuilding.com/sxp/i/522f8dbab717f669a06afa9122107971.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ob.youstarsbuilding.com/sxp/i/522f8dbab717f669a06afa9122107971.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://euob.youstarsbuilding.com/sxp/i/522f8dbab717f669a06afa9122107971.js id: auto-19244b7a7f2c4278599b37891b8f97a9decaa41a8372c7bff9bbc86c922a19f8 status: experimental description: Detects traffic or activity related to http://euob.youstarsbuilding.com/sxp/i/522f8dbab717f669a06afa9122107971.js which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://euob.youstarsbuilding.com/sxp/i/522f8dbab717f669a06afa9122107971.js*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2cpyxxm5.a5hsuper1or.ru/?apikey=zWtaAfxsBvyLDxhK&activityId=39cb1603-8534-4e5d-8a03-8d1bae7e5c5c&ocid id: auto-4f6a1ce91ea289616353ae8583a3fa017e447be51900cd8c5f1c7bfe9320ee8b status: experimental description: Detects traffic or activity related to https://2cpyxxm5.a5hsuper1or.ru/?apikey=zWtaAfxsBvyLDxhK&activityId=39cb1603-8534-4e5d-8a03-8d1bae7e5c5c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2cpyxxm5.a5hsuper1or.ru/?apikey=zWtaAfxsBvyLDxhK&activityId=39cb1603-8534-4e5d-8a03-8d1bae7e5c5c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://a0coka3w.a5hsuper1or.ru/?apikey=kAOGyNAVwiAucmpt&activityId=6589a9cb-2abf-40f6-967e-5d38a2466c78&ocid id: auto-7502bf50d10cfbef7e57f510193d446a9459e5f29e68101424eb88c9c72d18ad status: experimental description: Detects traffic or activity related to https://a0coka3w.a5hsuper1or.ru/?apikey=kAOGyNAVwiAucmpt&activityId=6589a9cb-2abf-40f6-967e-5d38a2466c78&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://a0coka3w.a5hsuper1or.ru/?apikey=kAOGyNAVwiAucmpt&activityId=6589a9cb-2abf-40f6-967e-5d38a2466c78&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://p3v5s4t5.a5hsuper1or.ru/?apikey=JZDqkrNAtfbdGFZH&activityId=3f56805d-6f45-4221-b10c-2e0e958a967b&ocid id: auto-3b8d05960531832435c93ef405e3058a2edce247de946a5cb59a576f46b3236c status: experimental description: Detects traffic or activity related to https://p3v5s4t5.a5hsuper1or.ru/?apikey=JZDqkrNAtfbdGFZH&activityId=3f56805d-6f45-4221-b10c-2e0e958a967b&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://p3v5s4t5.a5hsuper1or.ru/?apikey=JZDqkrNAtfbdGFZH&activityId=3f56805d-6f45-4221-b10c-2e0e958a967b&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.183.110.168:63278/i id: auto-e9a3711be44656eb3d9bd7df45f19d6186787d831f336def9395607acaee4709 status: experimental description: Detects traffic or activity related to http://2.183.110.168:63278/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.183.110.168:63278/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.86.248:44868/bin.sh id: auto-930c33e3df6f77d866c5b5e31cd46782c755a7f259cd5f36e5a8cd6f73792ab0 status: experimental description: Detects traffic or activity related to http://117.209.86.248:44868/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.86.248:44868/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.241.42:37347/bin.sh id: auto-c0a3cf9143fc17146eb9de6d8d122b83c258c3282ed14cefa479d61887b38ead status: experimental description: Detects traffic or activity related to http://182.114.241.42:37347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.241.42:37347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.177.215:42732/i id: auto-a33fb8ce3ee2c777cbcfce5205df5a2da0c8517f765d133b04e4bea1dc3fca0f status: experimental description: Detects traffic or activity related to http://27.215.177.215:42732/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.177.215:42732/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.59.229.54:34556/bin.sh id: auto-884ac8da1b12f04ec478d995ea86f9ad33f852f674c614b39658c44c12352d2a status: experimental description: Detects traffic or activity related to http://42.59.229.54:34556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.59.229.54:34556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.121.19:51729/bin.sh id: auto-3080a8078d9f2a7dd27bad99603ecefcca0bea5030468c5027598b16c60f2930 status: experimental description: Detects traffic or activity related to http://123.14.121.19:51729/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.121.19:51729/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.190.82:35384/bin.sh id: auto-e7831251931d04e5341010c2face447ec24c95b9bcb00c0d87e7a66b550c0f33 status: experimental description: Detects traffic or activity related to http://221.14.190.82:35384/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.190.82:35384/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.75.24:33966/i id: auto-1c852749ebee29df3ec91d4b108d9d1f6d2b36c700f10cbed833c86ef8f0fd81 status: experimental description: Detects traffic or activity related to http://222.141.75.24:33966/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.75.24:33966/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d3vci1ep.dep2rtmen0va.ru/?apikey=lZDDcYACeDnyhlnD&activityId=db08b0b8-125b-4e56-8290-c2b235dbb44f&ocid id: auto-ed63f41ad08fcefcdf1d2da8c69713ee1ad099734ce1cd2c78343e3ea661b7d3 status: experimental description: Detects traffic or activity related to https://d3vci1ep.dep2rtmen0va.ru/?apikey=lZDDcYACeDnyhlnD&activityId=db08b0b8-125b-4e56-8290-c2b235dbb44f&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d3vci1ep.dep2rtmen0va.ru/?apikey=lZDDcYACeDnyhlnD&activityId=db08b0b8-125b-4e56-8290-c2b235dbb44f&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://40k8qjo8.dep2rtmen0va.ru/?apikey=QaxKfNLdbRWIkVFB&activityId=071dd7e5-0adc-434f-afb2-8df3c9b6dee7&ocid id: auto-53172fcc6efe7a57d9297f9614a87a5c46798fd4d3de6e73b46b8ce3a8f4f395 status: experimental description: Detects traffic or activity related to https://40k8qjo8.dep2rtmen0va.ru/?apikey=QaxKfNLdbRWIkVFB&activityId=071dd7e5-0adc-434f-afb2-8df3c9b6dee7&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://40k8qjo8.dep2rtmen0va.ru/?apikey=QaxKfNLdbRWIkVFB&activityId=071dd7e5-0adc-434f-afb2-8df3c9b6dee7&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.114.39:41340/i id: auto-a9a1b729e45b7564011a465153f2693f6d41188d8c03dd811934ed1618f8d1d7 status: experimental description: Detects traffic or activity related to http://115.56.114.39:41340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.114.39:41340/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.229.15:50638/i id: auto-4977a24446a68e263d9c439fda72632ab5f9ff05037e66625abddd5df82d0264 status: experimental description: Detects traffic or activity related to http://125.43.229.15:50638/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.229.15:50638/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.99.60.10:50387/bin.sh id: auto-567d08e4312839f3e9b9b38620ce400faff9c96dc85d71bd6932fb114cf93f57 status: experimental description: Detects traffic or activity related to http://181.99.60.10:50387/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.99.60.10:50387/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://sc7nd8s4.heh0vli8ht.ru/?apikey=hpXJRVdkHjuGBFDI&activityId=737ad269-4a72-4755-b67f-5e4c96a0423e&ocid id: auto-438e43a9b53b688492775d1232192aa8b0be9e7fb851bfc3b4af7c2df88dce85 status: experimental description: Detects traffic or activity related to https://sc7nd8s4.heh0vli8ht.ru/?apikey=hpXJRVdkHjuGBFDI&activityId=737ad269-4a72-4755-b67f-5e4c96a0423e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://sc7nd8s4.heh0vli8ht.ru/?apikey=hpXJRVdkHjuGBFDI&activityId=737ad269-4a72-4755-b67f-5e4c96a0423e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://y3ctp4x3.heh0vli8ht.ru/?apikey=ivBrWtbJvbaUGEdG&activityId=72018cda-11da-40d2-9f92-46bacdc0bdfe&ocid id: auto-2faddfecf5b92f882a4c5a35ec726e5d93c6ecd2ac8a57518d5b8805a94b8646 status: experimental description: Detects traffic or activity related to https://y3ctp4x3.heh0vli8ht.ru/?apikey=ivBrWtbJvbaUGEdG&activityId=72018cda-11da-40d2-9f92-46bacdc0bdfe&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://y3ctp4x3.heh0vli8ht.ru/?apikey=ivBrWtbJvbaUGEdG&activityId=72018cda-11da-40d2-9f92-46bacdc0bdfe&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.76.169:37688/i id: auto-e3b8707eed49069f6eb440ee5d820db3a145397716a51bd767c92aa2063f96ca status: experimental description: Detects traffic or activity related to http://123.188.76.169:37688/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.76.169:37688/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.222.159:58734/bin.sh id: auto-5945b75a316f795634ab30183a0fc0aeca622f771a8902f0ae2f3336344c584a status: experimental description: Detects traffic or activity related to http://110.38.222.159:58734/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.222.159:58734/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.98.249.34:42516/i id: auto-af34170879dc5648b079b65b1d47ff6407d6330c65d802f89d65ff0b10cd5f9f status: experimental description: Detects traffic or activity related to http://85.98.249.34:42516/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.98.249.34:42516/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://174.34.242.140:41593/i id: auto-dbb77352577d5ce657e06dac2cb06ff71048125250b0310eccd73eabc638a950 status: experimental description: Detects traffic or activity related to http://174.34.242.140:41593/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://174.34.242.140:41593/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.197.178:40016/i id: auto-8b0be6b6aa7e5f6813055f93fbd243e6f1e0f6a0ea139beda3dd4616d2e72ee8 status: experimental description: Detects traffic or activity related to http://182.114.197.178:40016/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.197.178:40016/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.85.70:47732/i id: auto-afd2128d1c73956753fa25aadf48dc68d0702c16a296dfc5baec128fce82aef8 status: experimental description: Detects traffic or activity related to http://221.15.85.70:47732/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.85.70:47732/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://85.98.249.34:42516/bin.sh id: auto-5aec17f2e4e61c32156c0a64956371798b43d570005391c9a4a5bfd5ec9d66de status: experimental description: Detects traffic or activity related to http://85.98.249.34:42516/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://85.98.249.34:42516/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://31.208.1.179:48870/i id: auto-ac586fec12c8792ef34cecc16a60cd5641f61472725b48baa4bf4e48adb542c7 status: experimental description: Detects traffic or activity related to http://31.208.1.179:48870/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://31.208.1.179:48870/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.205.121:46169/i id: auto-dc21bb20bbfa03a1d281332e28de232ad5619239fa3b038842cabb065153f6a7 status: experimental description: Detects traffic or activity related to http://123.5.205.121:46169/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.205.121:46169/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.21.239:57155/i id: auto-f7474b189915704a808f1299150fb7010f6fbe3d74191baad28e5e9d5f1027b5 status: experimental description: Detects traffic or activity related to http://42.178.21.239:57155/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.21.239:57155/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pjma3tgi.bohem1apred0m.ru/?apikey=cgQAuXcacXUbhFHT&activityId=97b520c9-3e6c-41e2-b73e-7a966a721f11&ocid id: auto-c7268256348773b56def10e909bf5ea0a2e987e4c6313a4906c1200049c3c8a4 status: experimental description: Detects traffic or activity related to https://pjma3tgi.bohem1apred0m.ru/?apikey=cgQAuXcacXUbhFHT&activityId=97b520c9-3e6c-41e2-b73e-7a966a721f11&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pjma3tgi.bohem1apred0m.ru/?apikey=cgQAuXcacXUbhFHT&activityId=97b520c9-3e6c-41e2-b73e-7a966a721f11&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://o9ekn7ff.bohem1apred0m.ru/?apikey=bMbHOlenuvYZTMgZ&activityId=68be5622-246e-4a2d-b98c-aeefc22d3bd5&ocid id: auto-295ec2f974ab23c4d402d87b17e7b06ad214ecfe8437fe1363441e7d36c6c98a status: experimental description: Detects traffic or activity related to https://o9ekn7ff.bohem1apred0m.ru/?apikey=bMbHOlenuvYZTMgZ&activityId=68be5622-246e-4a2d-b98c-aeefc22d3bd5&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://o9ekn7ff.bohem1apred0m.ru/?apikey=bMbHOlenuvYZTMgZ&activityId=68be5622-246e-4a2d-b98c-aeefc22d3bd5&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.21.239:57155/bin.sh id: auto-6f4d652b2072cefbd8f83037fa1aeefc554f49866c5e0d1d7939e2906ce856fb status: experimental description: Detects traffic or activity related to http://42.178.21.239:57155/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.21.239:57155/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://g48hk2ii.bohem1apred0m.ru/?apikey=SxkTAHaiGVQdZWJf&activityId=165c95db-aad8-4a0a-aeab-79581520671a&ocid id: auto-5f9401c3d3901b284ce53dd0df17d3f1510f3829434587192f0cb0d85c360694 status: experimental description: Detects traffic or activity related to https://g48hk2ii.bohem1apred0m.ru/?apikey=SxkTAHaiGVQdZWJf&activityId=165c95db-aad8-4a0a-aeab-79581520671a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://g48hk2ii.bohem1apred0m.ru/?apikey=SxkTAHaiGVQdZWJf&activityId=165c95db-aad8-4a0a-aeab-79581520671a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.193:58130/i id: auto-b40cf767e7bbc76b4e403b340cf7d9f6bbfe92ed59c145b1a4f16e164a8ffeed status: experimental description: Detects traffic or activity related to http://117.209.31.193:58130/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.193:58130/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6137477328/1BeXo57.exe id: auto-196a200c2645facbb2097e343ee5eb62e4cbcc47caa858fbf225110d1dc7b67a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6137477328/1BeXo57.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6137477328/1BeXo57.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.76.169:37688/bin.sh id: auto-5c4f54620c07ca8e387dfa3db58c1a3451bff3da10a6c6839ec0706948c2679d status: experimental description: Detects traffic or activity related to http://123.188.76.169:37688/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.76.169:37688/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://15w9bglk.pu7eer0d.ru/?apikey=ykJbXmVSfdVmdbJM&activityId=ad0126ab-de3b-4afc-bc88-9b9dacbde09a&ocid id: auto-8441a6c2235cc3998f56a4630ce0e5449f59163e104d4c836bb75c357b3a5e0e status: experimental description: Detects traffic or activity related to https://15w9bglk.pu7eer0d.ru/?apikey=ykJbXmVSfdVmdbJM&activityId=ad0126ab-de3b-4afc-bc88-9b9dacbde09a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://15w9bglk.pu7eer0d.ru/?apikey=ykJbXmVSfdVmdbJM&activityId=ad0126ab-de3b-4afc-bc88-9b9dacbde09a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.168.195.82:57771/i id: auto-c49670c3c776c48759d85a0cf0141e7444641226981d9f899b18054cf81d5586 status: experimental description: Detects traffic or activity related to http://175.168.195.82:57771/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.168.195.82:57771/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tdebwovt.pu7eer0d.ru/?apikey=LXKeSUdyuFlMHKgX&activityId=5dadb2c6-0a55-4e16-a3f7-8f82a0df00b3&ocid id: auto-3cc83635b581ea03b03d2911ed6d856697a9a371af190a86b91fca2a765e5612 status: experimental description: Detects traffic or activity related to https://tdebwovt.pu7eer0d.ru/?apikey=LXKeSUdyuFlMHKgX&activityId=5dadb2c6-0a55-4e16-a3f7-8f82a0df00b3&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tdebwovt.pu7eer0d.ru/?apikey=LXKeSUdyuFlMHKgX&activityId=5dadb2c6-0a55-4e16-a3f7-8f82a0df00b3&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.31.193:58130/bin.sh id: auto-16ca35fedc0aeda29ae31946b0b09b911336fd6dbb4b520f7359089d897de2ce status: experimental description: Detects traffic or activity related to http://117.209.31.193:58130/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.31.193:58130/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.27:41748/i id: auto-c31855a2a14509d396522e884e669e1d983dd1ac223eb483ff154b5d95bf67fd status: experimental description: Detects traffic or activity related to http://110.37.61.27:41748/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.27:41748/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.92.13:52275/i id: auto-80c385e65927ea3fec11970588ee9c0a7b77f6c22e3b0e6f3bc70b7094b58a8e status: experimental description: Detects traffic or activity related to http://182.120.92.13:52275/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.92.13:52275/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.126:38678/i id: auto-ec14b8d92c9fa234e640371a5e73ae65a8db82c2192b664478c1ce632bdf01db status: experimental description: Detects traffic or activity related to http://115.55.50.126:38678/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.126:38678/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://q7hqh19r.r2nkteh2.ru/?apikey=CrMhphoFXTDDsnVA&activityId=aea65512-ade2-48f0-8f5e-d39fe043c9da&ocid id: auto-4a9cff5a6515263358f2a3fadbc952af462cc5690d1e4b7d1abc7e05654ba63c status: experimental description: Detects traffic or activity related to https://q7hqh19r.r2nkteh2.ru/?apikey=CrMhphoFXTDDsnVA&activityId=aea65512-ade2-48f0-8f5e-d39fe043c9da&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://q7hqh19r.r2nkteh2.ru/?apikey=CrMhphoFXTDDsnVA&activityId=aea65512-ade2-48f0-8f5e-d39fe043c9da&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vrfdns.com/win/ash.zip id: auto-99ff631e4a094ebbd3d31655da989ce30dc563e6a7b319cc187d9109b4fb23bc status: experimental description: Detects traffic or activity related to https://vrfdns.com/win/ash.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vrfdns.com/win/ash.zip*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://el5348ic.r2nkteh2.ru/?apikey=jqTWRUYzByqTGEkf&activityId=04165556-aa90-43de-b82e-b92e0527fdfd&ocid id: auto-4d574f696472a06c98c0646a0da7f5e08d854d07db914477b6401e4c7ac5c2f9 status: experimental description: Detects traffic or activity related to https://el5348ic.r2nkteh2.ru/?apikey=jqTWRUYzByqTGEkf&activityId=04165556-aa90-43de-b82e-b92e0527fdfd&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://el5348ic.r2nkteh2.ru/?apikey=jqTWRUYzByqTGEkf&activityId=04165556-aa90-43de-b82e-b92e0527fdfd&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vrfdns.com/win/sm.ps1 id: auto-422d2510b0722427fb8d156861f497ed5627864494fed6711238c5b0dd190b26 status: experimental description: Detects traffic or activity related to https://vrfdns.com/win/sm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vrfdns.com/win/sm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.205.121:46169/bin.sh id: auto-ab8395db5141547c00e9653e0a76d7421d0e8965997081d357adef78e729baed status: experimental description: Detects traffic or activity related to http://123.5.205.121:46169/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.205.121:46169/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6723359323/rVTgCy8.exe id: auto-753ba2bf3421006900059de2d987a02cad7ca317aebe371e231a0db933614cdb status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6723359323/rVTgCy8.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6723359323/rVTgCy8.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://181.99.60.10:50387/i id: auto-b294384ae893323d842acddb8b19a9a3e99d071907ae58736c92b0df9fed0d00 status: experimental description: Detects traffic or activity related to http://181.99.60.10:50387/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://181.99.60.10:50387/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.193.148:50609/i id: auto-2b08a84f292b7e6e23546ec3e80241cc0ef806ca739f8752d525e6099d8c95b6 status: experimental description: Detects traffic or activity related to http://182.113.193.148:50609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.193.148:50609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.63:53782/i id: auto-3a2a1b2d90a91516344aa6abd74d2878d06e36c5d447edeea8ca7c26d7dfd5a7 status: experimental description: Detects traffic or activity related to http://110.37.90.63:53782/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.63:53782/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://srpwnrw8.p2ciftamp0n.ru/?apikey=exSYLovbjlpcZeer&activityId=c7f28aff-59b9-467f-8f3e-383ecb9028bd&ocid id: auto-100bcff1e1a9c79178f8807aca36cf016e8912e3dfca3a34c3b3cf98d138bcea status: experimental description: Detects traffic or activity related to https://srpwnrw8.p2ciftamp0n.ru/?apikey=exSYLovbjlpcZeer&activityId=c7f28aff-59b9-467f-8f3e-383ecb9028bd&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://srpwnrw8.p2ciftamp0n.ru/?apikey=exSYLovbjlpcZeer&activityId=c7f28aff-59b9-467f-8f3e-383ecb9028bd&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.63:53782/bin.sh id: auto-00e6d854a55b74a677dd2b378f2a0e9acc834cecf7b708f8ef8ed685063375e3 status: experimental description: Detects traffic or activity related to http://110.37.90.63:53782/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.63:53782/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.42:37239/bin.sh id: auto-2fc627896a86342a38ef1ffad69658b1aa0eadbd091e15339c421718b17b22b8 status: experimental description: Detects traffic or activity related to http://200.59.83.42:37239/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.42:37239/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://je5mf64c.p2ciftamp0n.ru/?apikey=RbaCqvJOYJrOYuCt&activityId=24d40dea-fa1c-4ecb-a1bd-a4ff9628ea3e&ocid id: auto-238a0849de9ab2fba9d1cd20c700e2bfb824e76ae971cddb4ab8d07d847349aa status: experimental description: Detects traffic or activity related to https://je5mf64c.p2ciftamp0n.ru/?apikey=RbaCqvJOYJrOYuCt&activityId=24d40dea-fa1c-4ecb-a1bd-a4ff9628ea3e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://je5mf64c.p2ciftamp0n.ru/?apikey=RbaCqvJOYJrOYuCt&activityId=24d40dea-fa1c-4ecb-a1bd-a4ff9628ea3e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.179.83.5/ohshit.sh id: auto-c410e46b7aadd1466a188f736936af7daa206da3dbc9e5fdfe20885d2d5f73de status: experimental description: Detects traffic or activity related to http://167.179.83.5/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.179.83.5/ohshit.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gitlab.skillbox.ru/vladislav_kopytin/Python_Basic/-/raw/master/Auto.exe id: auto-92211f3ce5e7378be6568b49dba9d4b6019aa2f79b95462fcf58a3298d86ceb4 status: experimental description: Detects traffic or activity related to https://gitlab.skillbox.ru/vladislav_kopytin/Python_Basic/-/raw/master/Auto.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gitlab.skillbox.ru/vladislav_kopytin/Python_Basic/-/raw/master/Auto.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/properassa/salereds/raw/refs/heads/main/Live%20Net%20TV.apk id: auto-5d395e2a263006d24c95f13366d62c443708877e87c2868c3dda59ec17541754 status: experimental description: Detects traffic or activity related to https://github.com/properassa/salereds/raw/refs/heads/main/Live%20Net%20TV.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/properassa/salereds/raw/refs/heads/main/Live%20Net%20TV.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chrome307/corme/raw/refs/heads/main/Chrome.apk id: auto-b41832c244011819f27a3d352cd841b86f3fbc674fd79a700da00bf43be3b5e9 status: experimental description: Detects traffic or activity related to https://github.com/Chrome307/corme/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chrome307/corme/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromessss/Chrome/raw/refs/heads/main/Chrome.apk id: auto-b66a4b95995274c11a8a9125aa20459153926538ea9fa723d20125b45c2cba46 status: experimental description: Detects traffic or activity related to https://github.com/Chromessss/Chrome/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromessss/Chrome/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/ahmetkaracan227362/GoogleChrome1/raw/refs/heads/main/Chrome.apk id: auto-6fe2159c913110c5323d7ee0d6c8493c9ff816373ba66e6548eda7f5a017fcd5 status: experimental description: Detects traffic or activity related to https://github.com/ahmetkaracan227362/GoogleChrome1/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/ahmetkaracan227362/GoogleChrome1/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/kurdretlikudret-art/arterte/raw/refs/heads/main/Chrome.apk id: auto-44ae6eb3b3eb104d40fd448c38903f35fc6efb4ce7d3bb6fca8959649077b7d6 status: experimental description: Detects traffic or activity related to https://github.com/kurdretlikudret-art/arterte/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/kurdretlikudret-art/arterte/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.223.39:52430/bin.sh id: auto-5286468dd49829389fdc00a1178e068d2c61e7721007ca8e8373f3443deb74be status: experimental description: Detects traffic or activity related to http://115.55.223.39:52430/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.223.39:52430/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/Chromew/download/raw/refs/heads/main/Chrome.apk id: auto-ec21449a2ee8584655f380a1597e1891ec8fe49807bd52b3c266b9d6a34d1af1 status: experimental description: Detects traffic or activity related to https://github.com/Chromew/download/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/Chromew/download/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/tugceyildiz365-commits/asd/raw/refs/heads/main/Chrome.apk id: auto-072b7ec997c526d0a4716e0c120ea7c022cee2a3a3bf54cd52f056a697a2207a status: experimental description: Detects traffic or activity related to https://github.com/tugceyildiz365-commits/asd/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/tugceyildiz365-commits/asd/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/nuribilgeceylen-eng/babacan/raw/refs/heads/main/Chrome.apk id: auto-94240e85848508ead1ecf348997574996175382e1d446f1034908c4da18174bb status: experimental description: Detects traffic or activity related to https://github.com/nuribilgeceylen-eng/babacan/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/nuribilgeceylen-eng/babacan/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://yz3j4wu2.5t0rmfail.ru/?apikey=kNKkEuTVwKxqKOvH&activityId=26561233-9272-4f9d-b8cf-c60e0e1af08a&ocid id: auto-1ba9904183898bfc038b312c0023113efa192c5d5c53a0446f01b95df356fa00 status: experimental description: Detects traffic or activity related to https://yz3j4wu2.5t0rmfail.ru/?apikey=kNKkEuTVwKxqKOvH&activityId=26561233-9272-4f9d-b8cf-c60e0e1af08a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://yz3j4wu2.5t0rmfail.ru/?apikey=kNKkEuTVwKxqKOvH&activityId=26561233-9272-4f9d-b8cf-c60e0e1af08a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2fl4vwmp.5t0rmfail.ru/?apikey=lflXefBysEggGXbp&activityId=b455bb15-7c84-4f97-a7e9-647a0de1b620&ocid id: auto-53a7dea6e4cc26fd35f640315ac7aa77dfc705548bad24ac99a39ca376cf2eb2 status: experimental description: Detects traffic or activity related to https://2fl4vwmp.5t0rmfail.ru/?apikey=lflXefBysEggGXbp&activityId=b455bb15-7c84-4f97-a7e9-647a0de1b620&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2fl4vwmp.5t0rmfail.ru/?apikey=lflXefBysEggGXbp&activityId=b455bb15-7c84-4f97-a7e9-647a0de1b620&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.35.95:55248/i id: auto-adf6de019eccb461b7ec974c05c36c37d34aa6b2247db449315bcba90667c943 status: experimental description: Detects traffic or activity related to http://42.87.35.95:55248/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.35.95:55248/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.11.196:57401/i id: auto-e53ff70b1c74221ef410af804269b2136ab65182bdceea3985c50dd92a592a87 status: experimental description: Detects traffic or activity related to http://182.121.11.196:57401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.11.196:57401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.46:46599/i id: auto-16c74a86d60d37c0bf1979b6eed526d4658650811055fae547795a2aed37d0fa status: experimental description: Detects traffic or activity related to http://200.59.83.46:46599/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.46:46599/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.26:48490/i id: auto-568d0eb5607459b6aa6892231f4997f5296e84a789bdd3233e59075b9a4eff48 status: experimental description: Detects traffic or activity related to http://117.209.94.26:48490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.26:48490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.147.123:49461/i id: auto-0d179ac6dc52acb7c3726206ef459c5c26ad2806ca4ee522a0f08162eebb8fb3 status: experimental description: Detects traffic or activity related to http://115.62.147.123:49461/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.147.123:49461/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.147.123:49461/bin.sh id: auto-dbbe63ea53ab118ee351da528a3d350599ef99ffa63a6b0ac2a25872a15622e5 status: experimental description: Detects traffic or activity related to http://115.62.147.123:49461/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.147.123:49461/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.226.222.198:59039/bin.sh id: auto-01976aaa4cd86fe73a96c529cc4735db302b2c2475d756486574fa52632d80a7 status: experimental description: Detects traffic or activity related to http://42.226.222.198:59039/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.226.222.198:59039/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.79.182:57525/i id: auto-1f2ef9297eeb598e8fc39c7c9907414cf21b34d8db8ee2428c0dc5b124ea172f status: experimental description: Detects traffic or activity related to http://115.49.79.182:57525/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.79.182:57525/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.11.196:57401/bin.sh id: auto-0ed841137a6be00ee2095a0c1f95f84484c25ed2bfabd30a0a6a31e5db259170 status: experimental description: Detects traffic or activity related to http://182.121.11.196:57401/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.11.196:57401/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.35.95:55248/bin.sh id: auto-cd5f0b0d0aa3d1332b4224be14e3272d11e985232f5900d889fbeaa321f1bfef status: experimental description: Detects traffic or activity related to http://42.87.35.95:55248/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.35.95:55248/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.94.26:48490/bin.sh id: auto-167468dde1ad4ea006896955c4cc5c314328ad4422a950d1d1ab3d41cdf46666 status: experimental description: Detects traffic or activity related to http://117.209.94.26:48490/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.94.26:48490/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.59.83.46:46599/bin.sh id: auto-51f05f3d63baff2dce6aee965a203afff9c8a8af1946820065ad2b68519a45a7 status: experimental description: Detects traffic or activity related to http://200.59.83.46:46599/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.59.83.46:46599/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.35.31:42192/bin.sh id: auto-8dae095725a127f455eaa71d905284eefa1b69954020e276756f1375bc1fc004 status: experimental description: Detects traffic or activity related to http://182.114.35.31:42192/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.35.31:42192/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.116.30:51551/bin.sh id: auto-3c90c9e705996c5e469bab5c9738c0affa71a94ea0b4dc751d225c81aa01afb5 status: experimental description: Detects traffic or activity related to http://222.141.116.30:51551/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.116.30:51551/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.18:43682/i id: auto-73dba4ed92c5e1e698ac64043960355953a8acb74b5063f79e7d10b560ba9a9a status: experimental description: Detects traffic or activity related to http://110.37.110.18:43682/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.18:43682/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.193.148:50609/bin.sh id: auto-50c15555a3c7ad8061421bbbc64d7c12def165782e6c4d06aab91f9ced4c3831 status: experimental description: Detects traffic or activity related to http://182.113.193.148:50609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.193.148:50609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.110.18:43682/bin.sh id: auto-ba682fb951b0140cd35633be7c0350acb09eafe24527515fcb2e00bd4481c9c0 status: experimental description: Detects traffic or activity related to http://110.37.110.18:43682/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.110.18:43682/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.239.186:36703/i id: auto-6d33f17bf163d74571e4bfb750cdde5f829b87dfaefabf52590c1612aef56724 status: experimental description: Detects traffic or activity related to http://42.227.239.186:36703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.239.186:36703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.182.68:49059/bin.sh id: auto-1968b17048f0f61be45d6b03b1823e17bba87045879ea9170fd79ac1e0cdaf3e status: experimental description: Detects traffic or activity related to http://218.60.182.68:49059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.182.68:49059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.109.40:57054/i id: auto-d2908d3df615a06287e13210dfa59f236a470a3d6718a8cae454af900719ee22 status: experimental description: Detects traffic or activity related to http://42.86.109.40:57054/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.109.40:57054/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:33201/i id: auto-0e03594a41ca97daf669c1c39c2b172d7a3b99a042f9ccd57df1efa44110c66f status: experimental description: Detects traffic or activity related to http://110.37.123.210:33201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:33201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.51.250:59767/i id: auto-b93d17f37eaed94cb53fb295d83535b5fe1ebbe08b5dc6b2616d43b13679529e status: experimental description: Detects traffic or activity related to http://115.48.51.250:59767/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.51.250:59767/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.44.58:59672/i id: auto-9c0abbfa4536f1e62b0ec06e47598e6ab08db2e549720195b22ed46fa47d0066 status: experimental description: Detects traffic or activity related to http://182.113.44.58:59672/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.44.58:59672/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.239.186:36703/bin.sh id: auto-7ba4eddd1d31d9af7e33ce079bb1576c9786324092f8ae4917a0da7a5585b29a status: experimental description: Detects traffic or activity related to http://42.227.239.186:36703/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.239.186:36703/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8551657484/p3I4bY1.exe id: auto-91a4f9b5a9dd1207c09405969910c3f882b88deea12c278305664fcc51a8cac9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8551657484/p3I4bY1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8551657484/p3I4bY1.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.186.27:50287/i id: auto-65d47c19dd6ec1271251cf77d52be9c296dcf15e6f2003080df2a63495f33156 status: experimental description: Detects traffic or activity related to http://112.248.186.27:50287/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.186.27:50287/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.109.40:57054/bin.sh id: auto-451e8ea692aa1a332ed6fd2a8686ddd96c9f81befed920c3a85670613f74bed8 status: experimental description: Detects traffic or activity related to http://42.86.109.40:57054/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.109.40:57054/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.186.27:50287/bin.sh id: auto-cac3b1f7f35a242303b099161235f8cbc5dd7505769af073aef9ba691cd057ce status: experimental description: Detects traffic or activity related to http://112.248.186.27:50287/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.186.27:50287/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.21:56668/i id: auto-e1c1444fb219958c0ee9ef576555ac9abb285f016416805d399b4a5848ba389a status: experimental description: Detects traffic or activity related to http://117.209.89.21:56668/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.21:56668/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.74.227:36206/i id: auto-547c281423b1cc799e25c111fe658604b23ab5bc15038339c11fedd6daf79fb2 status: experimental description: Detects traffic or activity related to http://123.188.74.227:36206/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.74.227:36206/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.99.77:43681/i id: auto-cea242b64645ea39796ea98155cae684d9ed28b3552ca3992d7bfda8afdbabc5 status: experimental description: Detects traffic or activity related to http://112.239.99.77:43681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.99.77:43681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.123.210:33201/bin.sh id: auto-a88a8f2c9835c07dee3b38ec6ca224032eecbd38f1b32a021eab5101494d90dc status: experimental description: Detects traffic or activity related to http://110.37.123.210:33201/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.123.210:33201/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.44.58:59672/bin.sh id: auto-0026e5a4f0c4195b67e9d25393a7167b6b303846ed57fd6de4f2622628b64287 status: experimental description: Detects traffic or activity related to http://182.113.44.58:59672/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.44.58:59672/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.227.176:43993/i id: auto-d8bdf058ded01d11e08bc94c24ed302301341eba896e8b5d51fc3ec9273c8b7a status: experimental description: Detects traffic or activity related to http://61.52.227.176:43993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.227.176:43993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.48:52412/i id: auto-12313187c6762062c71c0b4bde4acf4a9d2e28728ae0763ca853cd9ff9baaaac status: experimental description: Detects traffic or activity related to http://123.12.225.48:52412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.48:52412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.1.225:34577/i id: auto-7ac6636e1c1d7aa05b164bed220f4bc274647e4616681e06b8b599c7bca7e43a status: experimental description: Detects traffic or activity related to http://125.41.1.225:34577/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.1.225:34577/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.79.182:57525/bin.sh id: auto-6119a18be09098d1f5eb5be3a663c68568d5aada2cea7c76f857433084cd8170 status: experimental description: Detects traffic or activity related to http://115.49.79.182:57525/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.79.182:57525/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.157.179:41793/i id: auto-29a3079393f0ed15843394c3971f28a43fe6816e10b16132a3badc758cc4729b status: experimental description: Detects traffic or activity related to http://175.148.157.179:41793/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.157.179:41793/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.74.227:36206/bin.sh id: auto-8a30e41c8420c8ccb4f8aeb4437bc137d609c1a25dee7e87c85918eab3744def status: experimental description: Detects traffic or activity related to http://123.188.74.227:36206/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.74.227:36206/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.227.176:43993/bin.sh id: auto-57418fe8681a0a6bbc908d71cc001d9d6247d78e5049611f243733c423972a6a status: experimental description: Detects traffic or activity related to http://61.52.227.176:43993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.227.176:43993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.89.21:56668/bin.sh id: auto-3caac20ff491af772e01e3c58cbd0fa813043ddb7da7b96606218540cc0d79d2 status: experimental description: Detects traffic or activity related to http://117.209.89.21:56668/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.89.21:56668/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.88.85:42942/i id: auto-36cba3dde2aabacae33377f96b0cbc392f207390ab284815ac3e47cd3a877a4c status: experimental description: Detects traffic or activity related to http://42.231.88.85:42942/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.88.85:42942/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.228.170:46718/i id: auto-971ce53aff927509f409a6b45be0f59e6c2f59ee5170f9022a19d398308d2e95 status: experimental description: Detects traffic or activity related to http://110.39.228.170:46718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.228.170:46718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.239.99.77:43681/bin.sh id: auto-661bb94bf0048ea64fa88eacc099067164c78500ab516810763223e6e7d5185a status: experimental description: Detects traffic or activity related to http://112.239.99.77:43681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.239.99.77:43681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.48:52412/bin.sh id: auto-cc5c4290cb12d481edef56a68607b02fdc3dfe44593758a3d8cc65b298703a9b status: experimental description: Detects traffic or activity related to http://123.12.225.48:52412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.48:52412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.157.179:41793/bin.sh id: auto-785a0c1bf6db303d6b812233891ccdcd91f4df998cf50195ff41dcf8f5cb5b27 status: experimental description: Detects traffic or activity related to http://175.148.157.179:41793/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.157.179:41793/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.113.236:34130/i id: auto-dce3ed188ebb74d7c9c442761c82439f4566ce794ea8fd22553d2926f8cec9cb status: experimental description: Detects traffic or activity related to http://61.52.113.236:34130/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.113.236:34130/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.159.247:40289/i id: auto-769834247e9723a1385fd57bb0ccda38669ac8af8f00a8f9683b422a7370d206 status: experimental description: Detects traffic or activity related to http://113.228.159.247:40289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.159.247:40289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/s-h.4-.Sakura id: auto-1588ae624045127784fed87069eb251a43d74b4842477b63a4c42090d6d24510 status: experimental description: Detects traffic or activity related to http://185.221.199.34/s-h.4-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/s-h.4-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/i-5.8-6.Sakura id: auto-3efe7cbb8f1f6a28654f4e27ac917049e3c68c2a68c15876c9eb61e631fd9ae8 status: experimental description: Detects traffic or activity related to http://185.221.199.34/i-5.8-6.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/i-5.8-6.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/x-3.2-.Sakura id: auto-65b48d30d01dedf6cafd9e10981eeaeef28bb80d4a592368eaa033eef67d470f status: experimental description: Detects traffic or activity related to http://185.221.199.34/x-3.2-.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/x-3.2-.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/a-r.m-5.Sakura id: auto-881890d77cf92040bafa8b31f4a37967c18492537215d5d2647f08dc919fe8d1 status: experimental description: Detects traffic or activity related to http://185.221.199.34/a-r.m-5.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/a-r.m-5.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.221.199.34/a-r.m-7.Sakura id: auto-3eaaee81ae3fcb5ae431bf82aef593837f4225a443d2909b87310853056fdca7 status: experimental description: Detects traffic or activity related to http://185.221.199.34/a-r.m-7.Sakura which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.221.199.34/a-r.m-7.Sakura*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.187.237:49240/i id: auto-711af78db3e6fb04eb26f4d9f637aad37ad7295c05938ed294d2f37c4c9cc48f status: experimental description: Detects traffic or activity related to http://39.74.187.237:49240/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.187.237:49240/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.214.191:51197/i id: auto-62abf368c59e1c3355e04de89594e737ef6333b559e09f2add61be1b6750d822 status: experimental description: Detects traffic or activity related to http://182.113.214.191:51197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.214.191:51197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.24.36.76:58277/bin.sh id: auto-c1ab7f6d393a35f373d13438713d48ff8f8e42c047949bef97bbea10e0e8c03c status: experimental description: Detects traffic or activity related to http://110.24.36.76:58277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.24.36.76:58277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.170:53732/bin.sh id: auto-dc39bce2e326dd0cd14576a3b1a575f6a4f2eeba46b30a429f6748122d3a4e4f status: experimental description: Detects traffic or activity related to http://110.39.235.170:53732/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.170:53732/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.64.210:56781/i id: auto-e9452792f977f04ae7e05dc1751d046e731980d050a9f642e4c5fbbff3322793 status: experimental description: Detects traffic or activity related to http://115.49.64.210:56781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.64.210:56781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.15.135:50954/i id: auto-ed27999cd53bd790898bfc9c2267aac7acfd6a680e59ea8d0fdb585e5d4277c1 status: experimental description: Detects traffic or activity related to http://219.155.15.135:50954/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.15.135:50954/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.113.236:34130/bin.sh id: auto-6f95d0280a0fcf9aa1bfdcb65a9048bb9717c574006a90ccff2f9c9a7a4b61b7 status: experimental description: Detects traffic or activity related to http://61.52.113.236:34130/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.113.236:34130/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.181.17:54830/i id: auto-d4382fe9825653ae5ba89687621292f8359a0366bccbbbdfb76cd8423730bb5b status: experimental description: Detects traffic or activity related to http://115.57.181.17:54830/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.181.17:54830/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.181.17:54830/bin.sh id: auto-b3b05b0b9d311b8fb540b7e1fac30eda01870bdebd79f960d9d2fdd5a48aed6e status: experimental description: Detects traffic or activity related to http://115.57.181.17:54830/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.181.17:54830/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.187.237:49240/bin.sh id: auto-d7b8ca9cab5fa2f3c829393ee256a01c0419680490b46ad17552bdb47ee82ca7 status: experimental description: Detects traffic or activity related to http://39.74.187.237:49240/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.187.237:49240/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.163.129.144:40386/bin.sh id: auto-2584a3878372964692c816a15ef5facf8d3cfe683dab87ffd6195ce915954dc6 status: experimental description: Detects traffic or activity related to http://61.163.129.144:40386/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.163.129.144:40386/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.145.18:44157/i id: auto-9f91473c523d2c72f1a3d64422017332745cfe1fa97597b1da91e2fc6d315076 status: experimental description: Detects traffic or activity related to http://220.201.145.18:44157/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.145.18:44157/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.15.135:50954/bin.sh id: auto-3f215d64d9612308caa6757a72bd446875a1edcc4b53f00cd850051d53557878 status: experimental description: Detects traffic or activity related to http://219.155.15.135:50954/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.15.135:50954/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.152.192:36769/i id: auto-7d6a03bca2e6d0791ff4f4b04a025fb9c1bbb91ed83e18eff54000ebc95ee5e6 status: experimental description: Detects traffic or activity related to http://115.56.152.192:36769/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.152.192:36769/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.35.82:40923/i id: auto-39d3bf5d5020233f6460b74a3fda0c67496fae7fe167520110268bd930feed12 status: experimental description: Detects traffic or activity related to http://42.230.35.82:40923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.35.82:40923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.53.195:60736/bin.sh id: auto-f41dd538fa2d3569e8da5320812ca78a151ebff81c12579b04315564cb86f8cf status: experimental description: Detects traffic or activity related to http://182.116.53.195:60736/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.53.195:60736/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.96.143.116:60542/bin.sh id: auto-25977a748bba01bfafb1380dd54419b2edb10efe75a728012f147631b4c188d0 status: experimental description: Detects traffic or activity related to http://59.96.143.116:60542/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.96.143.116:60542/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://23.160.56.30/p.txt id: auto-83cf886c9c9f0098bc1498569dab7c100b86e71ab3945430978b6e7267832b40 status: experimental description: Detects traffic or activity related to http://23.160.56.30/p.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://23.160.56.30/p.txt*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.88.85:42942/bin.sh id: auto-e41be51a6da4037e1b810075b5d90cb12d2a72b67b12fdc410b76c8d28e9e69a status: experimental description: Detects traffic or activity related to http://42.231.88.85:42942/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.88.85:42942/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_mipsel id: auto-9b05f41f25d7a8072133d71c82e1eb6a64e21048522b82aebce7ea2ce460e3e3 status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://220.201.145.18:44157/bin.sh id: auto-931c25b5414f423c8342430caebdb92b0a40fa0474e7d4fb4d87c1fcc5e1e55a status: experimental description: Detects traffic or activity related to http://220.201.145.18:44157/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://220.201.145.18:44157/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.158.142:43270/i id: auto-5c52a66dffa6dc9a7f0e636b3909f4fe2a61c0f3f32440783b58da3ef8f6dd15 status: experimental description: Detects traffic or activity related to http://61.52.158.142:43270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.158.142:43270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.152.192:36769/bin.sh id: auto-7e081667d235175669fb16ff71178c66c7af7d33398e2ea71e5ddead823b4ee3 status: experimental description: Detects traffic or activity related to http://115.56.152.192:36769/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.152.192:36769/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.35.31:42192/i id: auto-c646f82efba6342d50f65cce983d743007cb325b832705770f3e79d5d350480d status: experimental description: Detects traffic or activity related to http://182.114.35.31:42192/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.35.31:42192/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:35799/i id: auto-6df8d1120a3f6130da814c17157bcce4501f3de915c6212e461744cdfcb01b9a status: experimental description: Detects traffic or activity related to http://110.37.42.225:35799/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:35799/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.44.69:37768/i id: auto-917920fcc2c3d50fe16bb972eca213a0960589f097c12087825839c53ff981f9 status: experimental description: Detects traffic or activity related to http://115.49.44.69:37768/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.44.69:37768/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6881036104/sl7SqfI.exe id: auto-a5c073947c0f8fc92e750efd31766a60895c9852c3e0a95656679b23166051a9 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6881036104/sl7SqfI.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6881036104/sl7SqfI.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:51628/bin.sh id: auto-92f3a4b7c072d49474dc5de259325e8b6a524fe0e588898053f1e56cde2f0e0a status: experimental description: Detects traffic or activity related to http://110.37.37.232:51628/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:51628/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.78.194.23:54412/i id: auto-14bf86b7358ad844d6339e6b5b53b40a694a62646f37207df7e833bedd354cb7 status: experimental description: Detects traffic or activity related to http://39.78.194.23:54412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.78.194.23:54412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.144.198:47757/i id: auto-937acad5cddf3753023334db72050b203b6204bf675c5c1fcb91e619b30f0cc2 status: experimental description: Detects traffic or activity related to http://39.90.144.198:47757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.144.198:47757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.119.243:55681/i id: auto-aa610f4cd70ca2982de7d8d601e989a271276eede37bd9077ff56183762d4cb9 status: experimental description: Detects traffic or activity related to http://125.43.119.243:55681/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.119.243:55681/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.210.150:55025/i id: auto-b6546ba9944764972f13fe3afd6cecd06a78ba40b691712a9aba18d2304ae063 status: experimental description: Detects traffic or activity related to http://125.44.210.150:55025/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.210.150:55025/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.44.69:37768/bin.sh id: auto-63cef04389aee437efa039586ce037c78f9fc4eba24ed7a78a2285e0ae78b0ee status: experimental description: Detects traffic or activity related to http://115.49.44.69:37768/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.44.69:37768/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.93.60:48645/i id: auto-28dda33c497b1fa39aa2b86a1cf34bf5aad022033a76f5b7c531c7580de60732 status: experimental description: Detects traffic or activity related to http://42.5.93.60:48645/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.93.60:48645/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.103.177:59335/i id: auto-9e7b47f6ac7dc8f13b8099a876f215c46b6076e7616231a23f0d40fe6a7b614c status: experimental description: Detects traffic or activity related to http://123.9.103.177:59335/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.103.177:59335/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.163.129.144:40386/i id: auto-1546419eacf768f1b6646ec18aa9d12484bdd1ba761c24ed98bb351de00c4780 status: experimental description: Detects traffic or activity related to http://61.163.129.144:40386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.163.129.144:40386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.78.194.23:54412/bin.sh id: auto-3c100c03e592b39477c1ee92ef9a4b30239c3dce7bfe139afa6b9aa570daf0dc status: experimental description: Detects traffic or activity related to http://39.78.194.23:54412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.78.194.23:54412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.13.149.48:57983/i id: auto-33ed39b581a1e66cea1c2564de1b6c45d4d7f540e1b6352a8e85026701fe63bc status: experimental description: Detects traffic or activity related to http://123.13.149.48:57983/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.13.149.48:57983/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.120.203:47421/i id: auto-6c22ab48709452d32fa52dc7945139928222b60a8fcd4b38fc467ca88bfb39eb status: experimental description: Detects traffic or activity related to http://175.149.120.203:47421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.120.203:47421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.90.144.198:47757/bin.sh id: auto-2a89ea585e7bf9e7afc10689d165aa53363d5a5d8a90249283b246b5ac85b704 status: experimental description: Detects traffic or activity related to http://39.90.144.198:47757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.90.144.198:47757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.200.147:58011/bin.sh id: auto-098104f8af75b875df6ed34594c9c8c8eb9f8bf7ae4149ad41a9a7070615b4c1 status: experimental description: Detects traffic or activity related to http://42.227.200.147:58011/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.200.147:58011/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.119.243:55681/bin.sh id: auto-61572c089b4c0362d0afaebbe53962bf8be571c8d517ce9608bb74e31a2e5cf1 status: experimental description: Detects traffic or activity related to http://125.43.119.243:55681/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.119.243:55681/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.210.150:55025/bin.sh id: auto-540357d264f30e26cc64fb539f268c75457b58038d439eba4a4c4e7a0270a41b status: experimental description: Detects traffic or activity related to http://125.44.210.150:55025/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.210.150:55025/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.190.244.196:56085/i id: auto-fa9722c40955f722e385ee846402c1277bd550d557f9ad1011e667a8d9f3eb04 status: experimental description: Detects traffic or activity related to http://123.190.244.196:56085/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.190.244.196:56085/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.93.60:48645/bin.sh id: auto-9437a729682dada96df26dadacef15a4dfdde0e5b8816a6c79adf11bf502b1a5 status: experimental description: Detects traffic or activity related to http://42.5.93.60:48645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.93.60:48645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.37.232:51628/i id: auto-fba7725a7e2a7226126f6fca4202b18c715f86d4ac576b5921766609c6df93a8 status: experimental description: Detects traffic or activity related to http://110.37.37.232:51628/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.37.232:51628/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.98.77:44079/i id: auto-6f3d4856523150cfe95f78154141e98cc8a849e0519aa1523696187e3e719d94 status: experimental description: Detects traffic or activity related to http://196.189.98.77:44079/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.98.77:44079/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.133.108.32:54837/bin.sh id: auto-0dc8798ea6a53fb1741eb7da5c0e3fd7931c9d02ccc657286986f31b8011d2dd status: experimental description: Detects traffic or activity related to http://222.133.108.32:54837/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.133.108.32:54837/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.71.224:41858/bin.sh id: auto-38a61b30057fe4602e30fcbfdbd847f034b78196d845deae7601bbc3c2ef3411 status: experimental description: Detects traffic or activity related to http://113.236.71.224:41858/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.71.224:41858/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.92.59:51689/i id: auto-8a1aa0d9c5aa3dbe4c297a264cfdf1e1808ca3ea91eb4fe8d88ad1897e66eeed status: experimental description: Detects traffic or activity related to http://42.231.92.59:51689/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.92.59:51689/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.110.181.226:43473/bin.sh id: auto-92f6162c5a7bb141df1fa06e3a90ddfc83e141f71b8c3c4b55f830f95d1ca9d7 status: experimental description: Detects traffic or activity related to http://41.110.181.226:43473/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.110.181.226:43473/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.210.103:40432/bin.sh id: auto-a25b4178e04d49f4fadce41f55b048962962cf21dbd7fc53333dee5526194bdd status: experimental description: Detects traffic or activity related to http://27.215.210.103:40432/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.210.103:40432/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.149.66.5:56245/i id: auto-677b42dee8d62b7e57aec066ab738cb970a69294a532cfc813d5f5aaf3e8b080 status: experimental description: Detects traffic or activity related to http://175.149.66.5:56245/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.149.66.5:56245/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.121.162:57785/bin.sh id: auto-3574a0e2dd6aea9049722a694f07604f56c6d3f523dc9a53faab2f44c7c7d4ba status: experimental description: Detects traffic or activity related to http://42.224.121.162:57785/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.121.162:57785/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.20.221:44590/i id: auto-85cb2271ee2a16b9e6fbefc2392eb3c9f0283de2497ec133146f619c9f02e969 status: experimental description: Detects traffic or activity related to http://42.178.20.221:44590/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.20.221:44590/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.98.77:44079/bin.sh id: auto-6d37e856876e8c1e4961ee0c3e2fa995fd6a8ed9eeed404a9b8c3d4cd371fef4 status: experimental description: Detects traffic or activity related to http://196.189.98.77:44079/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.98.77:44079/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.37.2:51149/i id: auto-9d703c41f85059a73d8a00deea45ad970efa576965e2207ee3cde4ff212023b2 status: experimental description: Detects traffic or activity related to http://115.63.37.2:51149/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.37.2:51149/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:48943/i id: auto-816ea62afe74d7d4a3a655c01ace1c98a85b898aa41867f706f9ed2d32c9e122 status: experimental description: Detects traffic or activity related to http://110.37.74.239:48943/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:48943/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.177.245.47:45901/bin.sh id: auto-94c4574474c3b2f5c5fd5e1814eab9b6f7452ce5b49e947acb37b0970c6a8ca2 status: experimental description: Detects traffic or activity related to http://42.177.245.47:45901/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.177.245.47:45901/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.65.249:35635/i id: auto-d242b9442a1efc23248644a2a53ad824227f7c0477044b3109088d3df74846ac status: experimental description: Detects traffic or activity related to http://42.235.65.249:35635/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.65.249:35635/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.223.39:52430/i id: auto-6b55582172a835e19e0d540ae71b7a7e01f5e5d92c9eef28f39b043a68da52af status: experimental description: Detects traffic or activity related to http://115.55.223.39:52430/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.223.39:52430/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.50.126:38678/bin.sh id: auto-28ba8fea4e2283fee29066e6e05ea3be77d62a0b224c53819635816a06e58b3c status: experimental description: Detects traffic or activity related to http://115.55.50.126:38678/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.50.126:38678/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.150.130.42:38390/bin.sh id: auto-12d7051574aec25a3280ee1ec6120ad3d221c6c007b98fc617037eac6dd68bbe status: experimental description: Detects traffic or activity related to http://175.150.130.42:38390/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.150.130.42:38390/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.20.221:44590/bin.sh id: auto-47e05d057effe509d41980b4e39e2dcbe77cba0542f5ce58b2981c2183819c3d status: experimental description: Detects traffic or activity related to http://42.178.20.221:44590/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.20.221:44590/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.8.128:44900/bin.sh id: auto-bb8015149256ee9af49eb1547fd25ee65c770ad9b22e394f7623f698538d2e19 status: experimental description: Detects traffic or activity related to http://115.63.8.128:44900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.8.128:44900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.218.180:34224/i id: auto-0969818dfa2265b457890c3574989b997a6203660475e637184f611b4d4187ee status: experimental description: Detects traffic or activity related to http://42.225.218.180:34224/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.218.180:34224/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.74.239:48943/bin.sh id: auto-da0c4e9d6d3bfd539044578c6707391c45a9f9e69d90afb82fd8e280b8862fda status: experimental description: Detects traffic or activity related to http://110.37.74.239:48943/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.74.239:48943/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.219.129.176:53255/i id: auto-ea5b6d74b7587a3135283d0789314a026d9b6c38a0855bd53cef71874b57669e status: experimental description: Detects traffic or activity related to http://117.219.129.176:53255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.219.129.176:53255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.65.249:35635/bin.sh id: auto-88b49a321d161a549b08a7d6c38629e4cd0fdbcadc6abbe6ad4ad46852c4d730 status: experimental description: Detects traffic or activity related to http://42.235.65.249:35635/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.65.249:35635/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.233.41:35531/i id: auto-4dbd3d471f0f04bc418386c0a02019af924f95bc2007048e4d48c06699fb4af8 status: experimental description: Detects traffic or activity related to http://123.11.233.41:35531/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.233.41:35531/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.228.159.247:40289/bin.sh id: auto-4822f93f52d1a512f1d6e44e7274e0a888873d1a1234e884921b5a96af54cda1 status: experimental description: Detects traffic or activity related to http://113.228.159.247:40289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.228.159.247:40289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.218.180:34224/bin.sh id: auto-f53d2fc6cb541af967f6336961ab0068e3cb96b097111797f32587199115eda8 status: experimental description: Detects traffic or activity related to http://42.225.218.180:34224/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.218.180:34224/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.59.6.8:36194/i id: auto-b6e3538400a113ea96fb6f50e580ed1fe4b421fefc1173baa35a82ea921fb33b status: experimental description: Detects traffic or activity related to http://115.59.6.8:36194/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.59.6.8:36194/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.11.64:46063/i id: auto-d496dfd60c55b2c258041a9c66d6f1cb1b982f24d792e3a4d96c706cd7d3200c status: experimental description: Detects traffic or activity related to http://115.63.11.64:46063/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.11.64:46063/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.219.129.176:53255/bin.sh id: auto-542f13b28d6488276be82420fb8abafacffcfb795336d637a905cf3dfa90f27a status: experimental description: Detects traffic or activity related to http://117.219.129.176:53255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.219.129.176:53255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.224.46:47289/i id: auto-b54efd863082ff37919e6c8b83bd7cf88e946428d1cc59992d773db4ffc64825 status: experimental description: Detects traffic or activity related to http://123.10.224.46:47289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.224.46:47289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.230.173:53978/bin.sh id: auto-342335eb67bfa27a2117ee810373515bf37e5d54abb1471e29448670377e6508 status: experimental description: Detects traffic or activity related to http://42.225.230.173:53978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.230.173:53978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.155.236:58985/i id: auto-0a481c70f0d658dc1145a9da57ef1f624d8c20420a521bb1352b694b9b62bab4 status: experimental description: Detects traffic or activity related to http://115.50.155.236:58985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.155.236:58985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.11.64:46063/bin.sh id: auto-f50695750543dc61f78a7b4d47ccee16ea1127bed656ee1147d360ba08ee086c status: experimental description: Detects traffic or activity related to http://115.63.11.64:46063/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.11.64:46063/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.224.46:47289/bin.sh id: auto-7a0ff431fc295d1ce8670f927bed89d656c9bd840f2b231b3376d0356217e244 status: experimental description: Detects traffic or activity related to http://123.10.224.46:47289/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.224.46:47289/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.171.113:37752/i id: auto-aabb608b3fa1c175586aff73d7e173977edb55cd96233c969443f78cb5030674 status: experimental description: Detects traffic or activity related to http://42.239.171.113:37752/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.171.113:37752/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/QtyVd7F.exe id: auto-183cac91095cd28fc535bc7f603d0f46a0ba75faf865887914e4823903d360c7 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/QtyVd7F.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/QtyVd7F.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.148:44543/bin.sh id: auto-2d3396114bcf0a8222bed8d2c1716f3d094ce6a095d33a040aa4278d210771a7 status: experimental description: Detects traffic or activity related to http://110.37.45.148:44543/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.148:44543/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.155.236:58985/bin.sh id: auto-5063515dfafe2524106d55838f8d3267a85e5d569618519534ddfc747d477ec9 status: experimental description: Detects traffic or activity related to http://115.50.155.236:58985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.155.236:58985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.171.113:37752/bin.sh id: auto-d247b7554b75f7f2dc38a52394eaaec5f154fb639878f0c911ed1575f325ac0e status: experimental description: Detects traffic or activity related to http://42.239.171.113:37752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.171.113:37752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.242:34348/bin.sh id: auto-703d70842dd4d7adf53580d0157ae8da7252925744617f5de7f5e03acffc9f63 status: experimental description: Detects traffic or activity related to http://110.39.226.242:34348/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.242:34348/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.162:34323/i id: auto-68064c47445dda2c102ab4b869ee47a07bb56f565e89d6678caa2f6b11a4cc20 status: experimental description: Detects traffic or activity related to http://110.37.102.162:34323/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.162:34323/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.218.245:41526/bin.sh id: auto-f8df1b0ac40ace780741610d3c62927242dec3fca4b21f26e8004c9ed721b59e status: experimental description: Detects traffic or activity related to http://120.28.218.245:41526/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.218.245:41526/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.49.27:37784/bin.sh id: auto-86fd8fd487ce1bc79b92b0444c8f7bc2ec71cecc9247460630c1fe54f93b844c status: experimental description: Detects traffic or activity related to http://180.191.49.27:37784/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.49.27:37784/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.53.227:45960/i id: auto-77f0d1d16e782a6d2e2928ba724da2fe1fdbc326d741c94811190f78d62b399c status: experimental description: Detects traffic or activity related to http://219.157.53.227:45960/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.53.227:45960/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.231.198.228:32889/i id: auto-297e0413974221a7d0f37f9bb1267773695ffb6de53a55b3cf5b0c72df4f02c1 status: experimental description: Detects traffic or activity related to http://113.231.198.228:32889/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.231.198.228:32889/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.233.170:55481/i id: auto-dc0b35e0e99fb3db5b2b27c5e8af35a938997f83d7750189851c44182e297af1 status: experimental description: Detects traffic or activity related to http://123.10.233.170:55481/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.233.170:55481/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/i586 id: auto-d68b5bc07e3386e21e1812a98068f2dfde745ec268d2844215b008b8fefcd12a status: experimental description: Detects traffic or activity related to http://45.153.34.187/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/x86_64 id: auto-4ac51ed54ce858fdbbec82a9da2c6dedbe07d6b828d3c4c7e5b5dfad33e53f10 status: experimental description: Detects traffic or activity related to http://45.153.34.187/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/armv6l id: auto-b6e8b7d12eae44fdd158bedf168119dedcbb1a7d8d20c89e991e6673b4017e54 status: experimental description: Detects traffic or activity related to http://45.153.34.187/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/sh4 id: auto-c985ca7efcd5551ee5c539b34002325ef045c823f048a47dd3de7dd02d11e9bf status: experimental description: Detects traffic or activity related to http://45.153.34.187/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/armv7l id: auto-45e743da4008c43b5529ad0a7db816b9e2a7729c431fd7f533edab77beba60f1 status: experimental description: Detects traffic or activity related to http://45.153.34.187/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/armv5l id: auto-6ba4985202dd004eca551263b392e691e3c1d09723d6596cd8208d43c000cba9 status: experimental description: Detects traffic or activity related to http://45.153.34.187/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/powerpc id: auto-eb3820c99a6334433884620d950575e33cf4db727cec29c3fa76332aa6ceb1ed status: experimental description: Detects traffic or activity related to http://45.153.34.187/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/armv4l id: auto-952b73421f0a23ba7706216093aec9416414460b421619486d5944d047cad315 status: experimental description: Detects traffic or activity related to http://45.153.34.187/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/mips id: auto-ae3a5bb65775b4c2c7682edce2faafdf83af4122811867dde300208d8517dd8f status: experimental description: Detects traffic or activity related to http://45.153.34.187/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/m68k id: auto-6227bbc909cdaab073a9f3af845657ea1bac6814b54b5b1d7e86ce03eef49421 status: experimental description: Detects traffic or activity related to http://45.153.34.187/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/i686 id: auto-7f87f9a68b46c553befd0d21a49834f222065ff5ef9efd6d5d39a798bb25cefc status: experimental description: Detects traffic or activity related to http://45.153.34.187/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/mipsel id: auto-eb858030979905e1795ae9c3521d9d2ea8a16763904c47aa5af2f5f7b4e67519 status: experimental description: Detects traffic or activity related to http://45.153.34.187/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.153.34.187/i486 id: auto-3d929ba73601583054d88cfb25f615ff2935c15072a03d514a1014cb6c38d46a status: experimental description: Detects traffic or activity related to http://45.153.34.187/i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.153.34.187/i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/mirai.mips id: auto-7e5debf957ee968617d0a5c61611d3ce5873ba41357183c27e8cfb860c5e8271 status: experimental description: Detects traffic or activity related to http://86.54.42.154/mirai.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/mirai.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.102.162:34323/bin.sh id: auto-678cffe5ed1f9ee560c264c8ec98ec6ffae094352c82b4d732531398f16667bb status: experimental description: Detects traffic or activity related to http://110.37.102.162:34323/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.102.162:34323/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.105.48:47189/i id: auto-923d180cad9360b0d33bc4252c5e951f24412449631951e3f6bb8bf681365180 status: experimental description: Detects traffic or activity related to http://42.179.105.48:47189/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.105.48:47189/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.233.170:55481/bin.sh id: auto-5bf93cafca77352c8246a29ecf737295b6041496f95f23818c7c9a7ec4cd08f3 status: experimental description: Detects traffic or activity related to http://123.10.233.170:55481/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.233.170:55481/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.115.99:46057/i id: auto-6ec36618f4eaf9c827d9d4974e4c18bd2b94ab98dda0ea2959b6b541b3db781b status: experimental description: Detects traffic or activity related to http://182.126.115.99:46057/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.115.99:46057/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.160.205:34781/i id: auto-504cffad0678b8d49edbd6f06435fb217642713f006c56c4188189e686706f7a status: experimental description: Detects traffic or activity related to http://175.167.160.205:34781/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.160.205:34781/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.105.48:47189/bin.sh id: auto-6c3a2dd6dbb337d75ff430e0d77f0bf115d3715f5c9ed73a4acb305ceeeb2f36 status: experimental description: Detects traffic or activity related to http://42.179.105.48:47189/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.105.48:47189/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.70.205:40947/i id: auto-3ef80800927d10ff692c080bdda14db22ca3f58e6b2b93899e4dd416578943d6 status: experimental description: Detects traffic or activity related to http://182.117.70.205:40947/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.70.205:40947/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.115.99:46057/bin.sh id: auto-d321e062736d877159c2be8968b6f1867bfc4e79d7a86da1f79ed21c5d96252e status: experimental description: Detects traffic or activity related to http://182.126.115.99:46057/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.115.99:46057/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.37.34:49456/i id: auto-a14ca04a369c123597ba885e181939fdd09930db292a66a1bb135f084d4bdd61 status: experimental description: Detects traffic or activity related to http://115.55.37.34:49456/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.37.34:49456/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.78.88:53757/i id: auto-1ba65ed6828d3e69cb2f812d49a169fef28ae48de480731e416471610f13f2f2 status: experimental description: Detects traffic or activity related to http://39.79.78.88:53757/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.78.88:53757/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7776205823/8AbWCs6.exe id: auto-6645109eb98abf4d2bf51a28960cf80ab663c26240fcaf632c256ced68dcf608 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7776205823/8AbWCs6.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7776205823/8AbWCs6.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.179.236.116:45750/bin.sh id: auto-ae940ebbb26097411ac568ad8ccf35e297db74bc5a5e0543b7e769b317a076c6 status: experimental description: Detects traffic or activity related to http://119.179.236.116:45750/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.179.236.116:45750/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.37.34:49456/bin.sh id: auto-dabc24a360581f7bb3c586c4c2125cedee04efdef2ab97a8fb8cb8cc0f91eae1 status: experimental description: Detects traffic or activity related to http://115.55.37.34:49456/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.37.34:49456/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.190.11.194:40840/i id: auto-2d60c57c09f7a3f9420d2cd135989a451458f3d989ef0b805e83cc9ab57c37b4 status: experimental description: Detects traffic or activity related to http://196.190.11.194:40840/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.190.11.194:40840/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/wget.sh id: auto-fdfe8a9b53c9e69cf11cdfc6ebea94dbe634a483e6fdc347931b9381a83de565 status: experimental description: Detects traffic or activity related to http://130.12.180.28/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/wget.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/w.sh id: auto-f7cc0e331b1752edd1fa12f8dc21aa9d18fa226019e3d4f4569377030f36952a status: experimental description: Detects traffic or activity related to http://130.12.180.28/w.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/w.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.28/c.sh id: auto-74c8d7ce900ebec3b2425895a5d6787c47382e53da38a987e94282d51db368f9 status: experimental description: Detects traffic or activity related to http://130.12.180.28/c.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.28/c.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8208834244/E7tgnwu.exe id: auto-eb149ac42ec21ad074fe47582530963e07e06d9180f4d4181b8256f8f2394562 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8208834244/E7tgnwu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8208834244/E7tgnwu.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.78.88:53757/bin.sh id: auto-10e7a05f11a227a060c96dfc73d3557bc07f4ee5fe15f1899a4a36653ab730cf status: experimental description: Detects traffic or activity related to http://39.79.78.88:53757/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.78.88:53757/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.230.66.127:11785/Mozi.m id: auto-cc4da883aa72e8c6c0e78ac91d0c64dcf2973decd1d8feb9ad25dec274eb5e72 status: experimental description: Detects traffic or activity related to http://45.230.66.127:11785/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.230.66.127:11785/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7044575709/G6Q6uMY.exe id: auto-0b16929c20f193e4023bd779cf8f9316c964c0c88de738321a27a6fe2360e0b1 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7044575709/G6Q6uMY.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7044575709/G6Q6uMY.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.92.59:51689/bin.sh id: auto-7f1ab2c43fba64b336e35b6d925ae64a1507d40a8e719f6ee0b472e20e5cb12a status: experimental description: Detects traffic or activity related to http://42.231.92.59:51689/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.92.59:51689/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.218.123:34283/i id: auto-1e574105c1562d90ec886bdc885127e399cbaabedc0be560db42027ad41d2e11 status: experimental description: Detects traffic or activity related to http://115.50.218.123:34283/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.218.123:34283/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.48.244:57214/i id: auto-78fd14b1d3f25f47695eae34559ab18487f8f5954dd94d3d9b4f20dcecbac680 status: experimental description: Detects traffic or activity related to http://117.241.48.244:57214/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.48.244:57214/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.64.3:59242/i id: auto-a3a36c9c622f5d170dd92318a7b7f3ba0d4ab49916adfd265184e63407f88f74 status: experimental description: Detects traffic or activity related to http://182.127.64.3:59242/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.64.3:59242/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.255.142:39993/i id: auto-9b52326bdf2104102dfee412ac262fa6ec3d55071e03a45a1fb28fa59d1eb6a5 status: experimental description: Detects traffic or activity related to http://218.60.255.142:39993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.255.142:39993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.218.123:34283/bin.sh id: auto-7761d1c371cc5dc61610f7ed46529d14f59ea34bdb1e1aa83185e5e041aa2f96 status: experimental description: Detects traffic or activity related to http://115.50.218.123:34283/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.218.123:34283/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.75.233:56118/i id: auto-6bba62b6016f86adfbeb93344451ea2492bb3771ace0d08bef282b56d7c23f15 status: experimental description: Detects traffic or activity related to http://42.232.75.233:56118/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.75.233:56118/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8067954276/q3h36mc.exe id: auto-92daad04bcd7052c83f0c28af34e13e418d8be9b89aa106a6501ffc6773ab41e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8067954276/q3h36mc.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8067954276/q3h36mc.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.39.253:34579/i id: auto-6f205869290210dc76d8ff696479d5c52d6fd0ea6420a64d32627d3bac37d1f0 status: experimental description: Detects traffic or activity related to http://115.58.39.253:34579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.39.253:34579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/ozaik/-Marauder-Pi-Raspberry-Pi-5-Edition-Nexmon-/releases/download/tesst1/update.exe id: auto-332878f7d71fe7e2926ac3cf94f0d8c22e0b95d20281cc5bd718fa4dc23438fe status: experimental description: Detects traffic or activity related to https://github.com/ozaik/-Marauder-Pi-Raspberry-Pi-5-Edition-Nexmon-/releases/download/tesst1/update.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/ozaik/-Marauder-Pi-Raspberry-Pi-5-Edition-Nexmon-/releases/download/tesst1/update.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://218.60.255.142:39993/bin.sh id: auto-55adae1dfcffe24e8e5e6626be20cbae2ee2b6eb108dcb44e98d8a6efd1bab8a status: experimental description: Detects traffic or activity related to http://218.60.255.142:39993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://218.60.255.142:39993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.194.187:36586/i id: auto-966b7ba6be215f258a4ffec26af60febefb09858636d9622f6e79b1304c74923 status: experimental description: Detects traffic or activity related to http://182.124.194.187:36586/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.194.187:36586/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.91:34626/i id: auto-a4e75185257047a265f4fad26f5d8896bf378a9e76368aa52bcf7cfbc7d6b240 status: experimental description: Detects traffic or activity related to http://110.37.38.91:34626/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.91:34626/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.144.208:34169/i id: auto-29273b3fb39e6b0effe3afaaa838c9648c3d4c0d2a308793167b5edd5800bad9 status: experimental description: Detects traffic or activity related to http://115.48.144.208:34169/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.144.208:34169/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.143.176:41163/i id: auto-c78cf452efd82611800207d78de0a4b0cc60de0afb223b1b4550982903cf0ca3 status: experimental description: Detects traffic or activity related to http://123.11.143.176:41163/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.143.176:41163/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.244.148.163:38597/i id: auto-9adbd30de04360487d613a1916d726f0d914b22964f36a357d7bb8de1803816e status: experimental description: Detects traffic or activity related to http://112.244.148.163:38597/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.244.148.163:38597/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.75.233:56118/bin.sh id: auto-77947ce1080d9b530fe6c473d8c6a0ccbf7f803e7099ab3ba4cca4b5e8757eb0 status: experimental description: Detects traffic or activity related to http://42.232.75.233:56118/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.75.233:56118/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.143.176:41163/bin.sh id: auto-de725d73b822c6b2b23b282e39be3e8cfdabad9afef528fc016e895d78ad02fa status: experimental description: Detects traffic or activity related to http://123.11.143.176:41163/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.143.176:41163/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.244.148.163:38597/bin.sh id: auto-31048e2a95dde3c1663004744f76e5b406528bb1bdb51bab13cdfc6f0a58094a status: experimental description: Detects traffic or activity related to http://112.244.148.163:38597/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.244.148.163:38597/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.11.171:36711/i id: auto-d66568f5b8c7d0a10a391884abcaaa59cc6d55a9b3c0641f12a6798626ddcc77 status: experimental description: Detects traffic or activity related to http://182.112.11.171:36711/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.11.171:36711/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.144.208:34169/bin.sh id: auto-4a4a24a7ce8c70d8aa816119df56079ce027a19dbced47c6324bea41804eb9d1 status: experimental description: Detects traffic or activity related to http://115.48.144.208:34169/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.144.208:34169/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2tfg15f1.blu3field.ru/?apikey=FHKltrnczZUTWSDA&activityId=a85968a7-2c15-45b4-a2f6-ed53513eff02&ocid id: auto-91d2831ca59c41b9d40ae4e4376560a1f5e540475d300969d78b5c502fca543a status: experimental description: Detects traffic or activity related to https://2tfg15f1.blu3field.ru/?apikey=FHKltrnczZUTWSDA&activityId=a85968a7-2c15-45b4-a2f6-ed53513eff02&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2tfg15f1.blu3field.ru/?apikey=FHKltrnczZUTWSDA&activityId=a85968a7-2c15-45b4-a2f6-ed53513eff02&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://rq5aflxn.blu3field.ru/?apikey=PAVpsTiIVJLGPIYF&activityId=27a9b9cb-a578-4aad-9c80-20b252f4e4c5&ocid id: auto-107320e51275cc878be27bf81a81bf8c9c2d6d4793fd06cbd0ee703c4591430e status: experimental description: Detects traffic or activity related to https://rq5aflxn.blu3field.ru/?apikey=PAVpsTiIVJLGPIYF&activityId=27a9b9cb-a578-4aad-9c80-20b252f4e4c5&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://rq5aflxn.blu3field.ru/?apikey=PAVpsTiIVJLGPIYF&activityId=27a9b9cb-a578-4aad-9c80-20b252f4e4c5&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.88.17:54104/i id: auto-03664594702a94618a3a64c03c9596c8ef647c32157979ee085a5c952889d06e status: experimental description: Detects traffic or activity related to http://124.94.88.17:54104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.88.17:54104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.34.210:40388/i id: auto-5c81efc0a6ae71e723db149c5807c7d1c28b28aab59e2d979c372c8db2daa5b7 status: experimental description: Detects traffic or activity related to http://123.185.34.210:40388/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.34.210:40388/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.9.41:38674/i id: auto-2184ea17e584ef2527f290763baa87705e2aa37100344f594aa1644e87ed27f4 status: experimental description: Detects traffic or activity related to http://182.119.9.41:38674/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.9.41:38674/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.157.81:34766/i id: auto-4bb144670972856e7578a74a20c97ae6e6d73f5567f8b742792d8a788b47a0e8 status: experimental description: Detects traffic or activity related to http://123.132.157.81:34766/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.157.81:34766/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.7.198:33220/i id: auto-f81fe79d8d4570981befbc20650bc9000110040ac1d71c980df90e868cb9efa5 status: experimental description: Detects traffic or activity related to http://182.112.7.198:33220/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.7.198:33220/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6749237131/aDYDMDL.exe id: auto-3a41978fd6a69a81f732bad871ac30be67090b7351d064559a50f060bec59d04 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6749237131/aDYDMDL.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6749237131/aDYDMDL.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.124.48:57084/i id: auto-6b3eea74b4708bbf49d003c63a8bb6a55b378056b6f75e267e3b406c2ddecda6 status: experimental description: Detects traffic or activity related to http://42.176.124.48:57084/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.124.48:57084/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3bvphmwg.wind5tone.ru/?apikey=moNsJEQTzweDlytU&activityId=2e000015-17a7-4c66-95ff-a00450f41076&ocid id: auto-1e4085a3dba42eeb74661742b4ed8b35d5578c471b69e9c1adbcf85f80386965 status: experimental description: Detects traffic or activity related to https://3bvphmwg.wind5tone.ru/?apikey=moNsJEQTzweDlytU&activityId=2e000015-17a7-4c66-95ff-a00450f41076&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3bvphmwg.wind5tone.ru/?apikey=moNsJEQTzweDlytU&activityId=2e000015-17a7-4c66-95ff-a00450f41076&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://1xucln9y.wind5tone.ru/?apikey=vAtdvyejngqOqGiK&activityId=dd68c311-1a53-45c3-897c-c1f883baf8d5&ocid id: auto-ae9615da64cac3c2c16ebbecd60f6f467b9575e4600dc748ce4eca0d1bba598d status: experimental description: Detects traffic or activity related to https://1xucln9y.wind5tone.ru/?apikey=vAtdvyejngqOqGiK&activityId=dd68c311-1a53-45c3-897c-c1f883baf8d5&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://1xucln9y.wind5tone.ru/?apikey=vAtdvyejngqOqGiK&activityId=dd68c311-1a53-45c3-897c-c1f883baf8d5&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.88.17:54104/bin.sh id: auto-c795f73393f9e701b2a4ccccab772ba32412a8b4c8a1e3f125d42d1baa26255f status: experimental description: Detects traffic or activity related to http://124.94.88.17:54104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.88.17:54104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:50600/bin.sh id: auto-42fbe87d995a1438ed4d9a8d038c598f32893144321649f6f07a81118c30202a status: experimental description: Detects traffic or activity related to http://110.37.35.89:50600/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:50600/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5o8vbjbm.cl0udv1sta.ru/?apikey=vZlEQugFbMwDDaxV&activityId=796a5fe8-f959-495e-b7c6-a888e4c71db1&ocid id: auto-c9d6a5272bddcaaf74d2d62a75367283bdb90e02b002ce56f78f911dd9d2c737 status: experimental description: Detects traffic or activity related to https://5o8vbjbm.cl0udv1sta.ru/?apikey=vZlEQugFbMwDDaxV&activityId=796a5fe8-f959-495e-b7c6-a888e4c71db1&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5o8vbjbm.cl0udv1sta.ru/?apikey=vZlEQugFbMwDDaxV&activityId=796a5fe8-f959-495e-b7c6-a888e4c71db1&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zb5c8o44.cl0udv1sta.ru/?apikey=PEhAouQrXJDCliVt&activityId=9fd59687-7276-4afd-b4db-eb203e6d8f1c&ocid id: auto-20b532a765e7649600ce30532cdd1221b448d2f8e20959f59cb5b4c21802bdc3 status: experimental description: Detects traffic or activity related to https://zb5c8o44.cl0udv1sta.ru/?apikey=PEhAouQrXJDCliVt&activityId=9fd59687-7276-4afd-b4db-eb203e6d8f1c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zb5c8o44.cl0udv1sta.ru/?apikey=PEhAouQrXJDCliVt&activityId=9fd59687-7276-4afd-b4db-eb203e6d8f1c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.34.210:40388/bin.sh id: auto-df07cd114d69539ef4130921c5304db3e6ad320aa4877bf53aa7f6bb3ecb096d status: experimental description: Detects traffic or activity related to http://123.185.34.210:40388/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.34.210:40388/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.187.255:34762/i id: auto-e8370c975ad19092f64fe27105c96e7869847f96d88b2ddd6c6ef5e305c2661f status: experimental description: Detects traffic or activity related to http://115.50.187.255:34762/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.187.255:34762/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.189.10:40776/bin.sh id: auto-2db128c2065302de6206783db4d4645c79f6744b02228ad60137be2464a6c3e3 status: experimental description: Detects traffic or activity related to http://221.15.189.10:40776/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.189.10:40776/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.102:50092/i id: auto-1de603ef80150377905acaf9f5b2370a8bd039465568f5c8e1a68b0c4a28058b status: experimental description: Detects traffic or activity related to http://110.37.2.102:50092/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.102:50092/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://wok.gooning.su/x86 id: auto-b382c5de23f6353a20685e9e5e4679c79756383169dea313fb754bbdadee9cb0 status: experimental description: Detects traffic or activity related to http://wok.gooning.su/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://wok.gooning.su/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.102:50092/bin.sh id: auto-f8d8890bbbb02de2be398194ea13936215da8b9db0f8acea27764a6b2ac726b9 status: experimental description: Detects traffic or activity related to http://110.37.2.102:50092/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.102:50092/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.121.81:44940/i id: auto-baa9f203dadbadfd6775f77c38d289246575aefa2987892cccecbd7c3f2e9f11 status: experimental description: Detects traffic or activity related to http://219.155.121.81:44940/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.121.81:44940/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.235.145.14:58300/bin.sh id: auto-39c6911fcf63abaa08af350cee9eb896c4a061db383c1ae38ca8d53c5a1a17b2 status: experimental description: Detects traffic or activity related to http://42.235.145.14:58300/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.235.145.14:58300/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.175:51355/i id: auto-597206b5566d1a3cf083b7458698c086f78e41e4d511afeb9fe5d291505795e2 status: experimental description: Detects traffic or activity related to http://110.36.0.175:51355/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.175:51355/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.176.124.48:57084/bin.sh id: auto-43b43d517486f191d0aa3af18c482116e0976b470bc9369f60729cd7027e1925 status: experimental description: Detects traffic or activity related to http://42.176.124.48:57084/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.176.124.48:57084/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.7.198:33220/bin.sh id: auto-597be8254fbbb7cdb3e274c185e0660398bca48773f5582ecb9b3098a3d130bc status: experimental description: Detects traffic or activity related to http://182.112.7.198:33220/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.7.198:33220/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ihfhrpxy.5t0rmr1dge.ru/?apikey=JmlvaqPdJFtVZWTi&activityId=522a0a14-116f-43f3-92b4-53d81516ee66&ocid id: auto-5fee3a4ed66d8f39060bf80671260d6c60aaaa6ab41d47c1a0bea83a3e447d18 status: experimental description: Detects traffic or activity related to https://ihfhrpxy.5t0rmr1dge.ru/?apikey=JmlvaqPdJFtVZWTi&activityId=522a0a14-116f-43f3-92b4-53d81516ee66&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ihfhrpxy.5t0rmr1dge.ru/?apikey=JmlvaqPdJFtVZWTi&activityId=522a0a14-116f-43f3-92b4-53d81516ee66&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://s638zqw3.5t0rmr1dge.ru/?apikey=ZluINxRmxUYtlRJc&activityId=9e0cbc02-9d18-47bf-a44a-924d11fcd9fc&ocid id: auto-bfa37c6c92ac88105ff18a277796d7b7c6163233950e8a9220741c08c2207b5c status: experimental description: Detects traffic or activity related to https://s638zqw3.5t0rmr1dge.ru/?apikey=ZluINxRmxUYtlRJc&activityId=9e0cbc02-9d18-47bf-a44a-924d11fcd9fc&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://s638zqw3.5t0rmr1dge.ru/?apikey=ZluINxRmxUYtlRJc&activityId=9e0cbc02-9d18-47bf-a44a-924d11fcd9fc&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.187.255:34762/bin.sh id: auto-45f92a03c0134eddc1233d9e6dc04aefa67414f886a683321d92d0ca9019b4d8 status: experimental description: Detects traffic or activity related to http://115.50.187.255:34762/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.187.255:34762/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.132.157.81:34766/bin.sh id: auto-55c05f3babd0835fec6f540dea331f74025adab1dfc728f6685b5b4f720109ec status: experimental description: Detects traffic or activity related to http://123.132.157.81:34766/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.132.157.81:34766/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2i7bgqa2.bi8otz1on.ru/?apikey=JmltyEhIBVAbjDXt&activityId=bba02e68-b751-4405-a96a-0c0b199b9f7e&ocid id: auto-f314fcd6391de895471b44ebf0dcf4d641f8a1d6b43a9cb12e7b7cc79c039a0b status: experimental description: Detects traffic or activity related to https://2i7bgqa2.bi8otz1on.ru/?apikey=JmltyEhIBVAbjDXt&activityId=bba02e68-b751-4405-a96a-0c0b199b9f7e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2i7bgqa2.bi8otz1on.ru/?apikey=JmltyEhIBVAbjDXt&activityId=bba02e68-b751-4405-a96a-0c0b199b9f7e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7799503374/1OxHbC5.exe id: auto-5cb281d71152e1d8ec078e1c3c6949c5c28f0c57d1c02288de58afbe9b3ec44f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7799503374/1OxHbC5.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7799503374/1OxHbC5.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jt5d8kku.bi8otz1on.ru/?apikey=cPAkuwtZzzIqleLh&activityId=5e80e256-d44b-40b7-994f-42b4fb51225f&ocid id: auto-095d4efc3fdea1f4ae539565d6f89d1a228582ad3c63445942237e6ac79fa5a7 status: experimental description: Detects traffic or activity related to https://jt5d8kku.bi8otz1on.ru/?apikey=cPAkuwtZzzIqleLh&activityId=5e80e256-d44b-40b7-994f-42b4fb51225f&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jt5d8kku.bi8otz1on.ru/?apikey=cPAkuwtZzzIqleLh&activityId=5e80e256-d44b-40b7-994f-42b4fb51225f&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.175:51355/bin.sh id: auto-c1e8d5a4a7a4521918461ce0e2e4ee46d5b051e3a3ee3625547edd45c5d2f902 status: experimental description: Detects traffic or activity related to http://110.36.0.175:51355/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.175:51355/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.42.225:35799/bin.sh id: auto-25635f6d1da56269854893e1444aa409acadcd111a44746a88922aec4960e0a3 status: experimental description: Detects traffic or activity related to http://110.37.42.225:35799/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.42.225:35799/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.186.97:33581/i id: auto-9eb8ee02ab93e0c7e692e5d18bbb67db00abeed83436d5cc1edec8abdb3bc894 status: experimental description: Detects traffic or activity related to http://180.190.186.97:33581/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.186.97:33581/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.179.83.5/main_arm7 id: auto-6dbb66fc315362b30388bbb757a307f0283cb50759daef8f264bcf19c5c848c6 status: experimental description: Detects traffic or activity related to http://167.179.83.5/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.179.83.5/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://167.179.83.5/main_arm id: auto-30726cbf8efaf8df707f7c2418202c9e7f372e37463973b2a3d9637e1dad2223 status: experimental description: Detects traffic or activity related to http://167.179.83.5/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://167.179.83.5/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://7yq9kkyk.5t0rmr1dge.ru/?apikey=NDQJLiWFGTsTNwvj&activityId=b65b2155-75f9-4264-a411-6b09ce6ab141&ocid id: auto-d09e04f664aefb6caf6ae4d5cb1d9b5c455fb561f502d2f8c84579f9569e85d9 status: experimental description: Detects traffic or activity related to https://7yq9kkyk.5t0rmr1dge.ru/?apikey=NDQJLiWFGTsTNwvj&activityId=b65b2155-75f9-4264-a411-6b09ce6ab141&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://7yq9kkyk.5t0rmr1dge.ru/?apikey=NDQJLiWFGTsTNwvj&activityId=b65b2155-75f9-4264-a411-6b09ce6ab141&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ubjqtmom.5t0rmr1dge.ru/?apikey=SZwiLmSmJlCHkgtC&activityId=484ad216-a2c5-4a91-9588-8d8c31d333e9&ocid id: auto-e555f28b46e213c95eebf5278fe814bae3ce9cc5886ad2ad7acce20e6e4f7642 status: experimental description: Detects traffic or activity related to https://ubjqtmom.5t0rmr1dge.ru/?apikey=SZwiLmSmJlCHkgtC&activityId=484ad216-a2c5-4a91-9588-8d8c31d333e9&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ubjqtmom.5t0rmr1dge.ru/?apikey=SZwiLmSmJlCHkgtC&activityId=484ad216-a2c5-4a91-9588-8d8c31d333e9&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.228.219.163:47129/i id: auto-9ed318e4730026e7c0d66df6d93dc7242f8f71be378f22878b961df9b6fb59e5 status: experimental description: Detects traffic or activity related to http://42.228.219.163:47129/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.228.219.163:47129/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.183.13:59295/i id: auto-996f537dde2059d336f06d3abffcf018d92668221f70dccd8872cbd9cb37ed38 status: experimental description: Detects traffic or activity related to http://222.138.183.13:59295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.183.13:59295/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.63.220:58968/bin.sh id: auto-19158634d934fbfde2bcb06f2cd1125ebb0ad47d409e3e84eb6039fd78c3c649 status: experimental description: Detects traffic or activity related to http://115.50.63.220:58968/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.63.220:58968/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qrlkhxv2.5hadowfiow.ru/?apikey=LyyqSNCXEFhaxqAG&activityId=7c8bce1d-9164-4975-b1dc-a00aa9c4dcf1&ocid id: auto-fbc5fe4b48e48d3995f5b9d7d84a10ce54d3074a5a55c5adff656a974a9d9e41 status: experimental description: Detects traffic or activity related to https://qrlkhxv2.5hadowfiow.ru/?apikey=LyyqSNCXEFhaxqAG&activityId=7c8bce1d-9164-4975-b1dc-a00aa9c4dcf1&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qrlkhxv2.5hadowfiow.ru/?apikey=LyyqSNCXEFhaxqAG&activityId=7c8bce1d-9164-4975-b1dc-a00aa9c4dcf1&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://mo1lzvar.5hadowfiow.ru/?apikey=jRJEctCzmMVSWWFu&activityId=b09d1db5-b1b1-4c77-ba20-225090514ec8&ocid id: auto-fdfcf4cf294f6e857fa51616258db4b8182d2b2c05f1d43d5853f13e2c686f96 status: experimental description: Detects traffic or activity related to https://mo1lzvar.5hadowfiow.ru/?apikey=jRJEctCzmMVSWWFu&activityId=b09d1db5-b1b1-4c77-ba20-225090514ec8&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://mo1lzvar.5hadowfiow.ru/?apikey=jRJEctCzmMVSWWFu&activityId=b09d1db5-b1b1-4c77-ba20-225090514ec8&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://al93cs24.5hadowfiow.ru/?apikey=LqwYTBrEbrgAaXLf&activityId=01db0bca-f7a2-458f-805d-a1b5606bf6d7&ocid id: auto-54d369b8ffd1cb45f6656912f6b5967ef07344e64836bff30548150585e2bda7 status: experimental description: Detects traffic or activity related to https://al93cs24.5hadowfiow.ru/?apikey=LqwYTBrEbrgAaXLf&activityId=01db0bca-f7a2-458f-805d-a1b5606bf6d7&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://al93cs24.5hadowfiow.ru/?apikey=LqwYTBrEbrgAaXLf&activityId=01db0bca-f7a2-458f-805d-a1b5606bf6d7&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.204.196.136:39631/i id: auto-c5c66a9b608660d82455f9a3490582ebeefb5b41a1259f0b860b546c287088bb status: experimental description: Detects traffic or activity related to http://138.204.196.136:39631/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.204.196.136:39631/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://171f42aj.5kylight.ru/?apikey=NtFhCEQRHqOjdMqo&activityId=8f6b59df-afbd-4fb4-b1e9-8bbe57749acd&ocid id: auto-dba92a75f22e77b7444117faee523539187e0b791fd5da99b334821937978994 status: experimental description: Detects traffic or activity related to https://171f42aj.5kylight.ru/?apikey=NtFhCEQRHqOjdMqo&activityId=8f6b59df-afbd-4fb4-b1e9-8bbe57749acd&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://171f42aj.5kylight.ru/?apikey=NtFhCEQRHqOjdMqo&activityId=8f6b59df-afbd-4fb4-b1e9-8bbe57749acd&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://10zseo44.5kylight.ru/?apikey=gEntuHSGjQqNnVij&activityId=aa66df82-fca4-44d9-bfd2-229a748dd476&ocid id: auto-0bdcfd746baae25f34a1e88f0d47449173e5db89edaa88744a4c4a858ec8932c status: experimental description: Detects traffic or activity related to https://10zseo44.5kylight.ru/?apikey=gEntuHSGjQqNnVij&activityId=aa66df82-fca4-44d9-bfd2-229a748dd476&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://10zseo44.5kylight.ru/?apikey=gEntuHSGjQqNnVij&activityId=aa66df82-fca4-44d9-bfd2-229a748dd476&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.204.242:32932/i id: auto-b3a05d8d361700e0c42cee4d212bbfe339c3e5c77705b6d4e25aa74a4ed45ecc status: experimental description: Detects traffic or activity related to http://27.207.204.242:32932/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.204.242:32932/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.28:51122/i id: auto-ff035ca118b135c8cde5c33dbedd80feb1649ed7b2a34464619c531d7a4cac6d status: experimental description: Detects traffic or activity related to http://60.23.236.28:51122/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.28:51122/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.57.16.226:56466/i id: auto-6b196a122e060ad22af87d646a3ed4f33b10dc8bdc05d7b7db237815439118d5 status: experimental description: Detects traffic or activity related to http://42.57.16.226:56466/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.57.16.226:56466/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qhwiamqd.darkf0rm.ru/?apikey=wvqRsUFzHYFQzxsB&activityId=4655c2a1-59aa-4a1f-ba83-1fd821a73530&ocid id: auto-e273d193b018831d7f9a4606f18ff8e7db7e398610e3652e41a338c16fb41ecc status: experimental description: Detects traffic or activity related to https://qhwiamqd.darkf0rm.ru/?apikey=wvqRsUFzHYFQzxsB&activityId=4655c2a1-59aa-4a1f-ba83-1fd821a73530&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qhwiamqd.darkf0rm.ru/?apikey=wvqRsUFzHYFQzxsB&activityId=4655c2a1-59aa-4a1f-ba83-1fd821a73530&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tw7bcy6z.darkf0rm.ru/?apikey=IfbGHGiTwKESsWwX&activityId=d14e5bb9-6b4e-44f8-9205-4187dba1cdbf&ocid id: auto-0046e3edfd98f823b3fb8d037dbc31e80cd3d7b52d9629b0dce26892f2fd0fdb status: experimental description: Detects traffic or activity related to https://tw7bcy6z.darkf0rm.ru/?apikey=IfbGHGiTwKESsWwX&activityId=d14e5bb9-6b4e-44f8-9205-4187dba1cdbf&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tw7bcy6z.darkf0rm.ru/?apikey=IfbGHGiTwKESsWwX&activityId=d14e5bb9-6b4e-44f8-9205-4187dba1cdbf&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.213.234:38495/i id: auto-b6551561748ec225c3f47078077cd5153a0531a89dd5c16b9c40518995e1eabb status: experimental description: Detects traffic or activity related to http://120.84.213.234:38495/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.213.234:38495/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://138.204.196.136:39631/bin.sh id: auto-5cd4005f2710e3fcaca1d1363595254cd0c37b229cb80b24ed833adb2dc1a0a7 status: experimental description: Detects traffic or activity related to http://138.204.196.136:39631/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://138.204.196.136:39631/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.176:36365/i id: auto-28a1f06b67d364510b4396f473ca66ed8835829dc20cc80a0e273b74efc7cb0f status: experimental description: Detects traffic or activity related to http://110.36.15.176:36365/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.176:36365/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.212.175.230:50967/bin.sh id: auto-4b9fe70923fc43c73d5a53b91d678b65ac0b6bbdccc60e47be8f60112f6ec880 status: experimental description: Detects traffic or activity related to http://117.212.175.230:50967/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.212.175.230:50967/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.182.30:42429/i id: auto-127dc638e0779a31517a0c43e57ebd9c3401eab71fdaa09e586bb3aae35c1308 status: experimental description: Detects traffic or activity related to http://27.215.182.30:42429/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.182.30:42429/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.28:51122/bin.sh id: auto-0bfef07976844ddc16677f79190a14a03488aa2b91b069e4e81afd487c865da0 status: experimental description: Detects traffic or activity related to http://60.23.236.28:51122/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.28:51122/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5l6zy0pd.blu3c0ve.ru/?apikey=fQheBNmSwlNiYGKf&activityId=57bea4e3-bcaa-48dd-a663-db639ddbe6e1&ocid id: auto-b640ceba47bbe348541c331203c0720b9f3f996d799e610b84b1f034e9711ed9 status: experimental description: Detects traffic or activity related to https://5l6zy0pd.blu3c0ve.ru/?apikey=fQheBNmSwlNiYGKf&activityId=57bea4e3-bcaa-48dd-a663-db639ddbe6e1&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5l6zy0pd.blu3c0ve.ru/?apikey=fQheBNmSwlNiYGKf&activityId=57bea4e3-bcaa-48dd-a663-db639ddbe6e1&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.225.230.173:53978/i id: auto-778cf74eb9a560cf51cc1208f95cbc77efc5fd16fccadfe9558766cfb63911db status: experimental description: Detects traffic or activity related to http://42.225.230.173:53978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.225.230.173:53978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://85a24fyd.blu3c0ve.ru/?apikey=GRtFUlfBTGzFArrH&activityId=e92c39fa-b6b6-455b-99c9-5520735b211e&ocid id: auto-30ef0ae08b76c9c6a94d0f4fadd5605aa7c0eff01416e1b1d2fc8af88ff29c6d status: experimental description: Detects traffic or activity related to https://85a24fyd.blu3c0ve.ru/?apikey=GRtFUlfBTGzFArrH&activityId=e92c39fa-b6b6-455b-99c9-5520735b211e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://85a24fyd.blu3c0ve.ru/?apikey=GRtFUlfBTGzFArrH&activityId=e92c39fa-b6b6-455b-99c9-5520735b211e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.40.181.105:54731/i id: auto-c5c5333439341255e4f1470862004933dc5d0991ffba9a34db17e91f5e919293 status: experimental description: Detects traffic or activity related to http://39.40.181.105:54731/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.40.181.105:54731/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jnk9otsf.fr0stmirr0r.ru/?apikey=SVuCyKUHdPuwhnsb&activityId=6efa8f8e-6e53-4abb-a0ae-13eb7a205f1d&ocid id: auto-7f2462986889d33407c30459a3d16fbc34936154bc93820ffbcc638930b01dc1 status: experimental description: Detects traffic or activity related to https://jnk9otsf.fr0stmirr0r.ru/?apikey=SVuCyKUHdPuwhnsb&activityId=6efa8f8e-6e53-4abb-a0ae-13eb7a205f1d&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jnk9otsf.fr0stmirr0r.ru/?apikey=SVuCyKUHdPuwhnsb&activityId=6efa8f8e-6e53-4abb-a0ae-13eb7a205f1d&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5vjkehxx.fr0stmirr0r.ru/?apikey=vbIspeFphxrryeoV&activityId=d4a468d9-b9b8-4865-a841-31909431fe80&ocid id: auto-ea843c26fe55880015bdc8e7219ec56fced205788febb5ca3abf977e49eda57e status: experimental description: Detects traffic or activity related to https://5vjkehxx.fr0stmirr0r.ru/?apikey=vbIspeFphxrryeoV&activityId=d4a468d9-b9b8-4865-a841-31909431fe80&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5vjkehxx.fr0stmirr0r.ru/?apikey=vbIspeFphxrryeoV&activityId=d4a468d9-b9b8-4865-a841-31909431fe80&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.182.30:42429/bin.sh id: auto-74b5596206c057517a71a8d404d2057f9fa556fa2063ddf36905aa80d5902aed status: experimental description: Detects traffic or activity related to http://27.215.182.30:42429/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.182.30:42429/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.226.216:41610/i id: auto-d27dde92765ccfcf795ff3481912184676bbd71a8f289c91f641331d483f7425 status: experimental description: Detects traffic or activity related to http://182.112.226.216:41610/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.226.216:41610/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.176:36365/bin.sh id: auto-d9550a0630e35518a86cbb09596d49d83623d4f630981406f670fab19c9ac48b status: experimental description: Detects traffic or activity related to http://110.36.15.176:36365/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.176:36365/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://86.54.42.154/mirai.arm5n id: auto-df71403be83d99148227d7c073b37dd78cf6c230fe4538c63c7f8833fccc0e53 status: experimental description: Detects traffic or activity related to http://86.54.42.154/mirai.arm5n which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://86.54.42.154/mirai.arm5n*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://82.76.103.106:8080/sshd id: auto-6d291b9b7fa0717d279256c9d1a0a4c672bf34dfed2eec1e0c94fd76bb82ec4f status: experimental description: Detects traffic or activity related to http://82.76.103.106:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://82.76.103.106:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://108.165.147.72:5008/02.08.2022.exe id: auto-25e682110efd8b97d458894613493e64027225bc623e14673436a2d16f30162d status: experimental description: Detects traffic or activity related to http://108.165.147.72:5008/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://108.165.147.72:5008/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.105.37.162:12345/02.08.2022.exe id: auto-0c756024a212eb5d837fed4af2a6f77ad9d593c1b5f10facf3690cf6c7acf0a3 status: experimental description: Detects traffic or activity related to http://47.105.37.162:12345/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.105.37.162:12345/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://118.89.88.183:56781/02.08.2022.exe id: auto-ca64dd76c1a8691ad04b109a690d8747347413d62d40efecaca820c90355e30f status: experimental description: Detects traffic or activity related to http://118.89.88.183:56781/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://118.89.88.183:56781/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.245.96.157/sshd id: auto-f73fc15d23b330798aa8ef84ac5a6fb8cb94c1b9f18e6f1d2b5a97f3a3a994b7 status: experimental description: Detects traffic or activity related to http://14.245.96.157/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.245.96.157/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.99.228:2004/sshd id: auto-d20eca3b8e8fe81e1aa738932db81784493dc0ef67a8d1ef5cfe9c538560e3b6 status: experimental description: Detects traffic or activity related to http://117.206.99.228:2004/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.99.228:2004/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.55.79.237/sshd id: auto-d1ae8ca36a0bd1088940b7b48ddae2156e40ab1e4864fae6cf0713b508aaed93 status: experimental description: Detects traffic or activity related to http://1.55.79.237/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.55.79.237/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.210.138.52:85/sshd id: auto-a137962479dfcbef07d1a818f0e84be239c1f545209ec1cc127efe02acf4be5e status: experimental description: Detects traffic or activity related to http://123.210.138.52:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.210.138.52:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.24.151.34:37828/i id: auto-37e6de4145dbf8ca029b6eae109b44f05fa0ba91ee27d9a940af54a7d03590b0 status: experimental description: Detects traffic or activity related to http://217.24.151.34:37828/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.24.151.34:37828/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.255.195.37:51005/i id: auto-6cd687d21577a855b16c6833571d3450965c5635e636da02e6d4d07f3424ce65 status: experimental description: Detects traffic or activity related to http://37.255.195.37:51005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.255.195.37:51005/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.131.185.193:17318/i id: auto-9e4b7c724491ca2493ac08aa7343e4530243c0e15aa2025e2eaf7e8e70ec8edb status: experimental description: Detects traffic or activity related to http://178.131.185.193:17318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.131.185.193:17318/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.255.234.53:22191/i id: auto-fe028d05096d75be64998def5fb7a318b1245a51ecf2ab6e10caad8c192ba08f status: experimental description: Detects traffic or activity related to http://92.255.234.53:22191/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.255.234.53:22191/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://165.99.99.193:24434/i id: auto-a64d9356b22338d268f216da34ac4aaedebd46cce9b045a2a7de5b52b1b26a11 status: experimental description: Detects traffic or activity related to http://165.99.99.193:24434/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://165.99.99.193:24434/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.24.75.136:10072/sshd id: auto-3a8a556b10cfd55aa8321f531088f7f9774c37de0474691659f32bd16ab3135e status: experimental description: Detects traffic or activity related to http://88.24.75.136:10072/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.24.75.136:10072/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://2.187.36.78:1913/i id: auto-4f95f41f5ec89402e263773a39dda719992236b018fa168ead85e2853b306f4c status: experimental description: Detects traffic or activity related to http://2.187.36.78:1913/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://2.187.36.78:1913/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://83.224.160.28/sshd id: auto-0c2d0c0be87ccb9d5d836279bb2109e93347bd7deb839b80c72ff410687b112e status: experimental description: Detects traffic or activity related to http://83.224.160.28/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://83.224.160.28/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ekei2n7i.sun5tone.ru/?apikey=OQDmbIbWPsNmdVzO&activityId=d0c2a316-93b8-48d4-b0d7-74a4c2b5eee8&ocid id: auto-95118e0c20718c741b92a58744280b5bdf40558219251ae6bc5a37d0b9bc680c status: experimental description: Detects traffic or activity related to https://ekei2n7i.sun5tone.ru/?apikey=OQDmbIbWPsNmdVzO&activityId=d0c2a316-93b8-48d4-b0d7-74a4c2b5eee8&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ekei2n7i.sun5tone.ru/?apikey=OQDmbIbWPsNmdVzO&activityId=d0c2a316-93b8-48d4-b0d7-74a4c2b5eee8&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://of03juqh.sun5tone.ru/?apikey=suzGkDYImSwxUaqI&activityId=9f5e8fc2-da0b-4bd2-a5c2-eba1ff46a763&ocid id: auto-b996adaa7b40fc66efc583875027daebd34d7c77c8b558c3e0caef0c24dd44df status: experimental description: Detects traffic or activity related to https://of03juqh.sun5tone.ru/?apikey=suzGkDYImSwxUaqI&activityId=9f5e8fc2-da0b-4bd2-a5c2-eba1ff46a763&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://of03juqh.sun5tone.ru/?apikey=suzGkDYImSwxUaqI&activityId=9f5e8fc2-da0b-4bd2-a5c2-eba1ff46a763&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.152:46082/i id: auto-9f2186f72f25b4d05608cea29be8c2edd4a4b5e0ce5314fddf6b51c768ddf13f status: experimental description: Detects traffic or activity related to http://110.37.100.152:46082/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.152:46082/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.242.126:35366/i id: auto-a952a4429ce6e30a66936ad9b68ee22b4db5abf701af2a7f71183924161e15cc status: experimental description: Detects traffic or activity related to http://123.4.242.126:35366/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.242.126:35366/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.226.216:41610/bin.sh id: auto-43117bac9c85f8f6df1bac309691ca0d8164d56f58a388d0080cccfbc582b4a3 status: experimental description: Detects traffic or activity related to http://182.112.226.216:41610/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.226.216:41610/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.40.181.105:54731/bin.sh id: auto-cc473b751ddd726f1eb850fe1020515df963dcb34e74e16f867fdf873240de6f status: experimental description: Detects traffic or activity related to http://39.40.181.105:54731/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.40.181.105:54731/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.9.103.177:59335/bin.sh id: auto-909a1ccb238144d27e0a3d9556c2d2cc39e5d55135a6f2e227c65c28a60c3c99 status: experimental description: Detects traffic or activity related to http://123.9.103.177:59335/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.9.103.177:59335/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://50oxk787.rainfail.ru/?apikey=qdhthCUOjkRqXrun&activityId=07b8c63f-bb8f-4e46-b05a-d80ea7f9bc1d&ocid id: auto-d78a0fcce0c9e92151dd3cce4b90c028a2c68198000db4c66d002582f94ec649 status: experimental description: Detects traffic or activity related to https://50oxk787.rainfail.ru/?apikey=qdhthCUOjkRqXrun&activityId=07b8c63f-bb8f-4e46-b05a-d80ea7f9bc1d&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://50oxk787.rainfail.ru/?apikey=qdhthCUOjkRqXrun&activityId=07b8c63f-bb8f-4e46-b05a-d80ea7f9bc1d&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3uyvehbx.rainfail.ru/?apikey=owMsTPxiBNgvHkeW&activityId=e0379d44-e065-40e3-8120-92c05cc04ed2&ocid id: auto-f273afe0ff3ed1dc3d42b283f3724f647ad444ae0d0b687e0467842de9337ea0 status: experimental description: Detects traffic or activity related to https://3uyvehbx.rainfail.ru/?apikey=owMsTPxiBNgvHkeW&activityId=e0379d44-e065-40e3-8120-92c05cc04ed2&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3uyvehbx.rainfail.ru/?apikey=owMsTPxiBNgvHkeW&activityId=e0379d44-e065-40e3-8120-92c05cc04ed2&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.244:38993/i id: auto-664fcb28e1f07fb44e9be5de19a18015dfd26fffb2e34e755fab4f872279032b status: experimental description: Detects traffic or activity related to http://110.37.118.244:38993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.244:38993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.152:46082/bin.sh id: auto-e3a68ed1d8f4d3448ce29fb8588da56a86d693bb9a48109c4801953c2fe29561 status: experimental description: Detects traffic or activity related to http://110.37.100.152:46082/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.152:46082/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lyciemyh.mi5tpath.ru/?apikey=rohbAeTSSWIcNDkw&activityId=f23b04fa-95ea-417b-b787-cb49f9c18b81&ocid id: auto-eee59a0e5e1936bade0af1672d881d56e3d7491f17b08428743010d553900f59 status: experimental description: Detects traffic or activity related to https://lyciemyh.mi5tpath.ru/?apikey=rohbAeTSSWIcNDkw&activityId=f23b04fa-95ea-417b-b787-cb49f9c18b81&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lyciemyh.mi5tpath.ru/?apikey=rohbAeTSSWIcNDkw&activityId=f23b04fa-95ea-417b-b787-cb49f9c18b81&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://f7nm8f7u.mi5tpath.ru/?apikey=SGIevhoHozpMUMtb&activityId=96a274a4-1490-44fa-89b3-759ae1c3668b&ocid id: auto-01ee46fa9c4c83a354622e7d303f7a1dbd41819b69f7da065ab111dc8e4e3c82 status: experimental description: Detects traffic or activity related to https://f7nm8f7u.mi5tpath.ru/?apikey=SGIevhoHozpMUMtb&activityId=96a274a4-1490-44fa-89b3-759ae1c3668b&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://f7nm8f7u.mi5tpath.ru/?apikey=SGIevhoHozpMUMtb&activityId=96a274a4-1490-44fa-89b3-759ae1c3668b&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.118.244:38993/bin.sh id: auto-d847ae69973815b7c4dd45cc0c1862f600b61187ec964156ef6b492090e5b406 status: experimental description: Detects traffic or activity related to http://110.37.118.244:38993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.118.244:38993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.114.45:50543/bin.sh id: auto-ce722ca8129d8edba3ed5db751a9f42c71e9dea06f47b83f8644f0db508f24a4 status: experimental description: Detects traffic or activity related to http://222.138.114.45:50543/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.114.45:50543/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.40.249:53650/i id: auto-557083776a5a11272661396411d4ed7dacd9695c48735cf4dafc74d014231579 status: experimental description: Detects traffic or activity related to http://115.50.40.249:53650/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.40.249:53650/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://24.54.95.49:40497/i id: auto-d1232b412358559ffd7d8d35c49ef5fb3b61462dc1f61a24f04f3f7d9bdd6bf4 status: experimental description: Detects traffic or activity related to http://24.54.95.49:40497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://24.54.95.49:40497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://6r7t5g36.n1ghtsh0re.ru/?apikey=mbNRuLjqUhbqlwDh&activityId=ac2236d9-2deb-4018-b8b8-fb5729b4f149&ocid id: auto-504239576745622e190fd15f2a5778f94c7f10954be1773b8319978b8278c103 status: experimental description: Detects traffic or activity related to https://6r7t5g36.n1ghtsh0re.ru/?apikey=mbNRuLjqUhbqlwDh&activityId=ac2236d9-2deb-4018-b8b8-fb5729b4f149&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://6r7t5g36.n1ghtsh0re.ru/?apikey=mbNRuLjqUhbqlwDh&activityId=ac2236d9-2deb-4018-b8b8-fb5729b4f149&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2wwhaoq1.n1ghtsh0re.ru/?apikey=QpTLQThCVtnGoTCy&activityId=5b6dada0-88c2-4d15-8e79-e7a8b6d6888a&ocid id: auto-adfc3104e378f93ab6ea8407fd0e901257a17b88f414382fe78d375e1580b6db status: experimental description: Detects traffic or activity related to https://2wwhaoq1.n1ghtsh0re.ru/?apikey=QpTLQThCVtnGoTCy&activityId=5b6dada0-88c2-4d15-8e79-e7a8b6d6888a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2wwhaoq1.n1ghtsh0re.ru/?apikey=QpTLQThCVtnGoTCy&activityId=5b6dada0-88c2-4d15-8e79-e7a8b6d6888a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.80.211:54217/i id: auto-753bf4f0146812476caa69157520a696605af75dcc36dbb30e348132c96eb87a status: experimental description: Detects traffic or activity related to http://115.58.80.211:54217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.80.211:54217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.82.34:57521/i id: auto-5ffc2c4b81ed7fb01e30968abe19e2634334360464f7922c6e3883278722b092 status: experimental description: Detects traffic or activity related to http://27.215.82.34:57521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.82.34:57521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.176.176.34:49208/i id: auto-066df4ef667560e9c84e2dc56f10bea821a8d4627a22b2d182c1ce9d0215928f status: experimental description: Detects traffic or activity related to http://61.176.176.34:49208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.176.176.34:49208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.40.249:53650/bin.sh id: auto-6757b4278c95fd26b43a05db7eafea8ab1149d2db5d8b8bca66bf04d4a3e0b79 status: experimental description: Detects traffic or activity related to http://115.50.40.249:53650/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.40.249:53650/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://onj3pw7c.windf1eld.ru/?apikey=blfosBcjGXhZzhVr&activityId=4c0da29d-e590-407b-9fb8-52c64be096ad&ocid id: auto-d487783fe1b6c674145b5ec6b348204fc871d25ae360ec80998166180c0ccc45 status: experimental description: Detects traffic or activity related to https://onj3pw7c.windf1eld.ru/?apikey=blfosBcjGXhZzhVr&activityId=4c0da29d-e590-407b-9fb8-52c64be096ad&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://onj3pw7c.windf1eld.ru/?apikey=blfosBcjGXhZzhVr&activityId=4c0da29d-e590-407b-9fb8-52c64be096ad&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.188.76.254:37581/i id: auto-4315ca03c5d806a31ba15e8bbeeac57e5af665cf4addc738454119e851fb6890 status: experimental description: Detects traffic or activity related to http://196.188.76.254:37581/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.188.76.254:37581/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.4.242.126:35366/bin.sh id: auto-6cf178bb055cd8554442c8f4b5773244b228b92f029c66dfbb7df238e72aa7ec status: experimental description: Detects traffic or activity related to http://123.4.242.126:35366/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.4.242.126:35366/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/d-t2-8/T1-103125/raw/main/T1.zip id: auto-0803b07de9b0f5f3b18d5b7e64e2b37daa03702bb4acdb4a8ee7f610b8413b9e status: experimental description: Detects traffic or activity related to https://github.com/d-t2-8/T1-103125/raw/main/T1.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/d-t2-8/T1-103125/raw/main/T1.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/ud-9/T-102825/raw/main/ud.png id: auto-dfa7ca97ec1bf95ba69d5a33d2f61e000628252bf799d56b108ad3f6b74910f9 status: experimental description: Detects traffic or activity related to https://github.com/ud-9/T-102825/raw/main/ud.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/ud-9/T-102825/raw/main/ud.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tu6eo4za.windf1eld.ru/?apikey=nujqSuKhzVfEcAwt&activityId=1b54f8dd-17a8-4edd-a41b-092f161123e7&ocid id: auto-555b827b17ba11ed381f84db380dd605af1ad89a83cc7cb98858f62e09f92ac5 status: experimental description: Detects traffic or activity related to https://tu6eo4za.windf1eld.ru/?apikey=nujqSuKhzVfEcAwt&activityId=1b54f8dd-17a8-4edd-a41b-092f161123e7&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tu6eo4za.windf1eld.ru/?apikey=nujqSuKhzVfEcAwt&activityId=1b54f8dd-17a8-4edd-a41b-092f161123e7&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.121.162:57785/i id: auto-984df36d9f4d86e73be740d085de7c50c6c1dc03df8e8e0c21a2ae853558e14b status: experimental description: Detects traffic or activity related to http://42.224.121.162:57785/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.121.162:57785/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.39.20:41104/i id: auto-af52b13b07b0ceeeadfd9d6ced1bcebbeb437b9a3daea2c65f5049b53c5f69ab status: experimental description: Detects traffic or activity related to http://182.113.39.20:41104/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.39.20:41104/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/ud-9/T-102825/main/u-p.png id: auto-125d7283bd55cd1c2ca23cd7a6be94a11b0bd7ffa1914c073d40ea00b983fe32 status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/ud-9/T-102825/main/u-p.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/ud-9/T-102825/main/u-p.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/ud-9/T-102825/main/ud.png id: auto-b170d4aed9888451a6649fe580fe7394db44d4d97b2faff7cc5a818c84b6bc4a status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/ud-9/T-102825/main/ud.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/ud-9/T-102825/main/ud.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/d-t2-8/T1-103125/main/T1.zip id: auto-c827a3f746b6a5c2fe91782ee6503f9e873aca2153fe4327fac63e35ba56215e status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/d-t2-8/T1-103125/main/T1.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/d-t2-8/T1-103125/main/T1.zip*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.82.34:57521/bin.sh id: auto-65e2a8b8962b4e6f4fa2624432dcc9b0d2f63b49d2b13b28060df222dddc5e4e status: experimental description: Detects traffic or activity related to http://27.215.82.34:57521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.82.34:57521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.183.84:45784/i id: auto-d3d29272ff8e583834d7ae607cf4cec530a762eed29668c126c6b26233fd7bb7 status: experimental description: Detects traffic or activity related to http://115.62.183.84:45784/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.183.84:45784/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.80.211:54217/bin.sh id: auto-9abada0048014ac8bf1c659af7ce13519e307c082ccb362e4938736200fccb26 status: experimental description: Detects traffic or activity related to http://115.58.80.211:54217/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.80.211:54217/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://h650evc4.cl0ud5tream.ru/?apikey=mflziVHCYvuaEZcM&activityId=6f7166e7-3621-4b69-9ad3-30b187dfae62&ocid id: auto-cce93cdd6a82b7e9ebe25cfa85208a7b68a4fa6c92e1fd8438e06bceb4579734 status: experimental description: Detects traffic or activity related to https://h650evc4.cl0ud5tream.ru/?apikey=mflziVHCYvuaEZcM&activityId=6f7166e7-3621-4b69-9ad3-30b187dfae62&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://h650evc4.cl0ud5tream.ru/?apikey=mflziVHCYvuaEZcM&activityId=6f7166e7-3621-4b69-9ad3-30b187dfae62&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gxcgn6lf.cl0ud5tream.ru/?apikey=gqyNvqeoZRtisonY&activityId=24a53ec6-fec3-41da-8cda-874d2f6e2432&ocid id: auto-e389a6b2ef1ec98b7c07fc817e8bcc31c949719cbc9d9c0f0067673e48965ee6 status: experimental description: Detects traffic or activity related to https://gxcgn6lf.cl0ud5tream.ru/?apikey=gqyNvqeoZRtisonY&activityId=24a53ec6-fec3-41da-8cda-874d2f6e2432&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gxcgn6lf.cl0ud5tream.ru/?apikey=gqyNvqeoZRtisonY&activityId=24a53ec6-fec3-41da-8cda-874d2f6e2432&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.114.31:58923/i id: auto-a04c7be35f656b27d2613182e50f339629aa02ba656ddf9e32192576b6ad874e status: experimental description: Detects traffic or activity related to http://182.127.114.31:58923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.114.31:58923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.233.113:42219/i id: auto-23d0cd193a6274cbc5757afdc85f61fdb1ebef3681f6606ceffc9a319e95c8d7 status: experimental description: Detects traffic or activity related to http://42.234.233.113:42219/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.233.113:42219/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.85.165.16:41339/bin.sh id: auto-85380c88d656e2155d0958581bbc2f417a9717c343f7fc09cdde283762ccedff status: experimental description: Detects traffic or activity related to http://42.85.165.16:41339/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.85.165.16:41339/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.45.64.66:56902/bin.sh id: auto-d91ab199a17115cb87feae5d0c5c8ed162537210186b92aba325e90745ae85de status: experimental description: Detects traffic or activity related to http://125.45.64.66:56902/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.45.64.66:56902/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://cvgekgnf.b0utontran5fer.ru/?apikey=gOJtDNltwQfbmMeC&activityId=ec5b4c9e-1894-4315-97f0-b7d74d506b73&ocid id: auto-c105e06db7f516f48b9f6b06b5870efcdf1783dd759156b63a28757a9340c824 status: experimental description: Detects traffic or activity related to https://cvgekgnf.b0utontran5fer.ru/?apikey=gOJtDNltwQfbmMeC&activityId=ec5b4c9e-1894-4315-97f0-b7d74d506b73&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://cvgekgnf.b0utontran5fer.ru/?apikey=gOJtDNltwQfbmMeC&activityId=ec5b4c9e-1894-4315-97f0-b7d74d506b73&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qyjqlxrj.b0utontran5fer.ru/?apikey=OHIKRXnRGyxRCeGT&activityId=da6e3c8f-de7e-4759-8063-a9788d1297eb&ocid id: auto-78cffb3d243b5969b6ed9b818d9198ef3b73f24a3566bc2d5ddfbe7e7082ee3a status: experimental description: Detects traffic or activity related to https://qyjqlxrj.b0utontran5fer.ru/?apikey=OHIKRXnRGyxRCeGT&activityId=da6e3c8f-de7e-4759-8063-a9788d1297eb&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qyjqlxrj.b0utontran5fer.ru/?apikey=OHIKRXnRGyxRCeGT&activityId=da6e3c8f-de7e-4759-8063-a9788d1297eb&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.62.183.84:45784/bin.sh id: auto-84597a761a13061a9f292e213c9bdd1c909dc3f722286f335e5c5a1c73b38f4b status: experimental description: Detects traffic or activity related to http://115.62.183.84:45784/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.62.183.84:45784/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.39.20:41104/bin.sh id: auto-e834432c7b3f6449a810633fb6744db4c016132c75f8722320dcbf1959daab47 status: experimental description: Detects traffic or activity related to http://182.113.39.20:41104/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.39.20:41104/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.119.9.41:38674/bin.sh id: auto-28a55e9a0b84e921764039939c04bab0961732d822c542be7d98155ca4887733 status: experimental description: Detects traffic or activity related to http://182.119.9.41:38674/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.119.9.41:38674/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.91:34626/bin.sh id: auto-7bc6160a09388d3fef0c17424f20accf918c1674e6d4668d876c5ce50a94565b status: experimental description: Detects traffic or activity related to http://110.37.38.91:34626/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.91:34626/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vxkap1bk.impercepm0no8.ru/?apikey=taohCOWihOTmnVtW&activityId=de35c234-d51c-496c-afc1-529eed9d6c98&ocid id: auto-d30539174b6a82f6793bb27ebca90c2042ac88a3511468d38e4a4a1197f56f66 status: experimental description: Detects traffic or activity related to https://vxkap1bk.impercepm0no8.ru/?apikey=taohCOWihOTmnVtW&activityId=de35c234-d51c-496c-afc1-529eed9d6c98&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vxkap1bk.impercepm0no8.ru/?apikey=taohCOWihOTmnVtW&activityId=de35c234-d51c-496c-afc1-529eed9d6c98&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zjr11tft.impercepm0no8.ru/?apikey=AyROhgwXLAqNhPJd&activityId=1fb3c4dc-f9b7-4f84-bf42-00ea177713b5&ocid id: auto-78171e741293cebb29f7e0a81498c0d9396137d16b5df67009e58a0d0fa90935 status: experimental description: Detects traffic or activity related to https://zjr11tft.impercepm0no8.ru/?apikey=AyROhgwXLAqNhPJd&activityId=1fb3c4dc-f9b7-4f84-bf42-00ea177713b5&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zjr11tft.impercepm0no8.ru/?apikey=AyROhgwXLAqNhPJd&activityId=1fb3c4dc-f9b7-4f84-bf42-00ea177713b5&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.147.38:50611/i id: auto-b0d8a896efb41339caa194f0006861e2046afe3eab856fc2dd167918f06010f7 status: experimental description: Detects traffic or activity related to http://42.178.147.38:50611/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.147.38:50611/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://8viqlh72.c2nd1esubject.ru/?apikey=HYxkKjwfeoJORjiD&activityId=a24e6b4c-2553-4617-9dcc-c18ebd65703c&ocid id: auto-1cd227f362b3d657eafaeec8ff54c44e1e802b832645b78c2574a7a7d5e16d60 status: experimental description: Detects traffic or activity related to https://8viqlh72.c2nd1esubject.ru/?apikey=HYxkKjwfeoJORjiD&activityId=a24e6b4c-2553-4617-9dcc-c18ebd65703c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://8viqlh72.c2nd1esubject.ru/?apikey=HYxkKjwfeoJORjiD&activityId=a24e6b4c-2553-4617-9dcc-c18ebd65703c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://l0hkzeg7.c2nd1esubject.ru/?apikey=cudQXrfXTodGMSrC&activityId=0abacaad-1076-4b89-9c1d-aa18cffede65&ocid id: auto-c0076b87e1cd59dbc1a50663c144fb2259625f525a90a9d187ef251358e11e76 status: experimental description: Detects traffic or activity related to https://l0hkzeg7.c2nd1esubject.ru/?apikey=cudQXrfXTodGMSrC&activityId=0abacaad-1076-4b89-9c1d-aa18cffede65&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://l0hkzeg7.c2nd1esubject.ru/?apikey=cudQXrfXTodGMSrC&activityId=0abacaad-1076-4b89-9c1d-aa18cffede65&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.40.215:36357/bin.sh id: auto-223e6ddd6e07cda6bc7e9b49ab3ad710d7c5e20758d608c5fb08e003839c8ac0 status: experimental description: Detects traffic or activity related to http://110.37.40.215:36357/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.40.215:36357/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.46.245/main_arm7 id: auto-eb8f4f9ed10ac96b8d64190e6a6c41ffeaab01e6f81c9ba57722e29c03c2e98f status: experimental description: Detects traffic or activity related to http://107.172.46.245/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.46.245/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.172.46.245/main_arm id: auto-16c4a5e0e6951622cc6fafaacbf8a3e74c284c97b5de90c9424350cc421993df status: experimental description: Detects traffic or activity related to http://107.172.46.245/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.172.46.245/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.178.147.38:50611/bin.sh id: auto-5fe87a76fb7b9c499b859ebf134ecd1a4a238c786a5845bb115b268fea089be2 status: experimental description: Detects traffic or activity related to http://42.178.147.38:50611/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.178.147.38:50611/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.171.106:57401/bin.sh id: auto-dc0efe5d4b93c09db277ff220f934b763637b0d52b41b7b7ebafc2d68d2fa2d8 status: experimental description: Detects traffic or activity related to http://123.5.171.106:57401/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.171.106:57401/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://t7sk4ia4.f0refraterni5.ru/?apikey=TmMvESdiDllpcNRu&activityId=50b79145-0b59-405d-8396-4c0f9b90f5fd&ocid id: auto-1cbb13bb3874d46d18899de6f7f1c668aab11a4e24511e5d3af8788e4c75dde5 status: experimental description: Detects traffic or activity related to https://t7sk4ia4.f0refraterni5.ru/?apikey=TmMvESdiDllpcNRu&activityId=50b79145-0b59-405d-8396-4c0f9b90f5fd&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://t7sk4ia4.f0refraterni5.ru/?apikey=TmMvESdiDllpcNRu&activityId=50b79145-0b59-405d-8396-4c0f9b90f5fd&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vghecu28.f0refraterni5.ru/?apikey=iaOQXPDtLCKqUxmJ&activityId=b6097516-a156-424c-860a-45132a622e38&ocid id: auto-f2dce7b9ee16b0e4c6feb518923e514a4c2f94a790828b30b42b6365101ead35 status: experimental description: Detects traffic or activity related to https://vghecu28.f0refraterni5.ru/?apikey=iaOQXPDtLCKqUxmJ&activityId=b6097516-a156-424c-860a-45132a622e38&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vghecu28.f0refraterni5.ru/?apikey=iaOQXPDtLCKqUxmJ&activityId=b6097516-a156-424c-860a-45132a622e38&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.166.187:49540/i id: auto-766d1783b60e94115b80660a14dec3566066c9dcab75dda85a5445a4ae5eb717 status: experimental description: Detects traffic or activity related to http://175.146.166.187:49540/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.166.187:49540/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.173.155.153:52320/i id: auto-f8299e60f6af50635bf4fccdf7a310a2d9c77ac994f35161bc3cff4ba4a07799 status: experimental description: Detects traffic or activity related to http://175.173.155.153:52320/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.173.155.153:52320/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://k6ug314m.a5hsuper1or.ru/?apikey=KKMfLSiZXvFXoVfh&activityId=202b6b1d-d387-46f0-ab82-9bc034372027&ocid id: auto-98a7572af38d7a7c4bc029fbc43bd3b7168fdb6b57bf5917b06d4c5a881d7bab status: experimental description: Detects traffic or activity related to https://k6ug314m.a5hsuper1or.ru/?apikey=KKMfLSiZXvFXoVfh&activityId=202b6b1d-d387-46f0-ab82-9bc034372027&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://k6ug314m.a5hsuper1or.ru/?apikey=KKMfLSiZXvFXoVfh&activityId=202b6b1d-d387-46f0-ab82-9bc034372027&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ymr7m49r.a5hsuper1or.ru/?apikey=bKfcuxawLApaRELe&activityId=5960d2e0-1067-4b8c-b444-dc38c6fea290&ocid id: auto-e82ef448adba571ef82ad6e8793319678e2b9d1bd8c58d74574e4333374d148c status: experimental description: Detects traffic or activity related to https://ymr7m49r.a5hsuper1or.ru/?apikey=bKfcuxawLApaRELe&activityId=5960d2e0-1067-4b8c-b444-dc38c6fea290&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ymr7m49r.a5hsuper1or.ru/?apikey=bKfcuxawLApaRELe&activityId=5960d2e0-1067-4b8c-b444-dc38c6fea290&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.201.94:37663/i id: auto-c420bfa5270b36637404c893039e03819fef0f5f1ac02270fb6f3c770c228f81 status: experimental description: Detects traffic or activity related to http://219.155.201.94:37663/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.201.94:37663/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.114.31:58923/bin.sh id: auto-01ca6eeb5122543a8871bb6d448c6d2df2e25d6382226d7d33e2cb33d02ea2c4 status: experimental description: Detects traffic or activity related to http://182.127.114.31:58923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.114.31:58923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.84.214.114:46073/i id: auto-589285c89540bc3a6c334607bd8721ee8379c0981df08b8d94d6b685ef940c27 status: experimental description: Detects traffic or activity related to http://120.84.214.114:46073/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.84.214.114:46073/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.139.15:44217/i id: auto-49cd1611720c1f6675072c99c9470499f0c0fb71decdd5117e82eb00e3eb404f status: experimental description: Detects traffic or activity related to http://182.115.139.15:44217/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.139.15:44217/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://v4oof0fy.dep2rtmen0va.ru/?apikey=upqIZiVxsunQIWid&activityId=488a89b1-049b-4d5a-84c8-e99dd7c2b43f&ocid id: auto-9401954a9beca35517152839600165358c394758af7bfa4a825d7872d65439b2 status: experimental description: Detects traffic or activity related to https://v4oof0fy.dep2rtmen0va.ru/?apikey=upqIZiVxsunQIWid&activityId=488a89b1-049b-4d5a-84c8-e99dd7c2b43f&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://v4oof0fy.dep2rtmen0va.ru/?apikey=upqIZiVxsunQIWid&activityId=488a89b1-049b-4d5a-84c8-e99dd7c2b43f&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://5p21lmj4.dep2rtmen0va.ru/?apikey=GPwJGegDZOBoYxPF&activityId=8d8b3df0-b8e5-4427-8f5c-84e91c679471&ocid id: auto-b075ce300908b0f3c191ccc496d899cba0fb4cd9994963a598fc7855138255bc status: experimental description: Detects traffic or activity related to https://5p21lmj4.dep2rtmen0va.ru/?apikey=GPwJGegDZOBoYxPF&activityId=8d8b3df0-b8e5-4427-8f5c-84e91c679471&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://5p21lmj4.dep2rtmen0va.ru/?apikey=GPwJGegDZOBoYxPF&activityId=8d8b3df0-b8e5-4427-8f5c-84e91c679471&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.179.8.48:45414/i id: auto-22321400c41c3680742193f859d3adcf4da191cbca6fa38ad4083af33730f486 status: experimental description: Detects traffic or activity related to http://42.179.8.48:45414/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.179.8.48:45414/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.78:43117/i id: auto-91440be0ff56cbaff52ba0a4bc53ac7c4a148dd44fa071a45e49ba02284e0ca0 status: experimental description: Detects traffic or activity related to http://110.36.16.78:43117/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.78:43117/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.87.96:43051/i id: auto-3f8ae6fc3b0b0f1778aaaee891a50ef647cc9cfc68ea16698204f93d1d9ab617 status: experimental description: Detects traffic or activity related to http://59.182.87.96:43051/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.87.96:43051/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.251:47933/i id: auto-718b730a3f565004e2d08b4790138f6b28780e1f0c331f7bb1eeefc228e19a71 status: experimental description: Detects traffic or activity related to http://110.37.18.251:47933/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.251:47933/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.115.139.15:44217/bin.sh id: auto-b92cee0c2cedb6d7f79be66cebc08729e16b81500c4cbf63a0a40ad300b048e9 status: experimental description: Detects traffic or activity related to http://182.115.139.15:44217/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.115.139.15:44217/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.201.94:37663/bin.sh id: auto-599092747f77269f41f586b33c5f00770406b170b9696b40414a8267350af1e8 status: experimental description: Detects traffic or activity related to http://219.155.201.94:37663/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.201.94:37663/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.110.89:57949/i id: auto-64a6f45421d82e1df17cc7dcebb8940537da53bc2cf3d03e4eb73c8c9034fe39 status: experimental description: Detects traffic or activity related to http://182.126.110.89:57949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.110.89:57949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.251:47933/bin.sh id: auto-5d5415ffb3fd5264a005ee1aa8abcd900c49ce789dfa5d84845b6fdeedea423e status: experimental description: Detects traffic or activity related to http://110.37.18.251:47933/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.251:47933/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lbjkxct4.heh0vli8ht.ru/?apikey=mRBaxcjULkWDGQdu&activityId=69574556-a613-4257-a767-4714bba8935e&ocid id: auto-386b166bd51b6de918d8a86ed6e09167b7de1106a81489cd40943cd98e17c7c6 status: experimental description: Detects traffic or activity related to https://lbjkxct4.heh0vli8ht.ru/?apikey=mRBaxcjULkWDGQdu&activityId=69574556-a613-4257-a767-4714bba8935e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lbjkxct4.heh0vli8ht.ru/?apikey=mRBaxcjULkWDGQdu&activityId=69574556-a613-4257-a767-4714bba8935e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2wz05npa.heh0vli8ht.ru/?apikey=fNiSoHgWkUnxTZVu&activityId=4843830b-4eea-4a07-ab66-38741c1b076c&ocid id: auto-443854b9cd4be68c3d0da28e9ce848cf37474ead381bd44648170074016b16ea status: experimental description: Detects traffic or activity related to https://2wz05npa.heh0vli8ht.ru/?apikey=fNiSoHgWkUnxTZVu&activityId=4843830b-4eea-4a07-ab66-38741c1b076c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2wz05npa.heh0vli8ht.ru/?apikey=fNiSoHgWkUnxTZVu&activityId=4843830b-4eea-4a07-ab66-38741c1b076c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.30.115:35305/i id: auto-b503f26be2899e23a4cb7c39cfb8c61ee5fdd5c723d01afc752e9f7163136f85 status: experimental description: Detects traffic or activity related to http://42.230.30.115:35305/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.30.115:35305/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.183.26.74:43115/i id: auto-3491489d4ecfef31c1e7fa76195bc62173cf9acddff8b46a81256dd5f362207e status: experimental description: Detects traffic or activity related to http://119.183.26.74:43115/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.183.26.74:43115/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://o7rlcblf.bohem1apred0m.ru/?apikey=dCZmNvDQPbBofqTG&activityId=65329c4f-0721-4440-97d8-8f96caeed52c&ocid id: auto-84ad8d6d92238a09a3e84e8d21544225d7d5a90ec35cd344e93b54e041915306 status: experimental description: Detects traffic or activity related to https://o7rlcblf.bohem1apred0m.ru/?apikey=dCZmNvDQPbBofqTG&activityId=65329c4f-0721-4440-97d8-8f96caeed52c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://o7rlcblf.bohem1apred0m.ru/?apikey=dCZmNvDQPbBofqTG&activityId=65329c4f-0721-4440-97d8-8f96caeed52c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://6hcht7x5.bohem1apred0m.ru/?apikey=DCYaGuBGOdcvQFQY&activityId=44defe6f-8ac9-4569-9e13-79cfed32cfca&ocid id: auto-06786ce140e58345d76a1743b47f8343e7525da5bcf35eb53e5317aca4aedd1c status: experimental description: Detects traffic or activity related to https://6hcht7x5.bohem1apred0m.ru/?apikey=DCYaGuBGOdcvQFQY&activityId=44defe6f-8ac9-4569-9e13-79cfed32cfca&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://6hcht7x5.bohem1apred0m.ru/?apikey=DCYaGuBGOdcvQFQY&activityId=44defe6f-8ac9-4569-9e13-79cfed32cfca&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.188.241:57512/i id: auto-197ba86aaae1ad85e4bcb982600c8927678a4970b86ef142ce33242add3a7b4d status: experimental description: Detects traffic or activity related to http://112.248.188.241:57512/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.188.241:57512/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.90.134:40442/i id: auto-60f493c9aeed47bbf00b95ec203c12a80080c5dfa950a6c1f3c4d9c326ec023f status: experimental description: Detects traffic or activity related to http://119.115.90.134:40442/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.90.134:40442/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://o0m22pyf.pu7eer0d.ru/?apikey=lHkvEgIuHLBztdhz&activityId=f0874a09-439b-4b23-8aa5-90680c5a0ed1&ocid id: auto-1ec6c953de4de7e0c06ccd5128f77663d5d6703d76fee06d2c90d8610c73e494 status: experimental description: Detects traffic or activity related to https://o0m22pyf.pu7eer0d.ru/?apikey=lHkvEgIuHLBztdhz&activityId=f0874a09-439b-4b23-8aa5-90680c5a0ed1&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://o0m22pyf.pu7eer0d.ru/?apikey=lHkvEgIuHLBztdhz&activityId=f0874a09-439b-4b23-8aa5-90680c5a0ed1&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://nrx6vae6.pu7eer0d.ru/?apikey=pZoshLAgACQnWvpX&activityId=731c256e-1277-4e0a-b218-6c6c5f8fb5ad&ocid id: auto-6929c7b106c76059f71ec76fb2f5f7c71839cc8353dc0978f3939e83d9ab3704 status: experimental description: Detects traffic or activity related to https://nrx6vae6.pu7eer0d.ru/?apikey=pZoshLAgACQnWvpX&activityId=731c256e-1277-4e0a-b218-6c6c5f8fb5ad&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://nrx6vae6.pu7eer0d.ru/?apikey=pZoshLAgACQnWvpX&activityId=731c256e-1277-4e0a-b218-6c6c5f8fb5ad&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.154.48:42883/bin.sh id: auto-de55e4e815686810784c82ff112aa20b1eceb20c8b6f31eb5bced1ac4df12035 status: experimental description: Detects traffic or activity related to http://222.127.154.48:42883/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.154.48:42883/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://nkomvdvv.r2nkteh2.ru/?apikey=pmwpOaxMXFmZpyla&activityId=d0383ec9-b30b-4d4e-bcea-2d5b8437cb30&ocid id: auto-0ef6d00b0b12bd284c32938ee6450f8b46b9d4bd02bcff871e1df8d9a670d9da status: experimental description: Detects traffic or activity related to https://nkomvdvv.r2nkteh2.ru/?apikey=pmwpOaxMXFmZpyla&activityId=d0383ec9-b30b-4d4e-bcea-2d5b8437cb30&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://nkomvdvv.r2nkteh2.ru/?apikey=pmwpOaxMXFmZpyla&activityId=d0383ec9-b30b-4d4e-bcea-2d5b8437cb30&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.49.108:52824/i id: auto-1144b240d0b0c3dc119b99df107942aaf80503db6238e46ed276b2859fe0f30c status: experimental description: Detects traffic or activity related to http://117.241.49.108:52824/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.49.108:52824/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.87.96:43051/bin.sh id: auto-517f50098cc18a9584764e8e00fa62f8efe13e3f2121ac05d97e2af6e90210f1 status: experimental description: Detects traffic or activity related to http://59.182.87.96:43051/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.87.96:43051/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnx86_64xnxn id: auto-08e7b3fd235bfa6533f10242839ad48c2e9fc042587c8fa21eb51b36032a2bba status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnx86_64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnx86_64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnor1kxnxn id: auto-e69cbabb954dc7c900717455c222daae77602db83f8de71e371e026afb9e036d status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnor1kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnor1kxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnm68kxnxn id: auto-306e40be8ea2294aa330a2f37126e4e34c3f7c867e5415639a490ed48e717249 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnm68kxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnm68kxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnmipsxnxn id: auto-e5aba1be418abdc26d0a3d327a14983883b154cfab1caff0f72a9da91d5e0439 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnmipsxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnmipsxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnaarch64xnxn id: auto-4a0c2bdd93ddcf4e5ed05310c925a788abf916a7f3d1585781398042ed04de55 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnaarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnaarch64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnpowerpcxnxn id: auto-fafd2090fbe68392c2012c71a3b111710b92b6ab3cd02ffc2894f943a7f0c81c status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnpowerpcxnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnpowerpcxnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnmicroblazexnxn id: auto-2e290efaca8aa72e2a98ac43be79d221e707ba6544e369e65fea9e3f1dd63952 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnmicroblazexnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnmicroblazexnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnriscv32xnxn id: auto-1f71343c08016400063678584b1ec735edadd997e1fe985564579a4867829abb status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnriscv32xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnriscv32xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnloongarch64xnxn id: auto-827d0f0ffde580ebbeb4feeb7174e688710cf5a866131b282f9c43fef72ce670 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnloongarch64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnloongarch64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnsh2xnxn id: auto-3951a348735e4e3f518decc73fe8e35e37bc32ba8eb20714305bf2a8ba686c42 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnsh2xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnsh2xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnsh4xnxn id: auto-0329a3eb9329780245dbdfd100445a31d942e3a4efe23ad94a4097bdcb503b9f status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnsh4xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnsh4xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxnriscv64xnxn id: auto-e2f2de12b13476b0a5eab2ea5ca9fce2a4940fe286a7f10d44b54b0b1fb323c3 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxnriscv64xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxnriscv64xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://92.112.125.6/bins/xnxnxnxnxnxnxnxni386xnxn id: auto-0eaad276f8e35d327a2e0d3793ea2b8325d01415ad78c235ee644918f86f7ff4 status: experimental description: Detects traffic or activity related to http://92.112.125.6/bins/xnxnxnxnxnxnxnxni386xnxn which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://92.112.125.6/bins/xnxnxnxnxnxnxnxni386xnxn*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://dftc360y.r2nkteh2.ru/?apikey=FUxtXOoWOsdGOjHN&activityId=df4adb30-9502-4282-8456-d8cfdc4e47ce&ocid id: auto-33ca3d7fe1eb859877ae84304a0584aead24c0fbe7f188e09f7f80b4f139d576 status: experimental description: Detects traffic or activity related to https://dftc360y.r2nkteh2.ru/?apikey=FUxtXOoWOsdGOjHN&activityId=df4adb30-9502-4282-8456-d8cfdc4e47ce&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://dftc360y.r2nkteh2.ru/?apikey=FUxtXOoWOsdGOjHN&activityId=df4adb30-9502-4282-8456-d8cfdc4e47ce&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.117.196:39878/i id: auto-f2666dc9ca04ce367484b6950438e2f53d2fd2fabe5f9700c013369c9bfad1b6 status: experimental description: Detects traffic or activity related to http://61.53.117.196:39878/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.117.196:39878/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.183.26.74:43115/bin.sh id: auto-fa2bd64ebbb4d5182ad7a21d840cccabb64bae37a88d23f4e7a34e916f1d25ae status: experimental description: Detects traffic or activity related to http://119.183.26.74:43115/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.183.26.74:43115/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.242:34348/i id: auto-710c4924c6b2372b0540e01cafded3dc062a516db8b9f684c496de714da0b34c status: experimental description: Detects traffic or activity related to http://110.39.226.242:34348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.242:34348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.160.65:51201/i id: auto-cd5e96aff88f8db666d40ffe445cdf6e270797e94ab9e6d0e5ade1ca7c3840f6 status: experimental description: Detects traffic or activity related to http://115.48.160.65:51201/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.160.65:51201/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.115.90.134:40442/bin.sh id: auto-510bb35fe91aae6d6e19350617b09870f2c22199af823b62327793133b0cffc8 status: experimental description: Detects traffic or activity related to http://119.115.90.134:40442/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.115.90.134:40442/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://f36h8hcw.p2ciftamp0n.ru/?apikey=NfmAEVUQenDOCwqx&activityId=572fb302-b7e5-4ea4-887b-d9a727f6be55&ocid id: auto-73d30a28cde9f8d32a782e62108b287b1c4e67b333c783231f56a01c53dda1d0 status: experimental description: Detects traffic or activity related to https://f36h8hcw.p2ciftamp0n.ru/?apikey=NfmAEVUQenDOCwqx&activityId=572fb302-b7e5-4ea4-887b-d9a727f6be55&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://f36h8hcw.p2ciftamp0n.ru/?apikey=NfmAEVUQenDOCwqx&activityId=572fb302-b7e5-4ea4-887b-d9a727f6be55&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://brudkaalaska.xyz/2Yqhqq1tamYFPKu.exe id: auto-cdec57d45d24f38c1c667a8544fe44ff9161ef96b58db2a9341421ebb42fb6c2 status: experimental description: Detects traffic or activity related to https://brudkaalaska.xyz/2Yqhqq1tamYFPKu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://brudkaalaska.xyz/2Yqhqq1tamYFPKu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://github.com/gaqgazec-lgtm/atraa/raw/refs/heads/main/Chrome.apk id: auto-45a19375a0c56ea64ce4002dff296e9ac97184dda8d9477d6637c3c4c6d76a8b status: experimental description: Detects traffic or activity related to https://github.com/gaqgazec-lgtm/atraa/raw/refs/heads/main/Chrome.apk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://github.com/gaqgazec-lgtm/atraa/raw/refs/heads/main/Chrome.apk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.49.108:52824/bin.sh id: auto-648f3b64f31dec7b9538ee29cd484e9754d2f05edf416d04f964371dfba1e469 status: experimental description: Detects traffic or activity related to http://117.241.49.108:52824/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.49.108:52824/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.116.21.139:51615/i id: auto-90659971ef3384c6bef41458f1d4b199865ff3db515ee8e9585d6f39e6fb6c54 status: experimental description: Detects traffic or activity related to http://182.116.21.139:51615/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.116.21.139:51615/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.36.14:54984/i id: auto-cf3f91a698de9ba1bb9f029fd922e8c2a0bf9c2d018b6ae6ee66423877b5ef8e status: experimental description: Detects traffic or activity related to http://110.37.36.14:54984/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.36.14:54984/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.120.150:51555/bin.sh id: auto-fde70f4c6d63861d3f32a172132a57d6f2dcd981503c55040e77bbb8540c87b8 status: experimental description: Detects traffic or activity related to http://113.236.120.150:51555/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.120.150:51555/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.79.93:60344/i id: auto-12d7749b79590e87ba7cb2f9badf5c7442d52a3bd8f9756a3611d1ea7dcc6420 status: experimental description: Detects traffic or activity related to http://60.23.79.93:60344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.79.93:60344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.13.155:36235/i id: auto-819d1d70ffa4ffdd578d75899896c23d8d80437b7c1fa34a223139abfb915695 status: experimental description: Detects traffic or activity related to http://221.15.13.155:36235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.13.155:36235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.117.196:39878/bin.sh id: auto-1f32c3c435a0ba60c4ec6be0f0bf1839c4ba8adeb4c85e347c9f87d90a1d4ec8 status: experimental description: Detects traffic or activity related to http://61.53.117.196:39878/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.117.196:39878/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://p2ov4cfd.bi8otz1on.ru/?apikey=SgfqqZmrTnXrOETU&activityId=3a67616a-e647-43ed-b2ba-0f1687794c71&ocid id: auto-90607b139787b678800ad82328c60820ae875bb157c7da11ed0d986305775833 status: experimental description: Detects traffic or activity related to https://p2ov4cfd.bi8otz1on.ru/?apikey=SgfqqZmrTnXrOETU&activityId=3a67616a-e647-43ed-b2ba-0f1687794c71&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://p2ov4cfd.bi8otz1on.ru/?apikey=SgfqqZmrTnXrOETU&activityId=3a67616a-e647-43ed-b2ba-0f1687794c71&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://188.126.240.54:60900/bin.sh id: auto-12aeb35a88f1af3f9d97083295c32d220d535981d149bfd82b01b496f143198f status: experimental description: Detects traffic or activity related to http://188.126.240.54:60900/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://188.126.240.54:60900/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.185.91.63:60432/i id: auto-dda8b6d16d5c9c7aa3a5048df00a23278d4870ecf58ebe67d41bf253ab5a94d8 status: experimental description: Detects traffic or activity related to http://123.185.91.63:60432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.185.91.63:60432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.254.166.139:45162/i id: auto-244236a45177ecdd28e4a8fc9ddc7343480fe49a961ff037ac7d0e263ed16f1d status: experimental description: Detects traffic or activity related to http://112.254.166.139:45162/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.254.166.139:45162/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.36.14:54984/bin.sh id: auto-5d748bd746bebd1479e28b66376d4079971d6214709b5785582a701a2b7008be status: experimental description: Detects traffic or activity related to http://110.37.36.14:54984/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.36.14:54984/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.68:51035/i id: auto-af67bd1a9838c596ff395f04951b31b945cbc8e9501c680bef97921aadfe23e1 status: experimental description: Detects traffic or activity related to http://110.36.16.68:51035/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.68:51035/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.254.166.139:45162/bin.sh id: auto-04f3838c78d78eaa58a9abc2852b49d68137513cf0d7530229a4afe7393d2f64 status: experimental description: Detects traffic or activity related to http://112.254.166.139:45162/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.254.166.139:45162/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.238.10.79:60633/i id: auto-504dbd600a00102676627c8d44d6eab5bc27a622f11b8cecad61b3bc831f93dc status: experimental description: Detects traffic or activity related to http://113.238.10.79:60633/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.238.10.79:60633/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.68:51035/bin.sh id: auto-b61823db5bfbabce6ab61ac6d54eb34f943bf5e9b99f5dcba1a2ad46c0bd45ef status: experimental description: Detects traffic or activity related to http://110.36.16.68:51035/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.68:51035/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.198.73:33370/i id: auto-b0a1cb484480169b0dcbe920feaf8e3268c884ade628983e10ee2f73a713be3f status: experimental description: Detects traffic or activity related to http://175.165.198.73:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.198.73:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.231.19:50094/i id: auto-5a7b76258e172923829672756992863cea737532eaf633da27581c67bab54667 status: experimental description: Detects traffic or activity related to http://115.55.231.19:50094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.231.19:50094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.22.2:44924/i id: auto-c8781697d65ed88af8160cdbdc555be10ffcc27267078a416325355413cb757f status: experimental description: Detects traffic or activity related to http://222.137.22.2:44924/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.22.2:44924/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.162:45949/i id: auto-830ef063cb6ab1c255515baddb141fd0314e704366e787ea49e084b98b69ecb2 status: experimental description: Detects traffic or activity related to http://110.37.1.162:45949/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.162:45949/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/armv7l id: auto-5ece8640384585f20ee7333b70e26f609e8ec45af579ec472584b8d707726afd status: experimental description: Detects traffic or activity related to http://45.156.87.104/armv7l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/armv7l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/i686 id: auto-ba5f66c1a3891039aa0cb5cbac46ffd8b4dc1a313d183e12697fe7e9e7e76b94 status: experimental description: Detects traffic or activity related to http://45.156.87.104/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/i586 id: auto-d1e8548cca40b30446a2f141155554141bda233e916abe16cd4c928aa2e93869 status: experimental description: Detects traffic or activity related to http://45.156.87.104/i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/mips id: auto-c9ea3413db33cc264dead8a1166138670f16dde9cf4b26076711ad0d2bcb98d4 status: experimental description: Detects traffic or activity related to http://45.156.87.104/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/armv4l id: auto-5829478038ef3e8ae2b8252b8a3b6f785f8d4220899710a8dba1058a1faf9d1d status: experimental description: Detects traffic or activity related to http://45.156.87.104/armv4l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/armv4l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/m68k id: auto-3df9fe0aaf622a90c9a79305db6479f2b69301421aba9edb1fb9d35a0471ba84 status: experimental description: Detects traffic or activity related to http://45.156.87.104/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/x86_64 id: auto-e228711fa2726102fc4591714cb522d657969fc3066e85d2e9a6f4b72e1b4196 status: experimental description: Detects traffic or activity related to http://45.156.87.104/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/sh4 id: auto-a976e13a15622fccf792f2e5f14bd2e07d634a378ad7cb10baa083e68922d654 status: experimental description: Detects traffic or activity related to http://45.156.87.104/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/powerpc id: auto-7080b11c2388c1bdfc6c9e7daabee6f80bf18028656b803f4e86fe24bcbc874a status: experimental description: Detects traffic or activity related to http://45.156.87.104/powerpc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/powerpc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/armv6l id: auto-b3457890121d6cc82caec7b18534316fda380b8ced5646aa68df619411619c8d status: experimental description: Detects traffic or activity related to http://45.156.87.104/armv6l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/armv6l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/armv5l id: auto-72080cf57753f33162518459cc890a3f2744b21a7efae837002118c49273f486 status: experimental description: Detects traffic or activity related to http://45.156.87.104/armv5l which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/armv5l*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://45.156.87.104/mipsel id: auto-1b65669c430c886faa65bb37aca3721e560b3c6fb4a7cd2088340ba8c22929fe status: experimental description: Detects traffic or activity related to http://45.156.87.104/mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://45.156.87.104/mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.231.19:50094/bin.sh id: auto-6b400b370683b865db94aa7416b1f0ba300aa585d9c30013309c572274bede3b status: experimental description: Detects traffic or activity related to http://115.55.231.19:50094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.231.19:50094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.spc id: auto-dc88c4911e256e9ebbf5ba23adb80b172a95e2fa17bf4389cf9f4d289fd30d56 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.x64 id: auto-f616b17e066596d3b2b22127eabed4282654b0ff7fc3edbd179aedc40e29e44a status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.x64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.x64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.mpsl id: auto-07ee4d99430d3072e63416702fce87490930cae0ef54be330bdcb3a03e54ae21 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.sh4 id: auto-f653ff914f691280bd4afa015987d0089dedb59e2af472813dae3659d225909a status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.x86 id: auto-d7e2f072a3799e4353d1d7c6d9eb0142458ef19fe1c0ba4699deea8c18243957 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.mips id: auto-fd36b4e52ee5b01b515484e7662f582ee3a8a8235363a31e0d05f6a35fa9a7aa status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.i586 id: auto-49e0e8197dbc482ca2ef716febb91484f8d2319c37fa2a8721e978bf56f951cd status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.i586 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.i586*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.m68k id: auto-25b80f155f306023eb99890dd2bdc7fb9ab9214f58be8f20aeb5b1a932fec9b6 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.arm7 id: auto-e5a6eca5a4d48c0664482140ce520a1707355c3c179e4a87030825389d1725f1 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.arm5 id: auto-4957dad8400426305aabbe4d0f07c0690b369a2fbbe81cd91fa08e1568d58c65 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.arm id: auto-466034b971f82084d01deeccc2f2cf6f2f01262500121f85829ffab1b5c4d270 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.ppc id: auto-51660466dd81dbe61fb25f1664995d3b3b068c161ef2cac8edb1442963a54fe0 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.165.198.73:33370/bin.sh id: auto-6f48cc8c4fc5a03fd96f981b6725000d5e9f3e1c15abd4b94e0f9a3a0f86ab41 status: experimental description: Detects traffic or activity related to http://175.165.198.73:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.165.198.73:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.101.96:59069/i id: auto-b5b9958868a25e3dd9991b74fd4172610423b23777c6fe76fb4430d916d94ef2 status: experimental description: Detects traffic or activity related to http://112.248.101.96:59069/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.101.96:59069/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.80.197:50985/i id: auto-a9fe8111d4813e0b313c94dbc98eaa4198e1af989fb5e36ed02c495dfc7e6c11 status: experimental description: Detects traffic or activity related to http://117.241.80.197:50985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.80.197:50985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.7.155:57745/i id: auto-9171554cecb5efbc3ffa28119413d4f551612108bdd74c40840cc7211d4e000e status: experimental description: Detects traffic or activity related to http://110.37.7.155:57745/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.7.155:57745/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.59.107.59:54199/bin.sh id: auto-fd5640dde029897bf00a7a5baca774933aac7c3179f9b397d91551f25d3eea33 status: experimental description: Detects traffic or activity related to http://5.59.107.59:54199/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.59.107.59:54199/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.1.162:45949/bin.sh id: auto-56ae0e59f4ebe432ca0a78e6a95df40fcb0155e7c54c0bff8356fb29c8740792 status: experimental description: Detects traffic or activity related to http://110.37.1.162:45949/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.1.162:45949/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.137.22.2:44924/bin.sh id: auto-b2408504dfa9de470d3aa6db1ed9311f7677df99feca1bf740a07aa863382e54 status: experimental description: Detects traffic or activity related to http://222.137.22.2:44924/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.137.22.2:44924/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.57.248:53344/i id: auto-bb1996910030de58d500f67fe3fa356a3bc2542b6112d51daf347cb01fa2fcc7 status: experimental description: Detects traffic or activity related to http://42.232.57.248:53344/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.57.248:53344/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://hsvltty0.darkc0a5t.ru/?apikey=fCYvTIBUZLOEgtkL&activityId=392f9781-d851-40b5-b760-4ca4ceb133a4&ocid id: auto-7558be470f100efe9add2f0ae7b727c2e54f4c9453969175877495a077b51d74 status: experimental description: Detects traffic or activity related to https://hsvltty0.darkc0a5t.ru/?apikey=fCYvTIBUZLOEgtkL&activityId=392f9781-d851-40b5-b760-4ca4ceb133a4&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://hsvltty0.darkc0a5t.ru/?apikey=fCYvTIBUZLOEgtkL&activityId=392f9781-d851-40b5-b760-4ca4ceb133a4&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.215.245.175:49080/i id: auto-0e903b2fbcf64ddc178be7e4c986619ffa23152f728c5dd8e703102ab10cad54 status: experimental description: Detects traffic or activity related to http://186.215.245.175:49080/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.215.245.175:49080/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.170.147:56967/i id: auto-552987fa9eacdec85a2d95fe81abe5a637b2a70f21a2dbca30b772f5613b92e6 status: experimental description: Detects traffic or activity related to http://42.86.170.147:56967/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.170.147:56967/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.249.57.63:58202/bin.sh id: auto-a61e2423da49ffa49b58ebc822e52f24343f3c97256c0b986e2f1637c9c5ace1 status: experimental description: Detects traffic or activity related to http://112.249.57.63:58202/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.249.57.63:58202/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.80.197:50985/bin.sh id: auto-b93e4410f71aa55e48a8cbfacb82faf505c36dbb6aa44da305389695073d0b6f status: experimental description: Detects traffic or activity related to http://117.241.80.197:50985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.80.197:50985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.57.248:53344/bin.sh id: auto-c0cc3ac0d96d54b0a15beaf33ee5d03c9a1e3beeee9e52c50e5c169ef2c887d2 status: experimental description: Detects traffic or activity related to http://42.232.57.248:53344/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.57.248:53344/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://0do79h4s.blueh1ll.ru/?apikey=jymRAEZzZMOdwYom&activityId=ae4b2d48-b321-4888-ae95-942ff630e58c&ocid id: auto-f4f4b7a290c826648eef2159fa8edfe6d5820aeb4ea1ae583a1e2dad2e98d234 status: experimental description: Detects traffic or activity related to https://0do79h4s.blueh1ll.ru/?apikey=jymRAEZzZMOdwYom&activityId=ae4b2d48-b321-4888-ae95-942ff630e58c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://0do79h4s.blueh1ll.ru/?apikey=jymRAEZzZMOdwYom&activityId=ae4b2d48-b321-4888-ae95-942ff630e58c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.11.64:35309/bin.sh id: auto-2d0243a0e74c8cafa7ca8907fd89510bc064772840b85d247302e90984a58e1f status: experimental description: Detects traffic or activity related to http://219.155.11.64:35309/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.11.64:35309/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.231.66:36898/i id: auto-8f58a51675a4b0ec0b3adac8a768176ca9bbbc8e8d98e5679d3bd54e7e6bd888 status: experimental description: Detects traffic or activity related to http://42.239.231.66:36898/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.231.66:36898/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://522bmwhj.cl0udr1dge.ru/?apikey=ujOiYXMwoWFVXGpw&activityId=23b1ef35-c5eb-4a8d-bada-6c8265918cda&ocid id: auto-9d5e91b9ad30f4bc0382b18bc26886b691d5c70474a3e2ad8742a974715afd38 status: experimental description: Detects traffic or activity related to https://522bmwhj.cl0udr1dge.ru/?apikey=ujOiYXMwoWFVXGpw&activityId=23b1ef35-c5eb-4a8d-bada-6c8265918cda&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://522bmwhj.cl0udr1dge.ru/?apikey=ujOiYXMwoWFVXGpw&activityId=23b1ef35-c5eb-4a8d-bada-6c8265918cda&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.22.30:47504/i id: auto-46c194899fc3f2ca7cd60424f2cf3c450e2586218cb150e802e565e4d4bdbf4b status: experimental description: Detects traffic or activity related to http://115.55.22.30:47504/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.22.30:47504/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.55.22.176:57093/i id: auto-95c491fcf25f09fdc0251d07e9dda89c6110262d477ef0a310f98a81de3b26a7 status: experimental description: Detects traffic or activity related to http://190.55.22.176:57093/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.55.22.176:57093/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.101.96:59069/bin.sh id: auto-9359814d0ea6b4d6f3f60be2945e13377f6ae771a3e2ff2891140b35d5bd9200 status: experimental description: Detects traffic or activity related to http://112.248.101.96:59069/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.101.96:59069/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://umnj5g1g.skyf1ow.ru/?apikey=LOmosvjrSBUJGoim&activityId=16d3964e-e88e-4333-b91f-829cb931779d&ocid id: auto-72348628f4ad13f925b630b28ffc4e20726efbad4aa15df97fcdd967096d47f2 status: experimental description: Detects traffic or activity related to https://umnj5g1g.skyf1ow.ru/?apikey=LOmosvjrSBUJGoim&activityId=16d3964e-e88e-4333-b91f-829cb931779d&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://umnj5g1g.skyf1ow.ru/?apikey=LOmosvjrSBUJGoim&activityId=16d3964e-e88e-4333-b91f-829cb931779d&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://84hjxo5f.skyf1ow.ru/?apikey=RkNYxNDYvpsIQvCt&activityId=792175c7-1602-4a81-b5e0-65cf9961e503&ocid id: auto-8e2e5e6e986e6285803152e55fe079bcca7caa53cb8d6af5f61ac85c678529b0 status: experimental description: Detects traffic or activity related to https://84hjxo5f.skyf1ow.ru/?apikey=RkNYxNDYvpsIQvCt&activityId=792175c7-1602-4a81-b5e0-65cf9961e503&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://84hjxo5f.skyf1ow.ru/?apikey=RkNYxNDYvpsIQvCt&activityId=792175c7-1602-4a81-b5e0-65cf9961e503&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.125.118:57907/i id: auto-ee99f874ce90abfb33cef1dcd37ee842579821ce4bf5623eb96710baccfb4861 status: experimental description: Detects traffic or activity related to http://60.23.125.118:57907/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.125.118:57907/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.22.30:47504/bin.sh id: auto-cf84d27f0decbf11831d24a62f91fe3d5d0c69fb6df3a0b7ad796b1cf67320e7 status: experimental description: Detects traffic or activity related to http://115.55.22.30:47504/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.22.30:47504/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.44.18:45914/i id: auto-4510366dc68430c53a58a31225bc2173040738d397855236f635d846a849c147 status: experimental description: Detects traffic or activity related to http://182.121.44.18:45914/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.44.18:45914/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.70.36:45668/i id: auto-4588e1980c30c4a15994750d7618b94047faf1842221ed53606232501ec38815 status: experimental description: Detects traffic or activity related to http://182.117.70.36:45668/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.70.36:45668/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.218.245:41526/i id: auto-1c64d1921564b9a1ed505c975ae21d3f236d3f758538ca26487c7fde1f5c4c3a status: experimental description: Detects traffic or activity related to http://120.28.218.245:41526/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.218.245:41526/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.231.66:36898/bin.sh id: auto-9880080f39f8ef094d18c5e5ee69fa15f533855ad03b4d2822bedaff8d6e25e5 status: experimental description: Detects traffic or activity related to http://42.239.231.66:36898/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.231.66:36898/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ly7p6r10.w1ndshift.ru/?apikey=mCOviMDdADvDrNCM&activityId=208c40a2-26cc-4cfe-9729-89a9a38c245b&ocid id: auto-a50586aff78f327c764de1a114c46f8df635e6fc926619a047cda2cdd607d81f status: experimental description: Detects traffic or activity related to https://ly7p6r10.w1ndshift.ru/?apikey=mCOviMDdADvDrNCM&activityId=208c40a2-26cc-4cfe-9729-89a9a38c245b&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ly7p6r10.w1ndshift.ru/?apikey=mCOviMDdADvDrNCM&activityId=208c40a2-26cc-4cfe-9729-89a9a38c245b&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://8i60caub.w1ndshift.ru/?apikey=CtNERGridMBQtJII&activityId=fc97365b-fd3b-465b-9e9a-1a5dfaea8de9&ocid id: auto-3be5c1c53cc28d38b98587ae6fd8d6005618cd5691f466e5c98d95ca1a609d39 status: experimental description: Detects traffic or activity related to https://8i60caub.w1ndshift.ru/?apikey=CtNERGridMBQtJII&activityId=fc97365b-fd3b-465b-9e9a-1a5dfaea8de9&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://8i60caub.w1ndshift.ru/?apikey=CtNERGridMBQtJII&activityId=fc97365b-fd3b-465b-9e9a-1a5dfaea8de9&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://190.55.22.176:57093/bin.sh id: auto-9bd3f3a6f161551eaff2b49e6e51d87fddc370cf4037e57ae563ab71c3c78651 status: experimental description: Detects traffic or activity related to http://190.55.22.176:57093/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://190.55.22.176:57093/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.125.118:57907/bin.sh id: auto-a168f70210c472e2814315dcdedb2e9bc17c9106a092b8ee921e2bbbf209b0d8 status: experimental description: Detects traffic or activity related to http://60.23.125.118:57907/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.125.118:57907/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.107.206:36210/bin.sh id: auto-424cb932d42b75b230da5f8f57463bf5cdea544f64cbff4dce151021ad0b52fe status: experimental description: Detects traffic or activity related to http://113.237.107.206:36210/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.107.206:36210/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.190:38100/i id: auto-1fd8d85a6eb38cba1d566f4f669ae6d288c30a232964c54c82061963c68bf290 status: experimental description: Detects traffic or activity related to http://110.37.38.190:38100/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.190:38100/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.85.91:40680/bin.sh id: auto-46df3c85f9c790c3e9c79babdf9689ef4715833af0ccacaf8981cd0b105f31c2 status: experimental description: Detects traffic or activity related to http://125.47.85.91:40680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.85.91:40680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_mips id: auto-98a94eea0154f78da74bf4bba886e1a28b13c2aebdfe7d96903d901ce4bd5dc5 status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.89.145.181:42573/i id: auto-9ec74764af621bab0df07bb6dadc341d14c84e6f5033270c9c1de44fc230c8fd status: experimental description: Detects traffic or activity related to http://39.89.145.181:42573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.89.145.181:42573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.173.118:45906/i id: auto-43b281f715d4b5583bf666cc60a0aa8541817780a48665ae7ccbb3cf0fd4ee04 status: experimental description: Detects traffic or activity related to http://219.156.173.118:45906/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.173.118:45906/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.106.138:41025/i id: auto-12eb9a387f82283a2683ce62be0ff8cc8389037b549b0e3b03ec8cbd6053a69c status: experimental description: Detects traffic or activity related to http://222.139.106.138:41025/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.106.138:41025/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8079848160/O3jJWex.exe id: auto-16a4b9ea273a10def2757cc42e984897827783c9042b8909c8ecf82064c4262a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8079848160/O3jJWex.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8079848160/O3jJWex.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://u6mf1131.fr0stw1ng.ru/?apikey=PujHbvCbJXMxiYsp&activityId=f0b75a9e-d4a0-43d7-bfc9-40384e4381f6&ocid id: auto-1b05427d9738ccb7256201a7ee37c9d75db1273eb93b9df73fdf17d61aba41da status: experimental description: Detects traffic or activity related to https://u6mf1131.fr0stw1ng.ru/?apikey=PujHbvCbJXMxiYsp&activityId=f0b75a9e-d4a0-43d7-bfc9-40384e4381f6&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://u6mf1131.fr0stw1ng.ru/?apikey=PujHbvCbJXMxiYsp&activityId=f0b75a9e-d4a0-43d7-bfc9-40384e4381f6&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://g4q5p73e.fr0stw1ng.ru/?apikey=KiyDzqROwfshbquw&activityId=c3052d78-1ad1-4347-a556-a8bfb7c135db&ocid id: auto-8144cffd8d13314e24e30a6241e4b1199875bd4c6b08d38f7509992c311d8a92 status: experimental description: Detects traffic or activity related to https://g4q5p73e.fr0stw1ng.ru/?apikey=KiyDzqROwfshbquw&activityId=c3052d78-1ad1-4347-a556-a8bfb7c135db&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://g4q5p73e.fr0stw1ng.ru/?apikey=KiyDzqROwfshbquw&activityId=c3052d78-1ad1-4347-a556-a8bfb7c135db&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/380743829/T20LNOR.exe id: auto-a1cf86ae0f4b71cc908d3c1b3dcc0bc86b4f8f74bcb94c91ca0beb2254424334 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/380743829/T20LNOR.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/380743829/T20LNOR.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.89.145.181:42573/bin.sh id: auto-7749f3720a96bb56d7d0b714fa704faa0eb79b8f46ab4ec32f2d88ea0ed021f2 status: experimental description: Detects traffic or activity related to http://39.89.145.181:42573/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.89.145.181:42573/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.143.95:53795/bin.sh id: auto-834719d40aa0fbfc6ac021bcd3d9971ba9e92570be95bf49a96c76f859d14dd0 status: experimental description: Detects traffic or activity related to http://42.87.143.95:53795/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.143.95:53795/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.106.138:41025/bin.sh id: auto-c0efbbd79a7e4969ef354141383185e5d6efeba1f0f649c2923aef4fbb563b89 status: experimental description: Detects traffic or activity related to http://222.139.106.138:41025/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.106.138:41025/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.237.58.112:36920/i id: auto-264876bbe9d61eaac1f2ecd388fb54313402df780c54b967f9c7c5e4c7ed65fa status: experimental description: Detects traffic or activity related to http://42.237.58.112:36920/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.237.58.112:36920/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.38.190:38100/bin.sh id: auto-f807ed6a10d6c269b0a2f4e77939e2158c0d4759fbf8fde85264894a2a84dd4c status: experimental description: Detects traffic or activity related to http://110.37.38.190:38100/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.38.190:38100/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.173.118:45906/bin.sh id: auto-33c8b54042953f075ea7e7b5a5ebf89bebbb44c0c8565cacbd6e52c929f226bf status: experimental description: Detects traffic or activity related to http://219.156.173.118:45906/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.173.118:45906/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.7.27.90:17260/02.08.2022.exe id: auto-926a3ba0e70531a53429b68f183653ab7b9f933cacb18db5d8812ad373c2e2b2 status: experimental description: Detects traffic or activity related to http://103.7.27.90:17260/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.7.27.90:17260/02.08.2022.exe*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.207.205.131:49069/i id: auto-ee178b348e6a1d4756be04626ee4ab4f5ba968004be3134ee83555aaf23f747e status: experimental description: Detects traffic or activity related to http://117.207.205.131:49069/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.207.205.131:49069/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.106.148:53350/i id: auto-fca127d2e88bc50ec27205923fcb4aac51726be390eb116160b24ab3cfdf7923 status: experimental description: Detects traffic or activity related to http://110.37.106.148:53350/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.106.148:53350/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://88.247.65.122:37428/i id: auto-b7779362d9cbd3aea5bff9f7999a738f7043f3357e33a694dd545b37205e9686 status: experimental description: Detects traffic or activity related to http://88.247.65.122:37428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://88.247.65.122:37428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://213.43.162.12:7005/Mozi.m id: auto-5f7b80c41a6b0881824e1ace88a0c1adaa6d2a359364e84f93e7977b5ce8cf6b status: experimental description: Detects traffic or activity related to http://213.43.162.12:7005/Mozi.m which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://213.43.162.12:7005/Mozi.m*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.170.190:47877/bin.sh id: auto-e3b7076a885f139009026a751f02aa4bc330edabb0a864a303bb8ac362fca2eb status: experimental description: Detects traffic or activity related to http://42.224.170.190:47877/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.170.190:47877/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.147:48490/i id: auto-163cab6d58ab64fa48221292cb5bd1f3fe0356d3fa91006e32614f757b60812b status: experimental description: Detects traffic or activity related to http://117.209.83.147:48490/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.147:48490/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:44655/i id: auto-77228a0274a4bbdd3268f316fb4268d22ca4253199694e08d2cbca731f68acab status: experimental description: Detects traffic or activity related to http://74.214.56.173:44655/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:44655/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://103.77.241.135/main_arm7 id: auto-bb92223b156ca41a2c7869173943aa34b0179f4c171ebc078c27b54b8cebbe3e status: experimental description: Detects traffic or activity related to http://103.77.241.135/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://103.77.241.135/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://69.5.189.129/llop.mp4 id: auto-f00498bd2d60180bf108f15b3b7296764e5726afb5b3f046da80437604718569 status: experimental description: Detects traffic or activity related to http://69.5.189.129/llop.mp4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://69.5.189.129/llop.mp4*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/alx3si.txt id: auto-6b48e473c1bdb5e68e947e256d4a09440d5d6b13e41f5e089a84a8a5d72459f2 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/alx3si.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/alx3si.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.2.82:56639/bin.sh id: auto-d567e55381f98893a6b0168d2ee696dff0c6570eb6810a183d7d3fde652b5ab9 status: experimental description: Detects traffic or activity related to http://110.37.2.82:56639/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.2.82:56639/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.51.6:33777/i id: auto-1bf72e18079a157b1a5f83fa9303be8ee0f9b7a318631a46664d7b5184b01ba7 status: experimental description: Detects traffic or activity related to http://115.61.51.6:33777/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.51.6:33777/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://74.214.56.173:44655/bin.sh id: auto-a2c89e3c244d21276fa28810e41b0d98a98df8f75a5fff09ae1c83b38f30d692 status: experimental description: Detects traffic or activity related to http://74.214.56.173:44655/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://74.214.56.173:44655/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.83.147:48490/bin.sh id: auto-7aa186aa5c838728ea4a31e0996a16d46249bbaea7f6f3818d4ab7fe4ebed82b status: experimental description: Detects traffic or activity related to http://117.209.83.147:48490/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.83.147:48490/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.51.6:33777/bin.sh id: auto-8d9879e4b08256ce5f49dec0ca8aae48355bfc2c30d36759237336fd9b33b15d status: experimental description: Detects traffic or activity related to http://115.61.51.6:33777/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.51.6:33777/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.37.90.16:34390/i id: auto-38b66a82a104f9f3e6daaf43c339d0b9058784ce047e9296de60c004ef5d8c25 status: experimental description: Detects traffic or activity related to http://27.37.90.16:34390/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.37.90.16:34390/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.59:42993/i id: auto-cfafb6557cdb6b670e6e1d68743fca0ab48c44186fa0056e9b449e45a247e92f status: experimental description: Detects traffic or activity related to http://221.15.5.59:42993/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.59:42993/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.30.115:35305/bin.sh id: auto-a17e2b683fb6900f353dff7c8ba0c3b3908fe66af788810dc937beed3541214d status: experimental description: Detects traffic or activity related to http://42.230.30.115:35305/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.30.115:35305/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://inkbookwriters.com/verify id: auto-29691fe4e760603ab6bcf6ff1ed1f08a59b956dd237552b784746efd6e0375c1 status: experimental description: Detects traffic or activity related to https://inkbookwriters.com/verify which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://inkbookwriters.com/verify*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.40.209.164:5506/wk.vbs id: auto-76086a1ff9b7358451610310b5451eeee0d9377c056b34ba27191baf6fecae4c status: experimental description: Detects traffic or activity related to http://78.40.209.164:5506/wk.vbs which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.40.209.164:5506/wk.vbs*' condition: selection level: high tags: - attack.t1059.005 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://91.247.36.3/immunewait.msi id: auto-afda94a1c06ed7819c98b1417805589b287dc658d376c3271335971f965e35df status: experimental description: Detects traffic or activity related to http://91.247.36.3/immunewait.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://91.247.36.3/immunewait.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.188.67.37:52342/i id: auto-e6cf4d2d1562d1bf44f4235baf7a48d5b1c2d0aaa43bce8ac37e40542b316ce3 status: experimental description: Detects traffic or activity related to http://123.188.67.37:52342/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.188.67.37:52342/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.5.59:42993/bin.sh id: auto-4098c119917e2e2e0b57b0930531e1fbde70572d2f10e47de1963056b809194f status: experimental description: Detects traffic or activity related to http://221.15.5.59:42993/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.5.59:42993/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://onedwm.walmaru.com/zip.ps1 id: auto-c366122a6d28637476de6b6bb6320662d7447fdd0158e30ad3d60d695f72c498 status: experimental description: Detects traffic or activity related to https://onedwm.walmaru.com/zip.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://onedwm.walmaru.com/zip.ps1*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.arm7 id: auto-bd1cd918181d429a497feeccd9adf879927fb4a0a3acf30ce98c1123887c0a3a status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.mpsl id: auto-fce24ddfbf8415399009388c1e567a63aa2b4fe5c2fc1765efbcd32a58c9637e status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.x86 id: auto-66fd09d7423c6c202baa6343632b200bf6425eb77dcc580e63086d1302e5d915 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.mips id: auto-570bff6038f5ada622c6f71e0f45a7a9318043d4286d10fc9823bdfb9174d3b2 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.arm5 id: auto-05bcb0273cb4fcacf9ec2266586684e20456d358805d58cbe96f7f878903f03c status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.sh4 id: auto-4c3a2f68c4db2055979310e2bcff172fa2c30e42dcaf38a176edfcab1146b39b status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.ppc id: auto-2eddd1aaaa2f159ed51b124e32d334ea8b44e240e9e5f5daada958b37abcab62 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.m68k id: auto-f8dd82d25c642618212626edd805675f38b6f6d9100ad43abb4e43489424548d status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.arm6 id: auto-011602269bd014efa2e97dba836f42dfe249406e16a2a0aa1e07d79196d76d48 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.arm id: auto-6f2de8cbf4fb6d3676ac8ed0f5d6e1dcdd80a6c1c273564de8bda7c8fd6ff297 status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/hoho.spc id: auto-d05c26acb46b8f1247718810dedc52705298d15a17051c16c4290778edd8878d status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/hoho.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/hoho.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xred.site50.net/syn/SUpdate.ini id: auto-efb98a2e9de2794cfe48af0528baebce1f4e6e85c9a6c6ee59ed7f904d496f95 status: experimental description: Detects traffic or activity related to http://xred.site50.net/syn/SUpdate.ini which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xred.site50.net/syn/SUpdate.ini*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xred.site50.net/syn/Synaptics.rar id: auto-85028f3195d02c3ec168fab4558890808808d612e528a8b8819a1aebcd7ec578 status: experimental description: Detects traffic or activity related to http://xred.site50.net/syn/Synaptics.rar which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xred.site50.net/syn/Synaptics.rar*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://xred.site50.net/syn/SSLLibrary.dll id: auto-eb1117d08c0e13e74b99bfabb73f50477dce1f68d069bb2a87312fead4824bfa status: experimental description: Detects traffic or activity related to http://xred.site50.net/syn/SSLLibrary.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://xred.site50.net/syn/SSLLibrary.dll*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/bins/.ppc-440fp id: auto-6f88015711640ecc73f54c7d354f290833abec5d8111a09e9589bd4cede4674b status: experimental description: Detects traffic or activity related to http://185.196.11.126/bins/.ppc-440fp which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/bins/.ppc-440fp*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 id: auto-a13272f179fa806b494ff33f4baacbbc1df032c3215dc0e5e0421603695e4812 status: experimental description: Detects traffic or activity related to https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 id: auto-ea70749b1d389cf4cbfcba4590189b36427758a56747fe802f379759d0ed603e status: experimental description: Detects traffic or activity related to https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download id: auto-fb403aff87e99d2430c2b512f1fd79ba49144c4a49d9d309b26666e4f27a9a30 status: experimental description: Detects traffic or activity related to https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download id: auto-548d0ca19336d289e61ff43b87330780234e8461151b88a4a6b34fc5ba721dfe status: experimental description: Detects traffic or activity related to https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5908119101/FhmYGHx.bat id: auto-ee027fb1d0f7b5ee210b8221482b1796ae8adf02a878628725ffaf47e50f257a status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5908119101/FhmYGHx.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5908119101/FhmYGHx.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 id: auto-e24125e866d9b72a68ae4b1c457eba59ee6a060efe3a1adb61ec328f42e85b7d status: experimental description: Detects traffic or activity related to https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2bknb.com/win/sm.ps1 id: auto-e1024783a63ce83985a728aaa62a3414941e54709d2ab7b9df3f9ef4edf3a571 status: experimental description: Detects traffic or activity related to https://2bknb.com/win/sm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2bknb.com/win/sm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2bknb.com/win/omic.zip id: auto-5c8ce137ab51fb3e070f3526bcc21f71fc0c0cf72bdc26034151f5ccfa6e720f status: experimental description: Detects traffic or activity related to https://2bknb.com/win/omic.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2bknb.com/win/omic.zip*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.64.210:56781/bin.sh id: auto-d232d545aa20d95d1db8d29fdfbc28a6dd548bc7242616926c65311260a46fe9 status: experimental description: Detects traffic or activity related to http://115.49.64.210:56781/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.64.210:56781/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.97.127:39261/i id: auto-7a5cc0c1e90144f34f85c7a9a2699491907eebcd650c791019f63dcfa70e08db status: experimental description: Detects traffic or activity related to http://123.14.97.127:39261/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.97.127:39261/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.107.58:45913/i id: auto-e21afcd9c7fbf9f09fbe3808b603eddefb26c0889500f173f9fe74f20b674588 status: experimental description: Detects traffic or activity related to http://221.14.107.58:45913/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.107.58:45913/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.189.10:40776/i id: auto-2876db033866bde8a5e3a398d7520c2a7aca1ec02abc09612cf60e66e7eeba06 status: experimental description: Detects traffic or activity related to http://221.15.189.10:40776/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.189.10:40776/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.240.186:42940/bin.sh id: auto-37c1a716997bb0a0b223f6c02f6de4fa66f222ac75b0cb790b0d041b421afb54 status: experimental description: Detects traffic or activity related to http://59.184.240.186:42940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.240.186:42940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695//arm5 id: auto-9852261a107406e1687068e25d9d72f6968faa0e9296c61ed3340c10b183d9d6 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695//arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695//arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.97.127:39261/bin.sh id: auto-dcd76fd10cf7a971f14b555cac5e400c6b9cb278d4c7cbbbbbcfe7c12d66ba76 status: experimental description: Detects traffic or activity related to http://123.14.97.127:39261/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.97.127:39261/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.95.26.208:49372/bin.sh id: auto-f6646501107f5c2737e5bb79cb8d36a1cf56fd91e33c7299b5f61ce5303d8c7a status: experimental description: Detects traffic or activity related to http://124.95.26.208:49372/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.95.26.208:49372/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/ohshit.sh id: auto-6ef1b8d4008f01db41bca02802916cd30644dcfa826d452908f3e78779e21f2b status: experimental description: Detects traffic or activity related to http://178.128.54.100/ohshit.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/ohshit.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/spc id: auto-016dbc4397a5738b87b1d38ea3a421e6b8d5c7f09941e6828b17e5c01c8100b0 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.107.58:45913/bin.sh id: auto-731106d6c0fc02a69660719bde67b847fa36b2ba345cfeb7e7184ecbc7dc3368 status: experimental description: Detects traffic or activity related to http://221.14.107.58:45913/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.107.58:45913/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.235.157:40277/i id: auto-202d574e6b770e390ffd84273deb9740cf6237b39486a811d8f1b43d05b54d67 status: experimental description: Detects traffic or activity related to http://42.234.235.157:40277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.235.157:40277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.179.117:42341/i id: auto-e834956eeb954a60a556ec76f47d9ff6db175f3b6ce2a7e501bd6c504a053104 status: experimental description: Detects traffic or activity related to http://123.8.179.117:42341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.179.117:42341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.80.97:36208/i id: auto-80cc94da0ad3ee885627f87507b25fe2ce40f86dd6d560736fa2f36b894bccc7 status: experimental description: Detects traffic or activity related to http://115.57.80.97:36208/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.80.97:36208/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.80.97:36208/bin.sh id: auto-f612beb25070244e698c67b7f8707e435022dc2ab605f602a020085a2fb50cad status: experimental description: Detects traffic or activity related to http://115.57.80.97:36208/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.80.97:36208/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.132.144.18:51116/i id: auto-2753b356c72e7a28f2dae504caf29e9a124e66c87535145cbcdd2effb7394e85 status: experimental description: Detects traffic or activity related to http://112.132.144.18:51116/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.132.144.18:51116/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.167.150:48476/i id: auto-80fa594a79c32b3801c48dcc58f5ffecda6e162f759674b2eb246a8dc8fc7309 status: experimental description: Detects traffic or activity related to http://117.221.167.150:48476/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.167.150:48476/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.94.110.22:58070/bin.sh id: auto-a6d9b1bc355d026db79d3e58ebeb070bf9a0f5efc2ac04691bc2b28994d7593c status: experimental description: Detects traffic or activity related to http://59.94.110.22:58070/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.94.110.22:58070/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.235.157:40277/bin.sh id: auto-d7277959338aea2c82c76b097f1341b6aadbbdeb8a37a2b4b23e95b5a13d855a status: experimental description: Detects traffic or activity related to http://42.234.235.157:40277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.235.157:40277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.114.115:50605/i id: auto-e09f065e8e16a3a63d8f27e90e028cb43f11e3a11d8308d9b24f37a090174e55 status: experimental description: Detects traffic or activity related to http://117.195.114.115:50605/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.114.115:50605/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.179.117:42341/bin.sh id: auto-227edaefd48429bf0fb3cfaedcd9ece8efab0c7ed399ad9fd94f15964c739637 status: experimental description: Detects traffic or activity related to http://123.8.179.117:42341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.179.117:42341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.110.181.226:43473/i id: auto-a545f1bd15f847577301bfaa7ff0366c06f6347bcfbd41fa616cfa7da81110be status: experimental description: Detects traffic or activity related to http://41.110.181.226:43473/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.110.181.226:43473/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.132.63:55354/i id: auto-09d26cd801c9a39ca1abec56d437f130a31d286de117f52323880cbd2970e616 status: experimental description: Detects traffic or activity related to http://61.53.132.63:55354/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.132.63:55354/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.254.158:34200/i id: auto-37979ddbb4131f94ae239abafa8c9f3e9e874fa1a439e32600c2bc9ad8f64d6c status: experimental description: Detects traffic or activity related to http://42.231.254.158:34200/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.254.158:34200/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.70.36:45668/bin.sh id: auto-8b6666e7912b2e78da6df54ad23c0e360d71362f2111ddd8e57e176672e0d229 status: experimental description: Detects traffic or activity related to http://182.117.70.36:45668/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.70.36:45668/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.132.144.18:51116/bin.sh id: auto-b1b327fc36801043277444996a5e4af132a35119f33050f20518f3d8751b90f9 status: experimental description: Detects traffic or activity related to http://112.132.144.18:51116/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.132.144.18:51116/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.168.92:46894/i id: auto-797f3a947d2417e66b94eb392e631d8f83a03562cd1db514cb86780de3d622fa status: experimental description: Detects traffic or activity related to http://115.58.168.92:46894/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.168.92:46894/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/sh4 id: auto-c19ba555fe30c15fe86e7d1b3f1ea361f98c84a4d8e8fd077e4b10dbf033e510 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/arm5 id: auto-5ea69cff6a6304ec7425fd5dcf9f40216bea61b058b6f1d94902398929c33d2a status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/x86 id: auto-21b20a03bf1f094cee716aea9238187af630966498efaf22982b45b1c9594db7 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/ppc id: auto-a7f2b315d37dc72399ff4597d2b032f672e20761ccc3b440703b1f8046dd122b status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/arm id: auto-44f71e6fd3c3cb79e9675352966d0c69f125ff2a0c12973f1568292f0b2db33a status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/x86_64 id: auto-d431b8ed18266dcc1c3b22d4fffbe0f586dfc88c7a9d037582808cc4aec50542 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/arm6 id: auto-ceb3fa02a657aafdf5c1bf2f3c021df883d751829593c8a168c9f67071647f35 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/mpsl id: auto-8a4052109162efda40c09bb248c296803d6cba065d6fc7931a1cdc5d8c975e23 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/arm7 id: auto-31d6184bed73f68e6d49c3314978cf62ea353f78844976e01c5c8040f3531531 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/mips id: auto-b64f691c46bc42e5ac017f2eaff0284958d8e8dbdcba9fb4c55649dc1a6ce6d4 status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.128.54.100/bins/m68k id: auto-d2302e0cedcbf006eabc5d85b75972df5219c4cc2f2fb01b05a961d86f42de7c status: experimental description: Detects traffic or activity related to http://178.128.54.100/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.128.54.100/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.132.63:55354/bin.sh id: auto-ac5d3708ee2ad9e49ac8b401e08bd394da0652b3dc5f5658e2d67d94a0ff41ef status: experimental description: Detects traffic or activity related to http://61.53.132.63:55354/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.132.63:55354/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.arm7 id: auto-e3b5acbb0fe8ab99b084ddd516a6d24d8dd3503eb1d5895ee51d6fa42e8df722 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.arm id: auto-8d0cade34814073f488be0800a5a5e536df5f0f88ab752204cd179b907069cdd status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.mips id: auto-d41e348c19f5d04bd0252a810fa8f6dc104697dd91ff6c2a5c664dd5d113a479 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.195.114.115:50605/bin.sh id: auto-1480b4188ef92d5c2dd1a2968142589cde2f650cbf43af1df679a0ad5c1aea52 status: experimental description: Detects traffic or activity related to http://117.195.114.115:50605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.195.114.115:50605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.mpsl id: auto-9739c5339ef007de9161c0ff9fbac6509f33de49d0072fa48e562af7420bf840 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.x86 id: auto-7d589da9bc65b184d321c4e470874c6acf46e8091df680de7d26449cda0544d2 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.arm6 id: auto-ae227a790a13f1881400d3ac45a4eeb48c3aaf28b235230405abeb34305f29c2 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.spc id: auto-fa37fa92c4c9bf8c0dfa99ae80dec38371d5e31a4c1c22a878dedc98e1cef09d status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.arm5 id: auto-154f0af75a3f1c99c225afa2c719f753827ab3776477a4f3aed805ec4f15677a status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.sh4 id: auto-0ae2645f7740764020f4d7fdb578d8b19d28f5a60bc0ec6d388b1bc08f5be795 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.ppc440 id: auto-994dd21ed026bc80483902f054823d2eefc636c5850b393254681b98562b5b49 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.ppc440 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.ppc440*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/spc id: auto-51795c9b986a86e4a77493746af82ab315fe1633fcacaf285a564152ab7d63a2 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.m68k id: auto-e73e37e06c237bde99ad398b4cc3ed3028365d5696b15df72e1c45d73e7a74bf status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/boatnet.spc id: auto-db182102cf543198ce44fc571a1b4a4cd5ecd11deb0f97c02167e9c6561bafb2 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/boatnet.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/boatnet.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.241.208.183/bins/sora.ppc id: auto-70b3f0c02f108aaf64ef00cedbf22f16172a1a455935fdfe7669599243060a88 status: experimental description: Detects traffic or activity related to http://185.241.208.183/bins/sora.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.241.208.183/bins/sora.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.10.79:58693/bin.sh id: auto-53a627a3673429efc4ac86ce081a56d8ad06727f9aa8df7e05c77a1675f3e5eb status: experimental description: Detects traffic or activity related to http://219.155.10.79:58693/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.10.79:58693/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.168.46:50695/i id: auto-f48499af66d9adca07fb592d70e5386c77495bf36cff2297ea16f3a6c75068cf status: experimental description: Detects traffic or activity related to http://42.86.168.46:50695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.168.46:50695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.254.158:34200/bin.sh id: auto-3971266bb5b25255107531e1c6c57124f1430c31807b7e196402dd5b848f8428 status: experimental description: Detects traffic or activity related to http://42.231.254.158:34200/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.254.158:34200/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.217.187:44687/i id: auto-76d6f70552fc4f00e437c29898de0912d66c7dc547cee3632d86bc9fccecfbb9 status: experimental description: Detects traffic or activity related to http://222.140.217.187:44687/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.217.187:44687/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.217.179:48696/i id: auto-f43a7b143b4035ef9b06488bde2c4a323fb50d1cce5fad6f097bcde08fcfceb0 status: experimental description: Detects traffic or activity related to http://60.23.217.179:48696/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.217.179:48696/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.27.202:48238/i id: auto-b9646956c19950768fe377244f2cd0904ab69a3f708e09d81bb77b64f0c07ce1 status: experimental description: Detects traffic or activity related to http://219.156.27.202:48238/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.27.202:48238/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.172.203:33174/bin.sh id: auto-5c59437ebe71ad2fe0f9420bdacc550aeb5c4d6e943c3f43424a29f8e6f10be8 status: experimental description: Detects traffic or activity related to http://117.205.172.203:33174/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.172.203:33174/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.168.92:46894/bin.sh id: auto-c38f541bba5ce4cbe1adb43242bc063e04aa2bb49f1043cb170d9768c2a76beb status: experimental description: Detects traffic or activity related to http://115.58.168.92:46894/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.168.92:46894/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.213.133.120:44569/i id: auto-a639b53eb7093fa3e3c976305b09324ac2f533e2bf23c9ac1b06e9407e981e69 status: experimental description: Detects traffic or activity related to http://27.213.133.120:44569/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.213.133.120:44569/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://4kgnpztl.deepmi5t.ru/?apikey=HvQZKgfUiSIsBQCV&activityId=25c57428-f9ca-4a6c-b4b2-017d185914ea&ocid id: auto-d9ed7ef8722e4c48e9823232ea6fba4d672d1bc38a8d55f3f8552e9d64ea08b3 status: experimental description: Detects traffic or activity related to https://4kgnpztl.deepmi5t.ru/?apikey=HvQZKgfUiSIsBQCV&activityId=25c57428-f9ca-4a6c-b4b2-017d185914ea&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://4kgnpztl.deepmi5t.ru/?apikey=HvQZKgfUiSIsBQCV&activityId=25c57428-f9ca-4a6c-b4b2-017d185914ea&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.168.46:50695/bin.sh id: auto-12c12738e33025eb39a3732ef884f53cf228a1debc7f599e243018ee857f10e3 status: experimental description: Detects traffic or activity related to http://42.86.168.46:50695/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.168.46:50695/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tqi7q7rf.deepmi5t.ru/?apikey=cLtKoGdPSdNBWaTN&activityId=e61358e5-f254-4eed-ba88-804a8998ae89&ocid id: auto-2e88d018f14723bc244055f23f06e89b03a212587e127fb08479f654eef0b9a1 status: experimental description: Detects traffic or activity related to https://tqi7q7rf.deepmi5t.ru/?apikey=cLtKoGdPSdNBWaTN&activityId=e61358e5-f254-4eed-ba88-804a8998ae89&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tqi7q7rf.deepmi5t.ru/?apikey=cLtKoGdPSdNBWaTN&activityId=e61358e5-f254-4eed-ba88-804a8998ae89&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.248.101.34:45945/i id: auto-2e63b11fe4a68ea7617f2d854f228140a51b5bacce20c7454cf7756b0db4a429 status: experimental description: Detects traffic or activity related to http://112.248.101.34:45945/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.248.101.34:45945/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.213.133.120:44569/bin.sh id: auto-5e1590f69c6621f4b9526f999fbec7e1afb8af192183fd4db4a2e078c7b8f7e8 status: experimental description: Detects traffic or activity related to http://27.213.133.120:44569/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.213.133.120:44569/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vermclta.deepmi5t.ru/?apikey=ScOruKcEFBeFChEN&activityId=9e4a17a1-723e-43ae-9550-d6f83f6291a3&ocid id: auto-316626f6ec497428b1394c942cbb1f2472b79aa052a8eeea1e557e9b803ddba4 status: experimental description: Detects traffic or activity related to https://vermclta.deepmi5t.ru/?apikey=ScOruKcEFBeFChEN&activityId=9e4a17a1-723e-43ae-9550-d6f83f6291a3&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vermclta.deepmi5t.ru/?apikey=ScOruKcEFBeFChEN&activityId=9e4a17a1-723e-43ae-9550-d6f83f6291a3&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.66.105:43484/i id: auto-8f2861ccf1b18c03e0da60ba24fbc6c2da964afab428209474ef856a032e5794 status: experimental description: Detects traffic or activity related to http://39.187.66.105:43484/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.66.105:43484/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.18.205:36064/bin.sh id: auto-e97c8ca71e01bd262b7f75403eceffaa05e5afa2856170851afbaaa1b8dd4023 status: experimental description: Detects traffic or activity related to http://110.37.18.205:36064/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.18.205:36064/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.140.217.187:44687/bin.sh id: auto-e709e89cf1eea3d9619fbfdb5fb291e4666ca98eddccaafbce06ef4ec212f201 status: experimental description: Detects traffic or activity related to http://222.140.217.187:44687/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.140.217.187:44687/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.27.202:48238/bin.sh id: auto-4fb98a9a9b3f87f0219f308bbde2f00980890383d46fd35d9aaf3a5e37526e3e status: experimental description: Detects traffic or activity related to http://219.156.27.202:48238/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.27.202:48238/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.170.190:47877/i id: auto-5a99876d28a3f1fa316666e14ad63fe71c249251bd95444dc232d1f463f9e550 status: experimental description: Detects traffic or activity related to http://42.224.170.190:47877/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.170.190:47877/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.146.201.198:56645/bin.sh id: auto-8e99b78d1bef8fb419646b49c239b4643861277e67538e04f610fc9a5f873a71 status: experimental description: Detects traffic or activity related to http://175.146.201.198:56645/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.146.201.198:56645/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.233.169:46105/i id: auto-c9e5925a9331fc763318a8d08a29340be28f318ad0c048956b6f54a6c30c8753 status: experimental description: Detects traffic or activity related to http://113.237.233.169:46105/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.233.169:46105/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.237.233.169:46105/bin.sh id: auto-83ed04a44339754631556b1d91975b288f956f2cf1006d74fd66a52045de5be2 status: experimental description: Detects traffic or activity related to http://113.237.233.169:46105/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.237.233.169:46105/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.187.66.105:43484/bin.sh id: auto-4cbb0c9d7a61965760ad4c6dd9f8f722e68be1c8384730b42a367c51f64cc1cc status: experimental description: Detects traffic or activity related to http://39.187.66.105:43484/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.187.66.105:43484/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.242.187:57741/i id: auto-199cf4cc89e77f4eff58761529b75bf907d0aac2e86ad050be8a060fe4df5020 status: experimental description: Detects traffic or activity related to http://59.184.242.187:57741/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.242.187:57741/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.242.187:57741/bin.sh id: auto-235908049001b849e1b411f2ac3e6bdca486bcaf563b6b8621eaca28d2d5f3ff status: experimental description: Detects traffic or activity related to http://59.184.242.187:57741/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.242.187:57741/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.217.179:48696/bin.sh id: auto-8ef377fcebd7092478b7f395eaca6e170ecccdce901e3deb1fde6949eb4475f4 status: experimental description: Detects traffic or activity related to http://60.23.217.179:48696/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.217.179:48696/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.182.82.81:45573/bin.sh id: auto-90b4ec4b0f70466e7dd497af18cdbee043f1a9e45d0ac6b2d8a4babe3ac27bf6 status: experimental description: Detects traffic or activity related to http://59.182.82.81:45573/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.182.82.81:45573/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.153.64:55778/i id: auto-cdb44da7a395113737eb3d5c58afec4dd8d4fde66b90ce5d682e470f3e2c639d status: experimental description: Detects traffic or activity related to http://182.127.153.64:55778/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.153.64:55778/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.211.5:51310/i id: auto-3b2c26379c10e6b75e65c023d8d1ebb569f21924573db49d5aca460bc2dc1bbb status: experimental description: Detects traffic or activity related to http://182.123.211.5:51310/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.211.5:51310/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.98.100:36600/i id: auto-667ebdd298abb764c7523b46e0cc75b023e401e0d6367f97e4183f7d4f8941d5 status: experimental description: Detects traffic or activity related to http://110.37.98.100:36600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.98.100:36600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.96.251:44094/i id: auto-93b0cf3ac804811d8c8e409f247d71e9fe6a7e85c17552ba06ae48cdb489469a status: experimental description: Detects traffic or activity related to http://110.37.96.251:44094/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.96.251:44094/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.51.210:53892/i id: auto-323f4f6abd2530b953cdd77c5dd8ea10f74f412fb20a0ab91326f8845a48fd8b status: experimental description: Detects traffic or activity related to http://61.52.51.210:53892/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.51.210:53892/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://raw.githubusercontent.com/ml8xu4vh/pizza/master/setup.sh id: auto-912e04789a257edafda1f726c90ba59254891e694b34075d2fc164f11fe1e70e status: experimental description: Detects traffic or activity related to https://raw.githubusercontent.com/ml8xu4vh/pizza/master/setup.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://raw.githubusercontent.com/ml8xu4vh/pizza/master/setup.sh*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.96.59:52347/bin.sh id: auto-2e70cc29fff5bb8d34a4eeca38a58935fa04201af58ebf1d725b524ea2ecf034 status: experimental description: Detects traffic or activity related to http://196.189.96.59:52347/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.96.59:52347/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.192.179:50341/i id: auto-b0b7d46986b83834cf583f27f1c284b24c48254e6a49cb29a92f16a4e79eb074 status: experimental description: Detects traffic or activity related to http://123.14.192.179:50341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.192.179:50341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.153.64:55778/bin.sh id: auto-1a699471e55fcd66cb92b56241c0b70c47e5d68136072d56c7367c766ca55090 status: experimental description: Detects traffic or activity related to http://182.127.153.64:55778/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.153.64:55778/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.186:44560/i id: auto-54beaabbd494db837627ebb2a8c5326df3d6cffc520eab714cb169dff9729d18 status: experimental description: Detects traffic or activity related to http://110.36.16.186:44560/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.186:44560/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.211.5:51310/bin.sh id: auto-f221297c1330c3e8e241b96af04fa528584421be4c63c055cba3d4ab630e1f9f status: experimental description: Detects traffic or activity related to http://182.123.211.5:51310/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.211.5:51310/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.105.237:55282/i id: auto-3023c9490fc2c2d94ba133ddd6de347d13a0dfcde8f5c9c4a859e2c27f56cb15 status: experimental description: Detects traffic or activity related to http://182.117.105.237:55282/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.105.237:55282/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.200:43783/i id: auto-f9b067424ce85e7f98c3c4176fdf73904ddbc99567747d37c01ef705428a7e37 status: experimental description: Detects traffic or activity related to http://110.36.0.200:43783/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.200:43783/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.51.210:53892/bin.sh id: auto-94874f9a193ed87d877dee1503116c8538f083d8be114509d6ee0dc957859d32 status: experimental description: Detects traffic or activity related to http://61.52.51.210:53892/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.51.210:53892/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.98.100:36600/bin.sh id: auto-5880ae3783bd4cd37c5841bca13b521f428847c40c9eba72603891f2419d1a21 status: experimental description: Detects traffic or activity related to http://110.37.98.100:36600/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.98.100:36600/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://a5cciv20.rainshield.ru/?apikey=DFghavcFZQqRixuC&activityId=64984cd5-0a4d-4d0b-8d88-5c9cd5f938a7&ocid id: auto-7d6a46f1c2fa2c797bd1001563607f2ec0790d6583de0906071bc892911d2714 status: experimental description: Detects traffic or activity related to https://a5cciv20.rainshield.ru/?apikey=DFghavcFZQqRixuC&activityId=64984cd5-0a4d-4d0b-8d88-5c9cd5f938a7&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://a5cciv20.rainshield.ru/?apikey=DFghavcFZQqRixuC&activityId=64984cd5-0a4d-4d0b-8d88-5c9cd5f938a7&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.96.251:44094/bin.sh id: auto-ad1ff8014bcd060e48959b539555c9137e32cba026e641cbca9acfb5bcf1ae56 status: experimental description: Detects traffic or activity related to http://110.37.96.251:44094/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.96.251:44094/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2h5ydzqo.rainshield.ru/?apikey=EsfikJXCSKFILcbe&activityId=7c13ec50-12b2-4116-a870-86d9705c078c&ocid id: auto-dd317c47bb3e9284cce830c2832383562f9f2f612a077e6157b395cf5248fbdd status: experimental description: Detects traffic or activity related to https://2h5ydzqo.rainshield.ru/?apikey=EsfikJXCSKFILcbe&activityId=7c13ec50-12b2-4116-a870-86d9705c078c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2h5ydzqo.rainshield.ru/?apikey=EsfikJXCSKFILcbe&activityId=7c13ec50-12b2-4116-a870-86d9705c078c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.129.38:53060/i id: auto-dd0463bc32d32dbd5cf9e216c45395be13bd212f4b4ad6ada312962eda9beb5f status: experimental description: Detects traffic or activity related to http://176.226.129.38:53060/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.129.38:53060/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.16.186:44560/bin.sh id: auto-0e246d783ac4cd6a58950a4bcbdeb9972b6d113ba0f988b2b8a10603a79eacc5 status: experimental description: Detects traffic or activity related to http://110.36.16.186:44560/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.16.186:44560/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.192.179:50341/bin.sh id: auto-6cf5db378c7cf8328aca31943634240d73241aff54f239bf84246c2786876af8 status: experimental description: Detects traffic or activity related to http://123.14.192.179:50341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.192.179:50341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.114.45:50543/i id: auto-3a62ff7df81462db01d296c968877efc91e319d019dbb38c875845b183404e40 status: experimental description: Detects traffic or activity related to http://222.138.114.45:50543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.114.45:50543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.200:43783/bin.sh id: auto-ed37f0df2898ee2601725b6524785a9a97181afaafac30d7a60cece66a98d406 status: experimental description: Detects traffic or activity related to http://110.36.0.200:43783/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.200:43783/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.9.33:49309/i id: auto-6519571325b8f075ff78e5ad46c5d18e54ddd004942d89cbab367b4119860cfa status: experimental description: Detects traffic or activity related to http://115.61.9.33:49309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.9.33:49309/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.138.21:33309/i id: auto-316e9819f59751aab5bc287c1688b45a7da238276d361f833e7da2e8ca21913e status: experimental description: Detects traffic or activity related to http://182.120.138.21:33309/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.138.21:33309/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.94.29:41976/i id: auto-4b74349ab0bd20e2412c10469840f332aa629b49182574489bb9b5bb05edc7be status: experimental description: Detects traffic or activity related to http://117.205.94.29:41976/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.94.29:41976/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.38.41:4225/.i id: auto-52ea7609dbd13f6416ba3d9c39889ccd7091686971e6c76d3cc3dbea0297d10d status: experimental description: Detects traffic or activity related to http://113.221.38.41:4225/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.38.41:4225/.i*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.205.94.29:41976/bin.sh id: auto-de5ecd0628f49a9c037019460d5455d9987c141ea38ccd9d68fca32d511934c3 status: experimental description: Detects traffic or activity related to http://117.205.94.29:41976/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.205.94.29:41976/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.161.47.170:53859/i id: auto-13cad91f9b1b4aac371cec15a0963cbac64daaec4d76d9b91e11e23cf68582ee status: experimental description: Detects traffic or activity related to http://60.161.47.170:53859/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.161.47.170:53859/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.117.184.47:51727/i id: auto-23ec66e84a938889c2f4470738d50c7f17f4700c2ba8d51f82538e06f64db6a9 status: experimental description: Detects traffic or activity related to http://119.117.184.47:51727/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.117.184.47:51727/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.29.21:49521/i id: auto-5f5e19772325d819dd66221489002888cbf9ee5908b28001302782d547e482ae status: experimental description: Detects traffic or activity related to http://42.231.29.21:49521/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.29.21:49521/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.244.64.229:42380/bin.sh id: auto-3965f3079a839dc3b0b87392ace3c83553422bc212843b36dfa2585b271adfa8 status: experimental description: Detects traffic or activity related to http://117.244.64.229:42380/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.244.64.229:42380/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8278288380/WsFbrLC.exe id: auto-c3ba85b0ce860fbf51575f5f79b26b8a4afa8bffcd38526ea24805c08ef25c1f status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8278288380/WsFbrLC.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8278288380/WsFbrLC.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.124.156:40087/i id: auto-25349357af6701088d98e070c263b15a3a2f4ec2b22839a2b2d4aff0c56fc60f status: experimental description: Detects traffic or activity related to http://182.126.124.156:40087/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.124.156:40087/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.138.21:33309/bin.sh id: auto-7f9e7ee0135abdeee3fc8590ac62241acf5df3dd1cd336cb9e759866757fc933 status: experimental description: Detects traffic or activity related to http://182.120.138.21:33309/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.138.21:33309/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/67947251/z0Gho5y.exe id: auto-a8e73c13bb04c5be7ca6e9a7b11455d401fcd5011e6061ecb98f479f2a4a67d6 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/67947251/z0Gho5y.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/67947251/z0Gho5y.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.29.21:49521/bin.sh id: auto-8562511356d14a6ac1a8063b404026daad3801f1b4fb79c4bf9cc6fb859b513e status: experimental description: Detects traffic or activity related to http://42.231.29.21:49521/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.29.21:49521/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8278288380/Fn9aleP.exe id: auto-41596f3dee35501b0e6d5ce1d27e079dda7afc292f5e589f52c4c86111d43996 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8278288380/Fn9aleP.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8278288380/Fn9aleP.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.80.3:44736/i id: auto-1dd622eb5be38bb36ee826007bb4aa1493f8f2a3b2a6f3e40aceea28d08cc83f status: experimental description: Detects traffic or activity related to http://59.95.80.3:44736/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.80.3:44736/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://186.215.245.175:49080/bin.sh id: auto-e8f36d7be33143752f82b90a63f0fa7f0bdd5ba11f7dd71b99ac8de633fe5086 status: experimental description: Detects traffic or activity related to http://186.215.245.175:49080/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://186.215.245.175:49080/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.230.105:48432/i id: auto-abe7c239eda8238e8c5e2483b40353aa2cd2abdf684f809ca90dac9e4810fbad status: experimental description: Detects traffic or activity related to http://182.112.230.105:48432/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.230.105:48432/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.80.3:44736/bin.sh id: auto-c058eb0c4b46eb74112455664b85d07e28720e8c26ed0a73b2aa6477b1d186fe status: experimental description: Detects traffic or activity related to http://59.95.80.3:44736/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.80.3:44736/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.246.43.99:34574/i id: auto-c4d571b487abe92ee4d6fda56d3e8f792d89d277a492a1648e034393fc642b5d status: experimental description: Detects traffic or activity related to http://222.246.43.99:34574/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.246.43.99:34574/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.185:46421/bin.sh id: auto-337d1a9c594ba4de3b75943bcb443175f54d22245e86d60aa899a0ef2f883726 status: experimental description: Detects traffic or activity related to http://123.12.225.185:46421/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.185:46421/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.249:58996/i id: auto-a2950ae61e9e6e4724d9692b01e092a8e57d849ac351e7945e7da8eb4756381d status: experimental description: Detects traffic or activity related to http://60.23.235.249:58996/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.249:58996/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.235.249:58996/bin.sh id: auto-f7c7a31a7efe7857102b967a1dc4ee5ad49b1ce67506c617eed06b93a8518754 status: experimental description: Detects traffic or activity related to http://60.23.235.249:58996/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.235.249:58996/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.164.207:38449/bin.sh id: auto-a4ab2ee2430b671ade0e6cbdefa855c9047542f39a6244eadb72be41b8403500 status: experimental description: Detects traffic or activity related to http://175.167.164.207:38449/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.164.207:38449/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.153.189:39255/i id: auto-ecd92ffa5f2c7be7df3852cce9ab055c6af984269b5b17abb06282c1d4784384 status: experimental description: Detects traffic or activity related to http://123.10.153.189:39255/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.153.189:39255/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.169.225:43083/i id: auto-248d399b5090d133f4d4efcc559826ca12a4fd9750b7ab01cb216681e602858a status: experimental description: Detects traffic or activity related to http://42.224.169.225:43083/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.169.225:43083/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.59.54:49341/i id: auto-c6d0f0f44bd9860d6c44af58d8cb5955a4b82d30f818c46e54a7ce5f0d99c2c1 status: experimental description: Detects traffic or activity related to http://42.86.59.54:49341/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.59.54:49341/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.233.48:32923/i id: auto-e784f892b68665e4e934a7b8616c8b7c404a6e20bea11c307deae98ec7f11024 status: experimental description: Detects traffic or activity related to http://59.88.233.48:32923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.233.48:32923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.10.153.189:39255/bin.sh id: auto-76443e6cacc1031252313e8f3f14abf9844ec6abe3249b06a0d9c360fe75223d status: experimental description: Detects traffic or activity related to http://123.10.153.189:39255/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.10.153.189:39255/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.169.225:43083/bin.sh id: auto-bc31d196686e107020a910d351fe3cdc1b50b1cbf337763cedb5e830c7dc404b status: experimental description: Detects traffic or activity related to http://42.224.169.225:43083/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.169.225:43083/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.208.72:59714/i id: auto-f2b8eec892ef67675cf1c7636bef2062bf50f53a4ce057f549a9c3423d2d9856 status: experimental description: Detects traffic or activity related to http://219.155.208.72:59714/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.208.72:59714/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.171.41:57861/i id: auto-26cd26c4b73c3173f4a90531f2379a47df32281f754b1fc62f7f177439f887d7 status: experimental description: Detects traffic or activity related to http://175.167.171.41:57861/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.171.41:57861/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.2.16:56671/i id: auto-49e47c8897a6d58b586845388c1e93d8974454215bf1a5a2d26462db49745058 status: experimental description: Detects traffic or activity related to http://117.209.2.16:56671/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.2.16:56671/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.59.54:49341/bin.sh id: auto-ba4f2b24f8133a702c154f69c068e321de1eaaf3af31ebd6ba7254312cdd1d2e status: experimental description: Detects traffic or activity related to http://42.86.59.54:49341/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.59.54:49341/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.133.108.32:54837/i id: auto-0b65476a407c3e9439ce3be15c6570641a522329e422b201076a73107108635e status: experimental description: Detects traffic or activity related to http://222.133.108.32:54837/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.133.108.32:54837/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.204.164.144:36056/bin.sh id: auto-448ecd25c88682fe984d3beb848261ffbed85685c0678770a205db64962d59a5 status: experimental description: Detects traffic or activity related to http://117.204.164.144:36056/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.204.164.144:36056/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.88.233.48:32923/bin.sh id: auto-3b05e663eed3dce0e3378992046b52c03dfb77062b36ab5c08e898811dfc0b8c status: experimental description: Detects traffic or activity related to http://59.88.233.48:32923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.88.233.48:32923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.116.36.124:60232/bin.sh id: auto-91c393b2d2a4472d90c9a6b1c607f7035c2e0bf663ba4eabf3b361dfd401aa42 status: experimental description: Detects traffic or activity related to http://119.116.36.124:60232/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.116.36.124:60232/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.240.237:37568/i id: auto-c7e004720e3e54fdb21a887c4c7ee54b22310826536df5c5053ae683d1bb2e00 status: experimental description: Detects traffic or activity related to http://123.11.240.237:37568/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.240.237:37568/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.x86_64 id: auto-3f53e0e317747a1c89898dd9955eb59dd412a86a3faba49aecdb9bb0acb49ec7 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.arm7 id: auto-ce350215bf86444db846c9e21f4db956e3749acfb16640368ca02a1e2e6f1f80 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/ppc id: auto-866b9b5ea73558894eb10c1702d429e58927f9da83cc96d771dc61bf76154eef status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/arm7 id: auto-9c7412d255dd2542d95cb712d76fb29cde7ca9553b028e950dbd6a113234aa3f status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/arm4 id: auto-34d1a424047c0485b0bb901c470cbd0e211f9f04819d36c6d9df4d41604939df status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/x86 id: auto-72a63f09bbf6c91136f1148f35e989713d73753893ece6e715665d56e3015369 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.mips id: auto-9e7c600b8b8cd1895f043d8dd123ff7b3ca2dce1df13b91436b23a6aebf496ab status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.arm id: auto-9c03de2b25fd12eedf2b594b47c32ff6356bd74d86143cf1386325b7dfbbdddb status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.x86_32 id: auto-0c5083efb4b51eef87083ab7b85c079aa30378540cc14d25c96dd31bafbf4022 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.x86_32 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.x86_32*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.spc id: auto-4ab4e1f02e06d346e52636383e66fd3d683ae5ccc110b70265ea4d5ba3983e64 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/m68k id: auto-6e3feade7ccee76924e2b73a43b80a8bbc8fd6eb6d4808fb2a4e8622bd46fcef status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.sh4 id: auto-68b7cdd29fc3083f911d0177bdc2a4d31c8a88bd75276dd3ed44319b581b0863 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/sh4 id: auto-0ecd336edaa62c8235fd7fc4c31341c8517bca9813275f11690bbb996f3465d1 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_mips id: auto-e08914f439960f6a3a49a7e39f539c23bdbdce547c8cc0d07d99eade0ccddb7e status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_arm5 id: auto-a28f59f3ccf86b12410489def6975cac25e490a491294aadc21ae6738618b551 status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_arm7 id: auto-2d6f0b9d9c99307f658af0bf1881677857959548464636f23a3364e849a9308f status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_ppc id: auto-75741358c368ffd621095f4546ae12c2bef5971232667f9bdd3a5f81878a800c status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_arm6 id: auto-efd3da83c5ec97f07d5a1e57dad4262c4bd48aa44c03ccbc8883ff51907874de status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_m68k id: auto-75853d878d615d07b75909df9e82421d2b7969cd162271064e0cb3849a1df47a status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_arm id: auto-a9b035852f89127e7011d8900c2bd950d33d63c98fbbba6921ee52c411811a2e status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_x86_64 id: auto-06af21550d9225abb66045860fc051f2fcb3dfe7da2f74a2ac32b25c5fc6a2c4 status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_sh4 id: auto-e5902e76219b709689e1fd2e11fb685ca1936d36f0417372b77e927e7dd4af95 status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.2/main_x86 id: auto-b592a9546f68d004998476955fce367f80db8509e578baedb6d14bd82fe03048 status: experimental description: Detects traffic or activity related to http://130.12.180.2/main_x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.2/main_x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/arm5 id: auto-822ffb451c1e2827df2d51aeef156c9096bd8daf248177f3ff9fa07fbb8f0fad status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.arm6 id: auto-103eb048eecaaf9afacbbcd6bf3bda36618ff4abe8675726ad824edc28d37377 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.arc id: auto-d6beaf7730a635d84660638b707e1fcd203253c9aed95cb58c96bb3e6d95fa65 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/boatnet.i486 id: auto-7503870bee950b7e581711329abd7a5df7f651d949ebe4fb509dd89134873e54 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/boatnet.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/boatnet.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/mpsl id: auto-c11dfea71d22ddbbc6f096b777f427be752bcd2567985c00dff02173a1379719 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.70/hiddenbin/boatnet.arc id: auto-8f57c8256d212ba40f027a0526326a87078f3f19cccec5b8fd7cfb5aa186c980 status: experimental description: Detects traffic or activity related to http://87.121.84.70/hiddenbin/boatnet.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.70/hiddenbin/boatnet.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.mipsl id: auto-e3645ad17d711f442592803710337a0a6a27aaf5ed866f6ddc2df2f9cd1100d5 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.mipsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.mipsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.m68k id: auto-371406b7a3cfb1961251e49db21c3be0f35610ca374489bb171f196c523574d0 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/mips id: auto-ecb2d00bf7ec019e9521456461a13c5d98fcca63df708846db6c5f7fa9357bad status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/i686 id: auto-2a5a4bc492cb064f336bbd6c106d9026ef3b94bcb945a68e2d6960d09ffc1351 status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.arm5 id: auto-8c812e68f3dbd4e1cff829aa134792cd610de24f873de4b812e3fa83b71d1235 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.i486 id: auto-219cdb3543d409c1fbfc399ece5ef171f6d951dd20be41796a184bc641d34a9c status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.i486 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.i486*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.i686 id: auto-4312c396797c6d4b40678b64b1b393202cdf07c93fca67e1ebf313d830b7df8b status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/x86_64 id: auto-b50af6429bd3621b527d2ac6985e23dfd5179ac00fe12fc586a9858b21404abc status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.34/bins/arm6 id: auto-b709b933c941c5ce8f3c3cb02b408a87484e35d2fa6fbd378f10c85589d5aeaa status: experimental description: Detects traffic or activity related to http://130.12.180.34/bins/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.34/bins/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://38.124.152.33/huhu/titanjr.ppc id: auto-01d71b0232e35fcf1c875f5ac33ff075a07a67a29cf4043ec174688832b956f3 status: experimental description: Detects traffic or activity related to http://38.124.152.33/huhu/titanjr.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://38.124.152.33/huhu/titanjr.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.208.72:59714/bin.sh id: auto-15378cc469bcc75b8960e3e82e02e30a7c8fc7257b9a14aab217fdad66cdec72 status: experimental description: Detects traffic or activity related to http://219.155.208.72:59714/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.208.72:59714/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.9.33:49309/bin.sh id: auto-70112db34ba5762d24f710c501d09d4e7aa097aae9502d4a8a64d311b751c7f0 status: experimental description: Detects traffic or activity related to http://115.61.9.33:49309/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.9.33:49309/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.167.171.41:57861/bin.sh id: auto-7ee830fada1f7a692284e17784ed3b140503bc71f2a0e48fa0feab9e53a5faf0 status: experimental description: Detects traffic or activity related to http://175.167.171.41:57861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.167.171.41:57861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://qj6bkgrv.n1ghtcre5t.ru/?apikey=xfWVsgzpiwFPLGEj&activityId=ed871b57-fe78-4593-9784-3acafa3248f8&ocid id: auto-6287708f874fc50608eba6a905afa7d6ccfbdee7659a474f418def70fe4957c8 status: experimental description: Detects traffic or activity related to https://qj6bkgrv.n1ghtcre5t.ru/?apikey=xfWVsgzpiwFPLGEj&activityId=ed871b57-fe78-4593-9784-3acafa3248f8&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://qj6bkgrv.n1ghtcre5t.ru/?apikey=xfWVsgzpiwFPLGEj&activityId=ed871b57-fe78-4593-9784-3acafa3248f8&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://v2s1fwxr.n1ghtcre5t.ru/?apikey=OuksaRzzQDKENIqG&activityId=c12ca870-cc04-473f-b953-72eb77a0854e&ocid id: auto-b03ad3e0dee5611ce587e4d21dcad296b19e8290b0e8e73115cad18d1100fb75 status: experimental description: Detects traffic or activity related to https://v2s1fwxr.n1ghtcre5t.ru/?apikey=OuksaRzzQDKENIqG&activityId=c12ca870-cc04-473f-b953-72eb77a0854e&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://v2s1fwxr.n1ghtcre5t.ru/?apikey=OuksaRzzQDKENIqG&activityId=c12ca870-cc04-473f-b953-72eb77a0854e&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d45m6uxw.n1ghtcre5t.ru/?apikey=sgVqkWvVfhQoAqgO&activityId=77998e68-a8cd-4661-9ea1-30fa4bc99463&ocid id: auto-15f3eb9ecd0fdca5188d4dc7ef51d59bf8b6d834cccef07514d4c5489a18dac4 status: experimental description: Detects traffic or activity related to https://d45m6uxw.n1ghtcre5t.ru/?apikey=sgVqkWvVfhQoAqgO&activityId=77998e68-a8cd-4661-9ea1-30fa4bc99463&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d45m6uxw.n1ghtcre5t.ru/?apikey=sgVqkWvVfhQoAqgO&activityId=77998e68-a8cd-4661-9ea1-30fa4bc99463&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.240.237:37568/bin.sh id: auto-52d24d3736326438958eeb8bd4335bbe3f442c5b8e3fb5f2fe2b6d4e5dbcf167 status: experimental description: Detects traffic or activity related to http://123.11.240.237:37568/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.240.237:37568/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.233.113:42219/bin.sh id: auto-fe2abeb3c8ef1f2bea53ba24fa65b585ab8811a299be611ab9f8d3def52c39dd status: experimental description: Detects traffic or activity related to http://42.234.233.113:42219/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.233.113:42219/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.12.225.185:46421/i id: auto-ad2ddf1548e0e2c5c1d2c8e6198cb64a411a2b4cfc15fb0e36a6a7f8d93f0522 status: experimental description: Detects traffic or activity related to http://123.12.225.185:46421/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.12.225.185:46421/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.202.149:51491/i id: auto-192c2dcd7b6bb6537da7e4136752e0da853c4e45494ae33079e82f0ce202270d status: experimental description: Detects traffic or activity related to http://182.121.202.149:51491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.202.149:51491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.4.132:41298/i id: auto-07db00abe6e318b5e6d715197cf025c0ab381d14d73ee9874b07c2bbcc8354a4 status: experimental description: Detects traffic or activity related to http://27.207.4.132:41298/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.4.132:41298/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.8.148:44813/i id: auto-02b1eaaa1857caf75c747815ede6bc24767f1d32034b627534d639c513acac74 status: experimental description: Detects traffic or activity related to http://123.8.8.148:44813/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.8.148:44813/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6723359323/1k2aGhC.exe id: auto-f8776c67091524d980ca4bde72624c65432f2476ac71c59aabd129357cdb4e2e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6723359323/1k2aGhC.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6723359323/1k2aGhC.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7694683550/SCauXDu.exe id: auto-842c65b9cb5c0b8c232917fb620994d5a20678be465badc135571af0dbf68f81 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7694683550/SCauXDu.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7694683550/SCauXDu.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.112.91:45416/i id: auto-868950d955a15869a6d959ab157bd3ae91789b39fc1c611382b0a707a9cfd462 status: experimental description: Detects traffic or activity related to http://182.121.112.91:45416/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.112.91:45416/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.93.200.163:43810/i id: auto-cda27f7aafbe1a4bf084925229208ea82543826f826a8dde2f425746c72c03ce status: experimental description: Detects traffic or activity related to http://112.93.200.163:43810/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.93.200.163:43810/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://utxqly52.fr0stline.ru/?apikey=XitdBpIlcaICPLrp&activityId=1b160c5d-78ab-4452-9da6-875b7d5adfa6&ocid id: auto-2cc063cf70fe203a7acd6a292ce6661e04463971d35459a21bc02cd34d79d340 status: experimental description: Detects traffic or activity related to https://utxqly52.fr0stline.ru/?apikey=XitdBpIlcaICPLrp&activityId=1b160c5d-78ab-4452-9da6-875b7d5adfa6&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://utxqly52.fr0stline.ru/?apikey=XitdBpIlcaICPLrp&activityId=1b160c5d-78ab-4452-9da6-875b7d5adfa6&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://gz8jlk0r.fr0stline.ru/?apikey=ynjvxhBwDGFrKFzD&activityId=1f8a19d7-1e7d-4c78-9fa3-8d068f6f0400&ocid id: auto-bff17767f7105a363b36839b697ac6279bf65d13a3188b81da17fa542cbd991a status: experimental description: Detects traffic or activity related to https://gz8jlk0r.fr0stline.ru/?apikey=ynjvxhBwDGFrKFzD&activityId=1f8a19d7-1e7d-4c78-9fa3-8d068f6f0400&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://gz8jlk0r.fr0stline.ru/?apikey=ynjvxhBwDGFrKFzD&activityId=1f8a19d7-1e7d-4c78-9fa3-8d068f6f0400&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.93.200.163:43810/bin.sh id: auto-3260eb157da8d4365c1cd954f07f3ec8531ca9ae96db1f7db45dd3dafe1e6127 status: experimental description: Detects traffic or activity related to http://112.93.200.163:43810/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.93.200.163:43810/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.108.89.220:51237/i id: auto-9cba76855a0816195bdd332c9fb1175188cdedb079f40e5f6bfe44d8c14359c1 status: experimental description: Detects traffic or activity related to http://179.108.89.220:51237/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.108.89.220:51237/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.202.149:51491/bin.sh id: auto-cfcb4cf20edee07b639fd206f296aa1209b71dff44957ec7004ec910d0d699fb status: experimental description: Detects traffic or activity related to http://182.121.202.149:51491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.202.149:51491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.112.91:45416/bin.sh id: auto-115178cd46b7783d83e018cc225ab5ff34329154d8e3c806f45913bf7113b3de status: experimental description: Detects traffic or activity related to http://182.121.112.91:45416/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.112.91:45416/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.74.112.62:55295/i id: auto-3914322901eb1824959ef43c52b0b9d9c4af406476b7713850a15fa5b0bd7601 status: experimental description: Detects traffic or activity related to http://39.74.112.62:55295/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.74.112.62:55295/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.207.4.132:41298/bin.sh id: auto-e48d91f2bfdf7f27fe543f8766bfe40cb41de08840d967e6666db212508b0374 status: experimental description: Detects traffic or activity related to http://27.207.4.132:41298/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.207.4.132:41298/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.8.148:44813/bin.sh id: auto-fb1dd440c9f7540b57724cb22fc116fd30b749eb71996e36d9420f3693ec738f status: experimental description: Detects traffic or activity related to http://123.8.8.148:44813/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.8.148:44813/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.85/file/data.mipsel id: auto-873081f1a49e9a9ecb30630115c4c389e7919081e9eeb6df59d87956ff1e87e1 status: experimental description: Detects traffic or activity related to http://130.12.180.85/file/data.mipsel which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.85/file/data.mipsel*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/67947251/GggOlM1.exe id: auto-0f16db24fb38fbdd3df12e8a536b81c7a0b50792e73ec60de6f15fa2120f4a7b status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/67947251/GggOlM1.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/67947251/GggOlM1.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8191817615/kajT27I.exe id: auto-3877b37a4049709685c355481d8077119180b29b708ab956a11625c0f9efda83 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8191817615/kajT27I.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8191817615/kajT27I.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.124.29:50375/bin.sh id: auto-7142a0ebb94a61852ce4f641eeb38a215160c8cbcf417f169f8a4dba9f97fc51 status: experimental description: Detects traffic or activity related to http://78.165.124.29:50375/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.124.29:50375/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.182.160:36277/i id: auto-e0900b2993c237279904d4bddb0f7047fc7b4b1d5083515a62242f33324f6a3e status: experimental description: Detects traffic or activity related to http://42.232.182.160:36277/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.182.160:36277/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.233.41:35531/bin.sh id: auto-e183037e82b07951fed9641821887f37e6f0a0f56a5b553d0d8347df9afcb94a status: experimental description: Detects traffic or activity related to http://123.11.233.41:35531/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.233.41:35531/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6579614727/grjioqD.exe id: auto-8284121e66d777cb7f931443aae6e23141b613e060d2f2e03f131c8e251641f0 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6579614727/grjioqD.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6579614727/grjioqD.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/lowkey/b5d1hc id: auto-2266f10fcd5b714d6e9366d69aa6a86943433dea48cb00dba596cc21b466ef80 status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/lowkey/b5d1hc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/lowkey/b5d1hc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.221.211:33370/i id: auto-6151673d291fd4974d6067ee80efb57a64c61192cf9be6942bd15db9de469b63 status: experimental description: Detects traffic or activity related to http://182.112.221.211:33370/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.221.211:33370/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.182.160:36277/bin.sh id: auto-96ab5947fa465a31a7575427b5c2903d53f1a8b60e6019de60c5e853a97bcd0b status: experimental description: Detects traffic or activity related to http://42.232.182.160:36277/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.182.160:36277/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.46.201:36739/i id: auto-102286956cd25852a1e5c3877eeb726553d0d0740329f481f75275f15f76e7a4 status: experimental description: Detects traffic or activity related to http://125.43.46.201:36739/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.46.201:36739/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.112.221.211:33370/bin.sh id: auto-d12929abfa3d79e2308db0827cfd22e664ce04d98e848958e2875dd242bd51fa status: experimental description: Detects traffic or activity related to http://182.112.221.211:33370/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.112.221.211:33370/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:41100/i id: auto-0ec4932a4b6fd8f76180ff5f02dd2af99318a41db23a28c2514ff6d6ef1fa3cf status: experimental description: Detects traffic or activity related to http://110.36.0.116:41100/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:41100/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.120.166.0:49030/i id: auto-44dd381e47704d3ba35c3dbdde98a47a119670564a49ceb84f9b2a0c939fe350 status: experimental description: Detects traffic or activity related to http://182.120.166.0:49030/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.120.166.0:49030/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.43.46.201:36739/bin.sh id: auto-b9db8930a2ebf3cc736fc7b7d3fa012b5e7632a0605eee04edf19d126bb149dd status: experimental description: Detects traffic or activity related to http://125.43.46.201:36739/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.43.46.201:36739/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.45.148:44543/i id: auto-86f271b8c92be27d89b047a6bcdd88a6ec8e6566aa67394f19526d3966d15e73 status: experimental description: Detects traffic or activity related to http://110.37.45.148:44543/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.45.148:44543/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.42.218:57515/i id: auto-3c2f8ac8839ccabe61ee6cbb8a9ae4c87cf507ac8e71e55b4a371187ed7c5a9a status: experimental description: Detects traffic or activity related to http://175.148.42.218:57515/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.42.218:57515/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.21.224:34015/i id: auto-c0ae8ad9d2b393a6656eaacbdd42a3f879d6a7666875d87cf92ff961de02cc4c status: experimental description: Detects traffic or activity related to http://219.157.21.224:34015/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.21.224:34015/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.138.237:45304/i id: auto-11ca4fe20b822b555fb955e5e139342d170eb8ea4db3cbdb4b7a0a0b44e9d15e status: experimental description: Detects traffic or activity related to http://61.53.138.237:45304/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.138.237:45304/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.116:41100/bin.sh id: auto-49509d68e903e6bed0b8a3fa419fa3f5bf6657c7a3087ed8b3d11851b831f543 status: experimental description: Detects traffic or activity related to http://110.36.0.116:41100/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.116:41100/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.106.64.26:48552/i id: auto-f722920fbd2fd26dffe2bb7849f98a39cdf20bced591a6732d7c77db1d672510 status: experimental description: Detects traffic or activity related to http://79.106.64.26:48552/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.106.64.26:48552/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/lowkey/icevyf id: auto-d0796013558841c40841bf84689c787c01c6c356c14a0546ea8ecaf8377072fb status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/lowkey/icevyf which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/lowkey/icevyf*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/lowkey/jptqyo id: auto-b3fb2b18da460e3f3c6e79e2dba287d38708865a777c19afa6ed40d4ab8aa256 status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/lowkey/jptqyo which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/lowkey/jptqyo*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.156.129.146:49523/i id: auto-0c6dbdbed5e9a9ff8ae40eaffd458c921a782be98de95d0aa9d3b7e4cf4206ce status: experimental description: Detects traffic or activity related to http://219.156.129.146:49523/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.156.129.146:49523/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.148.42.218:57515/bin.sh id: auto-265c57614dd4ce7271d54abeebf23ab8ad73a8c8650c21faadb05461ba0ebc22 status: experimental description: Detects traffic or activity related to http://175.148.42.218:57515/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.148.42.218:57515/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.157.21.224:34015/bin.sh id: auto-ed7cf2a6702ae9ca29f1048b0f3998c3223f4e0e7390ea90efdbe214b73cae7b status: experimental description: Detects traffic or activity related to http://219.157.21.224:34015/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.157.21.224:34015/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.53.138.237:45304/bin.sh id: auto-f9c10622c1db5f5b834d707aa7dd242a6e91eec8d35ecdc8d24de4053a886e6f status: experimental description: Detects traffic or activity related to http://61.53.138.237:45304/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.53.138.237:45304/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.235.124:39690/i id: auto-77c266ddbc70a0cd453288eabb623c416d4867d10fbff651cb162492a8f88b04 status: experimental description: Detects traffic or activity related to http://42.238.235.124:39690/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.235.124:39690/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.236.74.65:43334/i id: auto-595d49f3c16666adc8b0d0876baeae6db4481c2bc43bc354d1e09b233f0ebe4b status: experimental description: Detects traffic or activity related to http://77.236.74.65:43334/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.236.74.65:43334/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://79.106.64.26:48552/bin.sh id: auto-ab5d6d28dc97bc03864db7f021a0db24a8c02878d39a43d808511b296d24e2e5 status: experimental description: Detects traffic or activity related to http://79.106.64.26:48552/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://79.106.64.26:48552/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.16.46:41264/i id: auto-5c7617ba0ac3e9ab41d06142f71eb5cc9755dd24d65a59078d6cbc7ed5ca0a6b status: experimental description: Detects traffic or activity related to http://27.202.16.46:41264/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.16.46:41264/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.251.172:46413/i id: auto-861861d2f42c81b39b8364058ecb684bc065661bbdf92d9ed562fdf3b1e8af63 status: experimental description: Detects traffic or activity related to http://115.49.251.172:46413/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.251.172:46413/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.25.21:34417/i id: auto-fcddf0e903cf36dce8c993c6147eb2ced6f3072738e63a5ffa166a0a97cb3830 status: experimental description: Detects traffic or activity related to http://115.52.25.21:34417/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.25.21:34417/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.202.16.46:41264/bin.sh id: auto-c8dfb0fe853174a0da25c7efa390febfbb6f8d754e9c543a108137f781cf4818 status: experimental description: Detects traffic or activity related to http://27.202.16.46:41264/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.202.16.46:41264/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://jprglro7.frostm1nd.ru/?apikey=GwMGqIKgIfVByFnU&activityId=74a62cd9-00ad-4e63-8c84-8ca28515ecdc&ocid id: auto-37cfca94089379a6c1184752b240f57932f72a6462a58de02b292085ddbe0bc7 status: experimental description: Detects traffic or activity related to https://jprglro7.frostm1nd.ru/?apikey=GwMGqIKgIfVByFnU&activityId=74a62cd9-00ad-4e63-8c84-8ca28515ecdc&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://jprglro7.frostm1nd.ru/?apikey=GwMGqIKgIfVByFnU&activityId=74a62cd9-00ad-4e63-8c84-8ca28515ecdc&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pxe51lm9.frostm1nd.ru/?apikey=upPHmSxZulnCgFaA&activityId=788b3606-debd-400f-9ef0-4481575c262b&ocid id: auto-d9cafe9e0357bc8259cef0ea97ca77df39b9dc014e0472a65c135be6f51d6e04 status: experimental description: Detects traffic or activity related to https://pxe51lm9.frostm1nd.ru/?apikey=upPHmSxZulnCgFaA&activityId=788b3606-debd-400f-9ef0-4481575c262b&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pxe51lm9.frostm1nd.ru/?apikey=upPHmSxZulnCgFaA&activityId=788b3606-debd-400f-9ef0-4481575c262b&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.128.108:50858/i id: auto-88e4f969a5e4f00a97e510b5ea3bc8457e7accf615f12d0f9449ff562d05de9e status: experimental description: Detects traffic or activity related to http://175.175.128.108:50858/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.128.108:50858/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.87.223:49874/i id: auto-0eeff1383dc51efdd829e82b9ae670f0c236302d57a7d40a67a3c70004a0b526 status: experimental description: Detects traffic or activity related to http://110.37.87.223:49874/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.87.223:49874/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.75.73:47268/i id: auto-1cb326826897c3014a8d3a9fb640f0a397cb4dd6441acc8985fad4c10499e632 status: experimental description: Detects traffic or activity related to http://175.174.75.73:47268/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.75.73:47268/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.251.172:46413/bin.sh id: auto-38433cda2f28750c9cce0163f7b509ca265419ff3ecfd957d8cb0df2eef60848 status: experimental description: Detects traffic or activity related to http://115.49.251.172:46413/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.251.172:46413/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.25.21:34417/bin.sh id: auto-b081fddb85d7e7434bad458a1e17b44afb3e89f5d810577e0d37d8b28aa6c610 status: experimental description: Detects traffic or activity related to http://115.52.25.21:34417/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.25.21:34417/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.29.156:57428/i id: auto-2b7801d70235a0d734d14e4fb7406422980036e4816ccd6d410959064c9b91b2 status: experimental description: Detects traffic or activity related to http://110.37.29.156:57428/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.29.156:57428/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.193.61.226:34661/i id: auto-1fd43d8dab5d7a507ba812f36fdb9c75fed75f1917f84724a1a0ace6b05d17aa status: experimental description: Detects traffic or activity related to http://27.193.61.226:34661/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.193.61.226:34661/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.174.75.73:47268/bin.sh id: auto-75ae4d01ae21ff12e51b360548ed7a9079f37da8ff866edf4c03fc3e57c67c82 status: experimental description: Detects traffic or activity related to http://175.174.75.73:47268/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.174.75.73:47268/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.33.206:37718/i id: auto-7a1e4b9c3c70892baafe11f2f7beefad46e0c06a002fed20ac391fa85bfa90a7 status: experimental description: Detects traffic or activity related to http://110.37.33.206:37718/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.33.206:37718/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.117.80:59377/i id: auto-e80ac8cae0cd395464f9d0a90b449c3b23a83902125f42ead637f7aaf5dff13c status: experimental description: Detects traffic or activity related to http://182.126.117.80:59377/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.117.80:59377/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.29.156:57428/bin.sh id: auto-5e9e316a02f2bf26fa3b2efe9552f19bc478b56f09ccb369416e2b6f3e174364 status: experimental description: Detects traffic or activity related to http://110.37.29.156:57428/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.29.156:57428/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/3Mn8w93.exe id: auto-8f4d28a7e95176125fa9bbf6ea625eabe8fadd0a49f246309fc4bdef6ba15885 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/3Mn8w93.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/3Mn8w93.exe*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.159.7:48381/bin.sh id: auto-01e1b43785210b0c4238760f74f852bd9bd378fd9adf7dcb9ca17cf06ed55a44 status: experimental description: Detects traffic or activity related to http://123.5.159.7:48381/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.159.7:48381/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.33.206:37718/bin.sh id: auto-aee5b08cb3ac54294f31cda304331376226a386bf98d750137c8736dde8c781f status: experimental description: Detects traffic or activity related to http://110.37.33.206:37718/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.33.206:37718/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.152.4:59514/i id: auto-caed47e443e3745c8022ed3069f29ffedf6c310639452f89e01406ad8692d43a status: experimental description: Detects traffic or activity related to http://42.239.152.4:59514/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.152.4:59514/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.126.117.80:59377/bin.sh id: auto-54a0bb2ff622afb6ada1a5dc4c9584a3d8c34b29224035fb550791afb89acf4f status: experimental description: Detects traffic or activity related to http://182.126.117.80:59377/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.126.117.80:59377/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.175.179:44612/i id: auto-1532f63e38a3795a35077dd2ba0ed8695c8d591f0df0bee34023258c4ae71452 status: experimental description: Detects traffic or activity related to http://123.8.175.179:44612/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.175.179:44612/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.254.136:42556/i id: auto-cc641e62fb2735ae3581bea8ed0ebb328ee1ef1174fb04d0913e7cab97da0462 status: experimental description: Detects traffic or activity related to http://42.55.254.136:42556/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.254.136:42556/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.68.162.38:51296/bin.sh id: auto-718f330c8320de18d48ace0078e00e93307142a46122827b522d5284772900fc status: experimental description: Detects traffic or activity related to http://116.68.162.38:51296/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.68.162.38:51296/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.152.4:59514/bin.sh id: auto-db7324b70e029654027f0d0235551954c2f71275c68f25c7bda46ac70c1e839c status: experimental description: Detects traffic or activity related to http://42.239.152.4:59514/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.152.4:59514/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.89:50600/i id: auto-8a23a7ba0a7a556afcecc8ae41dd6df274dd7c0748ee6a9dff32e9cc555adddc status: experimental description: Detects traffic or activity related to http://110.37.35.89:50600/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.89:50600/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://y9eygjch.skym0ti0n.ru/?apikey=wnBAHbRnCvJWuzkH&activityId=5acf74aa-c7a8-4e14-a873-66c9569742a9&ocid id: auto-77de84dce41b53491a33b8ff2947458c2b528ec13e433e6c21d04aaaa358d9cb status: experimental description: Detects traffic or activity related to https://y9eygjch.skym0ti0n.ru/?apikey=wnBAHbRnCvJWuzkH&activityId=5acf74aa-c7a8-4e14-a873-66c9569742a9&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://y9eygjch.skym0ti0n.ru/?apikey=wnBAHbRnCvJWuzkH&activityId=5acf74aa-c7a8-4e14-a873-66c9569742a9&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ej7lqmwt.skym0ti0n.ru/?apikey=xRCMnwWFGZvCsmqv&activityId=a1e1f5e1-7dbf-495f-a640-e7502bcde28c&ocid id: auto-72af6ed5cbfd71df1fd120118462fca49ab5fff1af51496855628e7819ab6c10 status: experimental description: Detects traffic or activity related to https://ej7lqmwt.skym0ti0n.ru/?apikey=xRCMnwWFGZvCsmqv&activityId=a1e1f5e1-7dbf-495f-a640-e7502bcde28c&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ej7lqmwt.skym0ti0n.ru/?apikey=xRCMnwWFGZvCsmqv&activityId=a1e1f5e1-7dbf-495f-a640-e7502bcde28c&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.8.175.179:44612/bin.sh id: auto-b8262ef4fde72a6e51d13bbe7659896c08d3bf8099989e2df8b771dcd781b087 status: experimental description: Detects traffic or activity related to http://123.8.175.179:44612/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.8.175.179:44612/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.1.231:50741/bin.sh id: auto-4fd49cdbb50ecd106f9ffe91a59ded4d0d781f24e7dc795cec47e4f376b23fc3 status: experimental description: Detects traffic or activity related to http://42.224.1.231:50741/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.1.231:50741/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.55.254.136:42556/bin.sh id: auto-d3add4d94fda1ea6c4ca41e7750bc2c943cfee7e8bcd9dd48eb5757bced91e27 status: experimental description: Detects traffic or activity related to http://42.55.254.136:42556/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.55.254.136:42556/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.132/bins/a.sh id: auto-dbc5a5e2da21ef46f8bb655d24731effaaae04937572d022d1c6fc5d643beadf status: experimental description: Detects traffic or activity related to http://130.12.180.132/bins/a.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.132/bins/a.sh*' condition: selection level: high tags: - attack.t1596 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/arm7 id: auto-e1338a6aa4b1513b4d3dd303eb6ddaa3ea04877d9e22575f8a650740008c936b status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/arm4 id: auto-8329575f1ccc88616d1c7209347d8e76df78bcb9c48071f0ed22cf29536a8150 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/arm4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/arm4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/arm6 id: auto-3fd6738f8c8863d8940ea5a0918144ec7c7e2a13ad4e4591df7cc40e22e1a786 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/x86_64 id: auto-0db71807a5227d504421d6c3234ab56876698c0658d9dfbbd1ab2fee8bf0762d status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/mips id: auto-dcfb7c8f141e9394c55a28b3acceb86761c4adbabe4453b543adb031ba0f6d2a status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/m68k id: auto-9c4e4e7b38b70c9b4a9b2f26acc25fd3cf2cec3e38d2a98e100f6bb87f093c7c status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/x86 id: auto-9442db7835733654252f0370d5276ba6130c3744fdfdbf9a0ddffea36eb0f2ab status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/sh4 id: auto-227a253f33b3205fdb2a9d43a382275c036d4ced70df15a51028d6716bc7ccd9 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/ppc id: auto-0d0cd838ba8b31476de4d77bf4e562c221d6801edf10ff1759f37959e755d599 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/arm5 id: auto-6beb24f08ac29a933d1a83f16afd41b48c45ea50f8695efcf41f2d1849993890 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/mpsl id: auto-49aa269bc506e9adc34228eff4e4887ff2a06d9c0c4d42760a3ce0a79caa359f status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/spc id: auto-fa8358bf03a8f083756b1e6647933c8a1438b4db613bda44bc71cd19a7889e23 status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.49.77:43065/i id: auto-f55bfa91cff00860416dd1cd5809f7535a8f27320dafe196ca3d3edc361ba12f status: experimental description: Detects traffic or activity related to http://182.121.49.77:43065/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.49.77:43065/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.227.0:42749/bin.sh id: auto-a295a81bfcc1b82acf3a480bb3209eeca8b7df9c6860fd60d8cf2089604805f2 status: experimental description: Detects traffic or activity related to http://125.41.227.0:42749/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.227.0:42749/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.171.173:51415/bin.sh id: auto-a33028d5202029b5b2b67f7cb87a8cc95c6fc75f94fdc83cf74ab9c1b84cc3ce status: experimental description: Detects traffic or activity related to http://182.124.171.173:51415/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.171.173:51415/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://175.175.73.108:45367/i id: auto-18532fc926854e53246918ef23436433b861c182cdb64a7d8a6803f243f7c271 status: experimental description: Detects traffic or activity related to http://175.175.73.108:45367/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://175.175.73.108:45367/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7992210799/c94b76d.exe id: auto-7be7db016b721fb08a2f2023d9b71afddf5d2c7edfdaf209091154eaf454bc66 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7992210799/c94b76d.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7992210799/c94b76d.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.233.42:52098/i id: auto-e08edaac0fa4cd32ed2bcf8a2ffa9765e96884be03d46ce4d9f5207a89abacb5 status: experimental description: Detects traffic or activity related to http://182.113.233.42:52098/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.233.42:52098/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.248.35:56472/bin.sh id: auto-33244e4aad3604cc19aa69fdfa65c308eb84f1952f44985db9d2900e7f6c248a status: experimental description: Detects traffic or activity related to http://182.114.248.35:56472/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.248.35:56472/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.27:41748/bin.sh id: auto-e57bfd94a437a50a4f604d05ba7b70ad177a2c08afe723d256b739920113c184 status: experimental description: Detects traffic or activity related to http://110.37.61.27:41748/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.27:41748/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ervy2cgl.deepc0ve.ru/?apikey=BAGtRXIaHMZvSVcN&activityId=f9a4278c-b19f-462a-82bb-c70cd72e8858&ocid id: auto-7a0c361ebf3e019ae07fe2ceca43639d28a19f0ed4ba795aadd2574898b5a28b status: experimental description: Detects traffic or activity related to https://ervy2cgl.deepc0ve.ru/?apikey=BAGtRXIaHMZvSVcN&activityId=f9a4278c-b19f-462a-82bb-c70cd72e8858&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ervy2cgl.deepc0ve.ru/?apikey=BAGtRXIaHMZvSVcN&activityId=f9a4278c-b19f-462a-82bb-c70cd72e8858&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://uy8h00ja.deepc0ve.ru/?apikey=NscXFgdBGKzFJhLu&activityId=7672b4e2-02f9-47f6-b15c-8f5d66c7d937&ocid id: auto-db9290a1c2bd9dbc3c87a71a8ff9467940e8f5f2a4ddfd7558d6e429ba4c1e0e status: experimental description: Detects traffic or activity related to https://uy8h00ja.deepc0ve.ru/?apikey=NscXFgdBGKzFJhLu&activityId=7672b4e2-02f9-47f6-b15c-8f5d66c7d937&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://uy8h00ja.deepc0ve.ru/?apikey=NscXFgdBGKzFJhLu&activityId=7672b4e2-02f9-47f6-b15c-8f5d66c7d937&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.15.234:51066/i id: auto-3c9c2d403473961d4fbcdac8ca1d255689758c4fe783c0dc11b1b0bcd1b3b7e0 status: experimental description: Detects traffic or activity related to http://115.63.15.234:51066/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.15.234:51066/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.191/LOLI/linux.arm id: auto-a35838bbd612f7bc222b8aaab9c35bc67ff4d9a1b28937b026c6b1b29b71295a status: experimental description: Detects traffic or activity related to http://87.121.84.191/LOLI/linux.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.191/LOLI/linux.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.233.42:52098/bin.sh id: auto-917aceeb4ed7ece8c5683954c86f6f6a541fc8ab0a85174d6104acda406572da status: experimental description: Detects traffic or activity related to http://182.113.233.42:52098/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.233.42:52098/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://87.121.84.191/LOLI/linux.arm7 id: auto-0055367c16eef33b470d60d66c0bf3c73f8019419b278e98f9fcd0407d1828d4 status: experimental description: Detects traffic or activity related to http://87.121.84.191/LOLI/linux.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://87.121.84.191/LOLI/linux.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.44:47582/i id: auto-8bb250074d7d2ffb5f31b79e7abd101cf8064bc12f60325bbce1a9c98ea9184e status: experimental description: Detects traffic or activity related to http://110.37.61.44:47582/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.44:47582/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/7962035122/hlLoG78.exe id: auto-3c0605d99a11fe3e5bc15edb8c6f7f6b349ff39b782d48d3f7c1e5bf6e052d25 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/7962035122/hlLoG78.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/7962035122/hlLoG78.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1318666823/iq7glAE.exe id: auto-7109ee05032304ecbb90e86bc11e324daff633234428e2601d7bea969dc1bcdd status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1318666823/iq7glAE.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1318666823/iq7glAE.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.44:47582/bin.sh id: auto-9ba02ec8a21e1f965621115a35d9193606502ec4e05e490f5c5985b66a79cf89 status: experimental description: Detects traffic or activity related to http://110.37.61.44:47582/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.44:47582/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.210.164:46348/i id: auto-17ea26683ffe0d18cf8278ea71f973f470678e85ecad98424b90bc9d8345c7fa status: experimental description: Detects traffic or activity related to http://182.123.210.164:46348/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.210.164:46348/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.134.161:60335/bin.sh id: auto-cfe54d884fd5dd628d86fa548e5dd26442d79d7ab306719031dad788e64883aa status: experimental description: Detects traffic or activity related to http://115.58.134.161:60335/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.134.161:60335/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.50.61:48497/i id: auto-f08c50281e00c7b8766c47dcac9bbedf0f938326707e9dec40749a370136da0f status: experimental description: Detects traffic or activity related to http://182.121.50.61:48497/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.50.61:48497/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.184.124:56090/i id: auto-4f794688a7065edf18898992a703c1ab5b80133111e45ff7f318630af5cb97bc status: experimental description: Detects traffic or activity related to http://123.14.184.124:56090/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.184.124:56090/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://107.175.242.93/02.08.2022.exe id: auto-965d57e833617ac606c76b6ef03b583202d6e7f968e48e53d620d02f480c4545 status: experimental description: Detects traffic or activity related to http://107.175.242.93/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://107.175.242.93/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.228.24.38:4444/02.08.2022.exe id: auto-c7083f0ac135186e1f1c134b2f0297c571b0b751a0b71b1087793cda72dde2f3 status: experimental description: Detects traffic or activity related to http://111.228.24.38:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.228.24.38:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://47.105.55.111:8888/02.08.2022.exe id: auto-894ca7498da6a776136674e96745baa9061f51f9ad06f6f239d2039ade738c2c status: experimental description: Detects traffic or activity related to http://47.105.55.111:8888/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://47.105.55.111:8888/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.94.108.127:8081/02.08.2022.exe id: auto-b6dede2d8ac9252d93cdfdc58c0357e2830dad1a3542650f98a6437c77d1ec92 status: experimental description: Detects traffic or activity related to http://1.94.108.127:8081/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.94.108.127:8081/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://101.42.138.122/02.08.2022.exe id: auto-e9bc7c1fdaf88ad306b520a5740cc9ecf11f3901221ef5882d632db983741035 status: experimental description: Detects traffic or activity related to http://101.42.138.122/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://101.42.138.122/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.12.231.30:8080/02.08.2022.exe id: auto-4ef9fcf87ed061ccba87d028bc34685a3ab7fc3c8bbdac5e403d48f7f1428078 status: experimental description: Detects traffic or activity related to http://1.12.231.30:8080/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.12.231.30:8080/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://202.56.160.190/02.08.2022.exe id: auto-30d928e19e28d39768a7ef8a11c0d8c923ee9f8f63ebb603e6f57c884520e93a status: experimental description: Detects traffic or activity related to http://202.56.160.190/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://202.56.160.190/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://217.60.6.187/02.08.2022.exe id: auto-ea94b7c2340b1f7bf9a22ab54210b6291373070963507a75d48b511e506649d6 status: experimental description: Detects traffic or activity related to http://217.60.6.187/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://217.60.6.187/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.145.52.163:4444/02.08.2022.exe id: auto-a8f00c73bc3fc3416b52c3eefd417d2895563d27db76c02ef03e5150031fac6b status: experimental description: Detects traffic or activity related to http://209.145.52.163:4444/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.145.52.163:4444/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://209.145.52.163:443/02.08.2022.exe id: auto-34f0639c99581c6ab6839e6c4541b161c07379984a394afa39951ec277c76458 status: experimental description: Detects traffic or activity related to http://209.145.52.163:443/02.08.2022.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://209.145.52.163:443/02.08.2022.exe*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://37.255.209.158:3322/i id: auto-7e14bb9309ebe4664743828ba245fccf5a2e11bcc8bd87c4f21898d80188b48e status: experimental description: Detects traffic or activity related to http://37.255.209.158:3322/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://37.255.209.158:3322/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.239.200.139:64329/i id: auto-fab71e71091e12ef2729246413904c9f8ddc5f8db60edea2779a9499117c6a4c status: experimental description: Detects traffic or activity related to http://5.239.200.139:64329/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.239.200.139:64329/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://89.44.183.143:18704/i id: auto-f7dac5054ea47398d6a32d47f4447920a986421dc2ac47d384a3d97c55ad8aa6 status: experimental description: Detects traffic or activity related to http://89.44.183.143:18704/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://89.44.183.143:18704/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://77.29.60.243:26181/i id: auto-b43ef5189d459750ed3719d6c666ab3111e85ce200bd0096371f84fc20c61d3f status: experimental description: Detects traffic or activity related to http://77.29.60.243:26181/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://77.29.60.243:26181/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.221.59.121:6005/i id: auto-2dad011c5bfb4e0c0e2c806a62bd83e9479d9fda1f2cea853d9196480554366c status: experimental description: Detects traffic or activity related to http://113.221.59.121:6005/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.221.59.121:6005/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://151.235.236.71:4851/i id: auto-22d0b65ce45b418d41a1acba21f711a538cefbddfe14e8e285465bc1ecf4b4ce status: experimental description: Detects traffic or activity related to http://151.235.236.71:4851/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://151.235.236.71:4851/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.226.139.149:8166/i id: auto-9b841bb31975bb811d26d1f7a759aae3995b4df529573c7fe6bf63a2b31ce8bc status: experimental description: Detects traffic or activity related to http://14.226.139.149:8166/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.226.139.149:8166/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://195.32.18.58:5296/i id: auto-8d24b172d2d54dfd57884fa7f7c675da5475084757e7a5e9c6183b3e2a5ddcc4 status: experimental description: Detects traffic or activity related to http://195.32.18.58:5296/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://195.32.18.58:5296/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.78.32.67:31766/i id: auto-d30f675fc4dc8b895c169a4c84b4d57ef65e243a3ca16b3034165406bfecb5a0 status: experimental description: Detects traffic or activity related to http://178.78.32.67:31766/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.78.32.67:31766/i*' condition: selection level: high tags: - attack.t1595 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://178.130.46.39/Documents/lol.lnk id: auto-ad6d8a43cce1ce12bc2756ea9338eb81dcb40915cb053483977f3118cffb18e1 status: experimental description: Detects traffic or activity related to http://178.130.46.39/Documents/lol.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://178.130.46.39/Documents/lol.lnk*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.183.51.249:8082/sshd id: auto-09bbec351b10f66cb0bcc1c7e9589098eb43fca0077ffb6a73e83907d52114a1 status: experimental description: Detects traffic or activity related to http://14.183.51.249:8082/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.183.51.249:8082/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.77.185:85/sshd id: auto-8b2f4c00617cf3a6fe8040dc30c32607edea0ca0db82bae29d3ddbe302029988 status: experimental description: Detects traffic or activity related to http://123.209.77.185:85/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.77.185:85/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://14.245.186.19/sshd id: auto-911c77de6f2afee328ff7b44ec35b86db065217cd33642838a7399fa58269c1a status: experimental description: Detects traffic or activity related to http://14.245.186.19/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://14.245.186.19/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.209.77.185:86/sshd id: auto-93762ae4854576d6b6b676d6bf34a7da0197066ce1337a501f39708a90c3cc0d status: experimental description: Detects traffic or activity related to http://123.209.77.185:86/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.209.77.185:86/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.186.163.91:8080/sshd id: auto-004dbbcb22d9487fc709ab575b1ea39d253e15794273a0bd994fdf2f61eac153 status: experimental description: Detects traffic or activity related to http://58.186.163.91:8080/sshd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.186.163.91:8080/sshd*' condition: selection level: high tags: - attack.t1543 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.221.182:43797/i id: auto-709b98e515e8293fb558e806798a748ed16314bd1d9a4a699ed4e0098606f675 status: experimental description: Detects traffic or activity related to http://110.38.221.182:43797/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.221.182:43797/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.arm5 id: auto-e8b06e0c438567d11b4d3c1f1e90e4faec01c47d54a0e4fcb4ed94f6f2f85e01 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.ppc id: auto-74660c32d05fc581c5496a20824f257483c47154d1f063a3e2f7fb1b7223a30b status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.mpsl id: auto-66da38793d42c13de1ba589e3f4c3e80593d496071f5dba90a4143e5b22cf15d status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.arm7 id: auto-bde7ebd16718796edf88e4482e2c359bd875140d97398b7ae5a9268d1f2cd823 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.arm id: auto-a8e422bd3ff5125256b41bac5e166448371078f05273589d1f2f2969ca4d24ea status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.sh4 id: auto-467892b6e867420db64dd14a7a3bedca09f0391baeb928392a39099ee181a8ea status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.arm6 id: auto-500d43b026be00e7359598db0a95dddff5896a1684e94e4fd5d494f9ea8a7502 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.x86 id: auto-6ed19eb5a1cc4c31c5ea90697b157aa8cf1d21074673ccc8bfbd6616cd3eba2e status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.mips id: auto-3311390decff549b59146533390efe98af83813b029b03a5be3a06c68da1e055 status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://134.209.96.175/hiddenbin/boatnet.m68k id: auto-44f77c157b6e6f3559fd511db4958fb3ffa8187d554d47ac6ae27ad679b57cba status: experimental description: Detects traffic or activity related to http://134.209.96.175/hiddenbin/boatnet.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://134.209.96.175/hiddenbin/boatnet.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.37.228:49975/i id: auto-51fbc77eb4c7b7e2c478b7d3cfc32f9888848d4f62ef8d31a10c20622f9f8b1c status: experimental description: Detects traffic or activity related to http://42.230.37.228:49975/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.37.228:49975/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.74.223:57892/i id: auto-6bf72caa0ede4d1fb449f9e82666c9d091976535ac40a9c713913fadfb45f8d2 status: experimental description: Detects traffic or activity related to http://222.141.74.223:57892/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.74.223:57892/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.248.143:36276/i id: auto-4761aee2989abe660d9158fdf9909628c9d612dffae18c53cd5eee2370031744 status: experimental description: Detects traffic or activity related to http://115.63.248.143:36276/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.248.143:36276/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.50.61:48497/bin.sh id: auto-60c813d08e3a3fa2a5c7a586f6b3860442e4595ab15d2e87b6b60f4ba0fa11a2 status: experimental description: Detects traffic or activity related to http://182.121.50.61:48497/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.50.61:48497/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.184.124:56090/bin.sh id: auto-1b0d645988454cc402fcd834d35a443003a5837f0b4a54a751623c6049993ad4 status: experimental description: Detects traffic or activity related to http://123.14.184.124:56090/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.184.124:56090/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.216:42976/i id: auto-a47c67e756e7c372ad0f1f194df52c2488d739193f6080cc5ed56153acf60ed8 status: experimental description: Detects traffic or activity related to http://110.37.35.216:42976/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.216:42976/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.230.37.228:49975/bin.sh id: auto-839784fcb8a71eec17a1bfdca9bab7e80fcbe5c3a5b1a9001b0d9f4db88459b0 status: experimental description: Detects traffic or activity related to http://42.230.37.228:49975/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.230.37.228:49975/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.41.227.0:42749/i id: auto-a4a2b804589e0973ee929db0d2aaff24e92ef7e4615af045494fba091ca63684 status: experimental description: Detects traffic or activity related to http://125.41.227.0:42749/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.41.227.0:42749/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.221.182:43797/bin.sh id: auto-aadc354967f25189fb0cf1b2d25842a2542003f23d3fb0bdde0dd56daa9775da status: experimental description: Detects traffic or activity related to http://110.38.221.182:43797/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.221.182:43797/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.74.223:57892/bin.sh id: auto-74f7ce11f8c47c38c66e6dc45212b9da292c8007ae6782259da9675979f70f59 status: experimental description: Detects traffic or activity related to http://222.141.74.223:57892/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.74.223:57892/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://27.215.182.213:50106/bin.sh id: auto-5ed236d23f4d50bfd71aa9413d53d3855d718391f8b075ce09a08506cb97b22c status: experimental description: Detects traffic or activity related to http://27.215.182.213:50106/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://27.215.182.213:50106/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.35.216:42976/bin.sh id: auto-be3c30554a62ed79df690a1a339c93ef517702d75f60e5484f12fa210a8c6ccf status: experimental description: Detects traffic or activity related to http://110.37.35.216:42976/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.35.216:42976/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.194.168:46231/bin.sh id: auto-f53fdfa6353a9668bc67abe177217467fddc68375eb18744aafacaac0b058336 status: experimental description: Detects traffic or activity related to http://115.57.194.168:46231/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.194.168:46231/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.241.87.182:50985/bin.sh id: auto-165e8ecf612b2e59c356ec1e61ac2672c31a5c9319cbeeb24cbaaffd3f3435ad status: experimental description: Detects traffic or activity related to http://117.241.87.182:50985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.241.87.182:50985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.16.24:38330/bin.sh id: auto-fdc31704a20af3a27d8e0315d46f29ea7a5cefd023ab18d3ee0b4882d30dd100 status: experimental description: Detects traffic or activity related to http://180.191.16.24:38330/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.16.24:38330/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zn3foc66.skyc0rest.ru/?apikey=rAJFHBvFjkiaJKUp&activityId=4ae5b69f-cd3b-46d4-a624-3fb0f62ac240&ocid id: auto-4eb770cce25a92c5970a1ee6db06a08e28607ac0069986c3cf3e1b740bd09181 status: experimental description: Detects traffic or activity related to https://zn3foc66.skyc0rest.ru/?apikey=rAJFHBvFjkiaJKUp&activityId=4ae5b69f-cd3b-46d4-a624-3fb0f62ac240&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zn3foc66.skyc0rest.ru/?apikey=rAJFHBvFjkiaJKUp&activityId=4ae5b69f-cd3b-46d4-a624-3fb0f62ac240&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://vhe65fgx.skyc0rest.ru/?apikey=UBzwzujeIFOcdrWw&activityId=37225c23-9c14-410b-83fa-e3360fb6b688&ocid id: auto-3846d4b87b67fd7e47332fc6ce7394583a1985ad8e5691e789aff9a3285aa3bd status: experimental description: Detects traffic or activity related to https://vhe65fgx.skyc0rest.ru/?apikey=UBzwzujeIFOcdrWw&activityId=37225c23-9c14-410b-83fa-e3360fb6b688&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://vhe65fgx.skyc0rest.ru/?apikey=UBzwzujeIFOcdrWw&activityId=37225c23-9c14-410b-83fa-e3360fb6b688&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://ixwuvljz.windb1rd.ru/?apikey=dxpBdJrVbjlBARuC&activityId=6c6cd4ed-ccc5-49d6-b650-a52a11ee201a&ocid id: auto-ca2f7c5a2a3b8f858dd2b2df0739125a7b0c17f80c74d82e3726182349d8b21d status: experimental description: Detects traffic or activity related to https://ixwuvljz.windb1rd.ru/?apikey=dxpBdJrVbjlBARuC&activityId=6c6cd4ed-ccc5-49d6-b650-a52a11ee201a&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://ixwuvljz.windb1rd.ru/?apikey=dxpBdJrVbjlBARuC&activityId=6c6cd4ed-ccc5-49d6-b650-a52a11ee201a&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://xndpt67e.windb1rd.ru/?apikey=VTLjQgxMJQrAgqQt&activityId=2c317f4e-0f5e-4263-be8c-dae19c8543ca&ocid id: auto-788d8002138bbccb5c409483d70552bfc1c659dc8bb82a14fb4d4f284ebb4a99 status: experimental description: Detects traffic or activity related to https://xndpt67e.windb1rd.ru/?apikey=VTLjQgxMJQrAgqQt&activityId=2c317f4e-0f5e-4263-be8c-dae19c8543ca&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://xndpt67e.windb1rd.ru/?apikey=VTLjQgxMJQrAgqQt&activityId=2c317f4e-0f5e-4263-be8c-dae19c8543ca&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8349460841/Q7Yekz3.exe id: auto-e2410b4b5e3cf8e57eb0c3ae88d8015e9ffcc2b0a25c7e41b5597d0b4aae894e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8349460841/Q7Yekz3.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8349460841/Q7Yekz3.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.5.52.96:42115/i id: auto-d9cd8bbef43d6b5546569636462015946dbff902906d9913816c493317c3057e status: experimental description: Detects traffic or activity related to http://42.5.52.96:42115/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.5.52.96:42115/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.86.61.185:40072/bin.sh id: auto-0ee0790864628fe4e11e66b6a36049f6be7d302b93345bb77875e536f0b36b32 status: experimental description: Detects traffic or activity related to http://42.86.61.185:40072/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.86.61.185:40072/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.49.242:44088/i id: auto-04afc7a145511923ade7ff8ff3c9d9e1a6e6acaa6b838c44cda3f0649f25ff75 status: experimental description: Detects traffic or activity related to http://222.127.49.242:44088/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.49.242:44088/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:39612/i id: auto-0a509a6eda1ec183a7cee0daf47f2e551eb9d909efbaad550a20c41fc87beec1 status: experimental description: Detects traffic or activity related to http://110.36.15.184:39612/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:39612/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://75.20.188.106:59244/i id: auto-459c82ffe7069ea6497320f276a109715f016a1a17c1c3240c406ac3b1e7fb7b status: experimental description: Detects traffic or activity related to http://75.20.188.106:59244/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://75.20.188.106:59244/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://75.20.188.106:59244/bin.sh id: auto-cec03cd2394685dd42b6d1f8b921346ae08bb2e54dbae62937c2c0702d8ccc74 status: experimental description: Detects traffic or activity related to http://75.20.188.106:59244/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://75.20.188.106:59244/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.200.128:57270/i id: auto-ee5443ae9805aa4c19a60319e57e299a8b0d4b6ab5f8dfc8e1f38f248cba5eb5 status: experimental description: Detects traffic or activity related to http://115.63.200.128:57270/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.200.128:57270/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.117.96:57918/i id: auto-a32f832dddd44dfe85c1f2189dcf93492ad13b9e9b6d8073370feb5894010be8 status: experimental description: Detects traffic or activity related to http://115.61.117.96:57918/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.117.96:57918/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.117.96:57918/bin.sh id: auto-133ddfb67fe046822d21bcf1dc78eb2265766d3ee01b8928aa1eb60b67e4ecb7 status: experimental description: Detects traffic or activity related to http://115.61.117.96:57918/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.117.96:57918/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.43.172:58340/i id: auto-52ec9a9c05b8ee216bdf62cc2239cdc222f18eee5f057c7cc254b4d21dd2ab34 status: experimental description: Detects traffic or activity related to http://182.121.43.172:58340/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.43.172:58340/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.249.91:60952/i id: auto-a462245b6b45aebce446752d527760ebd5b28cf6d15ef616453dc4bba718efd9 status: experimental description: Detects traffic or activity related to http://59.184.249.91:60952/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.249.91:60952/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.243.143.16:57025/i id: auto-3a87363d71a8b53988d9d3d888711dd72928d160f6514bba1fa2c5ae4a96b577 status: experimental description: Detects traffic or activity related to http://61.243.143.16:57025/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.243.143.16:57025/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.49.242:44088/bin.sh id: auto-844f1f69a8f85f49071a17f47da7ccd8c3f6a0ac6eb9922b29e7cd7d682289fb status: experimental description: Detects traffic or activity related to http://222.127.49.242:44088/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.49.242:44088/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.15.184:39612/bin.sh id: auto-5a942d9dfcd8f4e925ad52264981541dfcca14afedc904db0aeb61c15c6c1c96 status: experimental description: Detects traffic or activity related to http://110.36.15.184:39612/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.15.184:39612/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.63.200.128:57270/bin.sh id: auto-e519e0f7235162b4cbf6991bd6654a56994b516b159ffdc8372c630a17cedd03 status: experimental description: Detects traffic or activity related to http://115.63.200.128:57270/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.63.200.128:57270/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://hostphpwindowsdriversappssi.duckdns.org/Nueva%20carpeta/VmDocumentos.txt id: auto-f591573c696cbb817bdd5b2308e9c067519aa8bfdf84469ed0087fa75254aebe status: experimental description: Detects traffic or activity related to http://hostphpwindowsdriversappssi.duckdns.org/Nueva%20carpeta/VmDocumentos.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://hostphpwindowsdriversappssi.duckdns.org/Nueva%20carpeta/VmDocumentos.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://archive.org/download/optimized_msi_20251227/optimized_MSI.png id: auto-e4f4040e6767e13699c0984a53ab6f6c3e15b425f42c3b21349700121402febe status: experimental description: Detects traffic or activity related to https://archive.org/download/optimized_msi_20251227/optimized_MSI.png which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://archive.org/download/optimized_msi_20251227/optimized_MSI.png*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/01hhn3.bat id: auto-f634c54146a1c8b3aca61cc9ece47a84460a0008ac654ea66483b22aa1b40f67 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/01hhn3.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/01hhn3.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/pxznk9.bat id: auto-84c953780f08d2748ef21b3da538a711df9c2c273f33743769d60cb7b2231f36 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/pxznk9.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/pxznk9.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/nzct1p id: auto-deed739bf526f490ae337ddfa08ebfa7260c9dd2a984e0f8c576e13222db81c0 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/nzct1p which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/nzct1p*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.184.249.91:60952/bin.sh id: auto-5fdbeb1234ca0461b0395cd32348b15ec66aed0084b0adfc14bd6b23db0e6503 status: experimental description: Detects traffic or activity related to http://59.184.249.91:60952/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.184.249.91:60952/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/dz446t.txt id: auto-816958d69fa1982cb7811510fb2df7cbd5718f4c8c4df6b1441cc835628aeec5 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/dz446t.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/dz446t.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/s8ydiw.txt id: auto-9071e73ee4b80b14ad901552d6f859156b3a64fbf8891753fce0151b4dc6157e status: experimental description: Detects traffic or activity related to https://files.catbox.moe/s8ydiw.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/s8ydiw.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/yidxpq.bat id: auto-d4d7a259ef7524fa82389c2151a2c17d83af61f7dfb7093abee5b7b38e4dbcd6 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/yidxpq.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/yidxpq.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/bo803s.dll id: auto-e4f76c946a9677098b71dd74576edd3b4f06c7e821c870c76b71adbc1b8821ab status: experimental description: Detects traffic or activity related to https://files.catbox.moe/bo803s.dll which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/bo803s.dll*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/lx8y2c.bat id: auto-50d7d120881748e33a710967289fd784d84a65b4023558c29782a78c7b8aa07b status: experimental description: Detects traffic or activity related to https://files.catbox.moe/lx8y2c.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/lx8y2c.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/r2m1n9.bat id: auto-cf2d626f927293bd2a47a964d664a83ebbc23281e9efffb88dfdf989eeb27332 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/r2m1n9.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/r2m1n9.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/fk9zbn.txt id: auto-44ce3cb8433cdfa473b2667adb4da071f6f57d14aadf8cd8abf2cc5235fae670 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/fk9zbn.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/fk9zbn.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/s4truz.cmd id: auto-a9599247839baa885cdad3799cd7bd766374218cb983d536db837870f28e8938 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/s4truz.cmd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/s4truz.cmd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/8mf206.bat id: auto-b5cd3aa20510a2394baf9a3f8169678988cea23f99724320c24eb9b54b31690e status: experimental description: Detects traffic or activity related to https://files.catbox.moe/8mf206.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/8mf206.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/dloz9e.bat id: auto-1ed7858af441d4c9b5be0d912d0aafffd087bc909db74f33e67cdc77a4693481 status: experimental description: Detects traffic or activity related to https://files.catbox.moe/dloz9e.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/dloz9e.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/2xvwzq.cmd id: auto-d4472f299a6d30259b51c033d2525e9aaa7814687d91416526ce19fe3346e64d status: experimental description: Detects traffic or activity related to https://files.catbox.moe/2xvwzq.cmd which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/2xvwzq.cmd*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/v7ttce.txt id: auto-9c4d7988545751f53fe5ac977f9362358952dac34ccd9036684809b5415cdadb status: experimental description: Detects traffic or activity related to https://files.catbox.moe/v7ttce.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/v7ttce.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://files.catbox.moe/1a36kp.bat id: auto-f1bedf712bacef9196904a9521a6c09ec71908fce185cfd52bee60efec11813d status: experimental description: Detects traffic or activity related to https://files.catbox.moe/1a36kp.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://files.catbox.moe/1a36kp.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://198.13.158.127:5506/AUHAVKIQ.msi id: auto-6c51ca8b306b6cb11728eb4c21f2f97b5e50dd43ac0e1549b734b622607d19ba status: experimental description: Detects traffic or activity related to http://198.13.158.127:5506/AUHAVKIQ.msi which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://198.13.158.127:5506/AUHAVKIQ.msi*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.106.168:35765/i id: auto-c99bdd8bb9956b500babdffb82684b49c3488fab03de37186022e1b4742a8e69 status: experimental description: Detects traffic or activity related to http://42.233.106.168:35765/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.106.168:35765/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.218.73:47605/bin.sh id: auto-a425d693c978f44d542ba4eb41472ac3c71a3e482846fcd157f8458c2f0b78d0 status: experimental description: Detects traffic or activity related to http://221.15.218.73:47605/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.218.73:47605/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.51.201:48839/i id: auto-56de8a671437930188f2fe806b287ba81652e24efc7b520030086d911edfd39d status: experimental description: Detects traffic or activity related to http://42.232.51.201:48839/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.51.201:48839/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://62.60.226.159/geter/sincyi.exe id: auto-fdbc4ac3e3484fe53338d114694f9ade016a56770c860bc65ff2e4fd4c76db5e status: experimental description: Detects traffic or activity related to http://62.60.226.159/geter/sincyi.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://62.60.226.159/geter/sincyi.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.183.205:57692/bin.sh id: auto-b8c0d71b160631ef49fcd06a8906de5fd43149888ee406768000aae6e1ea93fd status: experimental description: Detects traffic or activity related to http://123.11.183.205:57692/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.183.205:57692/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.75.160:45143/bin.sh id: auto-0fe542ff553030e17c3c6ca78effccaf980f4e8e34f1139ec282c7691342d263 status: experimental description: Detects traffic or activity related to http://42.231.75.160:45143/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.75.160:45143/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/sral/lamp.exe id: auto-737982ade37468e3cc70270612e08082acf62b7281c7b6eea919453dc085be71 status: experimental description: Detects traffic or activity related to http://130.12.180.43/sral/lamp.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/sral/lamp.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.48.197:50510/i id: auto-f74f63ec4ae5aa2553bf4807cc4dcc78cbde1f6cf3140accbb09479279d3cc30 status: experimental description: Detects traffic or activity related to http://222.127.48.197:50510/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.48.197:50510/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.233.106.168:35765/bin.sh id: auto-d3cecae2dfc1aabb873814de97e9733d4e0e046f3902d85aea5023dd12dacaa4 status: experimental description: Detects traffic or activity related to http://42.233.106.168:35765/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.233.106.168:35765/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://9pm93zo8.br1ghtf0rm.ru/?apikey=aiBAZoBGORauSzEF&activityId=7474daef-79e1-40c5-9091-96a4605db9c2&ocid id: auto-ceba8dadbe682832a11d3989a8971612a402aae915ed11087f83e54a32f1c5ab status: experimental description: Detects traffic or activity related to https://9pm93zo8.br1ghtf0rm.ru/?apikey=aiBAZoBGORauSzEF&activityId=7474daef-79e1-40c5-9091-96a4605db9c2&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://9pm93zo8.br1ghtf0rm.ru/?apikey=aiBAZoBGORauSzEF&activityId=7474daef-79e1-40c5-9091-96a4605db9c2&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://x5v04q4u.br1ghtf0rm.ru/?apikey=RGyvTZrXxYWomkBq&activityId=de67f72c-3a64-437c-b5f9-3525c2d07ae9&ocid id: auto-6f3952bf6182f8532e33fc131d817cc7b26060359801bc6e05f89a7f954f6075 status: experimental description: Detects traffic or activity related to https://x5v04q4u.br1ghtf0rm.ru/?apikey=RGyvTZrXxYWomkBq&activityId=de67f72c-3a64-437c-b5f9-3525c2d07ae9&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://x5v04q4u.br1ghtf0rm.ru/?apikey=RGyvTZrXxYWomkBq&activityId=de67f72c-3a64-437c-b5f9-3525c2d07ae9&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.200.112:47680/bin.sh id: auto-6aec0a5ae4efc4ec2fe6ceef8da6d72113fc126cb6dae362d8caa95f1d084dca status: experimental description: Detects traffic or activity related to http://120.28.200.112:47680/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.200.112:47680/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.73.156:52264/i id: auto-41ae8545ce8368c1dc4cf0443b402124fcfd88158d678f5da2fcdae6a63aa00d status: experimental description: Detects traffic or activity related to http://110.37.73.156:52264/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.73.156:52264/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.249.165:59043/i id: auto-1c05f2964c6f32ed5bb69e917f0e26eee7bc0f7257ed298891a18a38e7863392 status: experimental description: Detects traffic or activity related to http://182.124.249.165:59043/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.249.165:59043/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.249.165:59043/bin.sh id: auto-ab9aded1646621097fb447503d09663aef3970f68848dbeaee2edee24f0b6194 status: experimental description: Detects traffic or activity related to http://182.124.249.165:59043/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.249.165:59043/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.18.121.217:55216/bin.sh id: auto-690efb17fea11fa64b0907c7ec33648fad6e7fa477ee14a9137c6e36d47cab9d status: experimental description: Detects traffic or activity related to http://60.18.121.217:55216/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.18.121.217:55216/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.127.48.197:50510/bin.sh id: auto-616085bc860d6e680bdac701203ae8e9f4084fe110c8bcfdf64ee6618d50f035 status: experimental description: Detects traffic or activity related to http://222.127.48.197:50510/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.127.48.197:50510/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.248.21:40547/i id: auto-08282945a26183297914712d446e276a05cb14bdb5a7bef76fd96347e4325ca7 status: experimental description: Detects traffic or activity related to http://182.121.248.21:40547/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.248.21:40547/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.239.52:49002/i id: auto-8e1b23be14f28e2a14219fe95f726895f74befcb9023cadd1788f24178b8ce9c status: experimental description: Detects traffic or activity related to http://182.123.239.52:49002/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.239.52:49002/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.107.152:32831/i id: auto-966085e632373b5fb0b977c878d7d33e6d3f57543a79bf8d95931bd2ca47685c status: experimental description: Detects traffic or activity related to http://182.121.107.152:32831/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.107.152:32831/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://185.196.11.126/wget.sh id: auto-b5ddf984359752ae6e48724cdfade2d7290283092849e8f014dd23777a46410a status: experimental description: Detects traffic or activity related to http://185.196.11.126/wget.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://185.196.11.126/wget.sh*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/8191817615/JkLu4U6.bat id: auto-2994e63088429351c917c03709f7f3cb1d656871fbbd777692cc05fa4c2153ff status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/8191817615/JkLu4U6.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/8191817615/JkLu4U6.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://microsoft-telemetry.at/pg/plugin3.plg id: auto-a0bcb4035043ee89de2e284acd0de45428804f6ecea362be07537e9df5eb8afa status: experimental description: Detects traffic or activity related to http://microsoft-telemetry.at/pg/plugin3.plg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://microsoft-telemetry.at/pg/plugin3.plg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://microsoft-telemetry.cc/iddr/plugin3.plg id: auto-a50e24187552a7a1f6f1c0e130249203634dc2aa900891d56f5ccc822c26a0f1 status: experimental description: Detects traffic or activity related to http://microsoft-telemetry.cc/iddr/plugin3.plg which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://microsoft-telemetry.cc/iddr/plugin3.plg*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.205:60450/i id: auto-1b2af76b9156aec3bfbc94238eb48bbeea46ba4a9bebc0bf26864a9d1e0b6489 status: experimental description: Detects traffic or activity related to http://110.37.61.205:60450/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.205:60450/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://alaskabrudka.xyz/cnrr.exe id: auto-b3f7a7a3b6f413034126c2893c3d728440ed4d2a2a4a5a7adc5edcd2b14f0c53 status: experimental description: Detects traffic or activity related to https://alaskabrudka.xyz/cnrr.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://alaskabrudka.xyz/cnrr.exe*' condition: selection level: high tags: - attack.t1204.002 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.107.152:32831/bin.sh id: auto-ac18d2e3d6b3b5f9b41b86c0ced287bfe6a6f11c688fc99a538db8c3e6710971 status: experimental description: Detects traffic or activity related to http://182.121.107.152:32831/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.107.152:32831/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.121.248.21:40547/bin.sh id: auto-85770bd868cf521caab24c384c7251cb3b04bd718308bd7272d40fffdea4c41b status: experimental description: Detects traffic or activity related to http://182.121.248.21:40547/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.121.248.21:40547/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.61.205:60450/bin.sh id: auto-96e3c905c72f47a3bdde78cc734d1e45fbc05227c321e3d03ff0a2c9584742e7 status: experimental description: Detects traffic or activity related to http://110.37.61.205:60450/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.61.205:60450/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.239.52:49002/bin.sh id: auto-053aa9ce456e3c3c334691a0eda8f6feb2bc4520a79e8bdab1d91094a4e53f61 status: experimental description: Detects traffic or activity related to http://182.123.239.52:49002/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.239.52:49002/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2ah4j4gq.stormh1ll.ru/?apikey=sUqvdRMAuFzaalns&activityId=6624034c-f25d-44c1-80af-6f430cf80392&ocid id: auto-eb9e96ebdf5e19efa0cd1aa30fed57081e28e663152a56772996ebd4a559565d status: experimental description: Detects traffic or activity related to https://2ah4j4gq.stormh1ll.ru/?apikey=sUqvdRMAuFzaalns&activityId=6624034c-f25d-44c1-80af-6f430cf80392&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2ah4j4gq.stormh1ll.ru/?apikey=sUqvdRMAuFzaalns&activityId=6624034c-f25d-44c1-80af-6f430cf80392&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://fp57ddz7.stormh1ll.ru/?apikey=VcAJTTYNrBqXnRZx&activityId=b0dc64b4-3178-413b-a02d-3ad8da189df3&ocid id: auto-6f0174f1f45cc157efcd235dc051c899c1e5fc4e7a1d36af29bf9e6bbcb91849 status: experimental description: Detects traffic or activity related to https://fp57ddz7.stormh1ll.ru/?apikey=VcAJTTYNrBqXnRZx&activityId=b0dc64b4-3178-413b-a02d-3ad8da189df3&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://fp57ddz7.stormh1ll.ru/?apikey=VcAJTTYNrBqXnRZx&activityId=b0dc64b4-3178-413b-a02d-3ad8da189df3&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5561582465/B926rqw.exe id: auto-d90f6ee3ea4b670839c4d748e82e3b63dd39ca3e95d0a813c4b52a2b3fc0b515 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5561582465/B926rqw.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5561582465/B926rqw.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.183.227:50029/i id: auto-0746c27d172a6bd2b267d2b7d607665446824f632737245b3257dcbba169cfd3 status: experimental description: Detects traffic or activity related to http://42.224.183.227:50029/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.183.227:50029/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.35.107:58860/i id: auto-ca21b47c4b883606f93c1cb03bbb742ea3a41d11a11adc8c1b4ecb4876b87518 status: experimental description: Detects traffic or activity related to http://125.44.35.107:58860/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.35.107:58860/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.183.227:50029/bin.sh id: auto-8b3572f54277fe2584264df70bd596c6a6be5810d5df2ad971433a5e5ae94dea status: experimental description: Detects traffic or activity related to http://42.224.183.227:50029/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.183.227:50029/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.6.91.43:42290/i id: auto-c0b113507318729881050941bf7052517209d37096609c1f656fe6446915085b status: experimental description: Detects traffic or activity related to http://200.6.91.43:42290/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.6.91.43:42290/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://223.151.76.51:60653/i id: auto-af84ba04067e6ad54116ce79911567457d3ddabca57e06b8b66eb571f4042521 status: experimental description: Detects traffic or activity related to http://223.151.76.51:60653/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://223.151.76.51:60653/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.109.231:38953/i id: auto-312be95615ebb591634216d4f2f53f1a20ec4927c06f0893bada44163ada2704 status: experimental description: Detects traffic or activity related to http://61.52.109.231:38953/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.109.231:38953/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.187:50314/i id: auto-bc61184eb418ff71b08a953ad16c47a6f4e01bc82d1aafec265b7355ee14a8fb status: experimental description: Detects traffic or activity related to http://117.209.91.187:50314/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.187:50314/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.209.91.187:50314/bin.sh id: auto-d8c35ccb79bde37daa52bcfb7929136f69126737a036a6d07729a6b0ff8931fd status: experimental description: Detects traffic or activity related to http://117.209.91.187:50314/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.209.91.187:50314/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.35.107:58860/bin.sh id: auto-bb260ec3a111f00414fcc512e0001f04b3d6b824ddca0f0d08327b7084eda3fc status: experimental description: Detects traffic or activity related to http://125.44.35.107:58860/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.35.107:58860/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/6608710704/bDjqu09.exe id: auto-940333f0455f3fe74519199a1729000162651d17af2865dac95426b83f965492 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/6608710704/bDjqu09.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/6608710704/bDjqu09.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://200.6.91.43:42290/bin.sh id: auto-02c5d4253dd9ed94afdd852235bdffd2008ea32205d243e4ce42a59de01f2696 status: experimental description: Detects traffic or activity related to http://200.6.91.43:42290/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://200.6.91.43:42290/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.238.66:40228/i id: auto-6b0eaaa81447120ec3bbbba3e5644522c3ae4e28966379a5778d53612cb2390b status: experimental description: Detects traffic or activity related to http://110.39.238.66:40228/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.238.66:40228/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.238.66:40228/bin.sh id: auto-a40738f0a67c70060010acad4231d5aaf59a8bbf16d0f6547913803f41b2bb37 status: experimental description: Detects traffic or activity related to http://110.39.238.66:40228/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.238.66:40228/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://120.28.219.42:47379/bin.sh id: auto-db754b3eaa600c59785342773b9dae8fbc398b803e7543b17463670c2b5c77ef status: experimental description: Detects traffic or activity related to http://120.28.219.42:47379/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://120.28.219.42:47379/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.178.75:58331/i id: auto-feb0078b4a0f09a29d4bd1133a37f5a8b9d4e6d8d98842fdde196b9c433b55e6 status: experimental description: Detects traffic or activity related to http://125.44.178.75:58331/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.178.75:58331/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.35.226:57985/i id: auto-44ea9d697ee837cf74a18356d5c3e4ab7b1b9a54680c78488f8cc44e9ca8b8eb status: experimental description: Detects traffic or activity related to http://196.189.35.226:57985/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.35.226:57985/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://tyr2to6g.cl0udpath.ru/?apikey=HHhofYFxEpFGRFEM&activityId=f4f6b02b-9818-4745-9745-9dd491c6bb31&ocid id: auto-99dfd7e362c949c87a1168c02f50f3a0e0661387da977c419f89c0a88fb10867 status: experimental description: Detects traffic or activity related to https://tyr2to6g.cl0udpath.ru/?apikey=HHhofYFxEpFGRFEM&activityId=f4f6b02b-9818-4745-9745-9dd491c6bb31&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://tyr2to6g.cl0udpath.ru/?apikey=HHhofYFxEpFGRFEM&activityId=f4f6b02b-9818-4745-9745-9dd491c6bb31&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3ttsi6qg.cl0udpath.ru/?apikey=pHbSrZDGpKHUrCUM&activityId=93d025f5-0c40-465a-be84-bab1e8c14389&ocid id: auto-067f8f896695fad14df40cf7f3814df4919431ce544d45f0c1e294565a3cfaf2 status: experimental description: Detects traffic or activity related to https://3ttsi6qg.cl0udpath.ru/?apikey=pHbSrZDGpKHUrCUM&activityId=93d025f5-0c40-465a-be84-bab1e8c14389&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3ttsi6qg.cl0udpath.ru/?apikey=pHbSrZDGpKHUrCUM&activityId=93d025f5-0c40-465a-be84-bab1e8c14389&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.132.68:51197/bin.sh id: auto-ba74a01163baf076e067ee1c549a80fef04a1dcef52edee42b5a3b86e66f2740 status: experimental description: Detects traffic or activity related to http://123.5.132.68:51197/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.132.68:51197/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.23.109:58077/i id: auto-b37fff21befb5854454f2dcefb4754631c556ec7b609df521487386645d8912d status: experimental description: Detects traffic or activity related to http://180.191.23.109:58077/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.23.109:58077/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.200.121.228:54872/i id: auto-dab00d60f4fba57ed100a66b21d6ecca983fb167748c1d8d988af75aac9f8eb2 status: experimental description: Detects traffic or activity related to http://117.200.121.228:54872/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.200.121.228:54872/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.203.80:32961/i id: auto-e595f0b582cdf574c36e4b8a6fe56f33486259e9dacf645ad1237da5ce2e3fd0 status: experimental description: Detects traffic or activity related to http://115.55.203.80:32961/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.203.80:32961/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pzskci29.shadowf1ow.ru/?apikey=osIlSHbvUyoPDtHO&activityId=6e27c4fb-c2fc-4279-8622-b9d17f85dad2&ocid id: auto-e4bb7439002fb471b88041f8997943b4fbb909cc4e31ee8f96e9ca1190cd2e1e status: experimental description: Detects traffic or activity related to https://pzskci29.shadowf1ow.ru/?apikey=osIlSHbvUyoPDtHO&activityId=6e27c4fb-c2fc-4279-8622-b9d17f85dad2&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pzskci29.shadowf1ow.ru/?apikey=osIlSHbvUyoPDtHO&activityId=6e27c4fb-c2fc-4279-8622-b9d17f85dad2&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://zxa96eaf.shadowf1ow.ru/?apikey=TblsNmNQBGJDTXCP&activityId=fc7cb219-bcc0-4402-bfe3-aa0880cede57&ocid id: auto-933111594a96f4937ef5e240c4028b76561a0ff88723c967069d63f6067b934a status: experimental description: Detects traffic or activity related to https://zxa96eaf.shadowf1ow.ru/?apikey=TblsNmNQBGJDTXCP&activityId=fc7cb219-bcc0-4402-bfe3-aa0880cede57&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://zxa96eaf.shadowf1ow.ru/?apikey=TblsNmNQBGJDTXCP&activityId=fc7cb219-bcc0-4402-bfe3-aa0880cede57&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://78.165.124.29:50375/i id: auto-810b1c34cbb36e97759d78f92dff9ead7693ac14d715c61747506b9635bd69cf status: experimental description: Detects traffic or activity related to http://78.165.124.29:50375/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://78.165.124.29:50375/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.107.164:52412/i id: auto-f802e8da8d8f568df669bd515156ff03754c4276fa1237b43ddfd0de651c1cdb status: experimental description: Detects traffic or activity related to http://222.141.107.164:52412/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.107.164:52412/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.87.186.38:39997/i id: auto-ce091b1018af683b548a8e4b6cc1e38958e1115d855944f6c5eb4b2df678e5e8 status: experimental description: Detects traffic or activity related to http://42.87.186.38:39997/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.87.186.38:39997/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.114.248.35:56472/i id: auto-fe5aad15e86b39c37cd09cbcc8dc21704a6f829610ebfac9d6f8a938786113b1 status: experimental description: Detects traffic or activity related to http://182.114.248.35:56472/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.114.248.35:56472/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.23.227:60386/i id: auto-f9ed67adc1da6d7ef6037a6398c304e5e6d16f288e06b6af71aefcd2ccb72571 status: experimental description: Detects traffic or activity related to http://115.48.23.227:60386/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.23.227:60386/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.11.183.205:57692/i id: auto-7870d667ce83591160597af8fc236d544b7858f0dd48c48ddc1efc9c34f52dbd status: experimental description: Detects traffic or activity related to http://123.11.183.205:57692/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.11.183.205:57692/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.229.188:49426/i id: auto-5fa36b7feba3278d3d60c013b738063896c49aa769fb1f62521850de609b94e9 status: experimental description: Detects traffic or activity related to http://110.39.229.188:49426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.229.188:49426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.191.23.109:58077/bin.sh id: auto-5b689fed4c2bfb6c35963e272b38d2cfc7510f902007d223c1d87511ad8d4dab status: experimental description: Detects traffic or activity related to http://180.191.23.109:58077/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.191.23.109:58077/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.203.80:32961/bin.sh id: auto-603ae700738b3e86a17f163f3e90dc992c3e65d82c28ae02f21d29cf828a81bb status: experimental description: Detects traffic or activity related to http://115.55.203.80:32961/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.203.80:32961/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.91.65:50233/i id: auto-f7e2461a7967acccd4305a0ba1d735346295f9a493769ce9682967fc18cca604 status: experimental description: Detects traffic or activity related to http://115.49.91.65:50233/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.91.65:50233/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.6.129:52978/i id: auto-05fb3cd58cbafebeac90170eb6bdf1b2a497167c1e5ad919a50fd16b769921c2 status: experimental description: Detects traffic or activity related to http://221.15.6.129:52978/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.6.129:52978/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.87.6:50954/i id: auto-3a7b5c7fd9c40a04d1a9bf6f3be08cdeb2dbbc94f6137df4bfaaa47381ae31fe status: experimental description: Detects traffic or activity related to http://125.47.87.6:50954/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.87.6:50954/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.21.174.91:41502/bin.sh id: auto-73051a32964cebe2a79d2f20350a72116a223d4562084b330ee00cdec04b03cd status: experimental description: Detects traffic or activity related to http://60.21.174.91:41502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.21.174.91:41502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.183:46395/i id: auto-885257cfd97179df16741bbfa25848fc5a0d5572f8d70646eb52870ac119c3fd status: experimental description: Detects traffic or activity related to http://59.97.176.183:46395/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.183:46395/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://36.88.164.50:48035/.i id: auto-d8a8061dabda908ce7f50c81ce1628f31b394ab64af10cfbfe9d8e0f3ab25dca status: experimental description: Detects traffic or activity related to http://36.88.164.50:48035/.i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://36.88.164.50:48035/.i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.99:54488/bin.sh id: auto-6f633d2db7de3b26a2c612aec8a060c1d38d1338af78327bc8e5774d6a05f936 status: experimental description: Detects traffic or activity related to http://110.37.100.99:54488/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.99:54488/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.143.189:55287/i id: auto-04c855017ea28511c1ae764553d0c80e025058ed1a69d1c121c7593e49a56cb4 status: experimental description: Detects traffic or activity related to http://42.234.143.189:55287/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.143.189:55287/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.229.142:40923/i id: auto-2bfcdaef71cd7fe65032a3a03aabe989843b795c7893d6a3726a36bf049a4b5f status: experimental description: Detects traffic or activity related to http://42.239.229.142:40923/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.229.142:40923/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.144.163:53108/i id: auto-697f856fae244eacc545738ef50a7afd144512ab748b080af0fe2a2f12e6769b status: experimental description: Detects traffic or activity related to http://39.79.144.163:53108/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.144.163:53108/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.168.208:44866/bin.sh id: auto-89db1b4738c97a929c403383dc9953a8860175b3e063ff6f95f0a762513df296 status: experimental description: Detects traffic or activity related to http://221.14.168.208:44866/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.168.208:44866/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.91.65:50233/bin.sh id: auto-4a119564658c6b298a660b671d45b64d9263480a9be65dd14856c55385fdfb91 status: experimental description: Detects traffic or activity related to http://115.49.91.65:50233/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.91.65:50233/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.15.6.129:52978/bin.sh id: auto-bc5e4538f1ddf12c0c242391bd742f9f41747d78df8031ef82d09fac9a37cc75 status: experimental description: Detects traffic or activity related to http://221.15.6.129:52978/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.15.6.129:52978/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.97.176.183:46395/bin.sh id: auto-c89d21601ef9bcd2a0f26e2d3f3378746553f03f32c394a37977fd65589da799 status: experimental description: Detects traffic or activity related to http://59.97.176.183:46395/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.97.176.183:46395/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://180.190.241.107:44289/i id: auto-417d57e8308ba7934f02ca8a50ac54f5bb3cc241b416eabf526fded1ce51b94a status: experimental description: Detects traffic or activity related to http://180.190.241.107:44289/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://180.190.241.107:44289/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://59.95.91.57:48405/bin.sh id: auto-724af80da5a37fe5ec6b736630ab6c6ad4a2f79d8171d8277d4bb1ea72cc7d41 status: experimental description: Detects traffic or activity related to http://59.95.91.57:48405/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://59.95.91.57:48405/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.30.163:52934/i id: auto-ee31eb79d34d06dfdd92b761c0b3efa4f0a81cc829956b95e8a22089da4bcbd3 status: experimental description: Detects traffic or activity related to http://115.57.30.163:52934/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.30.163:52934/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2vbkb.com/win/omic.zip id: auto-d1a11a4565e56f0fb82ed25a00475a44f1050e62a839feb8d20fee0ebe71af69 status: experimental description: Detects traffic or activity related to https://2vbkb.com/win/omic.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2vbkb.com/win/omic.zip*' condition: selection level: high tags: - attack.t1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://2vbkb.com/win/sm.ps1 id: auto-f1e130e1c75245a394d57c144ba93582476964f971b99525cddc6d3f3020257f status: experimental description: Detects traffic or activity related to https://2vbkb.com/win/sm.ps1 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://2vbkb.com/win/sm.ps1*' condition: selection level: high tags: - attack.t1059.001 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.2.136.57:40211/bin.sh id: auto-f4737d96c9887c9f4d205c8ac7cd97faaddf9e49706b13a7be62906fc85ace78 status: experimental description: Detects traffic or activity related to http://61.2.136.57:40211/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.2.136.57:40211/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/isis.txt id: auto-14e6a0246be5e3bb06f896e801737563fbc166c2b730a4eb26ece3643ab61521 status: experimental description: Detects traffic or activity related to https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/isis.txt which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://pub-37f3a615586d47f4996e932bf6df7670.r2.dev/isis.txt*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.255.123.101/PR/Database/Video.lnk id: auto-9c021399be3f6d9e655a5b35fbc01f29024839edb4fb358e4d87146060610dbf status: experimental description: Detects traffic or activity related to http://139.255.123.101/PR/Database/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.255.123.101/PR/Database/Video.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/AV.scr id: auto-becd2f1f4d915451d34b3c0afd4eeebab5490205acf2aef81340b2daebe588d0 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/Photo.scr id: auto-32c89d846c9807a4a6f06d3db99d594e464df0119e968dace6e5568b78f25983 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/1/Photo.scr id: auto-02f14d29aaf0245909191dacef69256b8312d9050b27bfe2cd44af87faace30d status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/1/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/1/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/1/AV.scr id: auto-bb130b7904ed2d1c974a919ad5647f38ead731c94598721426156a0f0ae089f6 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/1/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/1/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/Video.scr id: auto-6c9047ffed4f96372a60efd2818cea423954546e26d53e4f2817a87e500aa469 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/forge/AV.scr id: auto-111ae1f45db5576a456d639d6cd3ff62ae950d4aacf4b574f2de375f44993e3b status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/forge/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/forge/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/Photo.scr id: auto-500627b918f25810487a701f5105e27798424b14ec49bedd66a059f89a050c76 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/AV.scr id: auto-010882cfe5958dc6b9d2b155170e0e15f2c54b9e59991a8c78dd13a4f8e7c0a6 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/images/AV.scr id: auto-e2f5b0f2ca138b150f8b167765c8b3aed18f35fe47d4ecc40871e16b9d99531e status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/images/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/images/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/AV.scr id: auto-4399b4026d2d82d4ebf410ac220092a9def6924378c08c529fe0ab4766823db8 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.87.6:50954/bin.sh id: auto-747a3a84a2c5bf011143ae950d22a9b80ac995b169f94b64fec6f640d4bb5207 status: experimental description: Detects traffic or activity related to http://125.47.87.6:50954/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.87.6:50954/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.121.153:41168/i id: auto-5dd0eb7213875155e7fccdb77d3856519c670ce35408f1f2454125ee46dffdc4 status: experimental description: Detects traffic or activity related to http://117.235.121.153:41168/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.121.153:41168/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.24.190.130:9980/Video.scr id: auto-e4ca416dd6a00d77690f825ba08dd4340997ab14a53cf60cf8a66cb3629bc5ee status: experimental description: Detects traffic or activity related to http://116.24.190.130:9980/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.24.190.130:9980/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/tesseract/AV.scr id: auto-06fa2b66729f03a5224015b932de3c53fee8d9efcee56bf0daa5fbc992e6b82b status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/tesseract/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/tesseract/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://116.24.190.130:9980/Photo.scr id: auto-4f58db343e24be64aecf8b26ebf06f4da45d3aef18d80bf3d7814a3ae3994d93 status: experimental description: Detects traffic or activity related to http://116.24.190.130:9980/Photo.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://116.24.190.130:9980/Photo.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/fonts/AV.scr id: auto-3e1bbf0c6f4158c65063d01037c4a48efd2ad81efcc82d989f940ccd9f864d11 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/fonts/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/fonts/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.240.239.106:8081/info.zip id: auto-a7753de0acd40bd5319deaf5107546aa46c4f93f76ca7d3d0359775977b59946 status: experimental description: Detects traffic or activity related to http://61.240.239.106:8081/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.240.239.106:8081/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.230.216.19:8081/info.zip id: auto-5b212520cd5edfed03a058d0808fd891b489e9b0f6b05a2d9ea279a7ded8340f status: experimental description: Detects traffic or activity related to http://124.230.216.19:8081/info.zip which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.230.216.19:8081/info.zip*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.230.216.19:8081/Video.scr id: auto-e4f6358ad3710e07167952d01e2dbaa3f4748634b10ee5e296907d48a04df2c6 status: experimental description: Detects traffic or activity related to http://124.230.216.19:8081/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.230.216.19:8081/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/Video.lnk id: auto-1ee363f9989c13cbd1cb09107af64e707b940fe673d875b23681abc5b712e04a status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/Video.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/images/Photo.lnk id: auto-bf0240864f6d8cae151b0d653d4fc14b4d9b3ef764bb25aa4a992b8863ff9924 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/images/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/images/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/1/Photo.lnk id: auto-07f28521b6c4d2d5a9dba9f0c927a9f68670951891989e2c88f2763343cabb87 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/1/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/1/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.59.254.165:8084/20210408/AV.scr id: auto-c41e31add887300130c5b39507ac4b0b1fad43f8af62c8c43f18e124fbbece2e status: experimental description: Detects traffic or activity related to http://111.59.254.165:8084/20210408/AV.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.59.254.165:8084/20210408/AV.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://111.59.254.165:8084/20210408/Video.scr id: auto-50768ae31fd321159e7fca07d75805cdfe87f21e8938724eee66272acd59607f status: experimental description: Detects traffic or activity related to http://111.59.254.165:8084/20210408/Video.scr which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://111.59.254.165:8084/20210408/Video.scr*' condition: selection level: high tags: - attack.t1496 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/forge/AV.lnk id: auto-280805e35da471eae455887d3b1e7c074b9add6ba5672ee0d6899667ab16d79a status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/forge/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/forge/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/AV.lnk id: auto-30d7acab2c9f0a3eb3266e3f26adbef0ff7ceec63746ddb7b5f7d001e4c4cc5e status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/images/AV.lnk id: auto-56cc154a695b8194178ec8dbb35e3b324d01b70d0ff07e55804a1eae63f5cca9 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/images/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/images/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/fonts/AV.lnk id: auto-b0025ea142ff208fc8b643edd5831f52c5473a65f25aaf614709433e51d497c4 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/fonts/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/fonts/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/tesseract/lang-data/AV.lnk id: auto-7f570ff8c87da3068d05a49fcb583b090e7fe932e1c3f5ed742795c6979020e9 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/tesseract/lang-data/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/tesseract/lang-data/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/tesseract/AV.lnk id: auto-c00a4a832f1b040ad56048964eb813883b399c1696e0f526d82e93e6dcc1a788 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/tesseract/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/tesseract/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/AV.lnk id: auto-3038221920e9e7736305ae5c39dce1b67be02cea4409656b806820ab3f04e5e5 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/AV.lnk id: auto-c60d09570e58e5f5e22e97ab5fe5885b0914d4f2027d9d9c5e9c03f9131ca035 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://139.255.123.101/PR/Database/Photo.lnk id: auto-9fffaa405991dbeca77a4b1d5c34ebe6e1c15562437a5719168e4dc7766f5d83 status: experimental description: Detects traffic or activity related to http://139.255.123.101/PR/Database/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://139.255.123.101/PR/Database/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/1/Video.lnk id: auto-73559df687bda25d055e5ecc30c9772201791f1faafee7f8c32fb971dbc71664 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/1/Video.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/1/Video.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/Photo.lnk id: auto-254a09e651c720d18961291d0b68f79b721528fff92876ec04b33c4a6337a9c7 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.251.33.227:23/1/AV.lnk id: auto-9ea7f1e53ff166bba921c8598e261bf97b89e343f73e747c933b3a38a1d6e9f9 status: experimental description: Detects traffic or activity related to http://110.251.33.227:23/1/AV.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.251.33.227:23/1/AV.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/assets/Photo.lnk id: auto-0097f1cda0602d838352f3cf78c6e927409af054bf3063d96e74130a6839d4cc status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/assets/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/assets/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.143.113.61:81/Photo.lnk id: auto-281465795aa111bde19a3c93ab04a0bcc08cce1513c212d935e55532a3bdfc92 status: experimental description: Detects traffic or activity related to http://182.143.113.61:81/Photo.lnk which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.143.113.61:81/Photo.lnk*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/5908119101/c76eE0f.bat id: auto-e89b889841d78dd15dfb74bc16e0c41add17566954fa28bc4c04dd95df5b6ed7 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/5908119101/c76eE0f.bat which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/5908119101/c76eE0f.bat*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.mpsl id: auto-d628f5bd9b7075b5e54557baebc77426823ed4416646d84ac1d75a9d3666f195 status: experimental description: Detects traffic or activity related to http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://135.225.120.199/Vye32GsS2g38eKHmaKrLdDjgrnf2YBT4/FGx8SNCa4txePA.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl id: auto-0869692e5bfbee782ab36107356d99244add70ebe90c33eb396cd79f8eb7e5a1 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.ppc id: auto-305afd4410707642e01ff2e06d3f08d01d9169eb0e777ea4355c3b90f128efc3 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.arm5 id: auto-7a87cbe48447bfa058aac203900f3c45978d2b89428726ad4c3205208c897e78 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.x86_64 id: auto-d2cb44405f168e6a9c4a3cedc4e09a1717c5f73b4b141a3f4db5882b2971574c status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.mips id: auto-0ec64cabe47dc4b80de84a52f25c0e392c6375dcaf63c48c1ce38e4cd8666e37 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.mpsl id: auto-1d9facb4d45e41f712bfe241ec097aed25edc0cba89913279f50cc89a6637993 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.mpsl which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.mpsl*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc id: auto-8c51f798dc3c922610f95e702816a62233a5e23e0238780b8727d016a51937c2 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6 id: auto-a2be15529912608e0e6f0b34b4b510fcde687eafa84ddf75393d41de31b08db8 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips id: auto-97de207a8ff8bcf72f247dd6a9dd83e66df5a85f566e905cf1c38a98d244739d status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.mips*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86 id: auto-e94a14b3605b9dc5311a74586e5cfc336451fc04171fb88c971d8a2935051d25 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc id: auto-5bc3815afbd0b633e973b543aa7849a07fb982da877d10d88b31e324d28281c8 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://154.43.52.51/bins/nova.x86_64 id: auto-ccf8d34e386db455f44f00712f9bbba663964e568b40c1e1e0dad3ecf5b1f7a1 status: experimental description: Detects traffic or activity related to http://154.43.52.51/bins/nova.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://154.43.52.51/bins/nova.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5 id: auto-86ff1837b01f5d23e06b692f98cdfcf977651d793203d6847a414ef1fea8dc74 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.arm6 id: auto-74413200c2fd99f67ab59a1b660dc6cea1d62cf1edcaba1192a57171f1a94707 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.spc id: auto-6ef63638be3df4f18bce81f120e895c6dc9d246d106156da4cda7c4dcd48a2c1 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.57.30.163:52934/bin.sh id: auto-b4cf04d6ca14f64a07d6d5da1a346f0927d8cb316c6b1fff776d4a1871c24656 status: experimental description: Detects traffic or activity related to http://115.57.30.163:52934/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.57.30.163:52934/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.sh4 id: auto-7f0fcb9b202ba85d5bc6292b7603f1e4accf053f3d9304570d0ff5bf992e8b94 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.x86 id: auto-418494a9877c6f068fb545cadad8454b3c6bb06e073e54dceed1f63b75f0d31b status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.arc id: auto-1d0c451c8a0c3ac5c8f82a73907a30a2841861418f38f7b5a529002936f067e1 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.arc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.arc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.arm id: auto-b857dc813597c7aa15622e13c290bd9d763fa6d36f5319496ba26fab4e8ad9ac status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.i686 id: auto-c7913b21fd732e64e21102b8eee0d3ab2b4c6626e62a9235efb2aa00760938aa status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.m68k id: auto-d514442503de92d2f34b64ac833a9ee875cb307a898f3ff52077ab4176f7f22a status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc id: auto-50c2fe285084ce3411185f9fde88088fa75b9fd4abedf31b2aa4e70c95199b08 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.ppc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4 id: auto-bdf0e39d6c7efef512537448fbea9d5b6a19ca7d90c75c487308102eb212e335 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.sh4*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k id: auto-2e9a44b7f3716b0b4e00e1e59b21d577e528363c52f22d50f27ddd6dff17090c status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.m68k*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64 id: auto-298a9af43f0ee34b5a405f65e9adc585b98e9cd4ae461d7115514a26e8646468 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686 id: auto-f3736b3c79cece7a384a6491cce2ca28bf9eec3dffc7a3a6dd508d10df8a0568 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i686*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm id: auto-ad4590ee4fb142a377d462bd4531f88b0f6c277c27b874396c50667a462baa7d status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.arm7 id: auto-77a2e7f1742d8ffbe1d91491b6f085fd3d0c25468b825f78e860af8a6d838872 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468 id: auto-473e40c994d41f99db6214656b3bc2d44eb0ba097714bac03906296d9664e8ff status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7 id: auto-23c0b1385857eaee381276700fe905a68c71b0bc051c1a53f8a497a328acfe69 status: experimental description: Detects traffic or activity related to http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/001010101010010110101011101010101101010111010101/nwfaiehg4ewijfgriehgirehaughrarg.arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://51.38.196.153/00101010101001/morte.x86 id: auto-07f69e11092b70bdca4150e2f686836f911e9e6e97a9dfc8372c32dc41ef9088 status: experimental description: Detects traffic or activity related to http://51.38.196.153/00101010101001/morte.x86 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://51.38.196.153/00101010101001/morte.x86*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://41.216.189.149/HOME/Mark90c80.i468 id: auto-233b1d739e37515f087aa03f920c060c05129bd31a6989e8d9876a0787875551 status: experimental description: Detects traffic or activity related to http://41.216.189.149/HOME/Mark90c80.i468 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://41.216.189.149/HOME/Mark90c80.i468*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://84.252.120.207/AB4g5/Josho.x86_64 id: auto-20af10763e4e9cd53195263a28058356e459f37d062c02b5722ad5454778951b status: experimental description: Detects traffic or activity related to http://84.252.120.207/AB4g5/Josho.x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://84.252.120.207/AB4g5/Josho.x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://a85k99xb.mistysh1eld.ru/?apikey=VJUjWYklMnyNzcZn&activityId=779d1629-59f1-4b0f-bdb2-fc30c2db9b28&ocid id: auto-79941f11b89828de87fdee801be62e4ee518f72335defdbcb7d66fb4d3742806 status: experimental description: Detects traffic or activity related to https://a85k99xb.mistysh1eld.ru/?apikey=VJUjWYklMnyNzcZn&activityId=779d1629-59f1-4b0f-bdb2-fc30c2db9b28&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://a85k99xb.mistysh1eld.ru/?apikey=VJUjWYklMnyNzcZn&activityId=779d1629-59f1-4b0f-bdb2-fc30c2db9b28&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://15eitnbq.mistysh1eld.ru/?apikey=EakHjGfxtbXsKBBx&activityId=d7fad27e-3ff7-4a42-bd0c-4dc33a1e1a48&ocid id: auto-d0bad7a41c94057bf52053097a008c17254c36a23d8bc6e058eedb23792ab3f8 status: experimental description: Detects traffic or activity related to https://15eitnbq.mistysh1eld.ru/?apikey=EakHjGfxtbXsKBBx&activityId=d7fad27e-3ff7-4a42-bd0c-4dc33a1e1a48&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://15eitnbq.mistysh1eld.ru/?apikey=EakHjGfxtbXsKBBx&activityId=d7fad27e-3ff7-4a42-bd0c-4dc33a1e1a48&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.21.174.91:41502/i id: auto-a035b3dee8a833a012c9fd116a5406140ddac80435dbfd5d8db9bdb96ca29562 status: experimental description: Detects traffic or activity related to http://60.21.174.91:41502/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.21.174.91:41502/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.235.121.153:41168/bin.sh id: auto-6c17ea390df52080429018cfe07ad935e014eb53a6f1a9b1b438655712d59a2a status: experimental description: Detects traffic or activity related to http://117.235.121.153:41168/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.235.121.153:41168/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.228:55746/bin.sh id: auto-b3370fcb58fe0b63678c0b2ebb1d3d84019e018b8169252bf9f7ef3840ffcb6f status: experimental description: Detects traffic or activity related to http://110.37.11.228:55746/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.228:55746/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.229.142:40923/bin.sh id: auto-08d72c5c893f1d8fc7a9e8594beb025971d754881e8eca11aee0dee92e38a19a status: experimental description: Detects traffic or activity related to http://42.239.229.142:40923/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.229.142:40923/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.92.146.151:39480/i id: auto-660e637a8fabd0da42ec38faa2aa871b60a0d31dd8305aedd237981d773f1281 status: experimental description: Detects traffic or activity related to http://124.92.146.151:39480/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.92.146.151:39480/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.125.243:39117/i id: auto-6f7386a3b97b3c0e2317dde09ace1368b485bb5e3700f8dc8d661f735752fa84 status: experimental description: Detects traffic or activity related to http://110.37.125.243:39117/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.125.243:39117/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.34.18:40579/i id: auto-a01949e949eff06ba65f3fde366906cacf129c0f6ca6b79a6e0391bcbe572090 status: experimental description: Detects traffic or activity related to http://182.117.34.18:40579/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.34.18:40579/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.170:49541/i id: auto-6b50e099c8b8cd2eea247c89fb514b2c19d75ee3c92c963d68aa6b4cabe39f46 status: experimental description: Detects traffic or activity related to http://110.39.235.170:49541/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.170:49541/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.110.49:53491/i id: auto-bc7d0798f2d47d2203553896701c0c81441bd6c08313d1cdfe53dfce0e629180 status: experimental description: Detects traffic or activity related to http://182.127.110.49:53491/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.110.49:53491/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.141.107.164:52412/bin.sh id: auto-1c20caf063b299dc3777a89de1aee2a9a6aae3028e2a59ad8c4cfd64a2c8d34a status: experimental description: Detects traffic or activity related to http://222.141.107.164:52412/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.141.107.164:52412/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.37:46028/bin.sh id: auto-3887e9c343ff36140646cef0c354404574ec42d86b764224ed1c4153f2dc0c51 status: experimental description: Detects traffic or activity related to http://110.37.0.37:46028/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.37:46028/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.0.37:46028/i id: auto-a434511ef601ae8f5693324e1cf322879d574ecd1766ca1e6e1b0f5717ce6d4b status: experimental description: Detects traffic or activity related to http://110.37.0.37:46028/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.0.37:46028/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.149.25:50023/i id: auto-92be8138ef7b067b194be5fcbe484ef2f16123c4b82885070c32ff6c7b9a36a8 status: experimental description: Detects traffic or activity related to http://115.56.149.25:50023/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.149.25:50023/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.117.34.18:40579/bin.sh id: auto-bea7da062fcdc5c92d19d88572db0f531c6b0b9bb13e857bf6769bfb48324b72 status: experimental description: Detects traffic or activity related to http://182.117.34.18:40579/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.117.34.18:40579/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.188:56059/i id: auto-6454bf61c78328d828b2dbc959372175d7a4f0c8972f637646a57bd27e642286 status: experimental description: Detects traffic or activity related to http://110.37.121.188:56059/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.188:56059/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://179.108.89.220:51237/bin.sh id: auto-533ca376cb8e28e42be1c5aa334c80d018c30de17793b8bd993b6ee8cb86eb23 status: experimental description: Detects traffic or activity related to http://179.108.89.220:51237/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://179.108.89.220:51237/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.127.110.49:53491/bin.sh id: auto-6658a7ae001dc3f11b1178aa9bf1cd518c8a64810453e352480ddee01cbea445 status: experimental description: Detects traffic or activity related to http://182.127.110.49:53491/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.127.110.49:53491/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.235.170:49541/bin.sh id: auto-294a1e872980bd3261446e836e23f4fe1de9eb764882e132442172f5db2b4fff status: experimental description: Detects traffic or activity related to http://110.39.235.170:49541/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.235.170:49541/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.38.222.159:58734/i id: auto-e203a08fd9d72cf255c25f6c322854a57c74bbcc9d5d6a2f98cc5d53867004a2 status: experimental description: Detects traffic or activity related to http://110.38.222.159:58734/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.38.222.159:58734/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.113.35.180:59672/i id: auto-ff87f5b8975f7d3b95db9e228293156d02612a12760b02f8032de101da2181e6 status: experimental description: Detects traffic or activity related to http://182.113.35.180:59672/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.113.35.180:59672/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://219.155.121.81:44940/bin.sh id: auto-b06c1afec11b448765ccac488eb0b3bd3dd9086a6344195e5ea222f52b07f12b status: experimental description: Detects traffic or activity related to http://219.155.121.81:44940/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://219.155.121.81:44940/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.121.188:56059/bin.sh id: auto-64d2372f849a3ef75ed35caed3abe11f9e63eef8047c9b486653e5a353e786fb status: experimental description: Detects traffic or activity related to http://110.37.121.188:56059/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.121.188:56059/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.56.149.25:50023/bin.sh id: auto-0319b9c1e32562a5729a2c6cc288d323bcd8f90efbc2a396ceb0140a8178b13b status: experimental description: Detects traffic or activity related to http://115.56.149.25:50023/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.56.149.25:50023/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://y5i3tc1t.stormc1oud.ru/?apikey=RHJLEQLnLftVwFNO&activityId=0e47fa17-7604-45e3-b755-90565b1aa4a1&ocid id: auto-fa312427f604b41155af677d8584f2e61e8a2c39675b4ebca7cbe650f2311a2a status: experimental description: Detects traffic or activity related to https://y5i3tc1t.stormc1oud.ru/?apikey=RHJLEQLnLftVwFNO&activityId=0e47fa17-7604-45e3-b755-90565b1aa4a1&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://y5i3tc1t.stormc1oud.ru/?apikey=RHJLEQLnLftVwFNO&activityId=0e47fa17-7604-45e3-b755-90565b1aa4a1&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://lkgapm4v.stormc1oud.ru/?apikey=CwEIMubFFnkvcFoh&activityId=c70ce6fc-e4c0-48e7-b61d-0672608d045f&ocid id: auto-c9f53d330ac1abe94d3f6dab3804c46fedf40dfee7961a89491c1736c48c8f8a status: experimental description: Detects traffic or activity related to https://lkgapm4v.stormc1oud.ru/?apikey=CwEIMubFFnkvcFoh&activityId=c70ce6fc-e4c0-48e7-b61d-0672608d045f&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://lkgapm4v.stormc1oud.ru/?apikey=CwEIMubFFnkvcFoh&activityId=c70ce6fc-e4c0-48e7-b61d-0672608d045f&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:49211/i id: auto-abda8f7d87ccd50e35271abdd724d874e38d7cb668c077dc1f822d87e9260259 status: experimental description: Detects traffic or activity related to http://124.29.225.50:49211/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:49211/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.32.150:56764/i id: auto-80a9b0b0dd7c3f05dbcd7bc840413beb1cad48ff17678b4b8140fadcbe417c59 status: experimental description: Detects traffic or activity related to http://222.139.32.150:56764/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.32.150:56764/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.52.113.82:40144/i id: auto-70b6ab792a4f0e09bec7faa1337b8c4a9edb617adb24ff6baf6904e27934fe33 status: experimental description: Detects traffic or activity related to http://115.52.113.82:40144/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.52.113.82:40144/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.124.213:56205/bin.sh id: auto-1ce8892ad3cfff01b661dd6015b14c8678410ca1ff5f6af90b4803327f37be1c status: experimental description: Detects traffic or activity related to http://115.49.124.213:56205/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.124.213:56205/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.238.255.166:49387/i id: auto-12c8c6eec940737f9795f1f34b7c610f70dfda06664b00173eb39f9444423983 status: experimental description: Detects traffic or activity related to http://42.238.255.166:49387/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.238.255.166:49387/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://112.242.18.46:44508/i id: auto-00421e6de7dd6ce8dffdba8479fad9a6f090516894950ba894c3456481793c08 status: experimental description: Detects traffic or activity related to http://112.242.18.46:44508/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://112.242.18.46:44508/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.124.213:56205/i id: auto-4f00416a54d6c75c13e15b912211e95bc107a9b40f814e128275228e0e2b7ae6 status: experimental description: Detects traffic or activity related to http://115.49.124.213:56205/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.124.213:56205/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.29.225.50:49211/bin.sh id: auto-72f3be84e53acc32b40faac219dbfc0c927139301934e57dc106e8c1fe9035ce status: experimental description: Detects traffic or activity related to http://124.29.225.50:49211/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.29.225.50:49211/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.32.150:56764/bin.sh id: auto-81bd3d2e0bb930637d8d7a86083704966e140f6d714cbc4d5588709defb81952 status: experimental description: Detects traffic or activity related to http://222.139.32.150:56764/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.32.150:56764/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.58.134.161:60335/i id: auto-5417161150e84b14f6b3a30c16ad85290e3c0e9a8c1a849ed736341661f30a60 status: experimental description: Detects traffic or activity related to http://115.58.134.161:60335/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.58.134.161:60335/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://60.23.236.74:60963/i id: auto-b11bedb821fa75e9aeae018bfc8644b192fa191e21d2412ed4982a2c69a5830a status: experimental description: Detects traffic or activity related to http://60.23.236.74:60963/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://60.23.236.74:60963/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.105.238:55667/i id: auto-b31040611748f0e305aeb1c90fa713db2a98542dcba39358ee910d09e668608e status: experimental description: Detects traffic or activity related to http://115.50.105.238:55667/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.105.238:55667/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.105.238:55667/bin.sh id: auto-da8d7a1eac214cb86c716dbbb08ef9f2fb9cb0921e4beb58e4f514832a81a1bc status: experimental description: Detects traffic or activity related to http://115.50.105.238:55667/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.105.238:55667/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.119.196:38640/i id: auto-6a54df443c766b0f7d5a07592710b01db542cc306da4d7a95c1c474810b1ac24 status: experimental description: Detects traffic or activity related to http://115.61.119.196:38640/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.119.196:38640/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.138.79.241:46695/i id: auto-6c8286ec44d785d1957219a607e54206e9c5af063b8176061a8485fc9bea2d3f status: experimental description: Detects traffic or activity related to http://222.138.79.241:46695/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.138.79.241:46695/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/454503574/wTWAYUx.exe id: auto-c07f1abee09f372efc8e4985815158c074340569149a5634f7b31e203a36c74e status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/454503574/wTWAYUx.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/454503574/wTWAYUx.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.61.119.196:38640/bin.sh id: auto-ebcf6fd0d42c0650566fd081fab175120b3b9b20d33f841872b5c0c64fc68218 status: experimental description: Detects traffic or activity related to http://115.61.119.196:38640/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.61.119.196:38640/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.48.152.57:36624/i id: auto-3d6e0d71e9b5116aefe9b71fc41573c083f20b6c4d15c1a8d590d97b9cdb8970 status: experimental description: Detects traffic or activity related to http://115.48.152.57:36624/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.48.152.57:36624/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.20:36695/cat.sh id: auto-e023ef2c2bbf70d0a5e50c4cf53cc0d6ee3f62bf01a05321512bf3bc7327d59b status: experimental description: Detects traffic or activity related to http://130.12.180.20:36695/cat.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.20:36695/cat.sh*' condition: selection level: high tags: - attack.t1583 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://58.47.65.108:51752/bin.sh id: auto-1a899330270d76ec5cae1a5c38c5e624871c961d637d8f97c42b9db36cd59ae0 status: experimental description: Detects traffic or activity related to http://58.47.65.108:51752/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://58.47.65.108:51752/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://s7gnorm4.f0ursme1ting.ru/?apikey=ouucPDnSwlhIxdmN&activityId=32a5d9b1-6d68-416b-a0b6-c075512bff40&ocid id: auto-45e6d33d8ebd1694d1aa13fc073bde41d7c818fa3278854bfb963f49a73edda4 status: experimental description: Detects traffic or activity related to https://s7gnorm4.f0ursme1ting.ru/?apikey=ouucPDnSwlhIxdmN&activityId=32a5d9b1-6d68-416b-a0b6-c075512bff40&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://s7gnorm4.f0ursme1ting.ru/?apikey=ouucPDnSwlhIxdmN&activityId=32a5d9b1-6d68-416b-a0b6-c075512bff40&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://301tnw8t.f0ursme1ting.ru/?apikey=xLCIyGeaXFsdXcWB&activityId=69a41989-ac3e-4211-b439-c5ca7bc7c673&ocid id: auto-94166e9b98f331e82f3376fa64b05a191deb8e7aec5920609f9619da471f0b28 status: experimental description: Detects traffic or activity related to https://301tnw8t.f0ursme1ting.ru/?apikey=xLCIyGeaXFsdXcWB&activityId=69a41989-ac3e-4211-b439-c5ca7bc7c673&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://301tnw8t.f0ursme1ting.ru/?apikey=xLCIyGeaXFsdXcWB&activityId=69a41989-ac3e-4211-b439-c5ca7bc7c673&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.234.143.189:55287/bin.sh id: auto-f4d5111cd8700d4853627e50b3251f2e077a260474d8394db5bfd8e0f20dfc99 status: experimental description: Detects traffic or activity related to http://42.234.143.189:55287/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.234.143.189:55287/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.93.136:45426/i id: auto-291b565d5513e75606288720a4ad7dca7677f6ed17346464cb3fcebd3775b581 status: experimental description: Detects traffic or activity related to http://117.215.93.136:45426/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.93.136:45426/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:38331/i id: auto-e8050df1bdacb366cdf049877247578637cf26e55a79d745c1d12b5e47401e25 status: experimental description: Detects traffic or activity related to http://110.37.101.252:38331/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:38331/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.101.98:50580/i id: auto-a41c72714781030af9d00f17c62f17ab20e50fd40e14e7e397a19301d76e00eb status: experimental description: Detects traffic or activity related to http://117.206.101.98:50580/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.101.98:50580/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.155.26:36586/i id: auto-48f4bf983e813b4e55d0fcf4db629e417cee8d7c4fb37e997c4f20e0b2bfff50 status: experimental description: Detects traffic or activity related to http://182.124.155.26:36586/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.155.26:36586/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/bongripz/arm5 id: auto-12f96a9775bc107eedb4e67332a72970970ae41f9bcbf54cf03af47b9485454b status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/bongripz/arm5 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/bongripz/arm5*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/bongripz/x86_64 id: auto-c83f7da4a7775e0f9e01499d4a35d0298297167a363ab05aeb2a3d49b209895f status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/bongripz/x86_64 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/bongripz/x86_64*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://ip66-179-93-123.pbiaas.com/wtf/bongripz/crack id: auto-77af4e199884e49113569b4383a5b2a544f3e148ebdc268ea1c7eeb798994071 status: experimental description: Detects traffic or activity related to http://ip66-179-93-123.pbiaas.com/wtf/bongripz/crack which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://ip66-179-93-123.pbiaas.com/wtf/bongripz/crack*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/bongripz/crack id: auto-18f4df3f75a1777fb66f8a5355b8061eedec5e8e84defe6dd751fa6aca8eab52 status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/bongripz/crack which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/bongripz/crack*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/bongripz/arm6 id: auto-4c6401c6747c3f998b3bd1f37a656d4800973360fe9bdb29b3548b5831f69ce7 status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/bongripz/arm6 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/bongripz/arm6*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/bongripz/spc id: auto-eb78b839c3e45080547a3348def5a076a7c8fbf1d1b1135a5f03504a88ea4786 status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/bongripz/spc which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/bongripz/spc*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://66.179.93.123/wtf/bongripz/arm id: auto-b2c7afc614c341799640a45ecfba9382e2d07a6afb75b01189a4be2ba92b4ab8 status: experimental description: Detects traffic or activity related to http://66.179.93.123/wtf/bongripz/arm which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://66.179.93.123/wtf/bongripz/arm*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.226.134:50252/bin.sh id: auto-896d52ef1d073d6fdbcb3120a05fdb3c0d0f4ab7efa0618f809c643fcab71124 status: experimental description: Detects traffic or activity related to http://110.39.226.134:50252/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.226.134:50252/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.101.252:38331/bin.sh id: auto-648b497a0505a8dedafc01f1c2b9c7edde1e2e108fef105564a2012d0d65dcd7 status: experimental description: Detects traffic or activity related to http://110.37.101.252:38331/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.101.252:38331/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.215.93.136:45426/bin.sh id: auto-f81cf504f4611b6c6ef91b391dabab168a8f8e7c9798d552783e845b476abc88 status: experimental description: Detects traffic or activity related to http://117.215.93.136:45426/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.215.93.136:45426/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.206.101.98:50580/bin.sh id: auto-58cc03a09196a4c71b1781eed8fe1be4d0eee06c9075ae64199948d0cfdfa7ce status: experimental description: Detects traffic or activity related to http://117.206.101.98:50580/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.206.101.98:50580/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.231.75.160:45143/i id: auto-b5addf770c9e44a29673fc9abb81c1ce999d85d4eb7311ff2ce6f6906e6f9abd status: experimental description: Detects traffic or activity related to http://42.231.75.160:45143/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.231.75.160:45143/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.120.69:60228/i id: auto-1ad8eff1a2b66cb40a10660ecd7e25a2238fc4195fc0e82f16dba605bdbf8e47 status: experimental description: Detects traffic or activity related to http://42.224.120.69:60228/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.120.69:60228/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.47.85.91:40680/i id: auto-854196ac9ef68f7d3cdf15a6fe73fc28f7a915702beb0bbdaf8d584629cfbab2 status: experimental description: Detects traffic or activity related to http://125.47.85.91:40680/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.47.85.91:40680/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://52r1hjg1.ch2ntro1ley.ru/?apikey=DJHCQfdlLhnHpswI&activityId=c6720680-557f-4ae1-a38f-f5db317fe971&ocid id: auto-1e7bed1257184e58065557dbe95121a292f42602ecb539276d8c076aba5da532 status: experimental description: Detects traffic or activity related to https://52r1hjg1.ch2ntro1ley.ru/?apikey=DJHCQfdlLhnHpswI&activityId=c6720680-557f-4ae1-a38f-f5db317fe971&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://52r1hjg1.ch2ntro1ley.ru/?apikey=DJHCQfdlLhnHpswI&activityId=c6720680-557f-4ae1-a38f-f5db317fe971&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://9nkc9lsf.ch2ntro1ley.ru/?apikey=QcUEcDcRbXckZtlH&activityId=bb5c1e52-9925-486c-901c-2d9f8ac47e60&ocid id: auto-6a906c645ad5cde2990db0ed4f3b0ca7fcc1c85eee04b7ed3714485c12fe6446 status: experimental description: Detects traffic or activity related to https://9nkc9lsf.ch2ntro1ley.ru/?apikey=QcUEcDcRbXckZtlH&activityId=bb5c1e52-9925-486c-901c-2d9f8ac47e60&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://9nkc9lsf.ch2ntro1ley.ru/?apikey=QcUEcDcRbXckZtlH&activityId=bb5c1e52-9925-486c-901c-2d9f8ac47e60&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.155.26:36586/bin.sh id: auto-f8cc1dfd5ed88d8b9f5bd7635a6fedda8b3052b1b0dd72a9497bada00c538f78 status: experimental description: Detects traffic or activity related to http://182.124.155.26:36586/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.155.26:36586/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.171.106:57401/i id: auto-5959aa5030c2663a03ce921dd7144501c10db2bdb5e92f374ea203b0e41762d6 status: experimental description: Detects traffic or activity related to http://123.5.171.106:57401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.171.106:57401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.217.130.62:44150/i id: auto-b942465fa112baf5d76ea4a772f1d46dd172a02462bee1103da3952d13d6b672 status: experimental description: Detects traffic or activity related to http://117.217.130.62:44150/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.217.130.62:44150/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.50.63.220:58968/i id: auto-dd04adc00171bfcee0d5936159af68b659a4d29fdccbc2dddadd8ddb322f3f54 status: experimental description: Detects traffic or activity related to http://115.50.63.220:58968/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.50.63.220:58968/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.49.75.186:55755/i id: auto-4f17267c39322a5da15a8dc0e97fc915cdbe795a23be6792a5e7af1f7dac56e0 status: experimental description: Detects traffic or activity related to http://115.49.75.186:55755/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.49.75.186:55755/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.16:49359/i id: auto-75fa3ef01f59547637172fb6a5fec0d28c1720acc38c1338f8980a13b631bd17 status: experimental description: Detects traffic or activity related to http://110.39.246.16:49359/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.16:49359/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.246.147:34044/i id: auto-7562715214a8c7e0ffb99789d9af73e80a3934d5025679faa7a04ad813d04de8 status: experimental description: Detects traffic or activity related to http://110.39.246.147:34044/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.246.147:34044/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.120.69:60228/bin.sh id: auto-69195ffb6b7b89f6a2fcfb8a4c84d96e52058b0c9c9bfb0cf96a9c05daed03cd status: experimental description: Detects traffic or activity related to http://42.224.120.69:60228/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.120.69:60228/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.108:38623/i id: auto-1dd3ed5c7d1bfb12eddb0d0b4bdb0e43f1b773d526f3bc0d97faca0db2a8db33 status: experimental description: Detects traffic or activity related to http://110.37.78.108:38623/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.108:38623/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://124.94.95.88:49861/bin.sh id: auto-8f358e056ca92b25f55699dbb9bec5c6ed6eb23fb291f455b1a7340b156a80d8 status: experimental description: Detects traffic or activity related to http://124.94.95.88:49861/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://124.94.95.88:49861/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.221.25.68:57997/bin.sh id: auto-6c756b6748763f96d52b653235ab210a5dcd379a960d611d22d1c6aa428f08a1 status: experimental description: Detects traffic or activity related to http://117.221.25.68:57997/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.221.25.68:57997/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.239.94.220:55306/i id: auto-dbf8cced2f42d5d257413e35f0823f5e492e0e51272d1e4fb7a2cce070a97678 status: experimental description: Detects traffic or activity related to http://5.239.94.220:55306/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.239.94.220:55306/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.198.14.8:47138/i id: auto-2eff8d28ce31c25d88239a1352782d66a5b162e9f7d0e9538599131c2937d2a8 status: experimental description: Detects traffic or activity related to http://117.198.14.8:47138/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.198.14.8:47138/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://168.195.7.78:34044/i id: auto-ec4aeae5d0035ce2afe7dc037fb3b801ca0eb2638b6d46b326fad62fb4f220c4 status: experimental description: Detects traffic or activity related to http://168.195.7.78:34044/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://168.195.7.78:34044/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.126.114:55574/bin.sh id: auto-956318a6367e7df6732c0f9db8f95be7de854c10a7a37c0bcd508a47d1832639 status: experimental description: Detects traffic or activity related to http://42.224.126.114:55574/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.126.114:55574/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://125.44.62.69:35907/i id: auto-50bef88030616390ed76fe3f6b9b385ce8b86540dc342179858e6999b9b5eec4 status: experimental description: Detects traffic or activity related to http://125.44.62.69:35907/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://125.44.62.69:35907/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.7.220.17:42662/i id: auto-7e5a07841e9b73b0bc26b0a1516fabbb56b83565ca58597c50c5ab1ed4e73740 status: experimental description: Detects traffic or activity related to http://123.7.220.17:42662/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.7.220.17:42662/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://196.189.35.226:57985/bin.sh id: auto-17aa20168140decc5d00931065c9322e07118e1d8df0daee5863baf8f96e4e43 status: experimental description: Detects traffic or activity related to http://196.189.35.226:57985/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://196.189.35.226:57985/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.81:60736/i id: auto-d7b533055159569584ea61439ea209e40607e68b9a12655c2ed6d2b9be2075d9 status: experimental description: Detects traffic or activity related to http://42.239.235.81:60736/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.81:60736/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.78.108:38623/bin.sh id: auto-bb150e9ee5b306b17af7586715de7c34ad706a246f07155c8b1f1666f1749c0d status: experimental description: Detects traffic or activity related to http://110.37.78.108:38623/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.78.108:38623/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.65.132.144/arm7 id: auto-ccb37e4dce6738c6d9ff793fe9f6415044386581c980c11646097134fd435df4 status: experimental description: Detects traffic or activity related to http://176.65.132.144/arm7 which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.65.132.144/arm7*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://5.239.94.220:55306/bin.sh id: auto-7187bd154f85365999a2accb4dce14ae04d6d6e9c5082297f0dcade34a1bbd18 status: experimental description: Detects traffic or activity related to http://5.239.94.220:55306/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://5.239.94.220:55306/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.239.235.81:60736/bin.sh id: auto-b965e3698fdaecfdae353bb0cdac13b23a04d71583c7780d99cb6d844094a2fc status: experimental description: Detects traffic or activity related to http://42.239.235.81:60736/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.239.235.81:60736/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3ei6h1fz.udmu7tsw2rp.ru/?apikey=gaAHBvdFAIhxjNtY&activityId=21e226b2-4203-4be7-83e3-5a44ec6b88ae&ocid id: auto-b126f0caa83c5b5981b289f81505fd5c2e507fdaeaa75870209e01e44f58a0d7 status: experimental description: Detects traffic or activity related to https://3ei6h1fz.udmu7tsw2rp.ru/?apikey=gaAHBvdFAIhxjNtY&activityId=21e226b2-4203-4be7-83e3-5a44ec6b88ae&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3ei6h1fz.udmu7tsw2rp.ru/?apikey=gaAHBvdFAIhxjNtY&activityId=21e226b2-4203-4be7-83e3-5a44ec6b88ae&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://xy53k61z.udmu7tsw2rp.ru/?apikey=sWzMJOqAAtumPgQF&activityId=5564a5f3-332c-4711-bf10-2590ca5b2700&ocid id: auto-5c8ac83f3ae315720836ea67cdd3d33bc5c89951d5a224ee7b2472058a98aec3 status: experimental description: Detects traffic or activity related to https://xy53k61z.udmu7tsw2rp.ru/?apikey=sWzMJOqAAtumPgQF&activityId=5564a5f3-332c-4711-bf10-2590ca5b2700&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://xy53k61z.udmu7tsw2rp.ru/?apikey=sWzMJOqAAtumPgQF&activityId=5564a5f3-332c-4711-bf10-2590ca5b2700&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.245.2.83:34881/i id: auto-4f0c8defac7a935b5c6b024042f47ecd60349f3698fcc344576a38ff5bccdf3f status: experimental description: Detects traffic or activity related to http://117.245.2.83:34881/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.245.2.83:34881/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.171.135:46235/i id: auto-3825a1c06420ba7aefaa4d969ca14ddefeaccf00ffca95760dece320db12f5ed status: experimental description: Detects traffic or activity related to http://42.224.171.135:46235/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.171.135:46235/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.199.140:44312/i id: auto-50a5ce8ba9a31cf32291c1dd0d5060d71efca020e2d752910ed0414630795279 status: experimental description: Detects traffic or activity related to http://182.123.199.140:44312/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.199.140:44312/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.90.59:57151/bin.sh id: auto-47bd2b610010e7a9d6954387ee6b41eb11c9e77b6b7cae411e02dbb9206a075b status: experimental description: Detects traffic or activity related to http://110.37.90.59:57151/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.90.59:57151/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://222.139.231.228:41198/i id: auto-a985006c48635312379031004484c5bcfb458819f6b978a08760063f5c2c1403 status: experimental description: Detects traffic or activity related to http://222.139.231.228:41198/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://222.139.231.228:41198/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.44.153:48058/i id: auto-311308a5a6407de6a4c5a4d61c047e78867ddd1e9d8835cdc240f15223945167 status: experimental description: Detects traffic or activity related to http://61.52.44.153:48058/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.44.153:48058/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.247.108:58446/i id: auto-82caf39c1ec34b583f2d4b73eda7894afc1312120888f1ace2028c26be871d11 status: experimental description: Detects traffic or activity related to http://110.39.247.108:58446/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.247.108:58446/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://113.236.120.150:51555/i id: auto-b8382c93e2d61e45dbdcee3a3fcb7f25cd164a0f23fd060d73f59eca30d3c984 status: experimental description: Detects traffic or activity related to http://113.236.120.150:51555/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://113.236.120.150:51555/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.224.171.135:46235/bin.sh id: auto-a55713e3e012b6ae80ef093a45bfe256b5646aa0b040d81d881e8f3537e15f1a status: experimental description: Detects traffic or activity related to http://42.224.171.135:46235/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.224.171.135:46235/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.58.50.199:59413/i id: auto-ac56b187a70ee6465479642da125f99804a55221115a01f8f43e2f7a61ceab81 status: experimental description: Detects traffic or activity related to http://1.58.50.199:59413/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.58.50.199:59413/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.227.131.41:38031/i id: auto-fc9bb31c2cc3f7546e15b476858ba11ade9e04b6707e7143f78b1d152a7f930e status: experimental description: Detects traffic or activity related to http://42.227.131.41:38031/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.227.131.41:38031/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.191:57401/i id: auto-0adbc13d07f7d97826b6e9bb514c9eb0951427ecd1e87b112dfb98e8f94e0841 status: experimental description: Detects traffic or activity related to http://110.36.0.191:57401/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.191:57401/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.191:57401/bin.sh id: auto-dffc0a57e1188320e5b1dd3c437985aaa5030f0f466a79b2a06a8ae283342889 status: experimental description: Detects traffic or activity related to http://110.36.0.191:57401/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.191:57401/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://d64zcw85.harr0wp2i.ru/?apikey=wdvVBrUSOlxlXnVu&activityId=b1ca1e1f-28ec-44e0-81a5-d0d03fb9ed56&ocid id: auto-765eab71d228f520f72b78ddb65c519adc6172885c9d2717b4c31be46a11c306 status: experimental description: Detects traffic or activity related to https://d64zcw85.harr0wp2i.ru/?apikey=wdvVBrUSOlxlXnVu&activityId=b1ca1e1f-28ec-44e0-81a5-d0d03fb9ed56&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://d64zcw85.harr0wp2i.ru/?apikey=wdvVBrUSOlxlXnVu&activityId=b1ca1e1f-28ec-44e0-81a5-d0d03fb9ed56&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.123.199.140:44312/bin.sh id: auto-2a2d7715500202aa5b7ffdfe887fc737530cfa87fd282955db8cc9580056839d status: experimental description: Detects traffic or activity related to http://182.123.199.140:44312/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.123.199.140:44312/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - https://3a4srpk1.harr0wp2i.ru/?apikey=mDKaFWCchgKEbKQG&activityId=43fdd45c-d6fb-44d8-aa48-3f9d034172ea&ocid id: auto-cf2c26f6ca3242f6e973d99fabc41141e163139612e0f4fb2efef0f70387ca80 status: experimental description: Detects traffic or activity related to https://3a4srpk1.harr0wp2i.ru/?apikey=mDKaFWCchgKEbKQG&activityId=43fdd45c-d6fb-44d8-aa48-3f9d034172ea&ocid which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*https://3a4srpk1.harr0wp2i.ru/?apikey=mDKaFWCchgKEbKQG&activityId=43fdd45c-d6fb-44d8-aa48-3f9d034172ea&ocid*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.14.246.171:44657/bin.sh id: auto-b34334301b7e23319cb4eeabdc905d9b19086a967e88654ba8c2ff583d4be768 status: experimental description: Detects traffic or activity related to http://123.14.246.171:44657/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.14.246.171:44657/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://221.14.17.248:49517/bin.sh id: auto-8c0a3805ef8b66889ad7f39aafd14afe950f638c7c47592a5c05fd3312e49dd5 status: experimental description: Detects traffic or activity related to http://221.14.17.248:49517/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://221.14.17.248:49517/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.224.31:39353/i id: auto-6820fdaf21530fe261ae4aa2b5d9d389cc587f01744bef3e79cab7a01e451482 status: experimental description: Detects traffic or activity related to http://115.55.224.31:39353/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.224.31:39353/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://123.5.132.68:51197/i id: auto-ce5bb89402e75c546853bd9d3e512e228b4e91069c0043ffc692d0530ff272f8 status: experimental description: Detects traffic or activity related to http://123.5.132.68:51197/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://123.5.132.68:51197/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://1.58.50.199:59413/bin.sh id: auto-9acd07435c95c99b61b5b4604ccca84c4fdb0ffb097ae52cafc80ac5b6ead4b3 status: experimental description: Detects traffic or activity related to http://1.58.50.199:59413/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://1.58.50.199:59413/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://182.124.171.173:51415/i id: auto-1ef8fbef56bc944e37bfa8643dd64498bb433cee0395d67e365381e7aca0f174 status: experimental description: Detects traffic or activity related to http://182.124.171.173:51415/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://182.124.171.173:51415/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://39.79.144.163:53108/bin.sh id: auto-252c390d501422ee046f553a3575343aabf18557a569fa8ec71736da95143e1b status: experimental description: Detects traffic or activity related to http://39.79.144.163:53108/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://39.79.144.163:53108/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://115.55.224.31:39353/bin.sh id: auto-f6819cb84ad0d59588eff5acbbbb8204eff54e654f84e5e61529d9d208204aa0 status: experimental description: Detects traffic or activity related to http://115.55.224.31:39353/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://115.55.224.31:39353/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://176.226.129.38:40829/bin.sh id: auto-a8d823e75941e66345c00d4a262c8a5d8671fd748a659655bd76b43cde165d59 status: experimental description: Detects traffic or activity related to http://176.226.129.38:40829/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://176.226.129.38:40829/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.213.36:44609/i id: auto-4816b863c9876791629deb983407c055cd8e693ec9e9595effb8f116fc22e5da status: experimental description: Detects traffic or activity related to http://119.189.213.36:44609/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.213.36:44609/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.102.50:35196/i id: auto-c8ef208d6d4390b6586d8c27ccbebf42a18239559ee8a05cf9b079c4c6c96e6a status: experimental description: Detects traffic or activity related to http://117.208.102.50:35196/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.102.50:35196/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://119.189.213.36:44609/bin.sh id: auto-6f8c3998d27daff0a76dc207b5694755563c0c22337732cb43e361e48258d779 status: experimental description: Detects traffic or activity related to http://119.189.213.36:44609/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://119.189.213.36:44609/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.39.250.91:48573/i id: auto-c5436009be3737e090e89df339601106c0c59f3351d7c78c7d7df5c11531ed2d status: experimental description: Detects traffic or activity related to http://110.39.250.91:48573/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.39.250.91:48573/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.156.77:45318/i id: auto-add095a13f9ef432074ee9921d72bf1b5f654e151305167db9500bfc2495bf57 status: experimental description: Detects traffic or activity related to http://61.52.156.77:45318/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.156.77:45318/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.208.102.50:35196/bin.sh id: auto-2086088cd097b310ceb3187a6bef92101db0c762b88d55912c18a553db1dea79 status: experimental description: Detects traffic or activity related to http://117.208.102.50:35196/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.208.102.50:35196/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://130.12.180.43/files/1781548144/947vw6c.exe id: auto-54d2a01e49d74f4cd8976753f6b44b5b047f1a37e0752c64fe10a83386ed3749 status: experimental description: Detects traffic or activity related to http://130.12.180.43/files/1781548144/947vw6c.exe which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://130.12.180.43/files/1781548144/947vw6c.exe*' condition: selection level: high tags: - attack.T1071 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.174:58064/i id: auto-13f7cc7fa40b9f76f23dae4719bd267b496ea8bdd8fac49ef23c65ecfb2e5b88 status: experimental description: Detects traffic or activity related to http://110.36.0.174:58064/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.174:58064/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.36.0.174:58064/bin.sh id: auto-a8264c79bd34ba73b5873dba3b2506949a2f6725deea4de740e8d08509f2f582 status: experimental description: Detects traffic or activity related to http://110.36.0.174:58064/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.36.0.174:58064/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://61.52.156.77:45318/bin.sh id: auto-9cd9d0d034aa84697e7e7a2afce58b864517945169c8c9b09227ecb6c05fcedf status: experimental description: Detects traffic or activity related to http://61.52.156.77:45318/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://61.52.156.77:45318/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://42.232.230.131:55381/i id: auto-3b26581de51e6e53761f26d9cdfd94defa581f29146f4e79fe2ca53db40122b8 status: experimental description: Detects traffic or activity related to http://42.232.230.131:55381/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://42.232.230.131:55381/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.100.152:51703/i id: auto-8b9ed5090d076845131ddf20fd82ed72ac40827a1b7bb75bb81d1c9dab776ba6 status: experimental description: Detects traffic or activity related to http://110.37.100.152:51703/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.100.152:51703/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://110.37.11.215:36129/i id: auto-ef3798f9cf151be308b2c16c69145656fd1bf165c51182c35fae24566ae9a997 status: experimental description: Detects traffic or activity related to http://110.37.11.215:36129/i which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://110.37.11.215:36129/i*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - http://117.248.25.131:49502/bin.sh id: auto-947c6303b60f3f212b7fbe4cabcf11e4cb426bc12d675209436c1d0a31975615 status: experimental description: Detects traffic or activity related to http://117.248.25.131:49502/bin.sh which is a known malicious url. logsource: category: proxy detection: selection: c-uri: - '*http://117.248.25.131:49502/bin.sh*' condition: selection level: high tags: - attack.t1059.004 - source.URLhaus --- title: Detect Activity to Known Malicious Indicator - 1.2.3.4 id: auto-6694f83c9f476da31f5df6bcc520034e7e57d421d247b9d34f49edbfc84a764c status: experimental description: Detects traffic or activity related to 1.2.3.4 which is a known malicious ip. logsource: category: firewall detection: selection: dst_ip: - '*1.2.3.4*' condition: selection level: high tags: - attack.t1110 - source.AbuseIPDB